Knowledge Management System and Method

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This communication is in response to application 17/886,284 filed on 8/11/2022. Claim 5 is canceled, and new claim 21 is added. Claims 1, 4, 6-7, 14, and 17-18 are amended and hereby entered. No claims are allowed. Response to Arguments Applicant's arguments filed 11/25/2025 are fully considered but they are not persuasive. The applicants’ amendments have necessitated new grounds for rejection relying on new prior art rendering applicant’s arguments moot. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 8-16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chasin (US 20210104168 A1) in view of Saad (US 20200387625 A1) in further view of Estehghari (US 20150304315 A1). Regarding Claim 1, Chasin teaches: A system comprising: (a) a server including a processor and a memory; (b) a user device comprising a display and in communication with the server; (c) a system architecture implemented by the server comprising an application layer and a database layer, [(Para 0009) "According to one embodiment of the invention, a cross-functional information system facilitates constructive student intervention and includes a memory, a database and processor. The memory stores computer program instructions that facilitate database access and providing data for a user interface that highlights indicators and red flags for students to a user." (Para 0031) "Referring to FIG. 1, the system includes a web application 10, a management system 20 with various layers, databases 30 and a survey tool 40. The management system 20 integrates a security layer 22, a reset controller 24, a business access layer 26 and a data access layer 28."] wherein the database layer is configured to store a plurality of student datasets corresponding to a population of students, wherein each student dataset is associated with one student of the population of students, and comprises a task dataset indicating whether any of a plurality of tasks have been performed with that student, [(Para 5) "The key “input data” are stored and aggregated in a database, and include information from family, school staff, school district records, and the students themselves. The input data identifies each individual's strengths and needs. From kindergarten on, each student's progress may be tracked and needs in particular areas (“off-track” indicators) addressed preemptively."] a consent status indicating whether consent has been received for performing any of the plurality of tasks with that student, [(Para 7) "According to another embodiment of the present invention, an educational database associated with an educational management system includes a collection of current student data in multiple domains and access to this information is tightly controlled to ensure parental consent to use of the information and controlled use of the information."] and a set of student information describing personal information and demographic information of that student; [(Para 0006) "According to one embodiment of the invention, a management system is coupled to a database that includes information for each student" (Para 0008) Aggregated data may then be used, for example, for comparisons of on-track/off-track status on a selected indicator between all fifth-grade students based on various demographic breakdowns or by gender.] wherein the processor is configured to: (i) cause a population status interface to display, on the display of the user device a description of the plurality of tasks and a completion indicator for each of the plurality of tasks that is based on the task datasets for the plurality of student datasets; [(Para 0010) "The processor is coupled to the memory and the database, and executes the computer program instructions in order to: (a) present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help; "] (ii) based on a first user input selecting a task portion of the population status interface corresponding to a task of the plurality of tasks, cause a student population interface to display a description of the population of students and, for each student, a description of whether any of the plurality of tasks have been performed with that student; [(Para 0010) "present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help;" (Para 0012) "The method may further include providing an interactive user interface" (Para 0008) "The educational database and management system may also be used to aggregate data from student populations or groups of students or, for example, participation in particular programs. Aggregated data may then be used, for example, for comparisons of on-track/off-track status on a selected indicator between all fifth-grade students based on various demographic breakdowns or by gender. Many types of analyses may be made using aggregate data that can then in turn be used by specialists to direct help to particular student groups. Access to aggregate data may be similarly controlled to restrict aggregate data to students within a particular school district."] and (iii) based on a second user input selecting a student of the population of students via the student population interface, cause a student specific status interface to display based on a student dataset of the plurality of student datasets for the student, [(Figure 14, Figure 2, Figure 6) Figure 14 shows a population of students where user input is required to cause a student specifc status to display. Figures 2 & 6 show student specific status from the plurality of student datasets] wherein the student specific status interface comprises the description of the plurality of tasks, a graphical consent indication based on the consent status, and a graphical completion indication based on the task dataset. [(Para 0007) "an educational database associated with an educational management system includes a collection of current student data in multiple domains and access to this information is tightly controlled to ensure parental consent to use of the information and controlled use of the information" (Figure 2 and Figure 6)]; The manner in which the data is displayed on the user interface is nonfunctional and does not support a functional relationship (i.e. showing a status in a graphical pie chart versus printed text does not change the function of displaying information) wherein the application layer is configured to: upon entry of one or more personal information for a new student, automatically: (a) retrieve one or more personal information for a new student from electronic health records, [the source of the data describes nonfunctional descriptive material that does not carry patentable weight in the claims; (Para 0012) “configuring a management system to have access to a student record database; providing the student record database with records associated with student school district