DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 03/18/2026. Claims 1, 10, and 11 are amended. Claims 3, 9, 12, and 14 are cancelled. Claims 1-2, 4-8, 10-11, 13, and 15-22 are pending in this examination.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This examination is in response to US Patent Application No. 18/579,216.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered.
Examiner Note
Applicant’s amendment to claims 1, 10, and 11 recites obviates previously raised claims 1-2, 4-8, 10-11, 13, and 15-22, 35U.S.C .112(b), second paragraph.
Applicant is encouraged to review the relevant references for new amendment ( Shuffling) mentioned at the conclusion section of this office action.
Response to Argument
Applicant’s arguments with respect to claims 1, 10, and 11 for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4-8, 10-11, 13, and 15-22 are rejected under 35 U.S.C. 103 as being unpatentable over HOU CHEN (CN113395159) hereinafter referred to as “Chen”( filed in IDS 01/12/2024), and in view of WO2019/123346A1 ( Giovanni Russello) , hereinafter, “Giovanni”.
Regarding claims 1, 10 and 11, Chen discloses a method for sample alignment, applied to a first participant system, wherein a first trusted execution environment is deployed at the first participant system, the method comprising: in the first trusted execution environment, obtaining a plurality of first sample identifier of the first participant system [ Page 2, 4th paragraph, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized trusted execution environment-based security computing platform is designed, and a privacy data set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating in the private data set is sent to the central server, so that the central server performs the private data set intersection operation and sends the result to each participant]; and
Determining whether of the second trusted execution environment through the first trusted execution environment; and after determining that the second trusted execution environment is secure, establishing a secure channel connecting the first trusted execution environment and the second trusted execution environment [ Page 2, 4th paragraph, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized trusted execution environment-based security computing platform is designed, and a privacy data ( equated to sample identifiers) set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating(second trusted execution environment) in the private data set is sent to the central server( equated to first trusted execution environment), so that the central server performs the private data set intersection operation and sends the result to each participant]; and [ Page 13, 3rd paragraph, In the data processing process, the privacy data set is one of the basic problems studied in the field of secure multi-party computation( equated to first, and second) trusted execution environment , that is, for several participants, each party has a private data set, and the goal is to let all participants learn the common intersection of these sets, and ensure that the content of the non-intersection does not leak. In general, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized SGX TEE-based secure computing platform is designed, wherein a privacy data set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating in the private data set is sent to the central server, so that the central server performs the private data set intersection operation and sends the result to each participant.], and [ Page 4 5th paragraph, Optionally, in some possible implementations of this application, the method further includes: obtaining, by the strong participant, output data of the trusted execution environment; and The strong participant signs the output data based on the private key to obtain signature data, where the signature data is used to instruct the data receiver to perform validity verification based on the public key. Optionally, in some possible implementations of this application, the method further includes: determining, by the strong participant, a strong participant set and a weak participant set in the participating device; the strong participant in the strong participant set sends a remote attestation to perform device verification of the strong participant set. Optionally, in some possible implementations of this application, the method further includes: determining, by the strong participant, a strong participant set and a weak participant set in the plurality of participating devices; and sending a remote attestation by a strong participant in the strong participant set in the strong participation direction, so as to perform device verification of the strong participant set].
