DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a final office action in response to communications received 01/06/2026. Claims 1, 7, 15 have been amended. Therefore, claims 1-20 are pending and addressed below.
Response to Amendment
Applicant’s amendments and response to the claims are sufficient to overcome the claim objections and 35 USC 112(b) rejections set forth in the previous office action.
Response to Arguments
Applicant’s arguments filed 01/06/2026 have been fully considered but they are moot in view of new grounds of rejections.
Allowable Subject Matter
Claims 4-6 (claims 5-6 are dependent on claim 4), Claims 7-12 (8-12 are dependent based off of claim 7), 18-20 (claims 19-20 are dependent on claim 18) are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 3, 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Arasu et al (Pub. No. US 20160306995) in view of Bradshaw et al (Pub. No. US 2022/0207182) and in further view of Hansen et al (Pat. No. US 8600048).
As per claim 1, Arasu discloses a method in one or more servers for performing a join operation (…a semantically secure join operator joins two input tables into one resulting table…see par. 45), the method comprising: receiving, at a module executing in a trusted execution environment (TEE) from a first party (1P) data source, a first dataset including personal identifiable information (PII) data and non-PII data (…(table 4 and table 5: see Ailment (encrypted) and Ailment (original))…EDBMS TM framework that can be stored on a trusted machine such as computing device…an EDBMS TM framework can contain a query processor configured for receiving a query having encrypted contents and one or more encrypted records from a data store…the query processor can coordinate the execution of the query on a trusted machine and can return a query result…the query received by the query processor is a complete query, while in others, it can be an intermediate query…an intermediate query can be one of several query operations needed to process a complete query according to a query plan…when the query processor coordinates the execution of an intermediate query, the query result that is returned can be an intermediate query result…see par. 33, 35); matching, in the TEE, the first formatted PII data to second formatted PII data included in a second dataset; performing a join operation between the first dataset and the second dataset based on the matching, to generate a joined dataset (…after the encrypted records and the encrypted query contents have been decrypted, the query processor can process the query by utilizing semantically secure query operators…a semantically secure query operator can be used to execute an associated query operation on decrypted data derived from the encrypted records…semantically secure query operators remove information that can be used to identify correlations between a query parameter and a query result… a semantically secure join operator joins two input tables into one resulting table…see par. 38, 45). Arasu does not explicitly disclose providing, to a data service operating independently of the 1P data source, the joined dataset. However Bradshaw discloses providing, to a data service operating independently of the 1P data source, the joined dataset (…connect server returns the two datasets to cloud server…cloud server is now in possession of two datasets, both including the same encrypted identifiers…it can therefore collate the two datasets…see par. 67-68). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Bradshaw in Arasu for including the above limitations because one ordinary skill in the art would recognize it would improve security of sharing confidential data by providing anonymized data…see Bradshaw, par. 2-4. The combination of Arasu and Bradshaw does not explicitly disclose pre-processing the PII data to generate first formatted PII data, the first formatted PII data conforming to one or more defined string formats. However Hansen discloses pre-processing the PII data to generate first formatted PII data, the first formatted PII data conforming to one or more defined string formats (…the plaintext may be encrypted to produce the ciphertext while translating the format of the string from the first format to a second format…see col.2 lines 2-5). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Hansen in Arasu and Bradshaw for including the above limitations because one ordinary skill in the art would recognize it would further prevent unauthorized access to the sensitive data by an intruder…see Hansen, col.1 lines 20-21.
As per claim 15, Arasu discloses a system comprising: one or more servers including processing hardware (see fig.1) and configured to; receive, at a module executing in a trusted execution environment (TEE) from a first- party (1P) data source, a first dataset including personal identifiable information (PII) data and non-PII data (…(table 4 and table 5: see Ailment (encrypted) and Ailment (original))…EDBMS TM framework that can be stored on a trusted machine such as computing device…an EDBMS TM framework can contain a query processor configured for receiving a query having encrypted contents and one or more encrypted records from a data store…the query processor can coordinate the execution of the query on a trusted machine and can return a query result…the query received by the query processor is a complete query, while in others, it can be an intermediate query…an intermediate query can be one of several query operations needed to process a complete query according to a query plan…when the query processor coordinates the execution of an intermediate query, the query result that is returned can be an intermediate query result…see par. 33, 35); match, in the TEE, the first formatted PII data to second formatted PII data included in a second dataset; perform a join operation between the first dataset and the second dataset based on the matching, to generate a joined dataset (…after the encrypted records and the encrypted query contents have been decrypted, the query processor can process the query by utilizing semantically secure query operators…a semantically secure query operator can be used to execute an associated query operation on decrypted data derived from the encrypted records…semantically secure query operators remove information that can be used to identify correlations between a query parameter and a query result… a semantically secure join operator joins two input tables into one resulting table…see par. 38, 45). Arasu does not explicitly disclose provide, to a data service operating independently of the 1P data source, the joined dataset. However Bradshaw discloses provide, to a data service operating independently of the 1P data source, the joined dataset (…connect server returns the two datasets to cloud server…cloud server is now in possession of two datasets, both including the same encrypted identifiers…it can therefore collate the two datasets…see par. 67-68). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Bradshaw in Arasu for including the above limitations because one ordinary skill in the art would recognize it would improve security of sharing confidential data by providing anonymized data…see Bradshaw, par. 2-4. The combination of Arasu and Bradshaw does not explicitly disclose pre-processing the PII data to generate first formatted PII data, the first formatted PII data conforming to one or more defined string formats. However Hansen discloses pre-processing the PII data to generate first formatted PII data, the first formatted PII data conforming to one or more defined string formats (…the plaintext may be encrypted to produce the ciphertext while translating the format of the string from the first format to a second format…see col.2 lines 2-5). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Hansen in Arasu and Bradshaw for including the above limitations because one ordinary skill in the art would recognize it would further prevent unauthorized access to the sensitive data by an intruder…see Hansen, col.1 lines 20-21.
