DATA VERIFICATION METHOD AND APPARATUS, DEVICE, AND STORAGE MEDIUM

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to application filed on 28 March 2024. Claims 1-20 are pending in the case. Claims 1, 10, and 17 are the independent claim. This action is non-final. Priority Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. CN202111154040.8, filed on September 29th, 2021. Information Disclosure Statement The information disclosure statement (IDS) submitted on November 4th, 2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. The information disclosure statement (IDS) submitted on December 3rd, 2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Brannon et al. (US 2021/0200902 A1). Regarding claim 1, Brannon teaches a data verification method, comprising: in response to a verification request, applying a target algorithm based on a plurality of pieces of data corresponding to the verification request, to determine first verification information indicating global verification information of the plurality of pieces of data, wherein an output result of the target algorithm is not affected by a sequence of computing input data (see Brannon, Paragraphs [0751]-[0752], “to appropriately process a request such as a DSAR, the system may collect personal data from a data subject. … The system may then, as part of fulfilling such a request, verify the data subject using one or more pieces of the collected data. … after collecting personal data associated with a particular data subject and then using that personal data to verify the data subject, the system may apply a cryptographic hash function (e.g., a one-way hash) to each piece of the personal data, to one or more particular portions (e.g., sensitive portions) of the personal data, and/or to the personal data as a whole (e.g., the one or more pieces of personal data concatenated and then hashed), and store the resulting hashed value(s) as a record of the verification (e.g., in a data model, data map, and/or using one or more other data structures that may be associated with the data subject, processing activity, system, process, etc.).” [In response to a request, a one-way hash function (i.e., target algorithm) is applied in order to determine resulted hashed value(s) (i.e., first verification information indicating global verification information of the plurality of pieces of data). The one or more pieces of personal data may be concatenated and then hashed (i.e., wherein an output result of the target algorithm is not affected by a sequence of computing input data).]); determining a target verification set based on a first verification set and a second verification set, wherein the first verification set comprises verification information of data corresponding to a historical insertion operation, and the second verification set comprises verification information of data corresponding to a historical deletion operation; applying the target algorithm based on the target verification set, to determine second verification information indicating global verification information of the target verification set (see Brannon, Paragraphs [0753]-[0754], [0759], “to determine whether the system has properly verified a data subject, the system may generate and store a hash value for one or more pieces of personal data (e.g., social security number, credit card number, etc.) initially received from the data subject. At a later time, the system may receive a request to confirm that the data subject was properly verified. This request may include (or the system may subsequently receive) a hash value associated with a piece of personal data associated with the subject. The system may compare the received hash value to the stored has value corresponding to the same piece of personal data. If the hash values match, the system can confirm that they were both generated based on an identical piece of personal data, therefore confirming that the system properly verified the data subject using that piece of personal data.” [The hashed data that was initially received (i.e., second verification information) is compared to the hashed request (i.e., first verification information) in order to verify the data. The initially hashed data implies a target verification based on modifications such as deletions and insertions.]); and outputting a verification result based on the first verification information and the second verification information (see Brannon, Paragraphs [0753]-[0754], [0759], “If the hash values match, the system can confirm that they were both generated based on an identical piece of personal data, therefore confirming that the system properly verified the data subject using that piece of personal data.” [A confirmation may be outputted based on the comparison.]). Regarding claim 2, Brannon further teaches: generating temporary verification information of each of the plurality of pieces of data based on the plurality of pieces of data; and when temporary verification information of the plurality of pieces of data is all consistent with verification information of the plurality of pieces of data, applying the target algorithm based on the verification information of the plurality of pieces of data, to generate the first verification information, wherein the output result of the target algorithm is not affected by the sequence of computing the input data (see Brannon, Paragraphs [0752]-[0753], “after collecting personal data associated with a particular data subject and then using that personal data to verify the data subject, the system may apply a cryptographic hash function (e.g., a one-way hash) to each piece of the personal data, to one or more particular portions (e.g., sensitive portions) of the personal data, and/or to the personal data as a whole (e.g., the one or more pieces of personal data concatenated and then hashed), and store the resulting hashed value(s) as a record