Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are presented for examination.
Claims 1-19 are elected to be examined.
Claim 20 is withdrawn. Examiner requests to cancel the withdrawn claim.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
4. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. In these claims applicants mention “performing additional processing”, which is generally narrative and indefinite with the invention. Applicants do not point out clearly which options include in the present invention by these vague terms. Any ordinary skill in the art could not understand what the intent meaning of the claim invention is by using these ambiguous terms of “additional processing”. The term “additional processing” could be indefinite choices of elements which is impossible for any ordinary skill in the art would able to interpret. Similarly, examiner fail to understand what is the meets and bounds of the claim limitations by using the indefinite elements like “additional processing”. Which processing examiner should consider as particular to the format-preserving token? Therefore, these limitations with these ambiguous terms are indefinite with the present application. The examiner will interpret these terms and limitations with the regarding claims as best understood for applying the appropriate art for rejection purposes. Appropriate correction needs to overcome the rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
5. Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Shahin et al hereafter Shahin (US pat. App. Pub. 20220343015) and in view of Busch (US pat. App. Pub. 20180053008).
6. As per claims 1, and 19, Shahin discloses a method, and a computer system comprising: retrieving, by a computer system, untokenized data (paragraphs: 4, 6, and 103, wherein it emphasizes a computer network of transferring transaction obtaining untokenized data); generating, by the computer system, dummy data corresponding to the untokenized data (paragraphs: 77, 102, wherein it deliberates that untokenized data will be replaced by tokenized data which is dummy data corresponds to untokenized data); generating, by the computer system, a cryptographic key using the untokenized data and a key generation method (paragraphs: 79, wherein it elaborates that generating a encryption key using a key generation); encrypting, by the computer system, the dummy data using the cryptographic key and performing additional processing using the token (paragraphs: 5, 31, 38-39, and 52, wherein it discusses that encrypting the tokenized data (dummy data) using the encryption key and thus yielding a corresponding encrypted untokenized data and performing additional steps to transfer that data). Shahin does not specifically disclose encrypting, by the computer system, using a format-preserving encryption method, thereby generating a format-preserving token corresponding to the untokenized data and performing additional processing using the format-preserving token. However, in the same field of endeavor, Busch discloses encrypting, by the computer system, using a format-preserving encryption method, thereby generating a format-preserving token corresponding to the untokenized data and performing additional processing using the format-preserving token (paragraphs: 3, and 21).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Busch’s teachings of encrypting, by the computer system, using a format-preserving encryption method, thereby generating a format-preserving token corresponding to the untokenized data and performing additional processing using the format-preserving token with the teachings of Shahin, for the purpose of effectively protecting the untokenized data from any unauthorized intruders.
7. As per claim 2, Shahin does not disclose the method, wherein the format-preserving encryption method comprises a Feistel-based format-preserving encryption method. However, in the same field of endeavor, Busch discloses wherein the format-preserving encryption method comprises a Feistel-based format-preserving encryption method (paragraphs 28, 56, wherein it discusses the principal of format-preserving encryption method which exactly follows by the Feistel-based format-preserving encryption method).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Busch’s teachings of the format-preserving encryption method comprises a Feistel-based format-preserving encryption method with the teachings of Shahin, for the purpose of effectively implementing the secured method of encryption.
8. As per claim 3, Shahin and in view of Busch discloses the method, wherein the computer system encrypts the dummy data using a tweak value in addition to the cryptographic key, and wherein the method further comprises: retrieving, by the computer system, the tweak value (Shahin: paragraphs: 43, and 46, wherein it emphasizes tokenization of the untokenized data is actually accomplished by replacing the untokenized data by tweaking with dummy data. At the time of retrieving the encrypted dummy data, it will perform decryption on the tokenized data and recover the tweak value).
9. As per claim 4, Shahin and in view of Busch discloses the method, wherein the untokenized data comprises a first sequence of data elements, wherein generating the dummy data corresponding to the untokenized data comprises: determining, by the computer system, a length of the first sequence of data elements, wherein the length of the first sequence of data elements is equal to a number of data elements in the first sequence of data elements; determining, by the computer system, a dummy data element (Shahin: paragraphs: 52, 81, wherein it elaborates that the length of the untokenized data value will be replaced by tokenized dummy value which if an intruder usefully grab or break still it would not expose the actual untokenized value. The length of the first sequence of data elements is equal to a number of data elements in the first sequence of data elements); and generating, by the computer system, the dummy data based on the length of the first sequence of data elements and the dummy data element by generating a second sequence of data elements comprising a plurality of repeating instances of the dummy data element, wherein a length of the second sequence of data elements is equal to the length of the first sequence of data elements, wherein the dummy data comprises the second sequence of data elements (Shahin: paragraphs: 76-78, and 82-84, wherein it explains that dummy value replaces the untokenized value of the sensitive transaction information during the tokenization process and this dummy value replace is the second sequence of the data elements whose length is exactly equal to the length of the first sequence of the data elements).
10. As per claim 5, Shahin and in view of Busch discloses the method, wherein the key generation method includes a hashing method (Shahin: paragraphs: 5, and 25).
