DETAILED ACTION
Claims 1-20 are pending in this action.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8, 10-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Davis et al. (US 2018/0176193) [hereinafter “Davis”] in view of Thayer et al. (US 2018/0285591) [hereinafter “Thayer”] in further view of Guirguis et al. (US 2012/0030165) [hereinafter “Guirguis”] in further view of Zakour (US PGPUB No. 2020/0110902) in further view of Heckel et al. (US Patent No. 10,169,315) [hereinafter “Heckel”].
Regarding claim 1, Davis discloses a system comprising: an object storage service comprising one or more computing devices, wherein the object storage service is configured to store a plurality of data objects within an object data store (Fig. 4 [0038] protection module 312 or [0047] detection module 412 receives request from client, directed to backend servers ); and a code execution service comprising one or more computing devices for on-demand execution of functions in an input/output (I/O) path of the object storage service (Fig. 4 encryption module 414); wherein the object storage service is configured to at least: receive input data and a request to store the input data as a data object within the object data store ([0047]: detection module receives requests from a client, [0048] the data directed to backend services hosted by the service provider); determine that a function to obfuscate a portion of the input data, associated with the request to store the input data, is to be executed prior to storing the input data as the data object ([0038][0046][0047] detects sensitive data from the request, [0041] protect sensitive data prior to forwarding to backend services); and transmit a call to the code execution service to execute the function against the input data ([0042][0047] transmit data to encryption module to be encrypted); and wherein the code execution service is configured to at least: receive, from the object storage service, the call to execute the function, the call including the input data ([0047]: encryption module receives data to be encrypted); and execute the function, wherein executing the function causes the service to: identify, within the input data, one or more instances of private information that is to be obfuscated prior to storing the input data as the data object within the object data store ([0046]: encryption module’s configuration data includes information suitable for identifying sensitive data, [0047] encrypt the sensitive data); generate output data comprising the one or more instances of the private information of the input data in obfuscated form; and return the output data to the object storage service; wherein the object storage service is further configured to store the output data in the object data store as the data object ([0048]: return encrypted sensitive data to detection module, which formats and forwards to the backend server for storage).
Although Davis disclose the proxy fleet may transmit encrypted data and the remaining non-sensitive data to the backend service ([0040]), Davis does not explicitly teach the encryption module (interpreted as the code execution service) generates the output data including un-obfuscated data. However, Thayer discloses obfuscating sensitive data including in a document, and substituting the sensitive data by the obfuscated value, redacting the document , meaning non-sensitive data remain untouched ([0013][0024]), teaching generate output data comprising the one or more instances of the private information of the input data in obfuscated form and a remaining portion of the input data in un-obfuscated form. It would have been obvious to a skilled artisan before the instant application was effectively filed, to have the encryption module generates the output data by redacting the input as taught by Thayer because it would provide privacy for the sensitive data while limiting the obfuscation process to the needed sensitive fields, enhancing the process.
Davis in view of Thayer does not explicitly teach compare the portion to a criterion and responsive to the comparison determine an obfuscation method to be executed by the function, wherein the obfuscation method is determined directly from comparing the portion of the criterion without an additional comparison. Guirguis teaches compare the portion to a criterion (Abstract, determining type of data) and responsive to the comparison determine an obfuscation method to be executed by the function, wherein the obfuscation method is determined directly from comparing the portion of the criterion without an additional comparison (Abstract, determining an obfuscation method based on the type of data).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Davis and Thayer with the teachings of Guirguis, compare the portion to a criterion and responsive to the comparison determine an obfuscation method to be executed by the function, wherein the obfuscation method is determined directly from comparing the portion of the criterion without an additional comparison, to use the most appropriate obfuscation method which will address all concerns including efficiency and security.
The combination of Davis, Thayer and Guirguis does not explicitly teach wherein the input data is associated with an entity and wherein the obfuscation method is automatically selected from a plurality of obfuscation methods selected by the entity. Zakour teaches wherein the input data is associated with an entity ([0016], source artifacts, images and text, with data and metadata associated with a user via a user interface) and wherein the obfuscation method is automatically selected from a plurality of obfuscation methods selected by the entity ([0016], automatically selecting rules that have been set and modified by a user to redact various files).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Davis, Thayer and Guirguis with the teachings of Zakour, wherein the input data is associated with an entity and wherein the obfuscation method is automatically selected from a plurality of obfuscation methods selected by the entity, to allow the security and privacy concerns of a user or entity to be fully expressed and implemented in the data system.