records, on-line survey data, service provider data; configuring security related access parameters for administrators and third parties to portions of the database”, (Para 0011) “The online survey data may include data associated with physical health, mental health, medical care…”] While Chasin teaches a management system for students information and various tasks, the reference does not explicitly teach: wherein each of the one or more personal information is labeled as sensitive or non-sensitive; (b) for any of the one or more personal information labeled sensitive, interact with the database layer via an encryption interface to encrypt the one or more personal information labeled sensitive, wherein the encryption interface is configured to automatically encrypt any data it creates in the database layer; (c) add a new student dataset to the plurality of student datasets in the database layer, and add the encrypted one or more personal information to the set of student information for the new student; and (d) temporarily store one or more student specific data only within a user session and automatically scrub such data upon session termination However, Saad teaches: wherein each of the one or more personal information is labeled as sensitive or non-sensitive; [(Para 0012) “Some of the data types may include sensitive private or confidential personal data about the entities; other fields may contain more general non-private information about entities such as entity identifying information employed by the user to manage an entity. Personal private or confidential information may comprise, for example, client or patient financial or health data to which access must be restricted. The organization may define those fields in the data records which store sensitive private or confidential data and should have restricted access, and those fields that contain personal data about an entity that is non-private and need not be protected.”] (b) for any of the one or more personal information labeled sensitive, interact with the database layer via an encryption interface to encrypt the one or more personal information labeled sensitive, [(Para 0016) "Upon receiving a request at 34 from the application 14 for writing a record, the gateway API 18 may activate the cryptographic function running on the Lambda compute service 20. At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key. At 38, the cryptographic function rebuilds the user's data record with the required data fields encrypted, and at 40 writes the rebuilt data record to the database."] wherein the encryption interface is configured to automatically encrypt any data it creates in the database layer; [(0012) “A user-selected cryptographic function for encryption and decryption performed by the Lambda service 20 may access this personal fields database to determine which data fields are for private data and require encryption and decryption. The cryptographic function is preferably a symmetric encryption/decryption cryptographic algorithm, such as AES-256, for example”, (Para 0013) “The gateway API is preferably configured to serve as a mediator, as will be described in connection with FIG. 2, that activates the cryptographic function provided by the Lambda service 20 to provide encryption and decryption of those personal private data fields of data records as defined in the personal fields database 24. This enables the data record of a user to comprise encrypted fields containing private personal data of an entity to be accessed for reading and writing using the cryptographic function, and to comprise unencrypted fields containing non-private/non-confidential data that may be accessed directly. “] and (c) add a new student dataset to the plurality of student datasets in the database layer, and add the encrypted one or more personal information to the set of student information for the new student. [(Para 0016) “Upon receiving a request at 34 from the application 14 for writing a record, the gateway API 18 may activate the cryptographic function running on the Lambda compute service 20. At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key. At 38, the cryptographic function rebuilds the user's data record with the required data fields encrypted, and at 40 writes the rebuilt data record to the database”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the management system of Chasin with the addition of encryption taught by Saad, to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. While Chasin in view of Saad teach a protected student management system, they do not explicitly teach deleting temporary data in a user session: and (d) temporarily store one or more student specific data only within a user session and automatically scrub such data upon session termination However, Estehghari teaches: and (d) temporarily store one or more student specific data only within a user session and automatically scrub such data upon session termination [(Para 0057) “At S122, the user session is terminated and the information which was temporarily stored on the platform is deleted, if this has not been done already…”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the protected student management system (Chasin and Saad) with deleting temporary data (Estehghari) to prevent unsafe storage of unencrypted data. It is within the capabilities of one of ordinary skill in the art to utilize encryption, decryption, and deletion methods to protect information in a system yielding predictable results. Regarding Claim 2, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the plurality of tasks comprise a preventative behavioral visit, a preventative medical visit, a parent conference with a nurse practitioner, a parent conference with a social worker, a teacher conference with a nurse practitioner, and a teacher conference with a social worker. [(Para 0010) "present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help"; Changing the nature of the data does not change the function of the invention, therefore the data is nonfunctional and does not support a functional relationship (i.e. replacing “preventative behavioral visit” with “immunization visit” does not change the function of displaying various tasks)] Regarding Claim 3, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the set of student information comprises a student name, a student birthdate, a description of student immunization status, and a description of student medical status. [(Para 0012) "According to another embodiment of the present invention, a method is provided that facilitates constructive student intervention including the steps of configuring a management system to have access to a student record database; providing the student record database with records associated with student school district records, on-line survey data, service provider data;" ; Changing the nature of the