11. As per claim 6, Shahin and in view of Busch discloses the method, wherein the key generation method comprises a secure hashing algorithm (SHA), and wherein the cryptographic key comprises a hash generated using the untokenized data as an input to the secure hashing algorithm (Shahin: paragraphs: 46, 49-51).
12. As per claim 7, Shahin and in view of Busch discloses the method, wherein: the untokenized data comprises an untokenized string comprising a plurality of untokenized characters; the plurality of untokenized characters correspond to one or more character sets; and the plurality of tokenized characters correspond to the one or more character sets (Shahin: paragraphs: 37, and 81). Shahin does not disclose the format-preserving token comprises a format-preserving token string comprising a plurality of tokenized characters. However, in the same field of endeavor, the format-preserving token comprises a format-preserving token string comprising a plurality of tokenized characters (paragraphs: 56, and 98).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Busch’s teachings of the format-preserving token comprises a format-preserving token string comprising a plurality of tokenized characters with the teachings of Shahin, for the purpose of effectively encrypting the untokenized data.
13. As per claim 8, Shahin and in view of Busch discloses the method, wherein the one or more character sets comprise one or more of the following: one or more sets of numeric digits; one or more alphabets; one or more sets of logograms; one or more sets of symbols associated with one or more syllabaries; one or more sets of typographical symbols; and one or more other symbols (Shahin: paragraphs: 73-75).
14. As per claim 9, Shahin and in view of Busch discloses the method, wherein: the untokenized data is associated with one or more data types; the one or more data types are associated with one or more respective data formats; and the format-preserving token is formatted in accordance with the one or more respective data formats (Shahin: paragraphs: 73-75).
15. As per claim 10, Shahin and in view of Busch discloses the method, wherein the one or more data types include one or more of the following: one or more segments of text; one or more names; one or more numbers; and one or more dates (Shahin: paragraphs: 62-63, 66).
16. As per claim 11, Shahin and in view of Busch discloses the method, wherein the cryptographic key comprises a first cryptographic key, and wherein performing the additional processing using the format-preserving token comprises: encrypting, by the computer system, the untokenized data using a second cryptographic key, thereby generating encrypted untokenized data; and storing, by the computer system, the format-preserving token in a token vault in association with the encrypted untokenized data (Shahin: paragraphs: 68-70).
17. As per claim 12, Shahin and in view of Busch discloses the method, wherein performing the additional processing using the format-preserving token comprises transmitting, by the computer system, the format-preserving token to a client computer (Shahin: paragraphs: 33-34, and 39).
18. As per claim 13, Shahin and in view of Busch discloses the method, wherein performing the additional processing using the format-preserving token comprises: retrieving, by the computer system, a dataset associated with the format-preserving token; retrieving, by the computer system, one or more other format-preserving tokens; retrieving, by the computer system, one or more other datasets associated with the one or more other format-preserving tokens; and performing, by the computer system, a private data analysis on the dataset, the one or more other datasets, the format-preserving token, and the one or more other format-preserving tokens, thereby producing a data analysis result (Shahin: paragraphs: 25-26, and 28).
19. As per claim 14, Shahin and in view of Busch discloses the method, wherein the untokenized data comprises a sequence of untokenized data elements comprising a plurality of untokenized data elements, wherein the plurality of untokenized data elements includes one or more tokenizing data elements and one or more non-tokenizing data elements, and wherein generating the dummy data corresponding to the untokenized data comprises: identifying, by the computer system, the one or more tokenizing data elements; determining, by the computer system, a dummy data element; and generating, by the computer system, a sequence of dummy data elements comprising a number of repeating instances of the dummy data elements equal to a number of tokenizing data elements in the one or more tokenizing data elements, wherein the dummy data comprises the sequence of dummy data elements (Shahin: paragraphs: 49-51, and 59) .
20. As per claim 15, Shahin and in view of Busch discloses the method, wherein the untokenized data comprises an account number (Shahin: paragraphs: 63-64).
21. As per claim 16, Shahin and in view of Busch discloses the method, wherein encrypting the dummy data using the cryptographic key and a format-preserving encryption method, thereby generating a format-preserving token corresponding to the untokenized data comprises: encrypting, by the computer system, the dummy data using the cryptographic key, thereby generating an initial format-preserving token, wherein the initial format-preserving token comprises an initial format-preserving token sequence; identifying, by the computer system, the one or more non-tokenizing data elements and one or more non-tokenizing data element locations; and inserting, by the computer system, the one or more non-tokenizing data elements into the initial format-preserving token sequence based on the one or more non-tokenizing data element locations, thereby producing an updated format-preserving token sequence, wherein the format-preserving token comprises the updated format-preserving token sequence (Shahin: paragraphs: 68-70, and 74).
22. As per claim 17, Shahin and in view of Busch discloses the method, wherein the one or more non-tokenizing data elements comprise one or more delimiters associated with one or more data types of the untokenized data (Shahin: paragraphs: 79, 81, and 84).
23. As per claim 18, Shahin and in view of Busch discloses the method, wherein: the untokenized data comprises an identification number (Shahin: paragraphs: 87, and 90).
Conclusion
24. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590. The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached on 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2407