The combination of Davis, Thayer, Guirguis and Zakour does not explicitly teach wherein the request comprises an indication of an access profile; determine based at least partly on the access profile, that a function to obfuscate a portion of the input data, associated with the request to store the input data is to be executed prior to storing the input data as the data object and determine based on the access profile, to obtain the input data. Heckel teaches wherein the request comprises an indication of an access profile (Col. 4, lines 5-20, the system has an access “profile” that includes confidentiality, regulatory, location, personal and other requirements and policies) see also (Col. 5, lines 1-3, redaction versions can be based on types of user); determine based at least partly on the access profile, that a function to obfuscate a portion of the input data, associated with the request to store the input data is to be executed prior to storing the input data as the data object (Col. 4, lines 17-18, text is redacted and stored as the redacted text) and determine based on the access profile, to obtain the input data (Col. 5, lines 1-8, access to the document can be obtained based on the type of user).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Davis, Thayer, Guirguis and Zakour with the teachings of Heckel, wherein the request comprises an indication of an access profile; determine based at least partly on the access profile, that a function to obfuscate a portion of the input data, associated with the request to store the input data is to be executed prior to storing the input data as the data object and determine based on the access profile, to obtain the input data, to allow the security and privacy concerns of a user or entity to be fully expressed and implemented in the data system.
Regarding claim 2, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the system of claim 1, wherein the input data does not remain stored in the object storage service in un-obfuscated form after the object storage service stores the output data (Davis, [0048]: replace sensitive data by encrypted data).
Regarding claim 3, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the system of claim 1, wherein the code execution service is configured to generate the output data by: determining a unique token for each instance of the private information, wherein each unique token is different from every other unique token (Thayer [0020][0021] obfuscate each sensitive value by generating unique values for each sensitive value); storing the instances of the private information and a mapping of the unique tokens to the instances of the private information (Thayer [0023]: for each sensitive value, map key, obfuscated value and sensitive value, store map in database 112); and replacing each instance of the private information with the corresponding unique token (Thayer [0024][0025]: substitute sensitive values by obfuscated values, store in database). (motivation to combine with Davis with Thayer is for enforcing data privacy).
Regarding claim 4, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the system of claim 1, wherein the code execution service is configured to generate the obfuscated form of the private information by encrypting the private information (Davis [0026]).
Regarding claims 5 and 13, the claims recite substantially the same content as claim 1 and are rejected as in claim 1.
Regarding claims 6 and substantially 14, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the computer-implemented method of claim 5, wherein determining to obfuscate a first portion of the input data comprises determining that the first portion includes private information (Davis, [0046]).
Regarding claims 7 and substantially 15, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the computer-implemented method of claim 6, wherein the private information represents one or more of: personally identifiable information, a name, an address, an age, a government-issued identification number, a date of birth, a place of birth, a mother's maiden name, an account number, or a biometric record (Davis [0025]).
Regarding claims 8 and substantially 16, the claims recite substantially the same content as claim 3 and are rejected as in claim 3.
Regarding claims 10 and substantially 18, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the computer-implemented method of claim 5, wherein generating the first obfuscated portion comprises encrypting the first portion of the input data using an encryption key (Davis [0026]).
Regarding claims 11 and substantially 19, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the computer-implemented method of claim 10, further comprising storing the encryption key and a mapping of the encryption key to the first obfuscated portion (Thayer, Fig. 1 table 114, motivation to combine Davis and Thayer for key management purposes).
Regarding claims 12 and substantially 20, the combination of Davis, Thayer, Guirguis, Zakour and Heckel discloses the computer-implemented method of claim 5, wherein determining to obfuscate the first portion of the input data is based at least in part upon a portion of the input data (Davis [0046]: determining based on data type, field, format ... associated with sensitive data).
Allowable Subject Matter
Claims 9 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Response to Arguments
Applicant’s arguments with respect the rejection of claims 1-8, 10-16 and 18-20 under 35 U.S.C. 103 have been fully considered and are persuasive. In light of the new amendments a new prior art reference, Heckel, has been introduced and cited to.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Stull et al. (WO-2008039565-A2), Davis et al. (US PGPUB No. 2018/0176193), Fisher et al. (US PGPUB No. 2019/0354708), Abid et al ("A Comparative Analysis of Blockchain Redaction Techniques," 2024 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), Shanghai, China, 2024, pp. 93-102, doi: 10.1109/DAPPS61106.2024.00021) and Chandrashekhar et al. ("RedactSafe: Ensuring PII Security in Legal Audits," 2025 Global Conference in Emerging Technology (GINOTECH), PUNE, India, 2025, pp. 1-7, doi: 10.1109/GINOTECH63460.2025.11076720) all disclose various aspects of the claimed invention including choosing an obfuscation method based on a data type.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PETER C SHAW/Primary Examiner, Art Unit 2493 January 26, 2026