DATA MASKING METHOD, DATA MASKING APPARATUS, AND STORAGE DEVICE

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This communication is in response to the Amendment filed 12/16/2025. Response to Arguments Claims 1 – 3, 5 – 15 and 17 – 22 are pending in this Office Action. After a further search and a thorough examination of the present application, claims 1 – 3, 5 – 15 and 17 – 22 remain rejected. Applicant's arguments filed with respect to claims 1 – 3, 5 – 15 and 17 – 22 have been fully considered but they are not persuasive. Applicant's arguments filed with respect to claims 1 – 3, 5 – 15 and 17 – 22 have been fully considered but they are not persuasive. Applicant argues that there is no teaching in D’Costa of encapsulating a read command with an NFS or CIFS message or parsing such a protocol message to obtain command. In response to Applicant’s argument, the Examiner disagrees and submits that D’Costa teaches in paragraphs 20 – 21 server and client systems communicating over a network including internet and that application and masking module may be implemented across plural server systems, furthermore, the application and masking module may reside on a client system or other computer system in communication with the data sources. D’Costa also teaches in paragraphs 23 – 26 that interface allows for commands and masking module to function over the external network interface which would inherently utilize NFS and/or CIFS message. Paragraphs 29 and 33 teach that application is responsible for extracting data from a data source and passing the data to the masking module via the public API. Paragraphs 35 – 36 teach the masking module receives control, interprets the input structure, acquires resources, loads a library containing the specified masking service provider, and initializes the service provider for data masking, the application then calls a Provider Service function of public API to mask the data identified in the one or more input buffers. Remaining claims in instant application recite the same subject matter and for the same reasons as cited above the rejection is maintained. Hence, Applicant’s arguments do not distinguish the claimed invention over the prior art of record. In light of the foregoing arguments, the 103 rejections are maintained. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1 – 3, 5 – 15 and 17 – 22 are rejected under 35 U.S.C. 103 as being unpatentable over D’Costa et al. (US 20150113659 A1) (‘D’Costa’ herein after) further in view of Bandi et al. (US 20200250334 A1) (‘Bandi’ herein after) further in view of GOTTHARDT et al. (US 2022/0391537 A1) (‘Gotthardt’ herein after). With respect to claim 1, 13, D’Costa discloses a method for data masking, wherein the method is performed by a storage device (paragraph 14 teaches data masking such as replacing or obscuring data, paragraph 120 teaches the method employed on data storage systems, D’Costa) and the method comprises: receiving a read-data command encapsulated in a network file system message or a common internet file system message sent by a host, wherein the read-data command requests to-be-read data (paragraphs 8 teaches interface provides access to the plurality of service providers from different data-consumers to mask the data objects according to the corresponding types of data masking, paragraphs 20 – 21 teach the network interface including the internet and thus using NFS and/or CIFS and paragraph 23 teaches enabling communication, receiving commands from users, that is receiving a read data command, D’Costa); parsing the NFS message or the CIFS message to obtain the read-data command, obtaining the to-be-read data in response to the read-data command (paragraphs 23, 26, 29 teach obtaining data in response to the user command, figure 3 and paragraphs 33 , 35, D’Costa); performing masking processing on the to-be-read data in the masking manner corresponding to the type of the to-be-read data to obtain target data (paragraphs 26, 30, D’Costa) and sending the target data to the host (paragraphs 18 and 22 – 23 teach interaction of user with data sources and receiving respective masked data as a result, D’Costa). D'Costa does not specifically teach in response to determining that the masking processing needs to be performed in the to-be-read data obtaining a masking manner which compromises level-1 masking processing that corresponds to a file that does not need to be decoded or level-2 masking processing that corresponds to a file that needs to be decoded explicitly as claimed. However, Bandi teaches in response to determining that the masking processing needs to be performed in the to-be-read data obtaining a masking manner which compromises level-1 masking processing that corresponds to a file that does not need to be decoded or level-2 masking processing that corresponds toa file that needs to be decoded in figures 2, 4 and paragraphs 23, 34 – 41 teaching the masking that is used to obscure, or mask, sensitive data values in the sanitization process, such as the type of sanitation to be performed, such as the type of masking (zeroing, encryption or pseudonymization, as examples) and whether to preserve the formats of the individual items (using format preserving encryption, for example) or whether to mask the entire sensitive data region. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings pf D’Costa with the teachings of Bandi because primarily both references are in the same field of study, sensitive data and its masking. Furthermore, Bandi’s performing a plurality of mutually different anonymization techniques such as the masking that is used to obscure, or mask, sensitive data values in the sanitization process, such as the type of sanitation to be performed, such as the type of masking (zeroing, encryption or pseudonymization, as examples) and whether to preserve the formats of the individual items (using format preserving encryption, for example) or whether to mask the entire sensitive data region improves on D’Costa’s masking techniques. D'Costa does not teach determining a file type of the to-be-read data and determining, according to a whitelist and the file type of the to-be-read data, that masking processing needs to be performed on the to-be-read data explicitly as claimed. However, Gotthardt teaches determining a file type of the to-be-read data and determining, according to a whitelist and the file type of the to-be-read data, that masking processing needs to be performed on the to-be-read data in paragraphs 73 – 91, stating one or more “selection data fields” and at least one respective associated selection value, wherein a “selection data field” is a data field of a personal file whose content determines whether or not a data field of a personal file is extracted and anonymized in the course of anonymization; in particular, a “selection data field” is a data field of a personal file whose content is compared with the at least one selection value specified in the protocol during execution of the anonymization protocol, wherein a personal file is anonymized by the anonymization protocol only if the comparison reveals a sufficient similarity of the data content of the selection field with the at least one selection value. It also teaches anonymization software is configured to receiving a request for personal data, performing said one anonymization protocol in response to receipt of said request, said one anonymization protocol comprising a specification of one or more “selection data fields” and at least one respective associated selection value, wherein performing said one anonymization protocol comprises comparing the content of said “selection data field” of all personal files with said at least one selection value, wherein said one anonymization protocol is configured to anonymize only those personal files for which said comparison results in sufficient similarity to said at least one selection value and transmitting the anonymized personal files as the subset of the personal data to the control software, each together with an identifier of the one anonymization protocol. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings pf D’Costa with the teachings of Gotthardt because primarily both references are in the same field of study, sensitive data and its masking. Furthermore, Gotthardt’s system is provided which is highly secure and at the same time highly flexible and expandable with respect to a multitude of different analytical questions and which is particularly suitable for providing personal data in anonymous form for a multitude of different analysis functions with different requirements with respect to data format and data content improves on D’Costa’s masking techniques, paragraphs 18 – 20 and 73 – 91, Gotthardt. With respect to claim 2, 14, D’Costa as modified discloses the method according to claim 1, wherein the to-be-read data is unstructured data (paragraphs 29 – 30, D’Costa). With respect to claim 3, 15, D’Costa as modified discloses the method according to claim 2, wherein the unstructured data is a file (paragraphs 14, 19, 24 and 29 – 30, D’Costa). With respect to claim 5, 17, D’Costa as modified discloses the method according to claim 1, wherein in response to at least that the masking manner corresponding to the to-be-read data is the level-1 masking processing, the performing masking processing on the to-be-read data comprises: dividing the to-be-read data into a plurality of file segments; performing the level-1 masking processing on the plurality of file segments; and combining the file segments on which the level-1 masking processing has been performed to obtain the target data (paragraphs 22, 29 – 30, 33 and 36 – 38, D’Costa and figures 2, 4 and paragraphs 23, 34 – 41, Bandi). With respect to claim 6, 18, D’Costa as modified discloses the method according to claim 5, wherein the