of the verification (e.g., in a data model, data map, and/or using one or more other data structures that may be associated with the data subject, processing activity, system, process, etc.). … to determine whether the system has properly verified a data subject, the system may generate and store a hash value for one or more pieces of personal data (e.g., social security number, credit card number, etc.) initially received from the data subject. At a later time, the system may receive a request to confirm that the data subject was properly verified. This request may include (or the system may subsequently receive) a hash value associated with a piece of personal data associated with the subject. The system may compare the received hash value to the stored has value corresponding to the same piece of personal data.” [The temporary verification information are the pieces of personal data that are hashed by the one-way hash function before they are verified. Once verified, the hashed information such as the concatenated pieces of information may be updated.]). Regarding claim 3, Brannon further teaches: adding a plurality of pieces of verification information to obtain a sum of a length n, and performing a modulo operation on 2n based on the sum; or performing an XOR operation on each pair of pieces of verification information in the plurality of pieces of verification information; or multiplying the plurality of pieces of verification information to obtain a product of a length n, and performing a modulo operation on 2n based on the product; or sorting and concatenating the plurality of pieces of verification information into concatenated verification information, and hashing the concatenated verification information; or hashing the plurality of pieces of data in a sequence of storing the plurality of pieces of verification information in a self-balancing binary search tree, wherein the plurality of pieces of verification information is the verification information of the plurality of pieces of data corresponding to the verification request, or a plurality of pieces of verification information in the target verification set, and n is a positive integer (see Brannon, Paragraph [0752], “after collecting personal data associated with a particular data subject and then using that personal data to verify the data subject, the system may apply a cryptographic hash function (e.g., a one-way hash) to each piece of the personal data, to one or more particular portions (e.g., sensitive portions) of the personal data, and/or to the personal data as a whole (e.g., the one or more pieces of personal data concatenated and then hashed), and store the resulting hashed value(s) as a record of the verification (e.g., in a data model, data map, and/or using one or more other data structures that may be associated with the data subject, processing activity, system, process, etc.).” [The one or more pieces of personal data may be concatenated and then hashed (i.e., sorting and concatenating the plurality of pieces of verification information into concatenated verification information, and hashing the concatenated verification information).]). Regarding claim 4, Brannon further teaches: wherein, when temporary verification information of any piece of the data is inconsistent with verification information of the data, the verification result is that verification fails (see Brannon, Paragraph [0759], “If the hash values do not match, then the system did not use the same social security number in the earlier interaction with the data subject, and the initial verification or the current interaction may not be with the same data subject.” [The system may determine that the hash values do not match (i.e., the verification result is that verification fails).]). Regarding claim 5, Brannon further teaches: determining that a difference set between the first verification set and the second verification set is the target verification set (see Brannon, Paragraphs [0756]-[0757], “At Step 6540, the system may store the encrypted versions of the one or more pieces of personal data (e.g., the hash values corresponding to each of the one or more pieces of data). The system may also store an indication of the type of personal data to which each piece of data corresponds; one or more processes, systems, and/or processing activities with which the acquisition of each piece of data is associated; and/or a particular data subject with which each piece of data is associated. The system may also, or instead, store any other data associated with each such piece of data. In particular embodiments, the system may use a data map to store and associate one or more encrypted values for each piece of data and any associated information. … At Step 6550, the system may delete the unencrypted piece of data (e.g., the personal data as received from the data subject). In particular embodiments, the system may accomplish this by overwriting the original unencrypted piece of data with the encrypted data (e.g., its corresponding hash value). Alternatively, or in addition, the system may store the encrypted data separately and then delete the original unencrypted piece of data.” [The system may update the stored information accordingly (i.e., difference set).]). Regarding claim 6, Brannon further teaches: when the first verification information is consistent with the second verification information, the verification result is that verification succeeds; or when the first verification information is inconsistent with the second verification information, the verification result is that verification fails (see Brannon, Paragraph [0759], “The system may, at Step 6570, compare the received encrypted value to the encrypted value stored by the system for that particular piece of data to determine whether they match. The system may then respond with a confirmation or denial that the encrypted