Prosecution Insights
Last updated: July 17, 2026
Application No. 18/026,753

Data Analytics Privacy Platform with Quantified Re-Identification Risk

Non-Final OA §101§103
Filed
Mar 16, 2023
Priority
Sep 18, 2020 — provisional 63/080,333 +1 more
Examiner
ALLEN, NICHOLAS E
Art Unit
2154
Tech Center
2100 — Computer Architecture & Software
Assignee
LiveRamp Inc.
OA Round
3 (Non-Final)
76%
Grant Probability
Favorable
3-4
OA Rounds
0m
Est. Remaining
91%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
587 granted / 773 resolved
+20.9% vs TC avg
Moderate +15% lift
Without
With
+14.7%
Interview Lift
resolved cases with interview
Typical timeline
3y 0m
Avg Prosecution
29 currently pending
Career history
830
Total Applications
across all art units

Statute-Specific Performance

§101
2.7%
-37.3% vs TC avg
§103
84.2%
+44.2% vs TC avg
§102
11.3%
-28.7% vs TC avg
§112
0.2%
-39.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 773 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on March 18, 2026 has been entered. In response to Applicant’s claims filed on March 18, 2026, claims 1, 3-10, 16, 18-25 are now pending for examination in the application. Response to Arguments This office action is in response to amendment filed 03/18/2025. In this action Claim(s) 1, 3-10 and 16, 18-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US Pub. No. 20220050917) and Lafever et al. (US Pub. No. 20190332807) in further view of Heckenbrocht et al. (US Pub. No. 20200250335). The Heckenbrocht et al. reference has been added to address the amendment of calculate a query epsilon budget and apply the query epsilon budget, and only return the noisy result if the per-query epsilon budget has not been exceeded by the request for an operation. Applicant’s arguments: In regards to claim 1 on Pages 13, applicant argues “This ordered combination of technical steps cannot reasonably be characterized as a mental process or as mere mathematical calculation.” Examiner’s Reply: The steps listed in the newly amended claims are aseries of mathematical and mental steps in which a human uses a computer as a tool in order to calculate a risk of re-identification using said steps along with additional elements that include data gathering and providing said calculated results. Applicant’s arguments: In regards to claim 1 on Pages 13, applicant argues “performed on a generic computer. The claims describe a system that solves a specific technical problem: how to allow external analytics systems to perform useful hypothesis testing on private data while providing automated, quantified guarantees that individual privacy is maintained below a measurable re- identification risk threshold.” Examiner’s Reply: The examiner notes that the computer as recited in the claims are being used for assisting in quantifying risks using mathematical modeling (a computer being used as a generic tool). Therefore, the abstract idea recited in the claims is generally linking it to a computer environment, and does not integrate the abstract idea into a practical application. Applicant’s arguments: In regards to claim 1 on Pages 14, applicant argues “Even if the claims were directed to an abstract idea not integrated into a practical application, the specific combination of technical elements amounts to significantly more. The ordered combination of (a) Gaussian noise application with sensitivity-based variance calibration, (b) per-query and per-project epsilon budget tracking and automated enforcement, (c) linear program reconstruction attack simulation across varying epsilon values, and (d) automated result gating based on quantified re-identification risk thresholds is not well-understood, routine, or conventional in the field. These limitations, taken as an ordered.” Examiner’s Reply: The platform uses various well-understood routine and conventional techniques such as gaussian noise, query budgets, hypothesis test, and simulation in order to identify a risk. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 3-12, 15-16, 18-27, 30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-patentable subject matter. The claims are directed to an abstract idea without significantly more. Claim 1, 3-12, 15-16, 18-27, 30 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The judicial exception is not integrated into a practical application. The claims do not include additional elements that are sufficient to amount to significantly more than judicial exception. The eligibility analysis in support of these findings is provided below, on Claim Rejections - 35 USC 101 accordance with the "2019 Revised Patent Subject Matter Eligibility Guidance" (published on 1/7/2019 in Fed, Register, Vol. 84, No. 4 at pgs. 50-57, hereinafter referred to as the "2019 PEG"). Step 1. in accordance with Step 1 of the eligibility inquiry (as explained in MPEP 2106), it is first noted the claim(s) 1, 3-12, 15-16, 18-27, 30 are directed to one of the eligible categories of subject matter and therefore satisfies Step 1. Step 2A. In accordance with Step 2A, prong one of the 2019 PEG, it is noted that the independent claims recite an abstract idea falling within the Mathematical Concepts & Mental Processes enumerated groupings of abstract ideas set forth in the 2019 PEG. Examiner is of the position that independent claims 1 and 16 are directed towards the Mental