data does not change the function of the invention, therefore the data is nonfunctional and does not support a functional relationship] Regarding Claim 8, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the plurality of tasks comprises performing a risk assessment [The limitations describe nonfunctional descriptive material that does not carry patentable weight in the claims. (i.e. whether the student’s task is performing a risk assessment, follow up, or completing a survey, does not change the function of configuring a dataset to store and show a completion of a tasks)] Regarding Claim 9, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the population status interface comprises a geometric shape divided into a plurality of portions that correspond to the plurality of tasks and include the task portion, and the plurality of portions contain the description of the corresponding task and the completion indicator of the corresponding task. [(Figure 14, View of user interface); The manner in which the data is displayed on the user interface is non-functional and does not support a functional relationship (i.e. showing a status in a graphical pie chart versus printed text does not change the function of displaying various tasks] Regarding Claim 10, The combination of Chasin, Saad, and Estehghari teach the limitations of claim 9, Chasin further teaches: wherein the student specific status interface comprises: (a) the geometric shape divided into the plurality of portions corresponds that correspond to the plurality of tasks; (b) the plurality of portions containing the corresponding graphical completion indication; and (c) the graphical consent indication substantially surrounds the geometric shape. [(Figures 2 and 6, components and view of user interface); The manner in which the data is displayed on the user interface is non-functional and does not support a functional relationship (i.e. showing a status in a graphical pie chart versus printed text does not change the function of displaying various task completion)] Regarding Claim 11, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the student specific status interface comprises: (a) a geometric shape divided into a plurality of portions that correspond to the plurality of tasks; (b) the plurality of portions containing the description of the corresponding task and comprising the graphical completion indication; and (c) the graphical consent indication substantially surrounds the geometric shape. [(Figures 2 and 6, components and view of user interface); The manner in which the data is displayed on the user interface is non-functional and does not support a functional relationship (i.e. showing a status in a graphical pie chart versus printed text does not change the function of displaying various task completion)] Regarding Claim 12, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 11, Chasin further teaches: wherein the graphical completion indication and the graphical consent indication comprise a distinct color selected based upon the consent status and the task dataset; [The manner in which the data is displayed on the user interface is non-functional and does not support a functional relationship] Regarding Claim 13, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the plurality of tasks comprises performing one or more follow-ups [The limitations describe nonfunctional descriptive material that does not carry patentable weight in the claims. (i.e. whether the student’s task is performing a follow up, or completing a survey, does not change the function of configuring a dataset to store and show a completion of a tasks)] Regarding Claim 14, Chasin teaches: A method comprising:(a) configuring a system architecture of a server to comprise an application layer and a database layer, [(Para 0009) "According to one embodiment of the invention, a cross-functional information system facilitates constructive student intervention and includes a memory, a database and processor. The memory stores computer program instructions that facilitate database access and providing data for a user interface that highlights indicators and red flags for students to a user." (Para 0031) "Referring to FIG. 1, the system includes a web application 10, a management system 20 with various layers, databases 30 and a survey tool 40. The management system 20 integrates a security layer 22, a reset controller 24, a business access layer 26 and a data access layer 28."] wherein the database layer is configured to store a plurality of student datasets corresponding to a population of students, wherein each student dataset is associated with one student of the population of students, and comprises a task dataset indicating whether any of a plurality of tasks have been performed with that student, [(Para 5) "The key “input data” are stored and aggregated in a database, and include information from family, school staff, school district records, and the students themselves. The input data identifies each individual's strengths and needs. From kindergarten on, each student's progress may be tracked and needs in particular areas (“off-track” indicators) addressed preemptively."] a consent status indicating whether consent has been received for performing any of the plurality of tasks with that student, [(Para 7) "According to another embodiment of the present invention, an educational database associated with an educational management system includes a collection of current student data in multiple domains and access to this information is tightly controlled to ensure parental consent to use of the information and controlled use of the information."] and a set of student information describing personal information and demographic information of that student; [(Para 0006) "According to one embodiment of the invention, a management system is coupled to a database that includes information for each student" (Para 0008) Aggregated data may then be used, for example, for comparisons of on-track/off-track status on a selected indicator between all fifth-grade students based on various demographic breakdowns or by gender.] (b) by the server, causing a population status interface to display, on a display of a user device, comprising a description of the plurality of tasks and a completion indicator for each of the plurality of tasks that is based on the task datasets for the plurality of student datasets; [(Para 0010) "The processor is coupled to the memory and the database, and executes the computer program instructions in order to: (a) present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help; "] (c) based on a first user input selecting a task portion of the population status interface corresponding to a task of the plurality of tasks, causing a student population interface to display comprising a description of the population of students and, for each student, a