values match (thereby confirming or denying that verification was performed properly using that particular piece of data). For example, the system may compare the hash value received for the social security number of the particular data subject to the hash value stored for the social security number of the particular data subject (generated during the early interaction, such as at Step 6510-6540). The system may then determine that, if the hash values match, the same social security number was used to generate them both, thereby confirming that the system initially used the same social security number in the earlier interaction with the data subject. If the hash values do not match, then the system did not use the same social security number in the earlier interaction with the data subject, and the initial verification or the current interaction may not be with the same data subject.” [The system may determine that the hash values match or not (i.e., the verification result is that verification succeeds or fails).]). Regarding claim 7, Brannon further teaches: in response to a data insertion request, obtaining verification information of first data based on the first data in the data insertion request; storing the verification information of the first data in the first verification set, wherein the first verification set stores verification information of data corresponding to a request type that is a data insertion request; and storing the first data and the verification information of the first data (see Brannon, Paragraphs [0719], [0756], “the system may communicate and/or connect with one or more back end systems to fulfill a DSAR submitted by or on behalf of a particular data subject. For example, the data subject may have submitted a DSAR to delete, access, and/or modify one or more pieces of personal data associated with the data subject. … At Step 6540, the system may store the encrypted versions of the one or more pieces of personal data (e.g., the hash values corresponding to each of the one or more pieces of data). The system may also store an indication of the type of personal data to which each piece of data corresponds; one or more processes, systems, and/or processing activities with which the acquisition of each piece of data is associated; and/or a particular data subject with which each piece of data is associated. The system may also, or instead, store any other data associated with each such piece of data. In particular embodiments, the system may use a data map to store and associate one or more encrypted values for each piece of data and any associated information.” [The system may update the stored information when requesting to modify the data.]). Regarding claim 8, Brannon further teaches: in response to a data deletion request, obtaining verification information of second data based on the second data in the data deletion request; storing the verification information of the second data in the second verification set, wherein the second verification set stores verification information of data corresponding to a data deletion request; and deleting the second data and the verification information of the second data (see Brannon, Paragraph [0757], “At Step 6550, the system may delete the unencrypted piece of data (e.g., the personal data as received from the data subject). In particular embodiments, the system may accomplish this by overwriting the original unencrypted piece of data with the encrypted data (e.g., its corresponding hash value). Alternatively, or in addition, the system may store the encrypted data separately and then delete the original unencrypted piece of data.” [The system may update the stored information when requesting to delete the data.]). Regarding claim 9, Brannon further teaches: obtaining a data update request; obtaining third verification information of third data based on the third data in the data update request; storing the third verification information of the third data in the second verification set, wherein the second verification set stores verification information of data corresponding to a data deletion request; and deleting the third data and the third verification information; and obtaining fourth verification information of fourth data based on the fourth data in the data update request; storing the fourth verification information of the fourth data in the first verification set, wherein the first verification set stores verification information of data corresponding to a request type that is a data insertion request; and storing the fourth data and the fourth verification information (see Brannon, Paragraph [0760], “The system may perform this data verification process with any one or more pieces of data associated with a data subject and may be performed for multiple pieces of such data, to ensure that data provided in one or more subsequent interactions matches data provided in an initial interaction without requiring any storage of the actual data, which may be sensitive information.” [This process may be repeated for additional requests.]). Regarding claims 10-20, Brannon teaches all of the limitations of claims 1-9 in method form rather than in computing device and non-transitory computer-readable form. Brannon also discloses a computing device [0456] and non-transitory computer-readable medium [0456]. Therefore, the supporting rationale of the rejection to claim 1-9 applies equally as well to those elements of claims 10-20. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUSAM TURKI SAMARA whose telephone number is (571)272-6803. The examiner can normally be reached on Monday - Thursday, Alternate Fridays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Apu Mofiz can be reached on (571)-272-4080. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. HUSAM TURKI SAMARA/Examiner, Art Unit 2161 /APU M MOFIZ/Supervisory Patent Examiner, Art Unit 2161