DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The amendment filed 05 November 2025 has been entered. Applicant amended claims 1-2, 14, and 20. Accordingly, claims 1-20 remain pending.
Response to Arguments
Regarding the 35 USC 112 rejections:
Applicant’s arguments, filed 05 November 2025, with respect to the 35 USC 112(a) and 112(b) rejections have been fully considered and are persuasive. The 35 USC 112(a) and 112(b) rejections of 06 August 2025 have been withdrawn.
Regarding the 35 USC 101 rejection:
Applicant’s arguments, filed 05 November 2025, with respect to the 35 USC 101 rejection have been fully considered but are not persuasive.
Applicant’s remarks:
[A] Applicant submits, as described in paragraph [0012], that a person cannot practically obfuscate elements of a protected dataset while maintaining a linear order that allows for comparisons of different data elements without knowing the actual values of the elements…. Accordingly, Applicant respectfully maintains that the claimed method for obfuscation cannot be practically performed as discussed in MPEP 2106.04(a)(2)(III)(A) and is therefore not simply a mental process or method for organizing human behavior under Prong One of Revised Step 2A.
[B] Applicant further maintains that, under Prong Two of Revised Step 2A of the criteria for subject matter eligibility discussion in MPEP 2106, any alleged abstract idea purported to be found in the claims, when considered as a whole, is integrated into a practical application of the abstract idea by applying, relying on, and/or using it in a manner that imposes a meaningful limit on it. Applicant submits that the recitation of determining, by the obfuscation service utilizing a key associated with the protected dataset, one or more coefficients for the monotonic one-way function based at least in part on the key, wherein a length of the key is selected based on a size of the protected dataset, reflects an improvement over known methods and mechanisms for obfuscation. Accordingly, Applicant maintains that under Prong Two of Revised Step 2A discussed in MPEP 2106.04, any abstract idea alleged in the Office Action is integrated into a
practical application of that abstract idea by applying, relying on, and/or using it in a manner that imposes a meaningful limit upon it.
Examiner’s remarks:
[A] The claims do not prevent the function from being a basic linear function ax+b, where a is greater than zero, to preserve the order. This function is a basic function that performs obfuscation (a simple substitution cipher) that is achievable in the human mind with pencil and paper. The examiner suggests for Applicant to provide further details regarding the coefficients in the monotonic function to potential overcome the function being achieve in the human mind. The abstract idea is a mental process and mathematical calculation/concepts.
[B] The judicial exception alone cannot provide the technological improvement. The improvement can be provided by one or more additional elements. See the discussion of Diamond v. Diehr, 450 U.S. 175, 187 and 191-92, 209 USPQ 1, 10 (1981)). In addition, the improvement can be provided by the additional element(s) in combination with the recited judicial exception (MPEP 2106.05(a)). The examiner recommends amending the claims to include an additional element showing the improvement (see the 101 rejection for claims 4-5 and claim 16 below). Currently, the judicial exception is not integrated into a practical application and the claims do not provide additional elements to amount to significantly more than the abstract idea.
Regarding the 35 USC 103 rejection:
Applicant's arguments filed 05 November 2025 have been fully considered but they are not persuasive.
Applicant’s remarks:
Applicant respectfully submits that, as discussed in the Interview, the relied upon references do not teach or suggest determining, by the obfuscation service utilizing a key associated with the protected dataset, one or more coefficients for the monotonic one-way function based at least in part on the key, wherein a length of the key is selected based on a size of the protected dataset, as recited by amended independent claim 1.
Because no combination of the relied upon references teaches or suggests each and every element recited by the claims, these references cannot provide the basis upon which a prima facie case of obviousness may be established. Accordingly, Applicant submits that the claims 2- 20 are patentable over the relied upon references for at least the reasons discussed in connection with amended independent claim 1.
Reconsideration and withdrawal of the pending rejections is hereby respectfully requested.
Examiner’s remarks:
Paragraph 74 of Trepetin teaches the limitation of the obfuscation service utilizing a key associated with the protected dataset and wherein a length of the key is selected based on the size of the protected dataset. A string length of 10000 would result in the creation of a premutation matrix mapping each length 1-10000 to a 3 position lower case character value. The permutation matrix becomes part of the A1 table private key. Paragraph 933 also reveals One way to address longer strings would be to expand the size of our private encryption key.
The claims recite determining the one or more coefficient for the monotonic one-way function based at least in part on the key. The limitation “at least in part on the key” does not claim the entire key is used in the determination of the coefficient. Therefore, the examiner has interpreted the claims as best understood and maintain the combination prior art references as shown below. Note: Trepetin is used in combination with the prior art Pieniazek and Moon.
Examiner’s further remarks:
As indicated in the examiner’s remarks above and in the current office action, the argued limitations in the independent claims do not overcome the prior art applied in the 35 USC 103 rejection. Thus, the independent claims are not allowable over the prior art of record and their dependent claims are not allowed based on their dependencies.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of a mental process and mathematical calculations without significantly more. The claim(s) recite(s) “accessing, at an application platform, a protected dataset to obfuscate including numerical values arranged in a linear order that are to remain comparable with one another after obfuscation; selecting, by an obfuscation service…, an obfuscation function for the protected dataset, wherein the obfuscation function is a monotonic one-way function…; determining, by the obfuscation service utilizing a key…, one or more coefficients for the monotonic one-way function based at least in part on the key; generating, by the obfuscation service, an obfuscated version of the protected dataset using the monotonic one-way function …”.
