Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. Claims 1 - 20 are pending. Claims 1, 19, 20 are independent.
2. This application was filed on 4-30-2024.
Double Patenting
3. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
4. Initially it should be noted that the present application is a continuation application of application 18/162705, now Patent No. 12,001,581, having the same inventive entity. The Assignee in both applications is the same. The entire disclosures of the instant application and the patent are identical.
Claims 1 - 20 are rejected under the judicially created doctrine of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1 - 30 of U.S. Patent No. 12,001,581. Although the conflicting claims are not identical, they are not patentably distinct from each other.
Claims 1, 19, 20 of the instant application (18/651570) are almost the same as Patent (12,001,581) Claims 1, 15, 25. Claim 1 of the 12,001,581 Patent as shown in the table below contains every element of Claim 1 of the instant application and as such the difference is not enough to distinguish the two claims. Claims 1, 19, 20 of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim, if the later claim is unpatentable over the earlier claim.
Application 18/651570
Claim 1
Patent (12,001,581)
Claim 1
“accessing, by a second database account, a secure function configured to accept as input and to process an encrypted dataset and a decryption parameter, a first database account including a first dataset, the second database account including a second dataset”
“sharing, by a first database account with a second database account, a secure function configured to accept as input and to process an encrypted dataset and a decryption parameter, the first database account including a first dataset, the second database account including a second dataset”
“generating, by the second database account, an encrypted searchable dataset by encrypting at least a portion of a searchable dataset with a key”
“generating, by the second database account, an encrypted searchable dataset by encrypting the searchable dataset with a key”
“calling, by the second database account, the secure function by inputting the encrypted searchable dataset”
“calling, by the second database account, the secure function by inputting the encrypted searchable dataset and the key into the secure function”
“based on the inputted encrypted searchable dataset, generating, by the secure function, query results of a query by performing operations comprising:”
“based on the inputted encrypted searchable dataset and the key, generating, by the secure function, query results of a query by performing operations comprising:”
“generating a decrypted searchable dataset by decrypting the encrypted searchable dataset in a secure environment”
“generating a decrypted searchable dataset by decrypting the encrypted searchable dataset with the key in a secure environment”
“anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset”
“anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset”
“obtaining the query results by executing the query against the anonymized searchable dataset in the secure environment to generated query-results data”
“obtaining the query results by executing the query against a combination of the first dataset and the anonymized searchable dataset in the secure environment to generated query-results data, the first dataset separate from the second database account” and “anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset”
“outputting the query results to the second database account”
“outputting the query results to the second database account”
Double Patenting
5. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
6. Initially it should be noted that the present application is a continuation application of application 17/390935, now Patent No. 11,934,553, having the same inventive entity. The Assignee in both applications is the same. The entire disclosures of the instant application and the patent are identical.
Claims 1 - 20 are rejected under the judicially created doctrine of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1 - 17 of U.S. Patent No. 11,934,553. Although the conflicting claims are not identical, they are not patentably distinct from each other.
Claims 1, 19, 20 of the instant application (18/651570) are almost the same as Patent (11,934,553) Claims 1, 10, 17. Claim 1 of the 11,934,553 Patent as shown in the table below contains every element of Claim 1 of the instant application and as such the difference is not enough to distinguish the two claims. Claims 1, 19, 20 of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim, if the later claim is unpatentable over the earlier claim.
