DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1 – 20 have been examined and are pending.

Drawings
3.	The applicant’s submitted drawings are acceptable for examination purposes.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1 – 7, 9 – 15 and 17 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application Publication No. 2019/0373403 to Ajmeri et al. (hereinafter Ajmeri), and in view of US Patent Application Publication No. 2018/0188053 to Fukuda et al. (hereinafter Fukuda).

Regarding Claim 1, Ajmeri discloses (¶2) mitigation of privacy concerns surrounding probe data for location-based services. Further, it discloses:
receive a first dataset of probe data points defining a trajectory; Ajmeri discloses (Figs. 2-3, S105 – fig. 13, ¶38, ¶46) mix zone controller 121 accesses data stored in memory or received from the mobile device 101. The data includes map data 31, traffic data 32, probe data 33, and mix zone tables 34. 
receive a second dataset of the probe data points defining the trajectory; Ajmeri discloses (Figs. 2-3, S111 – fig. 13, ¶59, ¶63) receiving anonymized data from probes 101a-n with K-anonymity level. The K-anonymity ensures that in a set of k probes, the target object is indistinguishable from the other k−1 probes. 
identify a plurality of features common to the first dataset and the second dataset; Ajmeri discloses (¶45, ¶59) identifying or determining when probes are located within the mix zone 50 or passes the mix zone boundary to exit the mix zone 50 and the pseudonym generator generating a pseudonym for the probes.
 compute a privacy risk value for the identified features common to the first dataset and the second dataset; Ajmeri discloses (¶61) the anonymity calculator calculates the anonymity level (i.e. privacy value) and the mix zone controller 121 compares it to a threshold level. 
compute an aggregate privacy risk score between the first dataset and the second dataset; Ajmeri discloses (¶63) the anonymity calculator 39 may calculate the anonymity level based on the number of exits from the mix zone 50 and the number of probes currently traveling in the mix zone 50.
Ajmeri does not explicitly disclose aggregate the privacy risk values for the identified features common to the first dataset and the second dataset. However, in an analogous art, Fukuda teaches:
aggregate the privacy risk values for the identified features common to the first dataset and the second dataset; Fukuda discloses (¶42) calculating contextual risk by aggregating path data and path patterns for a plurality of users. The route similarity engine is configured to calculate which routes in the aggregated path data have similar origins and destinations (¶43).
It would have been obvious as of the effective filing date to one of ordinary skill in the art to combine receive a first dataset of probe data points defining a trajectory, receive a second dataset of the probe data points defining the trajectory, identify a plurality of features common to the first dataset and the second dataset, compute a privacy risk value for the identified features common to the first dataset and the second dataset, compute an aggregate privacy risk score between the first dataset and the second dataset, as disclosed by Ajmeri, and aggregate the privacy risk values for the identified features common to the first dataset and the second dataset, as taught by Fukuda, for the purpose of implementing route generation for navigation systems based on aggregated path data (¶13).

Regarding Claim 2, Ajmeri in view of Fukuda discloses all the elements with respect to claim 1. Further the combination discloses:
wherein the second dataset of the probe data points defining the trajectory is an anonymized dataset anonymized using a first anonymization algorithm (Ajmeri discloses (¶38, ¶46, ¶59) mix zone controller 121 uses a mix zone generator 37, an anonymity calculator 39, and a pseudonym generator 38 to create anonymity for the dataset from probes 101a-c)
wherein the apparatus is further caused to: 
determine if the aggregate privacy risk score satisfies a predetermined value (Ajmeri discloses (¶61, ¶62) the anonymity level is compared to a threshold level) and
in response to the aggregate privacy risk score failing to satisfy the predetermined value (Ajmeri discloses (¶61, ¶62) the anonymity level is compared to a predetermined threshold level) provide for anonymization of the first dataset of probe data points using a second anonymization algorithm to generate an anonymized third dataset (Ajmeri discloses (¶59, ¶63) pseudonym generator (Fig.3) provides anonymization to data by assigning a numeric code or an alphanumeric identifier to probe data points.)
The motivation to combine the references is similar to the reasons in Claim 1.

