Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 have been examined.

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 02/02/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

4.	Claims 1, 9, 13 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Abt et al. (“Correlating Network Events and Transferring Labels in the Presence of IP Address Anonymisation”; hereafter “Abt”).
	For claims 1, 13 and 18, Abt teaches a method, an apparatus and a non-transitory computer-readable storage media comprising:
	a network interface configured to obtain or provide network communications (note pages 66-67 A. Terminology, IPS as data owner and researcher with honeypots as label provider); and
	one or more processors coupled to the network interface (note pages 66-67 A. Terminology, IPS as data owner and researcher with honeypots as label provider), wherein the one or more processors are configured to:
	obtain, from a controller in or having communication to a network, an obfuscation parameter that is further obtained by one or more network devices in the network (note page 68, 1) Bootstrap Sequence, secrets are obtained by data owner and label provider from key distribution centre), wherein personally identifiable information of the apparatus has a given logical relationship to personally identifiable information of the one or more network devices (note pages 64-65, A. Prefix-preserving IP Address Anonymisation, IP subnets are a logical relationship of hosts within the network segment);
	based on the obfuscation parameter, obfuscate the personally identifiable information of the apparatus to generate obfuscated personally identifiable information of the apparatus (note page 68, a) IP Address Anonymisation and Data Exchange, data owner and label provider anonymise IP addresses using secret), wherein the obfuscated personally identifiable information of the apparatus has the given logical relationship to obfuscated personally identifiable information of the one or more network devices (note page 66, III. Correlating Anonymised IP Addresses, Crypto-Pan scheme used preserves prefix-length logical relationship allowing for correlation of IP addresses of one data set with events in other data sets); and
	provide the obfuscated personally identifiable information of the apparatus to a server configured to collect the obfuscated personally identifiable information of the one or more network devices (note page 68, a) IP Address Anonymisation and Data Exchange, data owner and label provider send anonymized data to data repository).

	For claim 9, Abt teaches claim 1, further comprising:
	at the server: generating a report based on one or more of the obfuscated personally identifiable information of the first network device or the obfuscated personally identifiable information of the one or more second network devices (note page 69, b) Event Correlation, data repository correlates events and transfer labels, i.e. generating a report, based on the anonymised IP addresses and event data).


5.	Claims 1, 3, 9-11, 13, 15, 18 and 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Saad et al. (U.S. Patent Application Publication 2021/0334406; hereafter “Saad”).
	For claims 1, 13 and 18, Saad teaches a method, an apparatus (note Fig. 5) and a non-transitory computer-readable storage media (note paragraph [0058], computer-readable medium) comprising:
	a network interface configured to obtain or provide network communications (note paragraph [0060], network interfaces); and
	one or more processors coupled to the network interface (note paragraph [0058], processor), wherein the one or more processors are configured to:
	obtain, from a controller in or having communication to a network (note paragraph [0026], user make configure masking policy through interface; masking agent 175 may be a combination of a separate device and part of computing system 110), an obfuscation parameter that is further obtained by one or more network devices in the network (note paragraphs [0043]-[0044], obfuscation parameters include certain types of sensitive information; paragraph [0035], obfuscation parameter includes type of hash used or symmetrical encryption key), wherein personally identifiable information of the apparatus has a given logical relationship to personally identifiable information of the one or more network devices (note paragraphs [0019]-[0020], computing system 110 may include one or more network devices; paragraph [0031], sensitive information may include network topology information, i.e. logical relationship);
	based on the obfuscation parameter, obfuscate the personally identifiable information of the apparatus to generate obfuscated personally identifiable information of the apparatus (note paragraphs [0034]-[0035] and [0043], sensitive information including IP addresses are anonymized), wherein the obfuscated personally identifiable information of the apparatus has the given logical relationship to obfuscated personally identifiable information of the one or more network devices (note paragraphs [0034] and [0049]-[0051], contextual information including network topology information is retained in anonymization); and
	provide the obfuscated personally identifiable information of the apparatus to a server configured to collect the obfuscated personally identifiable information of the one or more network devices (note paragraphs [0029] and [0052]-[0053], anonymized data is collected by masking agent 175 for storage in database and sent to analytics component 160).