The limitations of “accessing, at an application platform, a protected dataset to obfuscate including numerical values arranged in a linear order that are to remain comparable with one another after obfuscation; selecting, by an obfuscation service…, an obfuscation function for the protected dataset, wherein the obfuscation function is a monotonic one-way function…; determining, by the obfuscation service utilizing a key…, one or more coefficients for the monotonic one-way function based at least in part on the key; generating, by the obfuscation service, an obfuscated version of the protected dataset using the monotonic one-way function …” pertain to the method of organizing information and manipulating information through mathematical calculation/correlations, wherein the method involves generating first/second data by taking existing data and manipulating/organizing the first/second data using mathematical functions (one-way function) into a new data form.
Furthermore, the limitations also pertain to a process of obfuscating information which is a process that under its broadest reasonable interpretation covers performance of the limitations being an abstract idea of a mental process. The method can be performed mentally by a human with the aid of pencil and paper but for the recitation of generic computing components such as a processor and/or memory and application platform. Therefore, nothing in the claimed elements preclude the steps from being practically performed manually by a human via a mental process using pencil and paper. If a claim under its broadest reasonable interpretation covers performance in the human mind or by a human using pencil and paper, but for the recitation of generic computer components, then it fall within the mental process grouping of abstract ideas. Accordingly, claims 1, 14, and 20 recite an abstract idea.
This judicial exception is not integrated into a practical application. Claims 1, 14, and 20 recite additional elements of application platform and/or generic computer components of a processor and/or memory which amount to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply the judicial exception using generic computer components cannot provide an inventive concept. The additional elements of “providing computer access to the obfuscated version of the protected dataset as a comparable alternative for the protected dataset” is considered outputting of the data which is insignificant extra solution activity. Therefore, the additional elements do not provide a technological improvement. Thus, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Accordingly, claims 1, 14, and 20 are not eligible under 35 USC 101.
The limitations recited in claim 2, under the broadest reasonable interpretation, further narrow the dataset using the method recited in the independent claims. Claim 2 does not provide additional elements that integrate the abstract idea into a practical application. Thus claim 2 is not eligible under 35 USC 101.
The limitations recited in claims 3 and 15, under the broadest reasonable interpretation, are well known insignificant extra solution activity that is well-understood, routine, convention activity. Thus, the additional elements recited claims 3 and 15 do not integrate the abstract idea into a practical application. Thus, claims 3 and 15 are not eligible under 35 USC 101.
The limitations recited in claims 4 and 16, Applicant’s remarks pertaining to the comparison query appears to be persuasive in providing an additional elements for overcoming the 101 rejection. It is recommended for Applicant to amend the independent claims with such additional elements recited in claims 4-5 and 16.
The limitations recited in claim 5, Applicant’s remarks pertaining to the comparison query appears to be persuasive in providing an additional elements for overcoming the 101 rejection. It is recommended for Applicant to amend the independent claims with such additional elements recited in claims 4-5.
The limitations recited in claims 6 and 17, under the broadest reasonable interpretation, further narrow the additional element and the method, which can be performed mentally in the human mind with the aid of pencil and paper. Thus, the additional elements do not integrate the abstract idea into a practical application. Thus, claims 6 and 17 are not eligible under 35 USC 101.
The limitations recited in claim 7, under the broadest reasonable interpretation, provide additional steps, which can be performed mentally in the human mind with the aid of pencil and paper, except for the automation which is done by a processor. If a claim under its broadest reasonable interpretation covers performance in the human mind or by a human using pencil and paper, but for the recitation of generic computer components, then it fall within the mental process grouping of abstract ideas. Thus, the additional elements (automation by a processor) do not integrate the abstract idea into a practical application. Thus, claim 7 is not eligible under 35 USC 101.
The limitations recited in claim 8, under the broadest reasonable interpretation, are well known insignificant extra solution activity that is well-understood, routine, convention activity. Thus, the additional elements recited claim 8 do not integrate the abstract idea into a practical application. Thus, claim 8 is are not eligible under 35 USC 101.
The limitations recited in claims 9 , 11, and 18, under the broadest reasonable interpretation, further narrow the mathematical function recited in the independent claims (see above) which are directed to abstract idea. Thus, claims 9, 11, and 18 are not eligible under 35 USC 101.
