SYSTEMS AND METHODS FOR IMPROVED RESEARCHER PRIVACY IN DISTRIBUTED LEDGER-BASED QUERY LOGGING SYSTEMS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the application filed on 01/26/2026. Claims 2-3, 6, and 11-12 were previously cancelled. Claims 1 and 10 are independent claims. Claims 1, 4-5, 7-10, and 13-15 have been examined and are pending. This Action is made FINAL. Response to Arguments The rejection of claims 1, 4-5, 7-10, and 13-15 under 35 U.S.C. § 101 is withdrawn as Applicant’s arguments are found persuasive. Applicant’s arguments in the remarks, filed on 01/26/2026, with respect to the prior-art rejections to claims 1 and 10, and limitation listed below, have been fully considered but they are not persuasive. As to independent claims 1 and 10, Applicants stated in arguments that there is nothing in paragraph [0020] of Jibaja, or elsewhere in Jibaja alone or in combination with one or more of Wentz, Dageville, and/or Carey of verifying that a query entity is an authorized query entity wherein verification does not reveal the identity of the query entity (Applicant Arguments/Remarks, 01/26/2026, pages 9-12). The Examiner disagrees with the Applicants. The Examiner respectfully that The combination of JIBAJA and Wentz disclose do disclose the cited limitations. For example, JIBAJA discloses wherein verification does not reveal the identity of the query entity (JIBAJA: par 0020; receiving network packets, the network packets comprising first digital signatures and dual payloads, first payloads of the dual payloads comprising de-identified data [i.e., receiving information for verification] [] authenticating the network packets [] inserting the de-identified data into records for the patients in at least one HIPAA-compliant database; par 0022; pushing the de-identified data to at least one distributed ledger without any patient identification information [i.e., does not reveal the identity of the query entity]). Applicant also respectfully disagrees, and asserts that even assuming the combination of Jibaja in view of Wentz would suggest or render obvious using zero-knowledge authorization (CLS signature plus zk-SNARK/zk-STARK), one of skill in the art would not have so modified Jibaja with Wentz (Applicant Arguments/Remarks, 01/26/2026, pages 12-15). In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4-5, 8, 10, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over JIBAJA et al. (“JIBAJA,” WO 2020197990, published on 10/01/2020) in view of Wentz et al. (“Wentz,” US 20210184864, published on 06/17/2021). Regarding Claim 1; JIBAJA discloses a method for logging queries made to a data system, comprising: receiving, at the data system, an encrypted query from a query entity, wherein the encrypted query is digitally signed by the query entity using a digital signature method, and further wherein the digital signature is encrypted using a cryptographic authentication method (par 0008; receiving a network packet (an encrypted network packet); par 0020; the network packets comprising first digital signatures and dual payloads, first payloads of the dual payloads comprising de-identified (or anonymous or device -identified) data, second payloads of the dual payloads comprising messages, the messages comprising hashes of the de-identified (or anonymous or device-identified) data, second digital signatures, and instructions for at least one peer of at least one distributed ledger network to add the hashes to at least one distributed ledger), verifying, by the data system, that the query entity is an authorized query entity, wherein verifying comprises analysis of the encrypted digital signature using de-identification via the cryptographic authentication method and the digital signature method, wherein verification does not reveal the identity of the query entity (par 0020; receiving network packets, the network packets comprising first digital signatures and dual payloads, first payloads of the dual payloads comprising de-identified data [i.e., receiving information for verification] [] authenticating the network packets [] inserting the de-identified data into records for the patients in at least one HIPAA-compliant database; par 0022; pushing the de-identified data to at least one distributed ledger without any patient identification information [i.e., does not reveal the identity of the query entity]); and logging, at a query logging database of the data system, at least a portion of the encrypted query (par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures [] inserting the de-identified (or anonymous or device-identified) data into records for the patients in at least one HIPAA-compliant database). JIBAJA discloses digital signature and cryptographic authentication as recited above, but do not explicitly disclose wherein the digital signature method is the Camenisch-Lysyanskaya signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent Arguments of Knowledge (zk-STARK) method. However, in an analogous art, Wentz discloses protocol certificates system/method that includes: wherein the digital signature method is the Camenisch-Lysyanskaya signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent ARguments of Knowledge (zk-STARK) method (Wentz: par 0049; zero-knowledge proof may include a succinct non-interactive arguments of knowledge (ZK-SNARKS) proof, wherein a “trusted setup” process creates proof and verification keys using secret information encoded using a public key cryptographic system, a prover runs a proving algorithm using the proving key and secret information available to the prover, and a verifier checks the proof using the verification key; par 0054; a digital signature include a Camenisch-Lysyanskaya (CL) signature. “CL signatures,” as used herein, are digital signatures with additional cryptographic protocols; any signature protocol possessing the set of properties of a CL signature considered a CL signature). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Wentz with the method/system of JIBAJA to include wherein the digital signature method is the Camenisch-Lysyanskaya signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent ARguments of Knowledge (zk-STARK) method. One would have been motivated to generate a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device (Wentz: abstract). Regarding Claim 4; The combination of JIBAJA and Wentz disclose the method of claim 1, JIBAJA discloses wherein the query further comprises: (i) a public key for the digital signature; and (ii) a public key for the cryptographic authentication (JIBAJA: par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures, the dual payloads and members of a list of public keys assigned to authorized data sources (for example a cryptographic device identification key assigned to a mobile medical device) (for example recovering the dual payloads from at least the first digital signatures). In certain embodiments, for example, the method may comprise using the members of the list of public keys to identify patients). Regarding Claim 5; The combination of JIBAJA and Wentz disclose the method of claim 4, JIBAJA discloses wherein the query further comprises: (iii) an encrypted unique identifier for the authorized query entity; and (iv) an encrypted timestamp for the query (JIBAJA: par 0008; receiving a network packet (an encrypted network packet); par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures, the dual payloads and members of a list of public keys assigned to authorized data sources; par 0120; the parameter derived from the device identification code at least a portion of the device identification code. In certain embodiments, for example, the device identification code may correspond to, comprise, or be used to derive a public key, the public key corresponding to a private key used to form the digital signature. In certain embodiments, for example, the de-identified data comprise at least one timestamp). Regarding Claim 8; The combination of JIBAJA and Wentz disclose the method of claim 1, JIBAJA discloses accessing, by an enforcer of the query system, one or more logged queries logged in the query logging database of the data system (JIBAJA: par 0012; the pushing comprise passing a digital signature for the HIPAA-compliant database applied at least to the instructions and the hash to the peer. In certain embodiments, for example, the digital signature for the HIPAA-compliant database applied to at least the instructions, the hash, and the second digital signature; par 0013; the authorizing data sources comprise associating the member of the list of public keys (which may also be a list of device identification codes or one may be derived from the other) with patient identification information (for example in the HIPAA-compliant database); and identifying, by the enforcer, the one or more logged queries using the cryptographic authentication method and the digital signature method, and wherein verification reveals the identity of each of the one or more logged queries (JIBAJA: par 0013; the authorizing data sources comprise associating the member of the list of public keys (which may also be a list of device identification codes or one may be derived from the other) with patient identification information (for example in the HIPAA-compliant database); par 0014; authorizing access to at least one of the HIPAA-compliant database records, a block in a blockchain referencing the hash in the distributed ledger, and the hash in the distributed ledger. In certain embodiments, for example, the authorizing access may comprise a) forwarding an access request from a third party and b) receiving access permission for the third party from the patient. In certain embodiments, for example, the identity of the third party receiving access authorization may be stored in a specified distributed ledger. In certain embodiments, for example, the specified distributed ledger may be checked when the third party attempts to access the at least one of the HIPAA-compliant database records, the block in a blockchain referencing the hash in the distributed ledger, and the hash in the distributed ledger). Regarding Claim 10; JIBAJA discloses a distributed database system for logging queries made to the system, comprising (par 0041; the downloading and the pulling utilize a peer in a distributed ledger network): a query logging database configured to store at least a portion of a query made by a query entity to the distributed database system (par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures [] inserting the de-identified (or anonymous or device-identified) data into records for the patients in at least one HIPAA-compliant database); a plurality of distributed databases (par 0041; the downloading and the pulling utilize a peer in a distributed ledger network); and a processor configured to: (i) receive an encrypted query from the authorized query entity, wherein the encrypted query is digitally signed by the query entity using a digital signature method, and further wherein the digital signature is encrypted using a cryptographic authentication method (par 0008; receiving (for example via a communication pathway comprising a wireless network such as a cellular network or a Wi-Fi network) a network packet (an encrypted network packet); par 0020; the network packets comprising first digital signatures and dual payloads, first payloads of the dual payloads comprising de-identified (or anonymous or device -identified) data, second payloads of the dual payloads comprising messages, the messages comprising hashes of the de-identified (or anonymous or device-identified) data, second digital signatures, and instructions for at least one peer of at least one distributed ledger network to add the hashes to at least one distributed ledger), (ii) verify that the query entity is an authorized query entity, wherein verifying comprises analysis of the encrypted digital signature using de- identification via the cryptographic authentication method and the digital signature method, wherein verification does not reveal the identity of the query entity (par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures, the dual payloads and members of a list of public keys assigned to authorized data sources (for example a cryptographic device identification key assigned to a mobile medical device) (for example recovering the dual payloads from at least the first digital signatures). In certain embodiments, for example, the method may comprise using the members of the list of public keys to identify patients); and (iii) cause the received encrypted query to be stored in the query logging database (par 0020; authenticating the network packets by verifying the first digital signatures using one or more signature verifying algorithms in combination with the first digital signatures [] inserting the de-identified (or anonymous or device-identified) data into records for the patients in at least one HIPAA-compliant database). JIBAJA discloses digital signature and cryptographic authentication as recited above, but do not explicitly disclose wherein the digital signature method is the Camenisch-Lvsvanskava signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent ARguments of Knowledge (zk-STARK) method. However, in an analogous art, Wentz discloses protocol certificates system/method that includes: wherein the digital signature method is the Camenisch-Lvsvanskava signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent ARguments of Knowledge (zk-STARK) method (Wentz: par 0049; zero-knowledge proof may include a succinct non-interactive arguments of knowledge (ZK-SNARKS) proof, wherein a “trusted setup” process creates proof and verification keys using secret information encoded using a public key cryptographic system, a prover runs a proving algorithm using the proving key and secret information available to the prover, and a verifier checks the proof using the verification key; par 0054; a digital signature include a Camenisch-Lysyanskaya (CL) signature. “CL signatures,” as used herein, are digital signatures with additional cryptographic protocols; any signature protocol possessing the set of properties of a CL signature considered a CL signature). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Wentz with the method/system of JIBAJA to include wherein the digital signature method is the Camenisch-Lvsvanskava signature (CLS) digital signature method, and further wherein the cryptographic authentication method is a zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARK) method or a zero-knowledge Scalable Transparent ARguments of Knowledge (zk-STARK) method. One would have been motivated to generate a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device (Wentz: abstract). Regarding Claim 13; This Claim recites a system that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4. Regarding Claim 14; This Claim recites a system that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over JIBAJA et al. (WO 2020197990) in view of Wentz et al. (US 20210184864), and further in view of Dageville et al. (“Dageville,” US 10,977,383, published on 04/13/2021). Regarding Claim 7; The combination of JIBAJA and Wentz disclose the method of claim 1, The combination of JIBAJA and Wentz disclose all the limitations as recited above, but do not explicitly disclose step of modifying, by the data system, the received encrypted query to remove identifying information, thereby generating a modified encrypted query, wherein at least a portion of the modified encrypted query is logged in the query logging database of the data system. However, in an analogous art, Dageville discloses encrypting database data system/method that includes: step of modifying, by the data system, the received encrypted query to remove identifying information, thereby generating a modified encrypted query, wherein at least a portion of the modified encrypted query is logged in the query logging database of the data system (Dageville: Col 6, lines 21-27; retrieve the new encryption key from the key store for use during encryption. For example, the encryption component generate a new file, with the old file still in memory. The new file include all the data from the old file, but simply be an encrypted or re-keyed version based on a new encryption key; Col 6, lines 40-45; determine whether a query with write access has been received or started. If the query with write access has been received and a new key has been generated, the encryption component encrypt a file that has been modified based on the query with write access and store that file in the file data store), Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dageville with the method/system of JIBAJA and Wentz to include step of modifying, by the data system, the received encrypted query to remove identifying information, thereby generating a modified encrypted query, wherein at least a portion of the modified encrypted query is logged in the query logging database of the data system. One would have been motivated to modify the entry in the table to point to the second file, wherein the modification of the entry is performed atomically (Dageville: abstract). Claims 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over JIBAJA et al. (WO 2020197990) in view of Wentz et al. (US 20210184864), and further in view of CAREY et al. (“CAREY,” US 20150317490, published on 11/05/2015). Regarding Claim 9; The combination of JIBAJA and Wentz disclose the method of claim 1, JIBAJA discloses wherein the data system is a distributed genomic data system (JIBAJA: par 0041; the downloading and the pulling utilize a peer in a distributed ledger network). The combination of JIBAJA and Wentz disclose distributed data system as recited above, but do not explicitly disclose a distributed genomic data system. However, in an analogous art, CAREY discloses secure computing system/method that includes: a distributed genomic data system (CAREY: par 0007; access to and/or use of genomic and/or other sensitive data (e.g., distribution, analysis, etc.), improved interaction with and/or use of distributed genomic and/or other sensitive data, reduced user involvement in genomic and/or other sensitive data workflow processes). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of CAREY with the method/system of JIBAJA and Wentz to include a distributed genomic data system. One would have been motivated to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information (CAREY: abstract). Regarding Claim 15; This Claim recites a system that perform the same steps as method of Claim 9, and has limitations that are similar to Claim 9, thus are rejected with the same rationale applied against claim 9. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /C.W./Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439