	For claims 3, 15 and 20, Saad teaches claims 1, 13 and 18, further comprising: at the first network device in the network:
	obtaining an updated obfuscation parameter that is further obtained by the one or more second network devices (note paragraph [0043], masking agent is continuously updated to identify new types of sensitive data, i.e. updated obfuscation parameters);
	based on the updated obfuscation parameter, obfuscating the personally identifiable information of the first network device to generate updated obfuscated personally identifiable information of the first network device (note paragraphs [0034]-[0035] and [0043], updated sensitive information is anonymized), wherein the updated obfuscated personally identifiable information of the first network device has the given logical relationship to updated obfuscated personally identifiable information of the one or more second network devices (note paragraphs [0034] and [0049]-[0051], contextual information including network topology information is retained in anonymization); and
	providing the updated obfuscated personally identifiable information of the first network device to the server which is configured to collect the updated obfuscated personally identifiable information of the one or more second network devices (note paragraphs [0029] and [0052]-[0053], updated anonymized data is collected by masking agent 175 for storage in database and sent to analytics component 160).

	For claim 9, Saad teaches claim 1, further comprising:
	at the server: generating a report based on one or more of the obfuscated personally identifiable information of the first network device or the obfuscated personally identifiable information of the one or more second network devices (note paragraphs [0022], [0037], [0039] and [0054], analytics report based on anonymized data is generated).

	For claim 10, Saad teaches claim 9, further comprising:
	at the server:
	obtaining the obfuscation parameter from the controller (note paragraph [0055], masking agent identifies anonymized value by matching values stored in the database); and
	based on the obfuscation parameter, de-obfuscating the one or more of the obfuscated personally identifiable information of the first network device or the obfuscated personally identifiable information of the one or more second network devices (not paragraphs [0040] and [0055], sensitive information is unmasked), wherein
	generating the report includes generating a report that includes one or more of the personally identifiable information of the first network device or the personally identifiable information of the one or more second network devices (note paragraphs [0040] and [0056], unmasked report is generated).

	For claim 11, Saad teaches claim 1, further comprising:
	at the server:
	obtaining the obfuscation parameter from the controller (note paragraph [0026], user make configure masking policy through interface);
	obtaining personally identifiable information of one or more third network devices in the network (note paragraph [0029], masking agent 175 is provided collected data from computing system 110 which includes third network devices), wherein the personally identifiable information of the first network device has another given logical relationship to the personally identifiable information of the one or more third network devices (note paragraph [0031], sensitive information may include network topology information, i.e. logical relationship); and
	based on the obfuscation parameter, obfuscating the personally identifiable information of the one or more third network devices to generate obfuscated personally identifiable information of the one or more third network devices (note paragraphs [0034]-[0035] and [0043], sensitive information including IP addresses are anonymized), wherein the obfuscated personally identifiable information of the first network device has the other given logical relationship to the obfuscated personally identifiable information of the one or more third network devices (note paragraphs [0034] and [0049]-[0051], contextual information including network topology information is retained in anonymization).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 2, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Saad as applied to claims 1, 13 and 18 above, and further in view of Sullivan et al. (U.S. Patent Application Publication 2016/0182517; hereafter “Sullivan”).
	For claims 2, 14 and 19, Saad teaches claims 1, 13 and 18, further comprising:
at the first network device in the network:
	storing a mapping of the personally identifiable information of the first network device to the obfuscated personally identifiable information of the first network device (note paragraph [0052], masking agent 175 stores key-value pair mapping of sensitive data and anonymized value)

	Saad differs from the claimed invention in that they fail to teach:
	deleting the obfuscation parameter.

	Sullivan teaches:
	deleting the obfuscation parameter (note paragraphs [0056] and [0061], mapping and random values are removed after deobfuscation).