The limitations recited in claims 10, 12-13, and 19, under the broadest reasonable interpretation, provide additional steps, which can be performed mentally in the human mind with the aid of pencil and paper, except for the automation which is done by a processor. If a claim under its broadest reasonable interpretation covers performance in the human mind or by a human using pencil and paper, but for the recitation of generic computer components, then it fall within the mental process grouping of abstract ideas. Thus, the additional elements (automation by a processor) do not integrate the abstract idea into a practical application. Thus, claims 10, 12-13, and 19 are not eligible under 35 USC 101.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 8-10, 13-16, 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pieniazek et al US 20200074109 (hereinafter Pieniazek), in view of Trepetin et al US 20210357521 (hereinafter Trepetin), in further view of Moon US 20130091357 (hereinafter Moon),
As to claim 1, Pieniazek teaches a method (Figure 3 and paragraph 9 disclose an example of a process for obfuscating sensitive information and processing the sensitive information as obfuscated sensitive information), comprising:
accessing, at an application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform), a protected dataset to obfuscate including numerical values (paragraph 39 discloses generating obfuscated data from the received data having sensitive information. A processing device can obfuscate the data by performing an operation; paragraph 42 discloses determining the symbols/characters of the dataset to remain the same and the symbols/characters of the dataset to be masked/obfuscated. Paragraphs 3 and 23 disclose the data can include personal information that includes numerical values such as address, credit score, account number, and social security number. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) that are to remain comparable with one another after the obfuscation (paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information. For example, the sets of obfuscated data can be processed to identify records in each set that are likely to refer to the same entity or that include the same type of information. Paragraph 14 provides an example such as an obfuscated dataset includes obfuscated data items, such as a first record with the string “Tcvaxvi Uvmcivs,” which is an obfuscated version of the string “Stephen Leitner,” and a second record with the string “Tcvqv Uvmcivs,” which is an obfuscated version of the string “Steve Leitner.” The obfuscated strings in the first and second records have a relationship (i.e., the presence of “Tcv . . . Uvmcivs) that corresponds to a relationship between the non-obfuscated strings (i.e., the presence of “Ste . . . Leitner” in both “Steve Leitner” and “Stephen Leitner”). Therefore, data element “Tcv” in the obfuscated data remains in the two obfuscated data elements that are comparable with each other. Paragraph 44 also discloses linking a single symbol with a single other symbol can maintain relationships both between the symbols within the data string and between data having similar data strings);
selecting, by an obfuscation service accessible to the application platform, an obfuscation function for the protected dataset (paragraphs 40-43 reveal applying permutation cycles to a set of symbols. A permutation is a function. The function is x[i]->L[x[i]], wherein L is the coefficient. Paragraph 39 discloses generating obfuscated data from the received data having sensitive information. A processing device can obfuscate the data by performing an operation. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function);
determining, by the obfuscation service (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) utilizing a key associated with the protected dataset, one or more coefficients for the [obfuscation function] based at least in part on the key (paragraph 34 reveals each type of sensitive data can be obfuscated using a different obfuscation key. Paragraph 40 reveals the obfuscation key can include a lookup table, wherein the obfuscation function is x[i]->L[x[i]], wherein L is the coefficient/ and values in the look-up table. Paragraphs 41-43 disclose a look-up table can be generated by applying permutations. A base permutation is formed from a natural number sequency key. A permutation S∈S.sub.n can be generated with a specified cycle structure based on the base permutation. The number of symbols n can be partitioned into k.sub.i different cycles. The maximum size and minimum size for k.sub.i can be configured);
generating, by the obfuscation service, (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) an obfuscated version of the protected dataset using the [obfuscation function] with the determined one or more coefficients (paragraph 39 discloses using the obfuscated data processing system, wherein the system uses an obfuscation key and permutation (wherein the obfuscation key and permutation are discussed in paragraphs 40-43) to generate obfuscated data from the received sensitive dataset); and
providing, to the application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform includes a trusted middle subsystem), access to the obfuscated version of the protected dataset as a comparable alternative for the protected dataset (paragraph 17 discloses providing the trusted middle subsystem with obfuscated versions of data associated with each user of the attribute provider. Paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information).
Pieniazek does not teach the protected dataset including numerical values arranged in a linear order; wherein the obfuscation function is a monotonic one-way function; determining one or more coefficients for the monotonic one-way function based at least in part on a key, wherein a length of the key is selected based on a size of the protected dataset; generating an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset, wherein the monotonic one-way function operates with the determined one or more coefficient.
Trepetin teaches wherein the obfuscation function is a monotonic one-way function (paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficients, the values are transformed using a monotonic mathematical function. Anonymization is a form of obfuscation); determining one or more coefficients for the monotonic one-way function based at least in part on a key (paragraph 355 discloses a monotonic mathematical function with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key), wherein a length of the key is selected based on a size of the protected dataset (paragraph 74 discloses the limitation of the obfuscation service utilizing a key associated with the protected dataset and wherein a length of the key is selected based on the size of the protected dataset. A string length of 10000 would result in the creation of a premutation matrix mapping each length 1-10000to a 3 position lower case character value. The permutation matrix becomes part of the A1 table private key. Paragraph 933 also reveals that one way to address longer strings would be to expand the size of our private encryption key); generating an obfuscated version of the protected dataset using the monotonic one-way function, wherein the monotonic one-way function operates with the determined one or more coefficient (paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set with Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients to provide an obfuscation system capable of querying obfuscated databases and obtaining the same results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Trepetin).
The combination of Pieniazek in view of Trepetin does not teach, but Moon teaches the protected dataset [includes] numerical values arranged in a linear order (paragraph 49 discloses the protected data set wherein plain text 1 is less than a plain text 2); wherein the obfuscation function is a monotonic one-way function (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain); generating an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients with Moon’s teachings of monotonic ordered preserving functions to provide an improved encryption system and method capable of querying anonymized electronic databases and obtaining the same ordered results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Moon).
As to claim 2, the combination of Pieniazek in view of Trepetin and Moon teaches wherein the numerical values include one or more of the following: is currency values, birthdates, ages, medical metrics, health metrics, rankings, ratings, or confidential business information values (Pieniazek: paragraph 23 discloses the sensitive information can include account number, identification number, and credit score associated with a user).