description of whether any of the plurality of tasks have been performed with that student; and [(Para 0010) "present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help;" (Para 0012) "The method may further include providing an interactive user interface" (Para 0008) "The educational database and management system may also be used to aggregate data from student populations or groups of students or, for example, participation in particular programs. Aggregated data may then be used, for example, for comparisons of on-track/off-track status on a selected indicator between all fifth-grade students based on various demographic breakdowns or by gender. Many types of analyses may be made using aggregate data that can then in turn be used by specialists to direct help to particular student groups. Access to aggregate data may be similarly controlled to restrict aggregate data to students within a particular school district."] (d) based on a second user input selecting a student of the population of students via the student population interface, causing a student specific status interface to display based on a student dataset of the plurality of student datasets for the student, [(Figure 14, Figure 2, Figure 6) Figure 14 shows a population of students where user input is required to cause a student specific status to display. Figures 2 & 6 show student specific status from the plurality of student datasets] wherein the student specific status interface comprises the description of the plurality of tasks, a graphical consent indication based on the consent status, and a graphical completion indication based on the task dataset. [(Para 0007) "an educational database associated with an educational management system includes a collection of current student data in multiple domains and access to this information is tightly controlled to ensure parental consent to use of the information and controlled use of the information" (Figure 2 and Figure 6)]; The manner in which the data is displayed on the user interface is nonfunctional and does not support a functional relationship (i.e. showing a status in a graphical pie chart versus printed text does not change the function of displaying information] (e) by the application layer, … retrieve one or more personal information for a new student from electronic health records [the source of the data describes nonfunctional descriptive material that does not carry patentable weight in the claims; (Para 0012) “configuring a management system to have access to a student record database; providing the student record database with records associated with student school district records, on-line survey data, service provider data; configuring security related access parameters for administrators and third parties to portions of the database”, (Para 0011) “The online survey data may include data associated with physical health, mental health, medical care…”] While Chasin teaches a management system for student information and various tasks it does not explicitly teach an encryption method prior to writing any personal information to the database layer, wherein each of the one or more personal information is labeled as sensitive or non-sensitive; (f) for any of the one or more personal information labeled sensitive, automatically encrypt, at the application layer, only those fields identified as sensitive before transmitting them to the database layer wherein the encryption interface is configured to automatically encrypt any data it creates in the database layer; and (g) add a new student dataset to the plurality of student datasets in the database layer; including the encrypted sensitive fields and the non-sensitive fields However, Saad teaches: wherein each of the one or more personal information is labeled as sensitive or non-sensitive; [(Para 0012) “Some of the data types may include sensitive private or confidential personal data about the entities; other fields may contain more general non-private information about entities such as entity identifying information employed by the user to manage an entity. Personal private or confidential information may comprise, for example, client or patient financial or health data to which access must be restricted. The organization may define those fields in the data records which store sensitive private or confidential data and should have restricted access, and those fields that contain personal data about an entity that is non-private and need not be protected.”] (f) for any of the one or more personal information labeled sensitive, automatically encrypt, at the application layer, only those fields identified as sensitive… wherein the encryption interface is configured to automatically encrypt any data it creates in the database layer; and [(Para 0016) "Upon receiving a request at 34 from the application 14 for writing a record, the gateway API 18 may activate the cryptographic function running on the Lambda compute service 20. At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key. At 38, the cryptographic function rebuilds the user's data record with the required data fields encrypted, and at 40 writes the rebuilt data record to the database."] (g) add a new student dataset to the plurality of student datasets in the database layer; including the encrypted sensitive fields and the non-sensitive fields [(Para 0016) “Upon receiving a request at 34 from the application 14 for writing a record, the gateway API 18 may activate the cryptographic function running on the Lambda compute service 20. At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key. At 38, the cryptographic function rebuilds the user's data record with the required data fields encrypted, and at 40 writes the rebuilt data record to the database”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the management system of Chasin with the addition of encryption taught by Saad, to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. While Chasin in view of Saad teach a protected student management system, they do not explicitly teach encryption prior to transmission: prior to writing any personal information to the database layer, before transmitting them to the database layer, However, Estehghari teaches: prior to writing any personal information to the database layer, [(Para 0006) “A “non-trusted system” is one where the user does not trust the service to handle the data privacy and security properly, and thus the user implements a desired privacy mechanism, e.g., by encrypting the data before it is sent to the system.”] before transmitting them to the database layer, [(Para 0006) “A “non-trusted system” is one where the user does not trust the service to handle the data privacy and security properly, and thus the user implements a desired privacy mechanism, e.g., by encrypting the data before it is sent to the system.”