Application 18/651570
Claim 1
Patent (11,934,553)
Claim 1
“accessing, by a second database account, a secure function configured to accept as input and to process an encrypted dataset and a decryption parameter, a first database account including a first dataset, the second database account including a second dataset”
“generating, on a requester database account in a distributed database system, a clean room query request against a shared data set comprising a requester data set from the requester database account and a provider data set from a provider database account in the distributed database system, the requester database account not having access through the distributed database system to the provider data set in plain text format, the provider database account not having access through the distributed database system to the requester data set in plain text format”
“generating, by the second database account, an encrypted searchable dataset by encrypting at least a portion of a searchable dataset with a key”
“receiving, from the provider database account, a shared user defined function that generates results data by processing the requester shared data table and the provider data set in a sandbox execution environment, ... “
“calling, by the second database account, the secure function by inputting the encrypted searchable dataset”
“receiving, from the provider database account, a shared user defined function that generates results data by processing the requester shared data table and the provider data set in a sandbox execution environment, ... “
“based on the inputted encrypted searchable dataset, generating, by the secure function, query results of a query by performing operations comprising:”
“generating, in the requester database account, the results data for the clean room query request by inputting the pass phrase into the shared user defined function as the decryption parameter and executing the shared user defined function in the sandbox execution environment”
“generating a decrypted searchable dataset by decrypting the encrypted searchable dataset in a secure environment”
“generating, in the requester database account, the results data for the clean room query request by inputting the pass phrase into the shared user defined function as the decryption parameter and executing the shared user defined function in the sandbox execution environment”
“anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset”
“ ... the shared user defined function configured to accept a decryption parameter to generate the results data by (i) decrypting the requester data set in the sandbox execution environment, ... “
“obtaining the query results by executing the query against the anonymized searchable dataset in the secure environment to generated query-results data”
“generating, in the requester database account, the results data for the clean room query request by inputting the pass phrase into the shared user defined function as the decryption parameter and executing the shared user defined function in the sandbox execution environment”
“outputting the query results to the second database account”
“generating, in the requester database account, the results data ... executing the shared user defined function in the sandbox execution environment”
Claim Rejections - 35 USC § 103
7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
8. Claims 1 - 7, 11 - 17, 19, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hoshino et al. (US Patent No. 10,356,072) in view of Schlegel et al. (US Patent No. 8,701,014) and further in view of Yim et al. (US PGPUB No. 20190286837) and Bhat et al. (US PGPUB No. 20160371495) and Nagasundaran et al. (US PGPUB No. 201400047551).
Regarding Claims 1, 19, 20, Hoshino discloses a method performed by executing instructions on at least one hardware processor and a computer system and one or more non-transitory computer readable storage media, the method, the system, the media comprising:
a) accessing, by a second database account, a secure function configured to accept as input and to process an encrypted dataset and a decryption parameter; (see Hoshino col 6, lines 42-53; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing program to decrypt encrypted information using the transferred key), the first database account including a first dataset, the second database including a second dataset; (see Hoshino col 6, lines 63-65: web browser obtains web contents (i.e. transferred from provider database to requester database) utilizing a HTTP request (i.e. analogous to query request); col 6, lines 39-40: provides a system that includes a device shared by multiple users; col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing the program to decrypt the encrypted information by using the transferred key when obtaining information from storage (i.e. analogous to database); col 7, lines 42-56: requester database: storing user's personal information in persisting area of web browser, encrypts user's personal information using secret key obtained from web service server; obtaining user's personal information, decrypting user's personal information using key obtained from web service server; personal information (user confidential information, storage, database) of other users stored in persisting area of web browser encrypted by user-confidential key; a particular user cannot decrypt another user's personal information, requiring authentication for access)
b) generating, by the second database, an encrypted searchable dataset by encrypting at least a portion of a searchable dataset with a key; (see Hoshino col 1, lines 49-52: shared device includes a processor that executes a process including executing a program to encrypt information by using the indicated key when storing the information in the storage (encrypted information stored); (encrypted information stored within storage device (i.e. analogous to database))
c) calling, by the second database, the secure function by inputting the encrypted searchable dataset; (see Hoshino col 6, lines 42-53: providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; (function executed to access stored information)) and
d) based on the inputted encrypted searchable dataset, generating, by the secure function, query results of a query by performing operations. (see Hoshino col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing the program to decrypt the encrypted information by using the transferred key when obtaining information from storage, generating results)) comprising:
Furthermore, Hoshino discloses the following:
e) generating a decrypted searchable dataset by decrypting the encrypted searchable dataset in the environment; (see Hoshino col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing the program to decrypt the encrypted information by using the transferred key when obtaining information from storage, generating results))