through the first trusted execution environment, obtaining a plurality of second sample identifier of the second participant system transmitted from the second trusted execution environment via secure channel, wherein the second trusted execution environment is deployed at the second participant system [ Page 13, 3rd paragraph, In the data processing process, the privacy data set is one of the basic problems studied in the field of secure multi-party computation( equated to first, and second) trusted execution environment , that is, for several participants, each party has a private data set, and the goal is to let all participants learn the common intersection of these sets, and ensure that the content of the non-intersection does not leak. In general, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized SGX TEE-based secure computing platform is designed, wherein a privacy data set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating in the private data set is sent to the central server, so that the central server performs the private data set intersection operation and sends the result to each participant.] , and [ Page 4, last 4 paragraphs, Optionally, in some possible implementations of this application, the determining a strong participant set and a weak participant set in the plurality of participating devices includes: traversing, by the strong participant, communication information in the plurality of participating devices; and determining, by the strong participant, a participating device in which the trusted execution environment exists (equated to second or multiple possible TEE) based on the communication information, to determine the strong participant set; and determining, by the strong participant, a participating device without the trusted execution environment based on the communication information, to determine the weak participant set]; and
in the first trusted execution environment, determining a first initial intersection of the plurality of first sample identifier and the plurality of second sample identifier, the first initial intersection comprising a plurality first target identifiers arranged in first sequence [ Page 26, last paragraph, In a possible scenario, the foregoing data processing method may be applied to a federated learning scenario, that is, each participant serves as a participant of a federated learning task, as shown in FIG. 8, which is a schematic scenario diagram of another trusted execution environment-based data processing method according to an embodiment of this application. There are shown N participants, which are equivalent to N participating devices, where a data identifier (sample ID) corresponding to private data included in the participant 1 is (0, 1, 3, 6, 11, 12, 18, 20, 21), data corresponding to private data included in the participant 2 is (1, 2, 4, 5, 7, 8, 10, 11, 15, 20), and data corresponding to private data included in the participant N is (0, 1, 6, 11, 20, 26, 29) ; Then, the private data of the n participants is input into the sample alignment module, and the sample alignment module is configured to perform the data processing process in this application, to obtain the intersection of the n participants, that is, the data identifier is the private data corresponding to the (1,11,20) part]; and
and based on the first target intersection, determining a first sample alignment result [ Page 27, 1st paragraph, After the intersection result is obtained, the intersection item can be determined, so that the federated training module is input to execute the federated learning task, thereby ensuring the security of the private data outside the intersection item].
Chen does not explicitly disclose; however, Giovanni discloses performing a shuffle processing on all the first target sample identifiers in the first initial intersection to obtain a first target intersection, the plurality of first target samples identifiers in the first target intersection being arranged in a second sequence different from the first sequence
[ Page 6, last para., page 7, 1st para, rearranging (shuffling) the one or more identifiers within the index, and transmitting a rearranged index comprising the one or more rearranged (shuffled) identifiers. In an embodiment, the method of obfuscating data in a storage system comprises the additional steps of: processing the received set of blocks to discern blocks that are related to each other or associated with a file, and the step of rearranging (shuffling) comprises rearranging the location or identity of one or more related blocks].
[ Page 9, 5th para, the term "identifier" as used in this specification and claims, unless the context suggests otherwise, means a numeral or letter or symbol or any other suitable facet that is used to uniquely identify a block or data element. The terms, "ID", "id", "identifier" mean the same and are interchangeably used in this specification].
[ Page 19, 5th para. the method of accessing one or more files may comprise the additional step of transmitting a set of blocks and a plurality of identifiers to a shuffling server for shuffling by the shuffling server, and wherein the blocks in the set of blocks are each associated with an identifier of the plurality of identifiers. The blocks and/or the identifiers are randomly shuffled.].
[Page 23, 3rd para. method of obfuscating data in a storage system within an untrusted environment, the storage system comprising at least one storage server and at least one shuffling server configured for communication with each other over a data network, the method executed by a one or more processors associated with the at least one shuffling server comprising the steps of: receiving a set of blocks comprising one or more blocks, rearranging (shuffling) the one or more blocks within the set of blocks, transmitting the rearranged set of blocks comprising the one or more rearranged (shuffled) blocks. The method of obfuscating data in a storage system comprising the additional steps of: receiving an index comprising one or more identifiers associated with the one or more blocks, rearranging (shuffling) the one or more identifiers within the index, transmitting a rearranged index comprising the one or more rearranged (shuffled) identifiers].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Chen by incorporating “one storage server and at least one shuffling server”, as taught by Giovanni. One could have been motivated to do so in order for Obfuscating data in a storage system within an untrusted environment from publicly accessible and unsecured from an access perspective. [ Giovanni, Page 6. 7th paragraph Page 9, 2nd para.].