Process Grouping of Abstract Ideas. Independent claims 1 and 16 recites the following limitations directed towards a Mathematical Concepts & Mental Processes: calculate an answer to the request (The limitation recites a mathematical concept; calculating); apply differential privacy noise to the answer using a Gaussian mechanism that adds noise sampled from a Gaussian distribution where the variance is selected according to sensitivity Δf and differential privacy parameters Ɛ and δ to produce a noisy result (The limitation recites a mathematical concept; perturbations. Applicant’s specification at Paragraphs 70-71 highlights noise methods that are used during analytics for re-identification risk); perform a hypothesis test against the private dataset (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by performing a test); and calculate a final result from the performance of the hypothesis test against the private dataset, wherein the final result is protective of the privacy of the private dataset by simulating a linear program reconstruction attack on the private dataset for various measures of privacy cost Ɛ and measuring a level of success of the attack to determine a quantified re-identification risk below a threshold, wherein the threshold is no more than 0.05 wherein the final result is protective of the privacy of the data set (The limitation recites a mathematical concept; calculating); calculate a query epsilon budget and apply the query epsilon budget, and only return the noisy result if the per-query epsilon budget has not been exceeded by the request for an operation return the noisy result (The limitation recites a mathematical concept; calculating); maintain a per-project epsilon budget, calculate a query epsilon for a plurality of requests for an operation against the private dataset, calculate a project epsilon by summing each of the previous query epsilons, and only return the noisy result if the project epsilon does not exceed the per-project epsilon budget (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by maintaining a budget). Step 2A. In accordance with Step 2A, prong two of the 2019 PEG, the judicial exception is not integrated into a practical application because of the recitation in claim(s) 1 and 16: at least one processor (i.e., as a generic processor/component performing a generic computer function); a database (i.e., as a generic processor/component performing a generic computer function) comprising a private dataset in communication with the at least one processor; at least one non-transitory media(i.e., as a generic processor/component performing a generic computer function) in communication with the processor, wherein the non-transitory media comprises an instruction set comprising instructions that, when executed at the at least one processor in communication with the at least one processor, are configured to: receive a request for an operation against the private dataset (recites insignificant extra solution activity that amounts to mere data gathering); return the noisy result (recites insignificant extra solution activity that amounts to transmitting data); receive a request for hypothesis testing against the private dataset (recites insignificant extra solution activity that amounts to mere data gathering); Step 2B. Similar to the analysis under 2A Prong Two, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Because the additional elements of the independent claims amount to insignificant extra solution activity and/or mere instructions, the additional elements do not add significantly more to the judicial exception such that the independent claims as a whole would be patent eligible. Therefore, independent claims 1 and 16 are rejected under 35 U.S.C. 101. With respect to claim(s) 3 and 18: Step 2A, prong one of the 2019 PEG: wherein the final result is a set of aggregate statistical results (The limitation recites a mathematical concept; calculating). Step 2A Prong Two Analysis: This judicial exception is not integrated into a practical application because there are no additional elements to provide practical application. Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 4 and 19: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to release the final result if an approval is received (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 5 and 20: Step 2A, prong one of the 2019 PEG: execute the query against the private dataset (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by executing a query). Step 2A Prong Two Analysis: wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to: receive a query from the internal analytics computer system (recites insignificant extra solution activity that amounts to mere data gathering); return a set of true results to the internal analytics computer system (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 6 and 21: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: receive a machine learning training or evaluation request (recites insignificant extra solution activity that amounts to mere data gathering); ingest the machine learning training or evaluation request and perform the machine learning task against the private dataset (recites insignificant extra solution activity that amounts to ingesting data); and return a machine learning training or evaluation result (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 7 and 22: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: wherein the machine learning training or evaluation result comprises summary statistics without a machine learning model (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 8 and 23: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: receive a machine learning training or evaluation request (recites insignificant extra solution activity that amounts to mere data gathering); ingest the machine learning training or evaluation request and perform the machine learning task against the private dataset (recites insignificant extra solution activity that amounts to ingesting data); and return a set of summary statistics (recites insignificant extra solution activity that amounts to transmitting data); receive a machine learning training or evaluation request (recites insignificant extra solution activity that amounts to mere data gathering); retrieve and return the machine learning model (recites insignificant extra solution activity that amounts to retrieving data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 9 and 24: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: wherein the machine learning training or evaluation result comprises summary statistics without a machine learning model (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 10 and 25: Step 2A, prong one of the 2019 PEG: generate a synthetic dataset from the private dataset (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by generating a dataset); evaluate the privacy of the synthetic dataset (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by evaluating privacy). Step 2A Prong Two Analysis: receive a request for a synthetic dataset (recites insignificant extra solution activity that amounts to mere data gathering); based on the result of the evaluation of the privacy of the synthetic dataset, return the synthetic dataset (recites insignificant extra solution activity that amounts to transmitting data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-10 and 16, 18-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jiang et al. (US Pub. No. 20220050917) and Lafever et al. (US Pub. No. 20190332807) in further view of Heckenbrocht et al. (US Pub. No. 20200250335). With respect to claim 1, Jiang et al. teaches a platform to support hypothesis testing on private data, wherein the system comprises: at least one processor (See Fig. 2); a database comprising a private dataset in communication with the at least one processor (See Fig. 2); at least one non-transitory media (Paragraph 40 discloses computer readable medium) in communication with the processor, wherein the non-transitory media comprises an instruction set comprising instructions that, when executed at the at least one processor in communication with the at least one processor, are configured to: receive a request for an operation against the private dataset (Paragraph 41 discloses generating a synthetic dataset from the received dataset, the synthetic dataset comprising N records); calculate an answer to the request (Paragraph 41 discloses generating a synthetic dataset from the received dataset, the synthetic dataset comprising N records); receive a request for hypothesis testing against the private dataset (Paragraph 154 discloses a hypothesis testing estimator); perform a hypothesis test against the private dataset (Paragraph 154 discloses a hypothesis testing estimator); return the final result (Paragraph 154 discloses a hypothesis testing estimator. The results show that the average of two copula methods produced the best results, with high accuracy of the re-identification probability under the considered attack). Jiang et al. does not disclose apply noise to the answer from the external analytics computer system to produce a noisy result. However, Lafever et al. teaches apply differential privacy noise to the answer using a Gaussian mechanism that adds noise sampled from a Gaussian distribution where the variance is selected according to sensitivity Δf and differential privacy parameters Ɛ and δ to produce a noisy result (Paragraph 58 discloses enabling any Privacy-Enhancing Technology (“PET”) including, but not limited to, public key encryption, k-anonymity, l-diversity, introduction of “noise,” differential privacy, homomorphic encryption, digital rights management, identity management, suppression and/or generalization of certain data by row, by column, by any other dimension, by any combination of dimensions); return the noisy result (Paragraph 480 discloses Anonymity Measurement Score (AMS) measurement schema ties statistical probabilities of re-identification to create multiple ratings depending on the level and degree of disassociation and/or replacement applied to data elements) calculate a final result from the performance of the hypothesis test against the private dataset, wherein the final result is protective of the privacy of the private dataset by simulating a linear program reconstruction attack on the private dataset for various measures of privacy cost Ɛ and measuring a level of success of the attack to determine a quantified re-identification risk below a threshold wherein the threshold is no more than 0.05, wherein the final result is protective of the privacy of the data set (Paragraph 480 