g) obtaining the query results by executing the query against the searchable dataset in the environment to generated query-results data; (see Hoshino col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing the program to decrypt the encrypted information by using the transferred key when obtaining information from storage, generating results)) and
h) outputting the query results to the second database. (see Hoshino col 1, lines 47-54: providing a program to shared device (results); executes a process (i.e. execute a program) to decrypt the encrypted information by using the key (i.e. pass phrase) when obtaining information from storage (i.e. database))
Hoshino does not specifically disclose for a) a first database account with a second database account, and for b) a database account, and for c) a database account, and for h) database account
However, Schlegel discloses wherein for a) a first database account with a second database account; and for b) a database account, and for c) a database account, and for h) database account. (see Schlegel col 8, lines 1-5: provider system includes a gateway server, an administrative ("admin") server, an authentication server, an authentication database, an account linking server, an account linking database, and an instant messaging server; col 8, lines 31-36: accounts authenticated and validated on different basis including the presence of a correct account name and password; for validated accounts, account attributes are forwarded from authentication database through the authentication server for further use, processing, and storage by admin server; col 8, line 67 - col 9, line 6: request and receive authentication information using an authentication server and an authentication database; once user of the requester system has been authenticated and user's different accounts (separate database accounts) have been linked and the user has been signed-on to the linked accounts; user sends and receives communications by interacting with instant messaging server using a delivery network)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Bhat for a) a first database account with a second database account; and for b) a database account, and for c) a database account, and for h) database account as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access permitted within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Hoshino-Schlegel does not specifically disclose for c) inputting encrypted searchable dataset and key into an input interface component of secure function, secure function configured to generate query results, and for e) query including a data storage request or a data retrieval request including parameters for identifying data that meets parameters of query.
However, Yim discloses for c) inputting the encrypted searchable dataset and the key into an input interface component of a secure function. (see Yim paragraph [0044], lines 1-13: primary function of the database is to store and retrieve the data in its encrypted form; paragraph [0047], lines 1-13: an application may maintain metadata (e.g., searchable tags or field descriptors) and schema mappings in an encrypted or unencrypted form in configuration tables on the database; data sent from the application to the database, such as to add a record to a table, may be encrypted at the encryption-functionalized connector so as to be encrypted in transit and while stored in the database; paragraph [0048], lines 1-22: application can use the information present in the accessible configuration tables to formulate requests for and/or to perform operations (data storage, data retrieval) on selected data of the encrypted data, such as to return or modify data based on row, column, table, field, record and so forth; application can access, manipulate, or otherwise operate on specific data needed to perform an operation; upon receipt of the request, the database may convey the request to the SMPC servlet, which is configured to parse the logical operations (data store request, data retrieval request) present in the request and perform the operations on the specified encrypted data while the data remains in an encrypted form; the encrypted result is returned to the application and decrypted at the encryption-functionalized connector so as to be unencrypted for use in the application layer)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Schlegel for c) inputting the encrypted searchable dataset and the key into a secure function as taught by Yim. One of ordinary skill in the art would have been motivated to employ the teachings of Yim for the benefits achieved from a system that enables a search query with encrypted datasets and associated encryption/decryption information. (see Yim paragraph [0047], lines 1-13; paragraph [0048], lines 1-22)
Hoshino-Schlegel-Yim does not specifically disclose for e) a secure environment, and for g) a secure environment.
However, Bhat discloses wherein for e) a secure environment; and for g) a secure environment. (see Bhat paragraph [0003], lines 1-7: system provides a secure communications framework to allow two sandboxed applications to communicate with each other; paragraph [0019], lines 1-8; paragraph [0019], lines 12-17: system calls and APIs provide various functions, such as the ability for applications executing in separate application sandboxes to communicate with each other or share data with each other in a controlled manner; application is able to call a function included in the sandbox execution/communication framework and provide an identifier of the other application and the contents of a message to be sent to the other application; the function called returns a response from the other application; paragraph [0032], lines 8-18: first application uses an asymmetric encryption algorithm to uniquely encrypt the requested application data so that only the second application can decrypt it; first application uses public key identified in application certificate of second application to encrypt requested application data; then second application uses private key identified in application certificate of the second application to decrypt requested application data)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Schlegel for e) a secure environment, and for g) a secure environment as taught by Bhat. One of ordinary skill in the art would have been motivated to employ the teachings of Bhat for the benefits achieved from a system that enables secure executions utilizing sandbox execution environments and shared data. (see Bhat paragraph [0019], lines 1-8; paragraph [0019], lines 12-17)
Hoshino-Schlegel-Yim does not specifically disclose for f) anonymizing decrypted searchable dataset by generating a cross reference table that cross references anonymized searchable dataset and decrypted searchable dataset.