As per claim 2, the combination of Arasu, Bradshaw and Hansen disclose performing, by the module and prior to the receiving of the first dataset, authentication with the 1P data source (Bradshaw: see par. 113). The motivation for claim 2 is the same motivation as in claim 1 above.
As per claim 3, the combination of Arasu, Bradshaw and Hansen disclose wherein the performing of the authentication includes performing a decryption operation using credentials associated with the 1P data source (Bradshaw: see par. 105-109). The motivation for claim 3 is the same motivation as in claim 1 above.
As per claim 14, the combination of Arasu, Bradshaw and Hansen disclose wherein the receiving of the first dataset includes receiving the first dataset in cleartext over an encrypted link (Arasu: see par. 34).
As per claim 16, the combination of Arasu, Bradshaw and Hansen disclose wherein the one or more servers are further configured to: perform, by the module and prior to the receiving of the first dataset, authentication with the 1P data source (Bradshaw: see par. 113). The motivation for claim 16 is the same motivation as in claim 1 above.
As per claim 17, the combination of Arasu, Bradshaw and Hansen disclose wherein the one or more servers are configured to perform the authentication by performing a decryption operation using credentials associated with the 1P data source (Bradshaw: see par. 105-109). The motivation for claim 17 is the same motivation as in claim 1 above.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Arasu et al (Pub. No. US 20160306995) in views of Bradshaw et al (Pub. No. US 2022/0207182) and Hansen et al (Pat. No. US 8600048) as applied to claim 1 above, and further in view of Sultan et al (Pub. No. US 2022/0343021).
As per claim 13, the combination of Arasu, Bradshaw and Hansen does not explicitly disclose wherein: both the receiving and the matching are implemented in the module configured to operate as a secure connector and a PII match component; and the providing of the joined dataset includes providing the joined dataset from the secure connector and the PII match component to the data service via an ETL pipeline. However Sultan discloses wherein: both the receiving and the matching are implemented in the module configured to operate as a secure connector and a PII match component; and the providing of the joined dataset includes providing the joined dataset from the secure connector and the PII match component to the data service via an ETL pipeline (…match different PII data among trading partners using the main tokenizer, and corresponding tokens may be sent back to the trading partners…linking of records may be performed by certain additional special programming and analysis software. For example, record linking fits into a general class of data processing known as data integration, which can be defined as the problem of combining information from multiple heterogeneous data sources. Data integration can include data preparation steps such as parsing, profiling, cleansing, normalization, and parsing and standardization of the raw input data prior to record linkage to improve the quality of the input data and to make the data more consistent and comparable (these data preparation steps are sometimes referred to as ETL or extract, transform, load) …see par. 145, 151). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Sultan in the combination of Arasu, Bradshaw and Hansen for including the above limitations because one ordinary skill in the art would recognize it would further detect and prevent fraud from plurality of PII fields…see Sultan, par. 20-21.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to a secure computing environment…for improving data security and computational efficiency when performing such operations as joining datasets.
Dotan et al (Pat. No. US 8752172); “Coordinated De-Identification of a Dataset Across a Network”;
-Teaches the sub-score operations include a keyword analysis operation which scans the email message for high-risk keywords and phrases such as “login”, “credit card”, “account number”, and so on…the keyword analysis operation is further capable of detecting character or symbol strings having particular formats…the keyword analysis operation outputs an overall keyword value which is weighted based on the presence and frequency of the high-risk keywords, phrases and formats, in the email message…see col.6 lines 33-48
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499