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the protected student management system (Chasin and Saad) to encrypt data before sending it to the system (Estehghari) to prevent unsafe storage of unencrypted data. It is within the capabilities of one of ordinary skill in the art to utilize encryption, decryption, and storage methods to protect information in a system yielding predictable results. Regarding Claim 15, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 14, Chasin further teaches: further comprising by the server and at the application layer: (a) receiving personal information for a new student; [(Para 0045) "The web application(s) 10, which may include one or more application programs, interact with the management system and the database in order to present users and administrators of the system a user interface through which to enter data and interact with the system."] While Chasin teaches a method to manage student information and various tasks, the reference does not explicitly teach (b) encrypting the personal information; and (c) adding the new student dataset to the plurality of student datasets in the database layer, and adding the encrypted personal information to the set of student information for the new student. However, Saad teaches: (b) encrypting the personal information; and (c) adding the new student dataset to the plurality of student datasets in the database layer, and adding the encrypted personal information to the set of student information for the new student. [(Para 0016) "Upon receiving a request at 34 from the application 14 for writing a record, the gateway API 18 may activate the cryptographic function running on the Lambda compute service 20. At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key. At 38, the cryptographic function rebuilds the user's data record with the required data fields encrypted, and at 40 writes the rebuilt data record to the database."] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of management of Chasin with the addition of encryption taught by Saad, to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 16, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 15 While Chasin teaches a method to manage students’ information and various tasks, the reference does not explicitly teach wherein all personal information stored within the set of student information for each of the plurality of student datasets in the database layer is encrypted. However, Saad further teaches: wherein all personal information stored within the set of student information for each of the plurality of student datasets in the database layer is encrypted. [(Para 0012) "A user-selected cryptographic function for encryption and decryption performed by the Lambda service 20 may access this personal fields database to determine which data fields are for private data and require encryption and decryption."] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of management of Chasin with the encryption of personal information taught by Saad, to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 20, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 14, Chasin further teaches: wherein the plurality of tasks comprise a preventative behavioral visit, a preventative medical visit, a parent conference with a nurse practitioner, a parent conference with a social worker, a teacher conference with a nurse practitioner, and a teacher conference with a social worker, and wherein the set of student information comprises a student name, a student birthdate, a description of student immunization status, and a description of student medical status. [(Para 0010) "present information to a user via a user interface in the form of a task list for students that have at least an indicator or a red flag that signify that a student needs help;" (Para 0012) “According to another embodiment of the present invention, a method is provided that facilitates constructive student intervention including the steps of configuring a management system to have access to a student record database; providing the student record database with records associated with student school district records, on-line survey data, service provider data"; Changing the nature of the data does not change the function of the invention, therefore the data is nonfunctional and does not support a functional relationship]. Claims 4, 6-7, 17-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Chasin (US 20210104168 A1) in view of Saad (US 20200387625 A1), in view of Estehghari (US 20150304315 A1), in further view of Yavuz (US 9355271 B2). Regarding Claim 4, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, Chasin further teaches: wherein the application layer is configured to,… when querying the database layer for one or more target student records based upon a user selection: receive personal information for a new student [(Para 0012) “configuring a management system to have access to a student record database; providing the student record database with records associated with student school district records, on-line survey data, service provider data; configuring security related access parameters for administrators and third parties to portions of the database”, (Para 0045) "The web application(s) 10, which may include one or more application programs, interact with the management system and the database in order to present users and administrators of the system a user interface through which to enter data and interact with the system."] add a new student dataset to the plurality of student datasets in the database layer, [(Para 0008) “The educational database and management system may also be used to aggregate data from student populations or groups of students or, for example, participation in particular programs”] While Chasin teaches a management system for student information, it does not explicitly teach: in response to a user selection and prior to any writing any personal information to the database layer Classify each field of the personal information using a data classification module to determine whether the field contains sensitive data; automatically, electively encrypt, at the application layer, only those fields identified as sensitive based on the classification before transmitting them to the database layer; including one or more encrypted sensitive fields and one or more unencrypted non-sensitive fields identify one or more unencrypted fields associated with the one or more target student records; generate and execute a broad query statement based on the one or more unencrypted fields, the broad query statement configured to retrieve a result set comprising the one or more target student records and one or more extraneous records; iteratively decrypt only one or more encrypted fields of the one or more encrypted fields of each record in the result set until the one or more target student records are identified, and