	It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the data anonymization of Saad and the removing of values after deobfuscation of Sullivan. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of a masking agent storing a mapping of sensitive data to random values (Saad) and deleting the mapping and random values after the sensitive data is unmasked (Sullivan).


7.	Claims 4 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Saad as applied to claims 1 and 13 above, and further in view of Savalle et al. (U.S. Patent Application Publication 2020/0153616; hereafter “Savalle”).
	For claims 4 and 16, Saad differs from the claimed invention in that they fail to teach:
	at the first network device in the network: identifying one or more indications to provide a request for the updated obfuscation parameter; and
	in response to identifying the one or more indications, providing the request for the updated obfuscation parameter.

	Savalle teaches:
	at the first network device in the network: identifying one or more indications to provide a request for the updated obfuscation parameter (note paragraph [0103], user may request an anonymization key changeover) ; and
	in response to identifying the one or more indications, providing the request for the updated obfuscation parameter (note paragraph [0103], anonymization key changeover occurs).

	It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the data anonymization of Saad and the user requesting key rotation for the anonymization key of Savalle. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of a masking agent anonymizing sensitive data using a key (Saad) and key changing after time periods or user request (Savalle).


8.	Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Saad as applied to claims 3 and 15 above, and further in view of Gillum et al. (U.S. Patent Application Publication 2007/0294402; hereafter “Gillum”).
	For claims 7 and 17, Saad differs from the claimed invention in that they fail to teach:
	at the first network device in the network: providing a request for the updated obfuscation parameter to the controller;
	determining that the updated obfuscation parameter has not been obtained from the controller within a given amount of time; and
	in response to determining that the updated obfuscation parameter has not been obtained within the given amount of time, providing the request for the updated obfuscation parameter to one or more of a backup controller or the one or more second network devices, wherein
	obtaining the updated obfuscation parameter includes obtaining the updated obfuscation parameter from the one or more of the backup controller or the one or more second network devices.

	Gillum teaches:
	at the first network device in the network: providing a request for the updated obfuscation parameter to the controller (note paragraph [0025], user sends request for key);
	determining that the updated obfuscation parameter has not been obtained from the controller within a given amount of time (note paragraph [0025], key response from server fails and there is a timeout); and
	in response to determining that the updated obfuscation parameter has not been obtained within the given amount of time, providing the request for the updated obfuscation parameter to one or more of a backup controller or the one or more second network devices (note paragraph [0025], key request is sent to backup server), wherein
	obtaining the updated obfuscation parameter includes obtaining the updated obfuscation parameter from the one or more of the backup controller or the one or more second network devices (note paragraph [0025], key is received from backup server).

	It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the data anonymization of Saad and the backup server of Gillum. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of a masking agent using a key to anonymize sensitive data (Saad) and if the local masking agent request for an anonymization key experiences a timeout, a key request is sent to a backup server (Gillum).


9.	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Saad as applied to claim 1 above, and further in view of Nicol (U.S. Patent Application Publication 2019/0116033).
	For claim 12, Saad differs from the claimed invention in that they fail to teach:
	wherein obtaining the obfuscation parameter includes: obtaining a network packet that includes the obfuscation parameter and a network address transformation range.

	Nicol teaches:
	wherein obtaining the obfuscation parameter includes: obtaining a network packet that includes the obfuscation parameter and a network address transformation range (note paragraphs [0045]-[0046] and [0052]-[0059], anonymizing configuration information includes IP address ranges).

	It would have been obvious to one of ordinary skill in the art at the time of the invention to combine the data anonymization of Saad and anonymization of IP address ranges of Nicol. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of a masking agent anonymizing sensitive information include IP addresses (Saad) and where anonymization configuration includes IP address ranges (Sullivan).


Allowable Subject Matter
10.	Claims 5-6 and 8 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
11.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Parthasarathy (U.S. Patent Application Publication 2020/0311304) teaches local agents (note paragraph [0088]) performing anonymization of data that maintains PII structure (note paragraphs [0087] and [0093]).

12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/David J Pearson/Primary Examiner, Art Unit 2438