As to claim 3, the combination of Pieniazek in view of Trepetin and Moon teaches further comprising creating a new column in a database table for storing the obfuscated version of the protected dataset (Trepetin: paragraph 44 discloses anonymizing the first database table by copying it into a temporary table is performed. Besides the original table's columns, the temporary table introduces special columns so that client workstations can properly query the anonymized data after anonymization. Paragraphs 845-846 disclose the temporary table dataset such as salary and bonus is sent to the cloud for storage). The motivation is similar to the motivation presented in claim 1.
As to claim 4, the combination of Pieniazek in view of Trepetin and Moon teaches wherein providing the access to the obfuscated version of the protected dataset as the comparable alternative for the protected dataset includes performing a comparison query (Pieniazek: paragraph 49 discloses receiving a query to perform a processing operation and the query is to data structures that store obfuscated datasets; paragraph 49 discloses the request is to obtain access/receive data for certain types of information. Paragraphs 50- 52 and 59 disclose matching the query parameter to one or more sets of obfuscated data. The query parameter can identify or otherwise indicate the entity or information type using obfuscated data. For instance, the computing device that sends the request or query can access the obfuscation key and generate an obfuscated version of an identifier for the entity or information type. Paragraph 59 discloses upon a match from the query parameter, the system can transmit the obfuscated data to the user/requestor), wherein the comparison query references a first argument, and wherein the first argument includes an obfuscated value included in the obfuscated version of the protected dataset (Pieniazek: paragraphs 50- 52 and 59 disclose matching the query parameter to one or more sets of obfuscated data. The query parameter can identify or otherwise indicate the entity or information type using obfuscated data. For instance, the computing device that sends the request or query can access the obfuscation key and generate an obfuscated version of an identifier for the entity or information type. The obfuscated version of the identifier can then become the query parameter, which is the first argument, wherein the obfuscated value of the identifier is the obfuscated value).
As to claim 8, the combination of Pieniazek in view of Trepetin and Moon teaches further comprising removing access to the protected dataset, wherein the protected dataset is stored as plain text values (Pieniazek: paragraph 13 discloses obfuscating the sensitive data and processing the obfuscated data reduce unauthorized access to the electrically stored sensitive data. Paragraphs 56-57 disclose the client data is stored in a database).
As to claim 9, the combination of Pieniazek in view of Trepetin and Moon teaches wherein the obfuscation function includes a polynomial with one or more positive coefficients (Trepetin: paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); paragraph 355 discloses a monotonic mathematical function/polynomial with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key, generating positive coefficients). The motivation is similar to the motivation presented in claim 1.
As to claim 10, the combination of Pieniazek in view of Trepetin and Moon teaches wherein determining the one or more coefficients for the obfuscation function based at least in part on the key includes setting each of the one or more positive coefficients of the obfuscation function using at least a portion of the key (Trepetin: paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameter/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); paragraph 355 discloses a monotonic mathematical function with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key; paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers). The motivation is similar to the motivation presented in claim 1.
As to claim 13, the combination of Pieniazek in view of Trepetin and Moon teaches wherein the key is a secret value is selected using a cryptographic random number generator (Trepetin: Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key; paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers). The motivation is similar to the motivation presented in claim 1.
As to claim 14, Pieniazek teaches a system (Figure 6 discloses Obfuscated-Data Processing System), comprising:
one or more processors (Figure 6, reference number 602 “Processor”); and
a memory (Figure 6, reference number 604 “Memory”) coupled to the one or more processors (Figure 6, reference number 602 “Processor”), wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors (paragraph 62 disclose the processor is communicatively coupled to a memory. The processor executes computer-executable program code stored in the memory, accesses information stored in the memory, or both) to:
access, at an application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform), a protected dataset to obfuscate including numerical values (paragraph 39 discloses generating obfuscated data from the received data having sensitive information; paragraph 42 discloses determining the symbols/characters of the dataset to remain the same and the symbols/characters of the dataset to be masked/obfuscated. Paragraphs 3 and 23 disclose the data can include personal information that includes numerical values such as address, credit score, account number, and social security number. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) including data elements that are to remain comparable with one another after the obfuscation (paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information. For example, the sets of obfuscated data can be processed to identify records in each set that are likely to refer to the same entity or that include the same type of information. Paragraph 14 provides an example such as an obfuscated dataset includes obfuscated data items, such as a first record with the string “Tcvaxvi Uvmcivs,” which is an obfuscated version of the string “Stephen Leitner,” and a second record with the string “Tcvqv Uvmcivs,” which is an obfuscated version of the string “Steve Leitner.” The obfuscated strings in the first and second records have a relationship (i.e., the presence of “Tcv . . . Uvmcivs) that corresponds to a relationship between the non-obfuscated strings (i.e., the presence of “Ste . . . Leitner” in both “Steve Leitner” and “Stephen Leitner”). Therefore, data element “Tcv” in the obfuscated data remains in the two obfuscated data elements that are comparable with each other. Paragraph 44 also disclose linking a single symbol with a single other symbol can maintain relationships both between the symbols within the data string and between data having similar data strings);
select, by an obfuscation service accessible to the application platform, an obfuscation function for the protected dataset (paragraphs 40-43 reveal applying permutation cycles to a set of symbols. A permutation is a function. The function is x[i]->L[x[i]], wherein L is the coefficient. Paragraph 39 discloses generating obfuscated data from the received data having sensitive information. A processing device can obfuscate the data by performing an operation. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function);