Regarding claims 2, and 13, Chen discloses, wherein: the plurality of first sample identifier is obtained in the first trusted execution environment by the first participant system through encrypting a first original sample identifier using an encryption algorithm, and the plurality of second sample identifier is obtained in the second trusted execution environment by the second participant system through encrypting a second original sample identifier using the encryption algorithm[ Page 6 last paragraphs, A third aspect of this application provides a data processing apparatus based on a trusted execution environment, including: an encryption unit, configured to generate a public-private key pair in a trusted execution environment, wherein a private key in the public-private key pair is stored in the trusted execution environment; and a broadcasting unit, configured to broadcast a public key in the public and private key pair to all participating devices for executing a target task, where the participating device includes at least one strong participant and at least one weak participant. the encryption unit is further configured to generate a target key, and encrypt the private data based on the target key to obtain target encrypted data; and the encryption unit is further configured to encrypt the target key based on the received broadcast public key to obtain an encryption key; and the broadcast unit is further configured to send the encryption key and the target encrypted data to another strong participant. a receiving unit, configured to receive target encrypted data and an encryption key sent by other participating devices, and decrypt the received encryption key based on a private key in the public and private key pair in the trusted execution environment to obtain a target key; and a processing unit, configured to decrypt the received target encrypted data according to the decrypted target key in the trusted execution environment to obtain other target data sets corresponding to the participating devices; and The processing unit is further configured to, in the trusted execution environment, perform the target task based on the target data set corresponding to the other participating devices and the private data of the strong participant, to obtain a data intersection, and broadcast the data intersection to all the participating devices], and [ Page 7 last 2 paragraphs, Optionally, in some possible implementations of this application, the processing unit is specifically configured to traverse communication information in the plurality of participating devices; and the processing unit is specifically configured to determine, based on the communication information, a participating device in which the trusted execution environment exists (equated to second or multiple possible TEE) to determine the strong participant set].
Regarding claims 4, and 15, Chen discloses,, wherein: the encryption algorithm is determined by the first trusted execution environment and the second trusted execution environment through the secure channel [ Page 5 8th paragraph, Optionally, in some possible implementations of this application, the strong participant communicates with the trusted execution environment through an intranet, the weak participant communicates with other participating devices through an extranet, the public and private key pair is obtained based on an RSA algorithm, the symmetric encryption algorithm is an AES-GCM algorithm, and the target task is a privacy data set intersection task].
Regarding claims 5, and 16, Chen discloses,, wherein based on the first target intersection, determining the first sample alignment result includes: in the first trusted execution environment, obtaining corresponding first target sample attributes based on all first target sample identifiers included in the first target intersection; and using all first target sample identifiers and the corresponding first target sample attributes as the first sample alignment result [ Page 26, last paragraph, In a possible scenario, the foregoing data processing method may be applied to a federated learning scenario, that is, each participant serves as a participant of a federated learning task, as shown in FIG. 8, which is a schematic scenario diagram of another trusted execution environment-based data processing method according to an embodiment of this application. There are shown N participants, which are equivalent to N participating devices, where a data identifier (sample ID) corresponding to private data included in the participant 1 is (0, 1, 3, 6, 11, 12, 18, 20, 21), data corresponding to private data included in the participant 2 is (1, 2, 4, 5, 7, 8, 10, 11, 15, 20), and data corresponding to private data included in the participant N is (0, 1, 6, 11, 20, 26, 29) ; Then, the private data of the n participants is input into the sample alignment module, and the sample alignment module is configured to perform the data processing process in this application, to obtain the intersection of the n participants, that is, the data identifier is the private data corresponding to the (1,11,20) part]
Regarding claims 6, and 17, Chen discloses, further including: outputting the corresponding first target sample attributes from the first trusted execution environment[ Page 26, last paragraph, In a possible scenario, the foregoing data processing method may be applied to a federated learning scenario, that is, each participant serves as a participant of a federated learning task, as shown in FIG. 8, which is a schematic scenario diagram of another trusted execution environment-based data processing method according to an embodiment of this application. There are shown N participants, which are equivalent to N participating devices, where a data identifier (sample ID) corresponding to private data included in the participant 1 is (0, 1, 3, 6, 11, 12, 18, 20, 21), data corresponding to private data included in the participant 2 is (1, 2, 4, 5, 7, 8, 10, 11, 15, 20), and data corresponding to private data included in the participant N is (0, 1, 6, 11, 20, 26, 29) ; Then, the private data of the n participants is input into the sample alignment module, and the sample alignment module is configured to perform the data processing process in this application, to obtain the intersection of the n participants, that is, the data identifier is the private data corresponding to the (1,11,20) part].