Regarding Claim 3, Ajmeri in view of Fukuda discloses all the elements with respect to claim 1. Further the combination discloses:
determine if the aggregate privacy risk score satisfies a predetermined value (Ajmeri discloses (¶61, ¶62) the anonymity level is compared to a predetermined threshold level) 
in response to the aggregate privacy risk score satisfying the predetermined value, release the second dataset for provision of location-based services (Ajmeri discloses (¶69) the mix zone adds or removes road segments when the mix zone controller increases the size or modify the shape of the mix zone based on the anonymity levels, and the access to location-based services (e.g. mapping application, navigation application, social media application, games, and other applications) may be improved while maintaining anonymity, ¶84).
The motivation to combine the references is similar to the reasons in Claim 1.

Regarding Claim 4, Ajmeri in view of Fukuda discloses all the elements with respect to claim 1. Further the combination discloses:
determine if the aggregate privacy risk score satisfies a predetermined value (Ajmeri discloses (¶61, ¶62) the anonymity level is compared to a predetermined threshold level) 
in response to the aggregate privacy risk score satisfying the predetermined value, provide for disclosure of the second dataset (Ajmeri discloses (¶83) the mix zone controller 121 may compare the anonymity level to a predetermined threshold value and adjust the inner mix zone boundary (i.e. first dataset) or the outer mix zone boundary (i.e. second dataset) in response to the comparison.)
The motivation to combine the references is similar to the reasons in Claim 1.

Regarding Claim 5, Ajmeri in view of Fukuda discloses all the elements with respect to claim 1. Further the combination discloses:
receive location-based services in response to disclosure of the second dataset (Ajmeri discloses (¶83) the mix zone controller 121 compares the anonymity level to a predetermined threshold value and adjust the inner mix zone boundary (i.e. first dataset) or the outer mix zone boundary (i.e. second dataset) in response to the comparison, and the access to location-based services may be improved while maintaining anonymity (¶84) e.g. mapping application, navigation application, social media application, games, and other applications).
The motivation to combine the references is similar to the reasons in Claim 1.

Regarding Claim 6, Ajmeri in view of Fukuda discloses all the elements with respect to claim 1. Further the combination discloses:
wherein the features common to the first dataset and the second dataset comprise equivalence areas, wherein equivalence areas comprise spatio-temporal regions for an origin and a destination of the first dataset and the second dataset (Ajmeri discloses (Figs. 4A, 4B, 5A, 5B) the equivalence areas comprising spatio-temporal regions which show a plurality of probes traveling through a dynamic mix zone for the intersection with road segment data (first dataset) and node data (second dataset). The mix zone controller 21 adjusts the size of the mix zone 50 based on the map features from the map data. The final destination may be home or office or another location (¶40) that the user repeatedly and predictably visits. A user's home or office location may be known from another dataset e.g., public profile).
The motivation to combine the references is similar to the reasons in Claim 1.

Regarding Claim 7, Ajmeri in view of Fukuda discloses all the elements with respect to claim 6. Further the combination discloses:
wherein the plurality of features comprise the equivalence areas and trajectories (Fukuda discloses (¶28 and Fig. 5) the geographic coordinates of the accumulated trajectory may be expanded to cover geographic areas. The masking may expand the origin and the destination from precise geographic locations to geographic areas.)
The motivation to combine the references is similar to the reasons in Claim 1.

Claim 9, do not teach or further define over the limitation in claim 1 respectively. Therefore claim 9 is rejected for the same rationale of rejection as set forth in claim 1.

Claim 10, do not teach or further define over the limitation in claim 2 respectively. Therefore claim 10 is rejected for the same rationale of rejection as set forth in claim 2.

Claim 11, do not teach or further define over the limitation in claim 3 respectively. Therefore claim 11 is rejected for the same rationale of rejection as set forth in claim 3.

Claim 12, do not teach or further define over the limitation in claim 4 respectively. Therefore claim 12 is rejected for the same rationale of rejection as set forth in claim 4.