determine, by the obfuscation service (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function), utilizing a key associated with the protected dataset, one or more coefficients for the [obfuscation function] based at least in part on the key (paragraph 34 reveals each type of sensitive data can be obfuscated using a different obfuscation key. Paragraph 40 reveals the obfuscation key can include a lookup table, wherein the obfuscation function is x[i]->L[x[i]], wherein L is the coefficient/ and values in the look-up table. Paragraphs 41-43 disclose a look-up table can be generated by applying permutations. A base permutation is formed from a natural number sequency key. A permutation S∈S.sub.n can be generated with a specified cycle structure based on the base permutation. The number of symbols n can be partitioned into k.sub.i different cycles. The maximum size and minimum size for k.sub.i can be configured);
generate, by the obfuscation service, (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) an obfuscated version of the protected dataset using the [obfuscation function] with the determined one or more coefficients (paragraph 39 discloses using the obfuscated data processing system, wherein the system uses an obfuscation key and permutation (wherein the obfuscation key and permutation are discussed in paragraphs 40-43) to generate obfuscated data from the received sensitive dataset); and
provide, to the application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform includes a trusted middle subsystem), access to the obfuscated version of the protected dataset as a comparable alternative for the protected dataset (paragraph 17 discloses providing the trusted middle subsystem with obfuscated versions of data associated with each user of the attribute provider. Paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information).
Pieniazek does not teach the protected dataset including numerical values arranged in a linear order; wherein the obfuscation function is a monotonic one-way function; determine one or more coefficients for the monotonic one-way function based at least in part on a key, wherein a length of the key is selected based on a size of the protected dataset; generate an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset, wherein the monotonic one-way function operates with the determined one or more coefficients.
Trepetin teaches wherein the obfuscation function is a monotonic one-way function (paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); determining one or more coefficients for the monotonic one-way function based at least in part on a key (paragraph 355 discloses a monotonic mathematical function with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key), wherein a length of the key is selected based on a size of the protected dataset (paragraph 74 discloses the limitation of the obfuscation service utilizing a key associated with the protected dataset and wherein a length of the key is selected based on the size of the protected dataset. A string length of 10000 would result in the creation of a premutation matrix mapping each length 1-10000to a 3 position lower case character value. The permutation matrix becomes part of the A1 table private key. Paragraph 933 also reveals that one way to address longer strings would be to expand the size of our private encryption key); generating an obfuscated version of the protected dataset using the monotonic one-way function with the determined one or more coefficients (paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set with Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients to provide an obfuscation system capable of querying obfuscated databases and obtaining the same results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Trepetin).
The combination of Pieniazek in view of Trepetin does not teach, but Moon teaches the protected dataset [includes] numerical values arranged in a linear order (paragraph 49 discloses the protected data set wherein plain text 1 is less than a plain text 2); wherein the obfuscation function is a monotonic one-way function (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain); generating an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients with Moon’s teachings of monotonic ordered preserving functions to provide an improved encryption system and method capable of querying anonymized electronic databases and obtaining the same ordered results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Moon).
As to claim 15, the combination of Pieniazek in view of Trepetin and Moon teaches wherein the memory is further configured to provide the one or more processors with the instructions which when executed cause the one or more processors (Pieniazek: paragraph 62 discloses the processor is communicatively coupled to a memory. The processor executes computer-executable program code stored in the memory, accesses information stored in the memory, or both) to create a new column in a database table for storing the obfuscated version of the protected dataset (Trepetin: paragraph 44 discloses anonymizing the first database table by copying it into a temporary table is performed. Besides the original table's columns, the temporary table introduces special columns so that client workstations can properly query the anonymized data after anonymization. Paragraphs 845-846 disclose the temporary table dataset such as salary and bonus is sent to the cloud for storage). The motivation is similar to the motivation presented in claim 14.
As to claim 16, the combination of Pieniazek in view of Trepetin and Moon teaches wherein causing the one or more processors to ( Pieniazek: paragraph 62 ) provide the access to the obfuscated version of the protected dataset as the comparable alternative for the protected dataset includes performing a comparison query (Pieniazek: paragraph 49 discloses receiving a query to perform a processing operation and the query is to data structures that store obfuscated datasets; paragraph 49 discloses the request is to obtain access/receive data for certain types of information. Paragraphs 50- 52 and 59 disclose matching the query parameter to one or more sets of obfuscated data. The query parameter can identify or otherwise indicate the entity or information type using obfuscated data. For instance, the computing device that sends the request or query can access the obfuscation key and generate an obfuscated version of an identifier for the entity or information type. Paragraph 59 discloses upon a match from the query parameter, the system can transmit the obfuscated data to the user/requestor), wherein the comparison query references a first argument, and wherein the first argument includes an obfuscated value included in the obfuscated version of the protected dataset (Pieniazek: paragraphs 50- 52 and 59 disclose matching the query parameter to one or more sets of obfuscated data. The query parameter can identify or otherwise indicate the entity or information type using obfuscated data. For instance, the computing device that sends the request or query can access the obfuscation key and generate an obfuscated version of an identifier for the entity or information type. The obfuscated version of the identifier can then become the query parameter, which is the first argument, wherein the obfuscated value of the identifier is the obfuscated value).