discard the one or more extraneous records However, Saad teaches: Classify each field of the personal information using a data classification module to determine whether the field contains sensitive data; [(Para 0012) “Some of the data types may include sensitive private or confidential personal data about the entities; other fields may contain more general non-private information about entities such as entity identifying information employed by the user to manage an entity. Personal private or confidential information may comprise, for example, client or patient financial or health data to which access must be restricted. The organization may define those fields in the data records which store sensitive private or confidential data and should have restricted access”] automatically selectively encrypt, at the application layer, only those fields identified as sensitive based on the classification; [(Para 0012) “These data fields of data records may be identified along with the sensitivity type of the data each field stores in the personal fields database 24. A user-selected cryptographic function for encryption and decryption performed by the Lambda service 20 may access this personal fields database to determine which data fields are for private data and require encryption and decryption.”] including one or more encrypted sensitive fields and one or more unencrypted non-sensitive fields [(Para 0009) “Additionally, in another aspect, as will also be described, the invention preferably uses the gateway API service of the cloud as a mediator between a cloud database and a cloud application to ensure that read/write access to the fields of data records that store the selected user data are encrypted and decrypted as needed for access.” (Para 0020) “By defining the data fields of an entity's data records to store different types of data to which different protections are applicable and different entities are authorized access, and by assigning a plurality of different keys to the different data fields”] iteratively decrypt only one or more encrypted fields of the one or more encrypted fields of each record in the result set until the one or more target student records are identified, [The claim recites initiating a step of iterative decryption for a target record. Saad shows this through its activation of a cryptographic function; (Para 0013) “During operation, … The gateway API is preferably configured to serve as a mediator, as will be described in connection with FIG. 2, that activates the cryptographic function provided by the Lambda service 20 to provide encryption and decryption of those personal private data fields of data records as defined in the personal fields database…”] and discard the one or more extraneous records [(Para 0013) “More importantly, as will also be described, encrypted fields also facilitate easy identification and deletion or rendering inaccessible those data fields that contain sensitive information or private personal data to comply with the right to be forgotten or other access restrictions.”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the management system of Chasin with the addition of encryption techniques taught by Saad, to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. While Chasin in view of Saad teach an encrypted management system for student information, it does not explicitly teach: in response to a user selection and prior to any writing any personal information to the database layer before transmitting them to the database layer; wherein the application layer is configured to, when querying the database layer for one or more target student records based upon a user selection: identify one or more unencrypted fields associated with the one or more target student records; create a broad query statement based on the one or more unencrypted fields, the broad query statement configured to retrieve a result set comprising the one or more target student records and one or more extraneous records; However, Estehghari teaches: in response to a user selection and prior to any writing any personal information to the database layer [(Para 0006) “A “non-trusted system” is one where the user does not trust the service to handle the data privacy and security properly, and thus the user implements a desired privacy mechanism, e.g., by encrypting the data before it is sent to the system.”] before transmitting them to the database layer; [(Para 0006) “A “non-trusted system” is one where the user does not trust the service to handle the data privacy and security properly, and thus the user implements a desired privacy mechanism, e.g., by encrypting the data before it is sent to the system.”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the protected student management system (Chasin and Saad) to encrypt data before sending it to the system (Estehghari) to prevent unsafe storage of unencrypted data. It is within the capabilities of one of ordinary skill in the art to utilize encryption, decryption, deletion, and storage methods to protect information in a system yielding predictable results. While the combination of Chasin, Saad and Estehghari teach a protected student management system they do not explicitly teach broad querying the database: wherein the application layer is configured to, when querying the database layer for one or more target student records based upon a user selection: identify one or more unencrypted fields associated with the one or more target student records; create a broad query statement based on the one or more unencrypted fields, the broad query statement configured to retrieve a result set comprising the one or more target student records and one or more extraneous records; However, Yavuz teaches: wherein the application layer is configured to, when querying the database layer for one or more target student records based upon a user selection: identify one or more unencrypted fields associated with the one or more target student records; [(Column 12, Lines 46-49) “The search term is, for example, a word or other predetermined set of data that corresponds to an entry in the search table 154 that is stored in the server memory”] create a broad query statement based on the one or more unencrypted fields, the broad query statement configured to retrieve a result set comprising the one or more target student records and one or more extraneous records; [(Figure 3), (Column 12, Lines 40-42) “In process 300, the client computing device 104 generates a search term query for the server computing device 144. The client 104 selects a search term to use in the query”] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted student management system (Chasin, Saad, Estehghari), with the decryption method taught by Yavuz, as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding claim 6, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1 