Claim 13, do not teach or further define over the limitation in claim 5 respectively. Therefore claim 13 is rejected for the same rationale of rejection as set forth in claim 5.

Claim 14, do not teach or further define over the limitation in claim 6 respectively. Therefore claim 14 is rejected for the same rationale of rejection as set forth in claim 6.

Claim 15, do not teach or further define over the limitation in claim 7 respectively. Therefore claim 15 is rejected for the same rationale of rejection as set forth in claim 7.

Claim 17, do not teach or further define over the limitation in claim 1 respectively. Therefore claim 17 is rejected for the same rationale of rejection as set forth in claim 1.

Claim 18, do not teach or further define over the limitation in claim 2 respectively. Therefore claim 18 is rejected for the same rationale of rejection as set forth in claim 2.

Claim 19, do not teach or further define over the limitation in claim 3 respectively. Therefore claim 19 is rejected for the same rationale of rejection as set forth in claim 3.

Claim 20, do not teach or further define over the limitation in claim 4 respectively. Therefore claim 20 is rejected for the same rationale of rejection as set forth in claim 4.


Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application Publication No. 2019/0373403 to Ajmeri, in view of US Patent Application Publication No. 2018/0188053 to Fukuda, and in view of US Patent Application Publication No. 2022/0067203 to Pottier et al. (hereinafter Pottier).

Regarding Claim 8, Ajmeri in view of Fukuda discloses all the elements with respect to claim 6. Further the combination discloses:
wherein causing the apparatus to aggregate the privacy risk values for the identified features common to the first dataset and the second dataset (Fukuda discloses (¶42, ¶43) masking engine 308 aggregate data from a trajectory pattern analysis (TPA) module or engine and a dynamic map manager (DMM), and collectively, these two sources may allow the masking engine to aggregate path data and path patterns included in the aggregated trajectory data for a plurality of users. The masking engine may 308 masks all of this data to ensure the anonymity is provided to any users from whom data is collected) comprises causing the apparatus to aggregate a result of the pair-wise comparison of privacy risk values between the first dataset and the second dataset (Fukuda illustrates (Figs. 6 and 7) masked path data aggregated from three drivers in the specified geographic area using the datasets of aggregated path data and aggregated trajectory data for the drivers.
The motivation to combine the references is similar to the reasons in Claim 6.
Ajmeri in view of Fukuda does not explicitly disclose conducting a pair-wise comparison of privacy risk values between the first dataset and the second dataset inside the identified equivalency areas. However, in an analogous art, Pottier teaches:
conduct a pair-wise comparison of privacy risk values between the first dataset and the second dataset inside the identified equivalency areas (Pottier discloses (¶14) the comparator 122 accesses the model's outcomes and compares them with those of the open model—thus the derived accuracy data 124 does not contain any sensitive data, and can accordingly be shared with open engine 104 using feedback path F, so that consumer application 106 can invoke open model 118 to refine its reasoning over P data, and thus improve its approach to providing outcomes based on ground truth.)
It would have been obvious as of the effective filing date to one of ordinary skill in the art to combine wherein causing the apparatus to aggregate the privacy risk values for the identified features common to the first dataset and the second dataset, comprises causing the apparatus to aggregate a result of the pair-wise comparison of privacy risk values between the first dataset and the second dataset, as disclosed by Ajmeri in view of Fukuda, and conduct a pair-wise comparison of privacy risk values between the first dataset and the second dataset inside the identified equivalency areas, as taught by Pottier, for the purpose of implementing apparatus and technique to enable a model-based machine learning engine to maintain privacy of sensitive data (¶2).


Claim 16, do not teach or further define over the limitation in claim 8 respectively. Therefore claim 16 is rejected for the same rationale of rejection as set forth in claim 8.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN KHAN whose telephone number is (313) 446-6574 and fax number is (571) 483-7559. The examiner can normally be reached on MONDAY - THURSDAY. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Christopher L. Parry can be reached on (571) 272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H. A. K./
Examiner, Art Unit 2451

/Chris Parry/Supervisory Patent Examiner, Art Unit 2451