performing the level-1 masking processing on the plurality of file segments comprises: determining, for each file segment in the plurality of file segments, whether the each file segment hits a file segment on which masking has been performed and that is stored in the storage device; and in response to at least determining that the file segment hits the file segment on which the masking has been performed and that is stored in the storage device, skipping performing the level-1 masking processing on the file segment; or in response to at least determining that the file segment misses the file segment on which the masking has been performed and that is stored in the storage device, performing the level-1 masking processing on the file segment (paragraphs 22, 29, 33, D’Costa and paragraphs 23, 34 – 41, Bandi). With respect to claim 7, D’Costa as modified discloses the method according to claim 6, wherein the type of the to-be-read data is a text file or a log file (paragraphs 19, 24, 33, D’Costa). With respect to claim 8, 19, D’Costa as modified discloses the method according to claim 1, wherein in response to at least that the masking manner corresponding to the to-be-read data is the level-2 masking processing, the performing masking processing on the to-be-read data comprises: decoding the to-be-read data to obtain decoded file content; dividing the decoded file content into a plurality of file segments; performing the level-2 masking processing on the plurality of file segments; and encoding the file segments on which the level-2 masking processing has been performed to obtain the target data (paragraphs 22, 29, 33, D’Costa and paragraphs 23, 34 – 41, Bandi). With respect to claim 9, D’Costa as modified discloses the method according to claim 8, wherein the type of the to-be-read data is a Word file or a PDF file (paragraphs 14, 19, 24, D’Costa). With respect to claim 10, D’Costa as modified discloses the method according to claim 5, wherein the method further comprises: storing the file segments on which the level-1 masking processing or the level-2 masking processing has been performed (paragraphs 120 – 123, D’Costa and paragraphs 23, 34 – 41, Bandi). With respect to claim 11, 20, D’Costa as modified discloses the method according to claim 1, further comprising: obtaining other to-be-read data from a hard disk of the storage device in response to at least that a condition for prefetching data is met; performing the masking processing on the other to-be-read data; and sending the other to-be-read data on which the masking has been performed to the host in response to at least that a command that is sent by the host to read the other to-be-read data is received (paragraphs 18 – 19, 22, D’Costa). With respect to claim 12, D’Costa as modified discloses the method according to claim 11, wherein the condition for prefetching data comprises at least one of the following cases: the other to-be-read data is modified; it is found that a type of the other to-be-read data meets a specified type of data that is to be prefetched; a snapshot for the other to-be-read data is created; or a specified prefetching period arrives (paragraphs 8, 15, 29 – 30, D’Costa). With respect to claim 21 and 22, D’Costa as modified discloses the method according to claim 5, wherein combining the file segments on which the level-1 masking processing has been performed to obtain the target data comprises: encoding the file segments on which the level-1 masking processing has been performed to obtain the target data (figures 2, 4 and paragraphs 23, 34 – 41, Bandi). Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20140047551 A1 teaches receiving a message directed at a recipient computer located outside a secure area by a privacy computer located within a secure area. The privacy computer may identify private information using a plurality of privacy rules and anonymize the message according to the plurality of privacy rules. US 20230195932 A1 teaches a document may be transformed to protect the sensitive data attributes while reducing risk of disclosure of the sensitive data. US 20080065665 A1 teaches data masking. US 20170272472 A1 teaches a data privacy manager solution includes a number of different components performing data security procedures (encryption, masking, tokenization, Anonymization, etc.) at the folder, file, email, application, database and column levels. US 20190377895 A1 teaches data masking operation performed on the obtained database at a column level when the determination indicates the received request is validated. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAVNEET K GMAHL whose telephone number is 571-272-5636. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SANJIV SHAH can be reached on (571) 272-4098. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NAVNEET GMAHL/Examiner, Art Unit 2166 Dated: 1/24/2026 /SANJIV SHAH/Supervisory Patent Examiner, Art Unit 2166