While the combination of Chasin, Saad, and Estehghari teaches a management system of encrypted student information and task information, the combination does not explicitly teach wherein the application layer is configured to, when querying the database layer for a target student record based upon a database key comprising fields that are encrypted within the database layer: (a) based upon the database key, generate and execute a broad query that is configured to retrieve a result set that includes the target student record and at least one other student record; (b) for records of the result set, iteratively decrypt only one or more encrypted fields associated with the database key for each of the records for the result set until the target student record is identified; and (c) in response to identifying the target student record, decrypt one or more remaining encrypted fields of the target student record. However, Yavuz teaches: wherein the application layer is configured to, when querying the database layer for a target student record based upon a database key comprising fields that are encrypted within the database layer: (a) based upon the database key, generate and execute a broad query that is configured to retrieve a result set that includes the target student record and at least one other student record; [(Column 4, Lines 22-24) “identifying with the server computing device a first set of encrypted data in a search table with reference to the search index identifier” ; generating a broad query and result set] (b) for records of the result set, iteratively decrypt one or more encrypted fields associated with the database key for each of the records for the result set until the target student record is identified; and (c) in response to identifying the target student record, decrypt one or more remaining encrypted fields of the target student record. [(Column 4, Lines 24-33) "generating with the server computing device a set of decrypted data from the first set of encrypted data, the server computing device using the first single use cryptographic key to decrypt a first portion of the first set of encrypted data and the server computing device using the second single use cryptographic key to decrypt a second portion of the first set of encrypted data, identifying with the server at least one encrypted file stored in a memory associated with the server computing device with reference to the decrypted data,"; decrypting in segments] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted student management system (Chasin, Saad, Estehghari), with the decryption method taught by Yavuz, as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 7, the combination of Chasin, Saad, Estehghari, and Yavuz teach the limitations of claim 6 While the combination of Chasin, Saad, and Estehghari teach a management system of encrypted student information and task information, the combination does not explicitly teach wherein the application layer is configured to, upon identifying the target student record within the result set, immediately terminate further decryption operations on remaining records of the result set. However, Yavuz further teaches: wherein the application layer is configured to, upon identifying the target student record within the result set, immediately terminate further decryption operations on remaining records of the result set. [(Column 4, Lines 24-33) “generating with the server computing device a set of decrypted data from the first set of encrypted data, the server computing device using the first single use cryptographic key to decrypt a first portion of the first set of encrypted data and the server computing device using the second single use cryptographic key to decrypt a second portion of the first set of encrypted data, identifying with the server at least one encrypted file stored in a memory associated with the server computing device with reference to the decrypted data”, (Column 1, Lines 32-36) “The client optionally retrieves one or more of the encrypted files that include the search term to decrypt the encrypted files and perform additional processing without divulging the contents of the encrypted files to the server”;] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted student management system (Chasin, Saad, Estehghari), with the decryption method taught by Yavuz, as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 17, The combination of Chasin, Saad, and Estehghari teach the limitations of claim 16 While the combination teaches an encrypted student and task management method, it does not explicitly teach: further comprising by the server and at the application layer, when querying the database layer for a target student record based upon a database key comprising fields that are encrypted within the database layer: (a) based upon the database key, generating and executing a broad query that is configured to retrieve a result set that includes the target student record and at least one other student record; (b) for records of the result set, iteratively decrypting only one or more encrypted fields associated with the database key for each of the records for the result set until the target student record is identified; and (c) in response to identifying the target student record, decrypting one or more remaining encrypted fields of the target student record. However, Yavuz teaches: further comprising by the server and at the application layer, when querying the database layer for a target student record based upon a database key comprising fields that are encrypted within the database layer: (a) based upon the database key, generating and executing a broad query that is configured to retrieve a result set that includes the target student record and at least one other student record; [(Column 4, Lines 22-24) “identifying with the server computing device a first set of encrypted data in a search table with reference to the search index identifier,” ; generating a broad query and result set] (b) for records of the result set, iteratively decrypting only one or more encrypted fields associated with the database key for each of the records for the result set until the target student record is identified; and (c) in response to identifying the target student record, decrypting one or more remaining encrypted fields of the target student record. [(Column 4, Lines 24-33) "generating with the server computing device a set of decrypted data from the first set of encrypted data, the server computing device using the first single use cryptographic key to decrypt a first portion of the first set of encrypted data and the server computing device using the second single use cryptographic key to decrypt a second portion of the first set of encrypted data, identifying with the server at least one encrypted file stored in a memory associated with the server computing device with