Regarding claims 7, and 18, Chen discloses,, in the first trusted execution environment, after determining the first initial intersection of the plurality of first sample identifier and the plurality of second sample identifier and performing the shuffle processing on all first target sample identifiers in the first initial intersection to obtain the first target intersection, further including: sending the first target intersection to the second trusted execution environment through the first trusted execution environment, where the second participant system, in the second trusted execution environment, obtains corresponding second target sample attributes based on all first target sample identifiers included in the first target intersection; and using all first target sample identifiers and the corresponding second target sample attributes as the second sample alignment result[ Page 26, last paragraph, In a possible scenario, the foregoing data processing method may be applied to a federated learning scenario, that is, each participant serves as a participant of a federated learning task, as shown in FIG. 8, which is a schematic scenario diagram of another trusted execution environment-based data processing method according to an embodiment of this application. There are shown N participants, which are equivalent to N participating devices, where a data identifier (sample ID) corresponding to private data included in the participant 1 is (0, 1, 3, 6, 11, 12, 18, 20, 21), data corresponding to private data included in the participant 2 is (1, 2, 4, 5, 7, 8, 10, 11, 15, 20), and data corresponding to private data included in the participant N is (0, 1, 6, 11, 20, 26, 29) ; Then, the private data of the n participants is input into the sample alignment module, and the sample alignment module is configured to perform the data processing process in this application, to obtain the intersection of the n participants, that is, the data identifier is the private data corresponding to the (1,11,20) part].
Regarding claims 8, and 19, Chen discloses, wherein: a quantity of the plurality of first sample identification is greater than a quantity of the plurality of second sample identification[ see FIG 8 and corresponding text for more details], and [ Page 15 last paragraph, page 15 1st paragraph, , last paragraph, It may be understood that the foregoing quantity is merely an example, and in an actual scenario, more strong participants and weak participants may be included, and for a lower limit of quantity, the quantity of strong participants needs to be greater than or equal to 1 and the total number of participants is greater than or equal to 2, and on the premise that the condition is met, the number of the strong participants and the weak participants may be arbitrarily matched].
Regarding claim 20, Chen discloses [ Page 5 8th paragraph, Optionally, in some possible implementations of this application, the strong participant communicates with the trusted execution environment through an intranet, the weak participant communicates with other participating devices through an extranet, the public and private key pair is obtained based on an RSA algorithm, the symmetric encryption algorithm is an AES-GCM algorithm, and the target task is a privacy data set intersection task], and [Page 6, last paragraph].