As to claim 18, the combination of Pieniazek in view of Trepetin and Moon teaches wherein the obfuscation function includes a polynomial with one or more positive coefficients (Trepetin: paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); paragraph 355 discloses a monotonic mathematical function/polynomial with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key, generating positive coefficients). The motivation is similar to the motivation presented in claim 14.
As to claim 19, the combination of Pieniazek in view of Trepetin and Moon teaches wherein causing the one or more processors (Pieniazek: paragraph 62 discloses the processor is communicatively coupled to a memory. The processor executes computer-executable program code stored in the memory, accesses information stored in the memory, or both) to automatically determine the one or more coefficients for the obfuscation function based at least in part on the key includes causing the one or more processors to set each of the one or more positive coefficients of the obfuscation function using at least a portion of the key (Trepetin: paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); paragraph 355 discloses a monotonic mathematical function with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key; paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers). The motivation is similar to the motivation presented in claim 14.
As to claim 20, Pieniazek teaches a computer program product, the computer program product being embodied in a non- transitory computer readable storage medium and comprising computer instructions (paragraph 62 disclose the processor of the obfuscated data processing system is communicatively coupled to a memory. The processor executes computer-executable program code stored in the memory, accesses information stored in the memory, or both. Paragraph 27 discloses non-transitory computer readable medium) for:
accessing, at an application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform), a protected dataset to obfuscate including numerical values (paragraph 39 discloses generating obfuscated data from the received data having sensitive information. A processing device can obfuscate the data by performing an operation; paragraph 42 discloses determining the symbols/characters of the dataset to remain the same and the symbols/characters of the dataset to be masked/obfuscated. Paragraphs 3 and 23 disclose the data can include personal information that includes numerical values such as address, credit score, account number, and social security number. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) including data elements that are to remain comparable with one another after the obfuscation (paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information. For example, the sets of obfuscated data can be processed to identify records in each set that are likely to refer to the same entity or that include the same type of information. Paragraph 14 provides an example such as an obfuscated dataset includes obfuscated data items, such as a first record with the string “Tcvaxvi Uvmcivs,” which is an obfuscated version of the string “Stephen Leitner,” and a second record with the string “Tcvqv Uvmcivs,” which is an obfuscated version of the string “Steve Leitner.” The obfuscated strings in the first and second records have a relationship (i.e., the presence of “Tcv . . . Uvmcivs) that corresponds to a relationship between the non-obfuscated strings (i.e., the presence of “Ste . . . Leitner” in both “Steve Leitner” and “Stephen Leitner”). Therefore, data element “Tcv” in the obfuscated data remains in the two obfuscated data elements that are comparable with each other. Paragraph 44 also discloses linking a single symbol with a single other symbol can maintain relationships both between the symbols within the data string and between data having similar data strings);
selecting, by an obfuscation service accessible to the application platform, an obfuscation function for the protected dataset (paragraphs 40-43 reveal applying permutation cycles to a set of symbols. A permutation is a function. The function is x[i]->L[x[i]], wherein L is the coefficient. Paragraph 39 discloses generating obfuscated data from the received data having sensitive information. A processing device can obfuscate the data by performing an operation. Paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function);
determining, by the obfuscation service (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) utilizing a key associated with the protected dataset, one or more coefficients for the [obfuscation function] based at least in part on the key (paragraph 34 reveals each type of sensitive data can be obfuscated using a different obfuscation key. Paragraph 40 reveals the obfuscation key can include a lookup table, wherein the obfuscation function is x[i]->L[x[i]], wherein L is the coefficient/ and values in the look-up table. Paragraphs 41-43 disclose a look-up table can be generated by applying permutations. A base permutation is formed from a natural number sequency key. A permutation S∈S.sub.n can be generated with a specified cycle structure based on the base permutation. The number of symbols n can be partitioned into k.sub.i different cycles. The maximum size and minimum size for k.sub.i can be configured);
generating, by the obfuscation service, (paragraph 62 discloses obfuscated-data processing system/application platform can involves program code/obfuscation service may include machine-executable instructions that may represent a procedure, a function) an obfuscated version using the [obfuscation function] with the determined one or more coefficients (paragraph 39 discloses using the obfuscated data processing system, wherein the system uses an obfuscation key and permutation (wherein the obfuscation key and permutation are discussed in paragraphs 40-43) to generate obfuscated data from the received sensitive dataset); and
providing, to the application platform (paragraph 16-17 discloses the obfuscated-data processing system/application platform includes a trusted middle subsystem), access to the obfuscated version of the protected dataset as a comparable alternative for the protected dataset (paragraph 17 discloses providing the trusted middle subsystem with obfuscated versions of data associated with each user of the attribute provider. Paragraph 13 discloses various sets of sensitive information can be obfuscated using a common obfuscation key to generate sets of obfuscated data in a form by which the obfuscated data can be processed/matched/compared without revealing the underlying sensitive information).
Pieniazek does not teach the protected dataset including numerical values arranged in a linear order; wherein the obfuscation function is a monotonic one-way function; determine one or more coefficients for the monotonic one-way function based at least in part on a key, wherein a length of the key is selected based on a size of the protected dataset; generate an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset, wherein the monotonic one-way function operates with the determined one or more coefficients.