However, Nagasundaram discloses:
f) anonymizing the decrypted searchable dataset by generating a cross reference table that cross references the anonymized searchable dataset and the decrypted searchable dataset. (see Nagasundaram paragraph [0025]: sensitive data records and/or private information may be anonymized by applying any combination of two or more anonymization processes including: (i) removing unnecessary data, (ii) masking and/or scrubbing data, (iii) separating data into associated data groupings, and (iv) de-contexting sensitive data such that the information is no longer sensitive because there is no context to put the sensitive information into. Further, the anonymization engine may analyze the sensitive data for relevant search strings and flag those search strings to ensure they are not anonymized, tokenized, and/or encrypted by the anonymization engine. Accordingly, the anonymized data may be searchable and customizable for a number of purposes depending on the requestor.; paragraph [0136]: anonymization history database may include any suitable memory, database, or other information storage device that is capable of communicating with an anonymization computer 620. The anonymization history database may include a mapping of anonymization processes that may be applied to a sensitive data record in order to anonymize the data. Accordingly, the anonymization history database may include instructions for reversing an anonymization process. The anonymization history database may be similar to the hidden record described above in reference to FIGS. 1-5 above. Accordingly, the anonymization computer 620 may reverse the anonymization processes using anonymization data stored during anonymization and the anonymization history database.)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for f) anonymizing decrypted searchable dataset by generating a cross reference table that cross references anonymized searchable dataset and decrypted searchable dataset as taught by Nagasundaram. One of ordinary skill in the art would have been motivated to employ the teachings of Nagasundaram for the enhanced security of a system the enables the utilization anonymization techniques to secure and protect sensitive information. (see Nagasundaram paragraph [0025]; paragraph [0136])
Furthermore, for Claim 19, Hoshino discloses wherein at least one hardware processor; and one or more non-transitory computer readable storage media containing instructions that, when executed by the at least one hardware processor, cause the computer system to perform operations. (see Hoshino col 4, lines 31-36: storage device (memory) that stores programs and data; software that controls computer (i.e. indicates a processor coupled to a memory) and application software that provides various functions (executing programs))
Furthermore, for Claim 20, Hoshino discloses wherein non-transitory computer readable storage media containing instructions that, when executed by at least one hardware processor of a computer system, cause the computer system to perform operations. (see Hoshino col 4, lines 31-36: storage device (memory) that stores programs and data; software that controls computer (i.e. indicates a processor coupled to a memory) and application software that provides various functions (executing programs))
Regarding Claim 2, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1, further comprising sharing, by the first database account with the second database account, the secure function. (see Hoshino col 6, lines 42-53; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing program to decrypt encrypted information using the transferred key), the first database account including a first dataset, the second database including a second dataset; (see Hoshino col 6, lines 63-65: web browser obtains web contents (i.e. transferred from provider database to requester database) utilizing a HTTP request (i.e. analogous to query request); col 6, lines 39-40: provides a system that includes a device shared by multiple users; col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device;
Regarding Claim 3, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose selecting, by the second database account, one or more rows and one or more columns of the second dataset as a searchable dataset.