discloses Anonymity Measurement Score (AMS) measurement schema ties statistical probabilities of re-identification to create multiple ratings depending on the level and degree of disassociation and/or replacement applied to data elements and Paragraph 643 discloses GDPR Article 4(5) defines “Pseudonymisation” as requiring separation of the information value of data from the risk of re-identification. To benefit from GDPR statutory/regulatory incentives and rewards for pseudonymisation, this separation is necessary. Replacing multiple occurrences of the same personal data elements (e.g., name of a Data Subject) with “static” (or persistent) tokens fails to separate the information value of data from the risk of re-identification because re-identifying correlations and linkage attacks (aka the “Mosaic Effect”) are possible due to “static” (or persistent) identifiers being used instead of dynamic de-identifiers). Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Jiang et al. with Lafever et al. This would have facilitated privacy risk detection. See Lafever et al. Paragraph(s) 5-90. Jiang et al. as modified by Lafever et al. does not disclose calculate a query epsilon budget and apply the query epsilon budget, and only return the noisy result if the per-query epsilon budget has not been exceeded by the request for an operation. However, Heckenbrocht et al. teaches calculate a query epsilon budget and apply the query epsilon budget, and only return the noisy result if the per-query epsilon budget has not been exceeded by the request for an operation (Paragraph 22 discloses privacy budget may be specified in terms of a query, analyst, client 104, entity, globally, and/or time period. For example, the privacy budget may specify limits for an individual query, with each query having a separate budget. The privacy budget may also specify limits for an analyst or client, in which case the budget is calculated cumulatively across multiple queries from a client or analyst); maintain a per-project epsilon budget, calculate a query epsilon for a plurality of requests for an operation against the private dataset, calculate a project epsilon by summing each of the previous query epsilons, and only return the noisy result if the project epsilon does not exceed the per-project epsilon budget (Paragraph 22 discloses privacy budget may be specified in terms of a query, analyst, client 104, entity, globally, and/or time period. For example, the privacy budget may specify limits for an individual query, with each query having a separate budget. The privacy budget may also specify limits for an analyst or client, in which case the budget is calculated cumulatively across multiple queries from a client or analyst and Paragraph 26 discloses transformations may involve perturbing the process by which the DP query 114 is produced from the analytical query 108 and/or perturbing the results released by the database 106 with noise that provides the differential privacy specified by the privacy parameters while enforcing the privacy budget). Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Jiang et al. and Lafever et al. with Heckenbrocht et al. This would have facilitated privacy risk detection. See Heckenbrocht et al. Paragraph(s)7-8. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 1. With respect to claim 3, Jiang et al. teaches the system of claim 1, wherein the final result is a set of aggregate statistical results (Paragraph 140 discloses descriptive visualization for presenting the results was not accompanied by formal statistical tests to compare the error at different true risk values B because in a simulation context such testing is not informative. One can just increase the number of simulation study points to get statistically significant differences across the board. Therefore, the useful information is the median error and the variation of the error (in the form of inter-quartile range)). The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 1. With respect to claim 4, Lafever et al. teaches the system of claim 1, wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to release the final result if an approval is received (Paragraph 480 discloses Anonymity Measurement Score (AMS) measurement schema ties statistical probabilities of re-identification to create multiple ratings depending on the level and degree of disassociation and/or replacement applied to data elements). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 4. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 4. With respect to claim 5, Lafever et al. discloses the system of claim 4, wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to: receive a query (Paragraph 219 discloses choice between these two strategies involves a tradeoff between increased obscurity and the ease with which one may perform aggregation queries on obscured data); execute the query against the private dataset (Paragraph 219 discloses choice between these two strategies involves a tradeoff between increased obscurity and the ease with which one may perform aggregation queries on obscured data); and return a set of true results (Paragraph 219 discloses choice between these two strategies involves a tradeoff between increased obscurity and the ease with which one may perform aggregation queries on obscured data). The motivation to combine statement previously provided in the rejection of dependent claim 4 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 5. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 1. With respect to claim 6, Lafever et al. discloses the system of claim 1, wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to: receive a machine learning training or evaluation request (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); ingest the machine learning training or evaluation request and perform the machine learning task against the private dataset (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); and return a machine learning training or evaluation result (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set). The motivation to combine statement previously provided in the rejection of dependent claim 1 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 6. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 6. With respect to claim 7, Lafever et al. discloses the system of claim 6, wherein the machine learning training or evaluation result comprises summary statistics without a machine learning model (Paragraph 33 discloses Dynamic Anonymity will be more attractive than traditional approaches to “de-identification” that protect data privacy/anonymity by using a defensive approach—e.g., a series of masking steps are applied to direct identifiers (e.g., name, address) and masking and/or statistically-based manipulations are applied to quasi-identifiers (e.g., age, sex, profession) in order to reduce the likelihood of re-identification by unauthorized third parties). The motivation to combine statement previously provided in the rejection of dependent claim 6 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 7. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 4. With respect to claim 8, Lafever et al. discloses the system of claim 4, wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to: receive a machine learning training or evaluation request ((Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); ingest the machine learning training or evaluation request and perform the machine learning task against the private dataset (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); return a set of summary statistics (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); receive a request for the machine learning model (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set); and retrieve and return the machine learning model (Paragraph 576 discloses the categorization service may use AI-related techniques, including machine learning, to determine which category(ies) of data are being stored in the data set of interest. Likewise, the analysis service may analyze the determined categories and suggest one or more privacy policies that may be appropriate for the type of data being managed. The data store may be used over time to both store and update potential data categories and policies related thereto as the Intelligent Policy Compliance system uses machine learning or other methods to “learn” over time which data privacy and anonosization policies are most effective (or preferred, e.g., by users) for a given type of data set). The motivation to combine statement previously provided in the rejection of dependent claim 4 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 8. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 4. With respect to claim 9, Lafever et al. discloses the system of claim 8, wherein the machine learning training or evaluation result comprises summary statistics without a machine learning model (Paragraph 33 discloses Dynamic Anonymity will be more attractive than traditional approaches to “de-identification” that protect data privacy/anonymity by using a defensive approach—e.g., a series of masking steps are applied to direct identifiers (e.g., name, address) and masking and/or statistically-based manipulations are applied to quasi-identifiers (e.g., age, sex, profession) in order to reduce the likelihood of re-identification by unauthorized third parties). The motivation to combine statement previously provided in the rejection of dependent claim 8 provided above, combining the Jiang et al. reference and the Lafever et al. reference is applicable to dependent claim 9. The Jiang et al. reference as modified by Lafever et al. and Heckenbrocht et al. teaches all the limitations of claim 1. With respect to claim 10, Jiang et al. teaches the system of claim 1, wherein the instruction set, when executed at the at least one processor in communication with the at least one processor, is further configured to: receive a request for a synthetic dataset from the external analytics computer system (Paragraph 31 discloses generating a synthetic dataset from the received dataset); generate a synthetic dataset from the private dataset (Paragraph 31 discloses generating a synthetic dataset from the received dataset); evaluate the privacy of the synthetic dataset (Paragraph 155 discloses A sensitivity analysis was also performed on the main parameter that is used by the average copula method, the population size. The accuracy is affected by errors in this parameter. Our recommendation is to err on underestimating the value of N when there is uncertainty about its true value. This results in an overestimate of the risk and therefore