Trepetin teaches wherein the obfuscation function is a monotonic one-way function (paragraph 68 discloses anonymization/obfuscation the data through the use of mathematical function with specially chosen randomized parameters/coefficient, the values are transformed using monotonic mathematical function. Anonymization is a form of obfuscation); determining one or more coefficients for the monotonic one-way function based at least in part on a key (paragraph 355 discloses a monotonic mathematical function with coefficients of α and β. Paragraph 426 refers to the coefficients as random constants. Paragraph 510 reveals the random numbers/coefficients are generated using Gaussian random number generator. This random number generator uses a seed value/key), wherein a length of the key is selected based on a size of the protected dataset (paragraph 74 discloses the limitation of the obfuscation service utilizing a key associated with the protected dataset and wherein a length of the key is selected based on the size of the protected dataset. A string length of 10000 would result in the creation of a premutation matrix mapping each length 1-10000to a 3 position lower case character value. The permutation matrix becomes part of the A1 table private key. Paragraph 933 also reveals that one way to address longer strings would be to expand the size of our private encryption key); generating an obfuscated version of the dataset using the monotonic one-way function with the determined one or more coefficients (paragraphs 355, 583-589 disclose public key equation and
D
x
=
α
*
x
+
β
*
r
_
x
for obfuscation/anonymization/ Ratio Less Encryption which uses the monotonic one-way function and the determined coefficients/random numbers).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set with Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients to provide an obfuscation system capable of querying obfuscated databases and obtaining the same results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Trepetin).
The combination of Pieniazek in view of Trepetin does not teach, but Moon teaches the protected dataset comprising numerical values arranged in a linear order (paragraph 49 discloses the protected data set wherein plain text 1 is less than a plain text 2); wherein the obfuscation function is a monotonic one-way function configured to obfuscate the protected dataset while maintaining the linear order (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain); generating an obfuscated version of the dataset using the monotonic one-way function that maintains the linear order of the protected dataset (paragraph 46-49 disclose an encryption comparison code generated using an order preserving hash function. If a plain text 1 is less than a plain text 2, then the function(plaint text 1) is less than function(plain text 2). Hash functions that preserves the order of the input data such that the output hash values will be ordered are monotone hash functions. Therefore, the linear order is maintain).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the coefficients and obfuscation functions in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s generated obfuscated dataset using the monotonic one-way function and coefficients with Moon’s teachings of monotonic ordered preserving functions to provide an improved encryption system and method capable of querying anonymized electronic databases and obtaining the same ordered results as if performing the queries against the original, unencrypted data all while being done with little actual impact to query speed (paragraph 6 of Moon).
Claim(s) 5-7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pieniazek et al US 20200074109 (hereinafter Pieniazek), in view of Trepetin et al US 20210357521 (hereinafter Trepetin), in further view of Moon US 20130091357 (hereinafter Moon), and in further view of Sankaran et al US 20210004373 (hereinafter Sankaran).
As to claim 5, the combination of Pieniazek in view of Trepetin and Moon teaches all the limitations recited in claim 4. The combination of Pieniazek in view of Trepetin and Moon does not teach wherein the comparison query references a second argument, and wherein the second argument includes another obfuscated value included in the obfuscated version of the protected dataset.
Sankaran teaches wherein the comparison query references a second argument, and wherein the second argument includes another obfuscated value included in the obfuscated version of the protected dataset (paragraphs 05 and 48-49 disclose matching the transformed query parameter (first argument) to the tokenized variant data object in a searchable secure entity data object. A common entity identifier links the tokenized sensitive data object the tokenized variant data object. For example, a suitable service can access tokenized variants in a searchable secure entity data object in the secure identity data repository. The service can match one or more of the transformed query parameters identified to one or more of the accessed tokenized variants. Based on the match/having matched the tokenized variants, the system retrieves the tokenized sensitive data from the searchable secure entity data object using the common identifier. Therefore, the tokenized variant data object and identifier is the second argument/obfuscated value and non-obfuscated value).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the obfuscation in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s monotonic function and Moon’s teachings of monotonic ordered preserving functions with Sankaran’s comparison query to increase the security of the data objects since a breach of a particular system that contains the tokenized/obfuscated protected data will not provide direct access to protected information. In addition, incorporating Sankaran’s teachings of the second argument reduces the risk of unauthorized access of the information in the event that a security breach occurs. Furthermore, supplementing the entity data objects with arguments/variant data objects, which could include common variations of PII or other sensitive data, can allow this securely stored data to be queried in a similar manner as the sensitive data in the clear (e.g., via a fuzzy search) (paragraphs 7-8 of Sankaran).