Regarding claim 21, Chen discloses [ Page 13, 3rd paragraph, In the data processing process, the privacy data set is one of the basic problems studied in the field of secure multi-party computation( equated to first, and second) trusted execution environment , that is, for several participants, each party has a private data set, and the goal is to let all participants learn the common intersection of these sets, and ensure that the content of the non-intersection does not leak. In general, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized SGX TEE-based secure computing platform is designed, wherein a privacy data set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating in the private data set is sent to the central server ( equated to storing second sample identifiers), so that the central server performs the private data set intersection operation and sends the result to each participant.], and
[ Page 13, 4th paragraph, in general, the process of the privacy data set intersection may adopt a centralized trusted execution environment scheme, that is, a centralized SGX TEE-based secure computing platform is designed, wherein a privacy data set intersection algorithm is supported. The trusted execution environment service is mainly deployed on the centralized server, and then the local encrypted data of each participant participating in the private data set is sent to the central server, so that the central server performs the private data set intersection operation and sends the result to each participant], and [ Page 20, third paragraph, In this embodiment, the target task may be a Private Set Intersection (PSI), that is, for a plurality of participants, each party has a private data set (private data), and the target is to let all participants learn the common intersection of these sets, and ensure that the content of the non-intersection does not leak. It may be understood that, in the calculation process, the private data may be input and processed in the form of sample identifiers, and the size information of all the SID sets of the participants may be hidden in the intermediate calculation process, to provide additional privacy information protection].
Regarding claim 22, Chen discloses [ Page 26, last paragraph, in a possible scenario, the foregoing data processing method may be applied to a federated learning scenario, that is, each participant serves as a participant of a federated learning task, as shown in FIG. 8, which is a schematic scenario diagram of another trusted execution environment-based data processing method according to an embodiment of this application. There are shown N participants, which are equivalent to N participating devices, where a data identifier (sample ID) corresponding to private data included in the participant 1 is (0, 1, 3, 6, 11, 12, 18, 20, 21), data corresponding to private data included in the participant 2 is (1, 2, 4, 5, 7, 8, 10, 11, 15, 20), and data corresponding to private data included in the participant N is (0, 1, 6, 11, 20, 26, 29) ; Then, the private data of the n participants is input into the sample alignment module, and the sample alignment module is configured to perform the data processing process in this application, to obtain the intersection of the n participants, that is, the data identifier is the private data corresponding to the (1,11,20) part], and [Page 24, step 621].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hankinson ( US2022/0019479) [0336] FIG. 11 illustrates exemplary random shuffling and identifier translation of the plurality 210 of objects of FIG. 2 with N=24. Objects of array 1110 of primary (raw) object identifiers, labelled u.sub.0 to u.sub.23, are logically randomly shuffled and placed in array 1120 in the order u.sub.19, u.sub.16, . . . , u.sub.09. For example, the object of primary object identifier u.sub.19 is the first selected object and is placed in the first position of array 1130, the object of primary object identifier u.sub.16 is second selected object and placed in the second position of array 1130, and so in], and [0337] The logically shuffled identifiers are translated into secondary object identifiers 0, 1, . . . , 23 (reference 1130). Based on the shuffled pattern of arrays 1120 and 1130, translation array 1150 is generated to indicate for the index of each primary (raw) identifier in array 1110 a translated (secondary) identifier. Thus, primary identifier u.sub.00 is translated to secondary identifier 09 of the same object. Primary identifier u.sub.19 is translated to secondary identifier 0 of the same object. The secondary identifier of an object is basically the rank of the object in the logically shuffled array of objects. Array 1130 serves as an inverse translator of secondary identifiers to respective primary (raw) identifiers. Inverse translation is needed for reporting results of a query to a client initiating the query. At least one object descriptor 1140 of each object is stored in database 140 (FIG. 1). Consequently, the primary identifier of each object of each of the Q key-specific sets of objects 220 (FIG. 2) is translated into a respective secondary identifier.
Fox-Epstein (US2023/0318809) [0009] Methods can include shuffling, by the server, the set of sever-client-encrypted identifiers resulting in a set of shuffled server-client-encrypted identifiers that has a different ordering than the set of server-client-encrypted identifiers, wherein: transmitting the set of server-client-encrypted identifiers to the client device includes transmitting the shuffled server-client-encrypted identifiers to the client device; and receiving a set of client-encrypted queries that were encrypted by the client device includes receiving a set of shuffled client-encrypted queries that were generated using the set of shuffled server-client-encrypted identifiers.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHAHRIAR ZARRINEH/Primary Examiner, Art Unit 2496