However, Yim discloses wherein further comprising selecting, by the second database account, one or more rows and one or more columns of the second dataset as a searchable dataset. (see Yim paragraph [0044], lines 1-13: primary function of the database is to store and retrieve the data in its encrypted form; paragraph [0047], lines 1-13: an application may maintain metadata (e.g., searchable tags or field descriptors) and schema mappings in an encrypted or unencrypted form in configuration tables on the database; data sent from the application to the database, such as to add a record to a table, may be encrypted at the encryption-functionalized connector so as to be encrypted in transit and while stored in the database; paragraph [0048], lines 1-22: application can use the information present in the accessible configuration tables to formulate requests for and/or to perform operations (data storage, data retrieval) on selected data of the encrypted data, such as to return or modify data based on row, column, table, field, record and so forth; application can access, manipulate, or otherwise operate on specific data needed to perform an operation; upon receipt of the request, the database may convey the request to the SMPC servlet, which is configured to parse the logical operations (data store request, data retrieval request) present in the request and perform the operations on the specified encrypted data while the data remains in an encrypted form; the encrypted result is returned to the application and decrypted at the encryption-functionalized connector so as to be unencrypted for use in the application layer)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Bhat-Schlegel for selecting, by the second database account, one or more rows and one or more columns of the second dataset as a searchable dataset as taught by Yim. One of ordinary skill in the art would have been motivated to employ the teachings of Yim for the benefits achieved from a system that enables a search query with encrypted datasets and associated encryption/decryption information. (see Yim paragraph [0047], lines 1-13; paragraph [0048], lines 1-22)
Regarding Claim 4, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1, inputting a key. (see Hoshino col 6, lines 42-53; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing program to decrypt encrypted information using the transferred key)
Hoshino does not specifically disclose calling the secure function by further inputting the key into the secure function.
However, Yim discloses wherein calling the secure function by further inputting the key into the secure function. (see Yim paragraph [0044], lines 1-13: primary function of the database is to store and retrieve the data in its encrypted form; paragraph [0047], lines 1-13: an application may maintain metadata (e.g., searchable tags or field descriptors) and schema mappings in an encrypted or unencrypted form in configuration tables on the database; data sent from the application to the database, such as to add a record to a table, may be encrypted at the encryption-functionalized connector so as to be encrypted in transit and while stored in the database; paragraph [0048], lines 1-22: application can use the information present in the accessible configuration tables to formulate requests for and/or to perform operations (data storage, data retrieval) on selected data of the encrypted data, such as to return or modify data based on row, column, table, field, record and so forth; application can access, manipulate, or otherwise operate on specific data needed to perform an operation; upon receipt of the request, the database may convey the request to the SMPC servlet, which is configured to parse the logical operations (data store request, data retrieval request) present in the request and perform the operations on the specified encrypted data while the data remains in an encrypted form; the encrypted result is returned to the application and decrypted at the encryption-functionalized connector so as to be unencrypted for use in the application layer)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Bhat-Schlegel for calling the secure function by further inputting the key into the secure function as taught by Yim. One of ordinary skill in the art would have been motivated to employ the teachings of Yim for the benefits achieved from a system that enables a search query with encrypted datasets and associated encryption/decryption information. (see Yim paragraph [0047], lines 1-13; paragraph [0048], lines 1-22)
Regarding Claim 5, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose obtaining the query results is further by executing the query against the first dataset, the first dataset separate from the second dataset.
However, Schlegel discloses wherein obtaining the query results is further by executing the query against the first dataset, the first dataset separate from the second dataset. (see Schlegel col 8, lines 1-5: provider system includes a gateway server, an administrative ("admin") server, an authentication server, an authentication database, an account linking server, an account linking database, and an instant messaging server; col 8, lines 31-36: accounts authenticated and validated on different basis including the presence of a correct account name and password; for validated accounts, account attributes are forwarded from authentication database through the authentication server for further use, processing, and storage by admin server; col 8, line 67 - col 9, line 6: request and receive authentication information using an authentication server and an authentication database; once user of the requester system has been authenticated and user's different accounts (separate database accounts) have been linked and the user has been signed-on to the linked accounts; user sends and receives communications by interacting with instant messaging server using a delivery network)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Bhat for obtaining the query results further by executing the query against the first dataset, the first dataset separate from the second dataset as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 6, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose selecting one or more first-dataset columns of the first dataset as one or more permitted fields in queries, verifying that the query is directed only to the one or more permitted fields.
However, Schlegel discloses wherein further comprising selecting, by the first database account, one or more first-dataset columns of the first dataset as one or more permitted fields in queries, wherein the generating, by the secure function, of the query results further comprises verifying that the query is directed only to the one or more permitted fields. (see Schlegel col 12, lines 37-46: account linking interface enables entry of authentication information for an account after the add button has been selected; screen name of the account to be linked may be entered in a name text field, while the password for the account to be linked is entered in a password text field; after authentication information has been entered in the name text field and the password text field, selecting a save button, verifies the entered authentication information and creates a link to the other linked accounts; (authentication to parameter fields required for access to particular information))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for selecting one or more first-dataset columns of the first dataset as one or more permitted fields in queries, verifying that the query is directed only to the one or more permitted fields as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 7, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose the first database account does not have access to the second dataset in plain-text format, and the second database account does not have access to the first dataset in plain-text format.
