DATA DISCLOSURE APPARATUS, AND DATA DISCLOSURE METHOD

§103 §112

DETAILED ACTION Notice of AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The amendment filed 2025-11-12 has been entered and fully considered. Response to Arguments Applicant’s arguments, see page 7, filed 2025-11-12, with respect to the correspondence between JP 2021-39143 and US-20210064741 as cited in the IDS filed 2024-03-29 has been fully considered and is persuasive; therefore, the IDS is considered and entered in-full. Applicant’s arguments, see pages 7-9, filed 2025-11-12, with respect to the claim amendments overcoming the cited prior art references of the rejection of claims 1-2, 7, and 9 under 35 U.S.C. § 102(a)(1) and of claims 3-6 and 8 under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn; however, upon further search and consideration, a new grounds of rejection – as necessitated by amendment – is made in view of newly cited prior art. Information Disclosure Statement The information disclosure statement (IDS) submitted on 2024-03-29 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. Claims 1-11 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention. In particular, claim 1 recites the limitation “checks whether or not the query complies with a predetermined rule regarding a utilization purpose of data of a result of the query”, and the specification does not describe the claimed feature in sufficient detail that one skilled in the art can reasonably conclude that the inventor had possession of the claimed invention at the time of filing. It is first noted that original claims lack adequate written description when the claims define the invention in functional language specifying a desired result but the specification does not sufficiently describe how the function is performed or the result is achieved; See MPEP § 2161.01(I). That is, “the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed”. In this instance, the claims generally recite checking whether or not the query complies with a predetermined rule regarding a utilization purpose of data of a result of the query. The specification does provide antecedent basis for such a check (e.g. [0017], [0041], and Fig. 2); however, the specification does not adequately describe the structure of such a rule or how to check compliance with a rule regarding the “utilization purpose … of a result”. The Examiner notes that the written description does provide two example rules in Fig. 2: 1) “FOR DAY AGGREGATE VALUES, DATA ALLOWING PARTICULAR INDIVIDUAL, MEDICAL ORGANIZATION, OR THE LIKE TO BE IDENTIFIED IS PROHIBITED FROM BEING PUBLICIZED (STIPULATION OF MINIMUM VALUE FOR k VALUE: k23)*3” and 2) “AGE GROUPS ARE DEFINED IN UNITS OF FIVE YEARS PEOPLE AGED 90 OR OLDER ARE BROUGHT INTO ONE GROUP”; however, there is no disclosure as to how a query is checked for compliance against these example rules and it’s not like a user (malicious or otherwise) will declare that they intend to publicize the query results or not divide age groups in units of five years in contravention to the rules. More so, there is no written description as to how a system can determine the “utilization purpose … of a result” or the compliance with a rule regarding such, nor is there written description as to how to apply a natural-language rule such in the example so as to determine compliance of a query with a rule regarding the “utilization purpose … of a result”. That is, the specification does not disclose, let alone adequately describe with sufficient detail, the algorithm (e.g., the necessary steps and/or flowcharts) that performs the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor possessed the claimed subject matter at the time of filing as required by the written description requirement. Claim 9 is rejected under a similar rationale. The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-2, 7, and 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al. (US Pre-Grant Publication No. 20170366519-A1, hereinafter “Rao”) in view of Beveridge et al. (US Pre-Grant Publication No. 20240259391-A1, hereinafter “Beveridge”). With respect to independent claim 1, Rao discloses a data disclosure apparatus that discloses data in response to a query from a user, the data disclosure apparatus comprising: at least one computation device {para. 0020: “server 11 includes an encryptor 12” and/or “cloud based server 19”}. at least one memory resource {para. 0020: “Cloud based storage”}. at least one storage device {para. 0020: “data 16 stored on the database 15” and/or “database 22”}. wherein the computation device: receives the query {para. 0021: “cloud based server 19, which includes a query receiver 20 to receive and parse the query”}. checks whether or not the query complies with a predetermined rule {para. 0021: “parse the query”; parsing and processing a query requires the query to comply with the database language syntax}. searches table data as query processing responding to the query to acquire the result of query execution when the query is confirmed to comply with the predetermined rule {para. 0021: “result finder 21 that processes the encrypted data 23 in response to the query and generates one or more encrypted results”}. encrypts the result of query execution using a public key corresponding to a private key held by the user {para. 0021: “re-encryptor 33 re-encrypts ciphertext of the encrypted data results from under the data owner’s public key to the requesting user’s public key”}. provides the encrypted result of query execution to the user {para. 0021: “transmits the re-encrypted results to the requesting user”}. Although Rao teaches receiving a query and verifying compliance with database syntax, Rao does not explicitly disclose verifying the query complies with a rule regarding a utilization purpose; however, Beveridge discloses: wherein the computation device: receives the query {para. 0029: “a client device 106 can submit a request to perform a data operation”}. checks whether or not the query complies with a predetermined rule regarding a utilization purpose of data of a result of the query {para. 0029: “a management agent 139 running on the client device 106 can determine whether the request complies with a data sovereignty policy 126 or a governance policy 127 before performing the requested data operation”; the Specification does not describe a “utilization purpose of data of a result of the query” (See §112(a) rejection at ¶6); however, it seems compliance with data sovereignty would be encompassed under the broadest reasonable interpretation of the limitation}. Rao and Beveridge are analogous art because they are from the same field of endeavor or problem-solving area of protecting sensitive data in a database. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Rao and Beveridge before him or her, to modify/develop the database server of Rao’s system to utilize verification that a received request complies with data sovereignty and/or governance policy prior to execution of the request. The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, e.g., enables compliance with national privacy regulation. Therefore, it would have been obvious to combine the database server in Rao’s system with verification that a received request complies with data sovereignty and/or governance policy prior to execution of the request to obtain the invention as specified in the instant claim(s). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims. With respect to dependent claim 2, Rao discloses wherein the computation device: receives at least one public key from the user and registers the public key in the storage device {para. 0020: “authorized users are each associated with a public key 29 and a secret key 30”, wherein “the public 29 key can be stored on in a database of a cloud based server”}. provides the user with information of the public key used for encryption of the result of query execution {paras. 0021 and 0023: information provided by acceptance of “that user’s public key”, wherein “re-encryptor 33 re-encrypts ciphertext of the encrypted data results from under the data owner’s public key to the requesting user’s public key”}. With respect to dependent claim 7, Rao discloses wherein the computation device executes the query processing only when agreement for disclosure of the data to the user is obtained from an owner of the table data {paras. 0023-0025: “data owner performs set-up (block 41), including identifying … users authorized to access data of the owner”}. With respect to claim 9, a corresponding reasoning as given earlier in this section with respect to claim 1 applies, mutatis mutandis, to the subject matter of claim 9; therefore, claim 9 is rejected, for similar reasons, under the grounds as set forth for claim 1. With respect to dependent claim 10, Beveridge discloses wherein the predetermined rule is stored in a rule management table storing a plurality of rules each including a rule ID and which identifies, for each rule ID, a content, an applicable country and an applicable organization of the rule corresponding to the rule ID {paras. 0066-0067: “policies in a policy table” comprising “geographic region (e.g., country, state, city and/or other region), industry mandates (e.g., security requirements of a particular industry, such as related to storage and transmission of medical records), government mandates (e.g., laws and regulations imposed by governmental entities, such as including security requirements), and the like”}. With respect to claim 11, a corresponding reasoning as given earlier in this section with respect to claim 10 applies, mutatis mutandis, to the subject matter of claim 11; therefore, claim 11 is rejected, for similar reasons, under the grounds as set forth for claim 10. Claims 3-6, and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Rao et al. (US Pre-Grant Publication No. 20170366519-A1, hereinafter “Rao”) in view of Beveridge et al. (US Pre-Grant Publication No. 20240259391-A1, hereinafter “Beveridge”) and Shamsutdinov et al. (US Pre-Grant Publication No. 20190251198-A1, hereinafter “Shamsutdinov”). With respect to dependent claim 3, although Rao teaches querying a database, Rao does not explicitly disclose that the database uses a table structure; however, Shamsutdinov discloses wherein the computation device searches the table data stored in the storage device to acquire the result of query execution {para. 0101: “checks if the calling application is allowed to use (for the specified operation) the tables (or views, for read requests) and columns specified in the request”}. Rao-Beveridge and Shamsutdinov are analogous art because they are from the same field of endeavor or problem-solving area of secure database systems. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Rao-Beveridge and Shamsutdinov before him or her, to modify/develop the database server of Rao-Beveridge’s system to utilize common database structures and security (e.g. tables, user authentication). The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, e.g., enables creating data relationships and improving data security. Therefore, it would have been obvious to combine the database server in Rao-Beveridge’s system with common database structures and security (e.g. tables, user authentication) to obtain the invention as specified in the instant claim(s). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims. With respect to dependent claim 4, Rao discloses wherein the computation device: searches the [database] data that is in an encrypted state and stored in at least one database connectible to the data disclosure apparatus via a network, to acquire the result of query execution in an encrypted state {paras. 0020-0021: “a result finder 21 that processes the encrypted data 23”, accessible via “cloud based server 19”}. decrypts and integrates the at least one result of query execution in the encrypted state acquired from the database {para. 0021: “key generator 32 generates a re-encryption key 35 for each authorized user based on the secret key of the data owner and the public key of that requesting user”}. Although Rao teaches querying a database, Rao does not explicitly disclose that the database uses a table structure; however, Shamsutdinov discloses: searches the table data {para. 0101: “checks if the calling application is allowed to use (for the specified operation) the tables (or views, for read requests) and columns specified in the request”}. With respect to dependent claim 5, Shamsutdinov discloses wherein the computation device specifies the rule to be applied to the query on a basis of an attribute of the user {para. 0101: “AIR uses access rules provided by the publisher(s)” and “if any repositories are explicitly referenced in a request, AIR checks if the calling application and user are allowed to reference those repositories”}. With respect to dependent claim 6, Shamsutdinov discloses wherein the computation device executes the query processing only when the user is authenticated {para. 0446: “Actor specific signature of the message can be checked”}. With respect to dependent claim 8, Shamsutdinov discloses wherein the computation device: stores the result of query execution in the storage device {para. 0200: “results of this query can then be cached”}. in a case where a query corresponding to the result of query execution stored in the storage device is received again, omits the query processing and uses the result of query execution stored in the storage device {para. 0200: “results of this query can then be cached to speed up following queries”; general function of cache is to use cached results instead of query re-execution}. Conclusion Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is 571-270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William (“Bill”) Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Kevin Bechtel/ Primary Examiner, Art Unit 2491