As to claim 6, the combination of Pieniazek in view of Trepetin and Moon teaches all the limitations recited in claim 4. The combination of Pieniazek in view of Trepetin and Moon does not teach, but Sankaran teaches wherein the comparison query references a second argument, and wherein the second argument is a non-obfuscated value (paragraphs 5 and 48-49 disclose matching the transformed query parameter to the tokenized variant data object in a searchable secure entity data object. A common entity identifier links the tokenized sensitive data object the tokenized variant data object. The service can match one or more of the transformed query parameters identified to one or more of the accessed tokenized variants. Based on the match/having matched the tokenized variants, the system retrieves the tokenized sensitive data from the searchable secure entity data object using the common identifier. Therefore, the identifier is the second argument/ non-obfuscated value).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the obfuscation in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s monotonic function and Moon’s teachings of monotonic ordered preserving functions with Sankaran’s comparison query to increase the security of the data objects since a breach of a particular system that contains the tokenized/obfuscated protected data will not provide direct access to protected information. In addition, incorporating Sankaran’s teachings of the second argument reduces the risk of unauthorized access of the information in the event that a security breach occurs. Furthermore, supplementing the entity data objects with arguments/variant data objects, which could include common variations of PII or other sensitive data, can allow this securely stored data to be queried in a similar manner as the sensitive data in the clear (e.g., via a fuzzy search) (paragraphs 7-8 of Sankaran).
As to claim 7, the combination of Pieniazek in view of Trepetin, Moon, and Sankaran further teaches comprising: obfuscating the second argument (Sankaran: paragraph 38 discloses encrypting/tokenizing the variant data and this tokenized variant is the second argument which is used in the comparison query, also see paragraphs 5 and 48-49); and comparing the first argument with the obfuscated second argument (Sankaran: paragraphs 5 and 48-49 disclose matching the transformed query parameter to the tokenized variant data object in a searchable secure entity data object. A common entity identifier links the tokenized sensitive data object the tokenized variant data object. The service can match one or more of the transformed query parameters identified to one or more of the accessed tokenized variants). The motivation is similar to the motivation presented in claim 6.
As to claim 17, the combination of Pieniazek in view of Trepetin and Moon teaches all the limitations recited in claim 16. The combination of Pieniazek in view of Trepetin and Moon does not teach, but Sankaran teaches wherein the comparison query references a second argument, and wherein the second argument is a non-obfuscated value (paragraphs 5 and 48-49 disclose matching the transformed query parameter to the tokenized variant data object in a searchable secure entity data object. A common entity identifier links the tokenized sensitive data object the tokenized variant data object. The service can match one or more of the transformed query parameters identified to one or more of the accessed tokenized variants. Based on the match/having matched the tokenized variants, the system retrieves the tokenized sensitive data from the searchable secure entity data object using the common identifier. Therefore, the identifier is the second argument/ non-obfuscated value).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the obfuscation in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s monotonic function and Moon’s teachings of monotonic ordered preserving functions with Sankaran’s comparison query to increase the security of the data objects since a breach of a particular system that contains the tokenized/obfuscated protected data will not provide direct access to protected information. In addition, incorporating Sankaran’s teachings of the second argument reduces the risk of unauthorized access of the information in the event that a security breach occurs. Furthermore, supplementing the entity data objects with arguments/variant data objects, which could include common variations of PII or other sensitive data, can allow this securely stored data to be queried in a similar manner as the sensitive data in the clear (e.g., via a fuzzy search) (paragraphs 7-8 of Sankaran).
Claim(s) 11-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pieniazek et al US 20200074109 (hereinafter Pieniazek), in view of Trepetin et al US 20210357521 (hereinafter Trepetin), in further view of Moon US 20130091357 (hereinafter Moon), and in further view of Bacon et al US 20170147835 (hereinafter Bacon).
As to claim 11, the combination of Pieniazek in view of Trepetin and Moon teaches all the limitations presented in claim 9 above, but does not teach wherein the polynomial is of a degree of at least 5.
Bacon teaches wherein the polynomial is of a degree of at least 5 (paragraphs 43-44 disclose polynomial equations used for encoding/obfuscation data, wherein the equation has a degree of 5).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the obfuscation in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s monotonic function and Moon’s teachings of monotonic ordered preserving functions with Bacon’s polynomial equation for encrypting/obfuscating data to provide the required level of security for the query and data without learning the actual information in the query and databases (paragraphs 5 and 41 of Bacon).
As to claim 12, the combination of Pieniazek in view of Trepetin and Moon teaches all the limitations presented in claim 9 above, but does not teach wherein a degree of the polynomial is selected based on one or more of the following: a size of a domain of the protected dataset, a key-space of the key, a desired range of obfuscate values of the protected dataset, or a size of the key.
Bacon teaches wherein a degree of the polynomial is selected based on one or more of the following: a size of a domain of the protected dataset, a key-space of the key, a desired range of obfuscate values of the protected dataset, or a size of the key (paragraph 41 discloses the degree of the polynomial can be no larger than the degree of the ciphertext (thus the size of a domain of the protected dataset)).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the obfuscation in Pieniazek’s method of obfuscating protected data set in view of Trepetin’s monotonic function and Moon’s teachings of monotonic ordered preserving functions with Bacon’s polynomial equation for encrypting/obfuscating data to provide the required level of security for the query and data without learning the actual information in the query and databases (paragraphs 5 and 41 of Bacon).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Castellanos et al US 7797341 (hereinafter Castellanos).
Castellanos teaches a protected dataset to obfuscate/desensitize monotonically including numerical values arranged in a linear order (column 9, lines 35-37 and column 3, lines 61+ and column 10, lines 37-63) as disclosed in the independent claims.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30am-4:00pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at (571)270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/F.F/ Examiner, Art Unit 2437
/ALEXANDER LAGOR/ Supervisory Patent Examiner, Art Unit 2437
Prosecution Insights