reference to the decrypted data," ; decrypting in segments] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted student management system (Chasin, Saad, Estehghari), with the decryption method taught by Yavuz, as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 18, the combination of Chasin, Saad, Estehghari, and Yavuz teach the limitations of claim 17 While the combination of Chasin, Saad, and Estehghari teaches an encrypted student and task management method, they do not explicitly teach: wherein the application layer is configured to immediately cease decrypting records of the result set after identifying the target student record. However, Yavuz teaches: wherein the application layer is configured to immediately cease decrypting records of the result set after identifying the target student record. [(Column 4, Lines 24-33) "generating with the server computing device a set of decrypted data from the first set of encrypted data, the server computing device using the first single use cryptographic key to decrypt a first portion of the first set of encrypted data and the server computing device using the second single use cryptographic key to decrypt a second portion of the first set of encrypted data, identifying with the server at least one encrypted file stored in a memory associated with the server computing device with reference to the decrypted data", (Column 1, Lines 32-36) “The client optionally retrieves one or more of the encrypted files that include the search term to decrypt the encrypted files and perform additional processing without divulging the contents of the encrypted files to the server”;] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method of encrypted student management (Chasin, Saad, Estehghari), with the decryption method (Yavuz), as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 19, the combination of Chasin, Saad, Estehghari, and Yavuz teach the limitations of claim 18, While Chasin teaches a management system for students’ information and various tasks, the reference does not explicitly teach: wherein the decrypted target student record is temporarily stored by the application layer within a particular user session. However, Saad further teaches: wherein the decrypted target student record is temporarily stored by the application layer within a particular user session. [(Para 0009) "Additionally, in another aspect, as will also be described, the invention preferably uses the gateway API service of the cloud as a mediator between a cloud database and a cloud application to ensure that read/write access to the fields of data records that store the selected user data are encrypted and decrypted as needed for access."] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the method of student management taught by Chasin with the encryption method taught by Saad, as a way protect sensitive student information. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Regarding Claim 21, the combination of Chasin, Saad, and Estehghari teach the limitations of claim 1, While Chasin teaches a management and task system for students, it does not explicitly teach encryption and decryption. However, Saad teaches: wherein each student dataset is assigned an arbitrary identifier that is encrypted in the database layer, [(Para 0014) “The data fields, format and data type of each field of each user's data record may be identified in the personal fields database 24. At 32, the organization may additionally assign to each user an identifier (ID) which is included in an appropriate field of the user's record, and assign and store a unique key to each user in the KMS 22 for use by the cryptographic function for encryption and decryption of that user's records”, (Para 0016) “At 36, the cryptographic function identifies the user and the protected data fields of a data record using information in the personal fields database, and encrypts the data being written to the protected data fields with the user's personally assigned unique key.”] (b) iteratively decrypting only the arbitrary identifiers of the student datasets in the result set until the target identifier is identified; [(Para 0015) “At 32, the organization may additionally assign to each user an identifier (ID) which is included in an appropriate field of the user's record, and assign and store a unique key to each user in the KMS 22 for use by the cryptographic function for encryption and decryption of that user's records”] and (c) upon identifying the target identifier, decrypting one or more additional fields of the corresponding student dataset. [(Para 0017) “Reading a record involves a substantially similar process to writing. Upon receiving a request as from the application 14 for access to read a user's record, the gateway API 18 calls the cryptographic function which identifies the personal private data fields, identifies the user from the ID field of the data record; retrieves the appropriate decryption key from the KMS based upon the user's ID; decrypts the encrypted personal private data fields; rebuilds the record; and returns the record with decrypted fields to the application.”] Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the student task management system (Chasin) with the encryption and decryption of personal information using identifiers (Saad), to protect sensitive student information in a database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. The combination of Chasin, Saad, and Estehghari teach a protected student and task management system; However, they do not teach but Yavuz does teach: and wherein the application layer is configured to respond to a query for a target student dataset by: (a) generating a broad query to retrieve a result set comprising a plurality of encrypted student datasets; [(Column 4, Lines 22-24) “identifying with the server computing device a first set of encrypted data in a search table with reference to the search index identifier” ; generating a broad query and result set] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted student management system (Chasin, Saad, Estehghari), with the decryption method taught by Yavuz, as a way to access sensitive encrypted student information in the database. It is within the capabilities of one of ordinary skill in the art to utilize an encryption and decryption method to protect information in a database, yielding predictable results. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Examiner Benjamin Truong, whose telephone number is 703-756-5883. The examiner can normally be reached on Monday-Friday from 9 am to 5 pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nathan Uber SPE can be reached on 571-270-3923. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300 Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /B.L.T. /Examiner, Art Unit 3687 /NATHAN C UBER/Supervisory Patent Examiner, Art Unit 3626