gives a little more privacy protection that what is necessary); and based on the result of the evaluation of the privacy of the synthetic dataset, return the synthetic dataset to the external analytics computer system (Paragraph 155 discloses A sensitivity analysis was also performed on the main parameter that is used by the average copula method, the population size. The accuracy is affected by errors in this parameter. Our recommendation is to err on underestimating the value of N when there is uncertainty about its true value. This results in an overestimate of the risk and therefore gives a little more privacy protection that what is necessary). With respect to claim 16, Jiang et al. teaches a method for testing a hypothesis using private data, the method comprising the steps of: at a data analytics platform, receiving a request for an operation against the private dataset (Paragraph 41 discloses generating a synthetic dataset from the received dataset, the synthetic dataset comprising N records); at the data analytics platform, calculating an answer to the request (Paragraph 41 discloses generating a synthetic dataset from the received dataset, the synthetic dataset comprising N records); at the data analytics platform, receiving a request for hypothesis testing against the private dataset (Paragraph 154 discloses a hypothesis testing estimator); at the data analytics platform, performing a hypothesis test against the private dataset (Paragraph 154 discloses a hypothesis testing estimator); return from the data analytics platform the final result (Paragraph 154 discloses a hypothesis testing estimator. The results show that the average of two copula methods produced the best results, with high accuracy of the re-identification probability under the considered attack). Jiang et al. does not disclose apply noise to the answer from the external analytics computer system to produce a noisy result. However, Lafever et al. teaches apply differential privacy noise to the answer using a Gaussian mechanism that adds noise sampled from a Gaussian distribution where the variance is selected according to sensitivity Δf and differential privacy parameters Ɛ and δ to produce a noisy result (Paragraph 58 discloses enabling any Privacy-Enhancing Technology (“PET”) including, but not limited to, public key encryption, k-anonymity, l-diversity, introduction of “noise,” differential privacy, homomorphic encryption, digital rights management, identity management, suppression and/or generalization of certain data by row, by column, by any other dimension, by any combination of dimensions); return the noisy result (Paragraph 480 discloses Anonymity Measurement Score (AMS) measurement schema ties statistical probabilities of re-identification to create multiple ratings depending on the level and degree of disassociation and/or replacement applied to data elements) calculate a final result from the performance of the hypothesis test against the private dataset, wherein the final result is protective of the privacy of the private dataset by simulating a linear program reconstruction attack on the private dataset for various measures of privacy cost Ɛ and measuring a level of success of the attack to determine a quantified re-identification risk below a threshold, wherein the final result is protective of the privacy of the data set (Paragraph 480 discloses Anonymity Measurement Score (AMS) measurement schema ties statistical probabilities of re-identification to create multiple ratings depending on the level and degree of disassociation and/or replacement applied to data elements and Paragraph 643 discloses GDPR Article 4(5) defines “Pseudonymisation” as requiring separation of the information value of data from the risk of re-identification. To benefit from GDPR statutory/regulatory incentives and rewards for pseudonymisation, this separation is necessary. Replacing multiple occurrences of the same personal data elements (e.g., name of a Data Subject) with “static” (or persistent) tokens fails to separate the information value of data from the risk of re-identification because re-identifying correlations and linkage attacks (aka the “Mosaic Effect”) are possible due to “static” (or persistent) identifiers being used instead of dynamic de-identifiers). Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Jiang et al. with Lafever et al. This would have facilitated privacy risk detection. See Lafever et al. Paragraph(s) 5-90. However, Heckenbrocht et al. teaches calculate a query epsilon budget and apply the query epsilon budget, and only return the noisy result if the per-query epsilon budget has not been exceeded by the request for an operation (Paragraph 22 discloses privacy budget may be specified in terms of a query, analyst, client 104, entity, globally, and/or time period. For example, the privacy budget may specify limits for an individual query, with each query having a separate budget. The privacy budget may also specify limits for an analyst or client, in which case the budget is calculated cumulatively across multiple queries from a client or analyst); maintain a per-project epsilon budget, calculate a query epsilon for a plurality of requests for an operation against the private dataset, calculate a project epsilon by summing each of the previous query epsilons, and only return the noisy result if the project epsilon does not exceed the per-project epsilon budget (Paragraph 22 discloses privacy budget may be specified in terms of a query, analyst, client 104, entity, globally, and/or time period. For example, the privacy budget may specify limits for an individual query, with each query having a separate budget. The privacy budget may also specify limits for an analyst or client, in which case the budget is calculated cumulatively across multiple queries from a client or analyst and Paragraph 26 discloses transformations may involve perturbing the process by which the DP query 114 is produced from the analytical query 108 and/or perturbing the results released by the database 106 with noise that provides the differential privacy specified by the privacy parameters while enforcing the privacy budget). Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Jiang et al. and Lafever et al. with Heckenbrocht et al. This would have facilitated privacy risk detection. See Heckenbrocht et al. Paragraph(s)7-8. With respect to claim 18, it is rejected on grounds corresponding to above rejected claim 3, because claim 18 is substantially equivalent to claim 3. With respect to claim 19, it is rejected on grounds corresponding to above rejected claim 4, because claim 19 is substantially equivalent to claim 4. With respect to claim 20, it is rejected on grounds corresponding to above rejected claim 5, because claim 20 is substantially equivalent to claim 5. With respect to claim 21, it is rejected on grounds corresponding to above rejected claim 6, because claim 21 is substantially equivalent to claim 6. With respect to claim 22, it is rejected on grounds corresponding to above rejected claim 7, because claim 22 is substantially equivalent to claim 7. With respect to claim 23, it is rejected on grounds corresponding to above rejected claim 8, because claim 23 is substantially equivalent to claim 8. With respect to claim 24, it is rejected on grounds corresponding to above rejected claim 9, because claim 24 is substantially equivalent to claim 9. With respect to claim 25, it is rejected on grounds corresponding to above rejected claim 10, because claim 19 is substantially equivalent to claim 10. Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US PG-PUB 20210279367 is directed to SYSTEM AND METHOD FOR OBJECTIVE QUANTIFICATION AND MITIGATION OF PRIVACY RISK: [0016] system and method for objective quantification and mitigation of privacy-risk of a dataset is disclosed. The system and method include an input-output (IO) interface for receiving at least one input dataset, on at least one of which a measurement of the risk is to be performed, and a configuration file governing the anonymization, a scoring engine including: a uniqueness sub-engine that determines the uniqueness of an individual's records at data subject-level as well as at data-level and also across entire records as well as subsets of columns within the given dataset and outputs uniqueness scores; a similarity sub-engine that compares and computes the similarity between two datasets in terms of data reproduction or overlap that exists between them, by directly comparing entire records as well as the subsets of columns and produces similarity scores; a statistical sub-engine that computes statistics for the given dataset in order to find indications of potential privacy-risks/re-identification risks and to find overt re-identification risks in terms of outliers, including potential risks specified in the configuration file; a contextual sub-engine for quantifying contextual factors by considering weighted approaches and producing a single context-centric score; and a recommendation engine that identifies mitigation measures and techniques to reduce the discovered privacy-risks by taking in to account the factors that are contributing to higher risk. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS E ALLEN whose telephone number is (571)270-3562. The examiner can normally be reached Monday through Thursday 830-630. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /N.E.A/Examiner, Art Unit 2154 /SYED H HASAN/Primary Examiner, Art Unit 2154
Read full office action

Prosecution Timeline

Mar 16, 2023
Application Filed
Jun 26, 2025
Non-Final Rejection mailed — §101, §103
Aug 26, 2025
Response Filed
Dec 18, 2025
Final Rejection mailed — §101, §103
Mar 18, 2026
Request for Continued Examination
Mar 21, 2026
Response after Non-Final Action
Jun 29, 2026
Non-Final Rejection mailed — §101, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12681918
MULTIPLE CACHING OPERATIONS TO SUPPORT OFFLINE EXECUTION
3y 5m to grant Granted Jul 14, 2026
Patent 12380068
RECENT FILE SYNCHRONIZATION AND AGGREGATION METHODS AND SYSTEMS
1y 6m to grant Granted Aug 05, 2025
Patent 12339822
METHOD AND SYSTEM FOR MIGRATING CONTENT BETWEEN ENTERPRISE CONTENT MANAGEMENT SYSTEMS
1y 10m to grant Granted Jun 24, 2025
Patent 12321704
COMPOSITE EXTRACTION SYSTEMS AND METHODS FOR ARTIFICIAL INTELLIGENCE PLATFORM
2y 7m to grant Granted Jun 03, 2025
Patent 12271379
CROSS-DATABASE JOIN QUERY
1y 9m to grant Granted Apr 08, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
76%
Grant Probability
91%
With Interview (+14.7%)
3y 0m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 773 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month