However, Schlegel discloses wherein: the first database account does not have access to the second dataset in plain-text format; and the second database account does not have access to the first dataset in plain-text format. (see Schlegel col 8, lines 1-5: provider system includes a gateway server, an administrative ("admin") server, an authentication server, an authentication database, an account linking server, an account linking database, and an instant messaging server; col 8, lines 31-36: accounts authenticated and validated on different basis including the presence of a correct account name and password; for validated accounts, account attributes are forwarded from authentication database through the authentication server for further use, processing, and storage by admin server; col 8, line 67 - col 9, line 6: request and receive authentication information using an authentication server and an authentication database; once user of the requester system has been authenticated and user's different accounts have been linked and the user has been signed-on to the linked accounts, and user sends and receives communications by interacting with instant messaging server using delivery network; (only authenticated user(s) can access objects associated with a particular user))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for the first database account does not have access to the second dataset in plain-text format, and the second database account does not have access to the first dataset in plain-text format as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 11, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1, wherein the secure function comprises a user-defined function. (see Hoshino col 6, lines 42-53; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing program to decrypt encrypted information using the transferred key), the first database account including a first dataset, the second database including a second dataset; (see Hoshino col 6, lines 63-65: web browser obtains web contents (i.e. transferred from provider database to requester database) utilizing a HTTP request (i.e. analogous to query request); col 6, lines 39-40: provides a system that includes a device shared by multiple users (first user, second user); col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser) in order to access the shared device; executing the program to decrypt the encrypted information by using the transferred key when obtaining information from storage (i.e. analogous to database))
Regarding Claim 12, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1, wherein the secure function comprises a stored procedure. (see Hoshino col 6, lines 63-65: web browser obtains web contents (i.e. transferred from provider database) utilizing a HTTP request (i.e. analogous to query request); col 6, lines 39-40: provides a system that includes a shared device shared by multiple users; col 6, lines 42-53: includes a processor authenticating a user accessing shared device; providing a key to shared device and providing a program (user-defined function: adding a function to the browser, stored function) to shared device; executing the program (user-defined function) to decrypt the encrypted information by using the transferred key when obtaining information from storage; (program associated with a secure function))
Regarding Claim 13, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1,
Hoshino does not specifically disclose query performs overlap analysis between the first and second datasets.
However, Schlegel discloses wherein the query performs overlap analysis between the first and second datasets. (see Schlegel col 17, lines 54-59: user with screen name AIMUser is the same as user with screen name AIMUIUser because the corresponding accounts are linked; communications interface is used by the user with the screen name AIMUIUser or AIMUser to send a response to the user with the screen name OtherUser2; col. 18, lines 7-15: messages may be sent from the account with screen name AIMUser because the account with the screen name AIMUser is linked to the account with screen name AIMUIUser; user with the screen names AIMUIUser and AIMUser can transparently send messages using the communications interface from two linked accounts simultaneously)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for query performs overlap analysis between the first and second datasets as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 14, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 13.
Hoshino does not specifically disclose overlap analysis is with respect to a user-identifier column in both the first and second datasets.
However, Schlegel discloses wherein the overlap analysis is with respect to a user-identifier column in both the first and second datasets. (see Schlegel col 17, lines 54-59: user with screen name AIMUser is the same as user with screen name AIMUIUser because the corresponding accounts are linked; communications interface is used by the user with the screen name AIMUIUser or AIMUser to send a response to the user with the screen name OtherUser2; col. 18, lines 7-15: messages may be sent from the account with screen name AIMUser because the account with the screen name AIMUser is linked to the account with screen name AIMUIUser; user with the screen names AIMUIUser and AIMUser can transparently send messages using the communications interface from two linked accounts simultaneously)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for overlap analysis is with respect to a user-identifier column in both the first and second datasets as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 15, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of Claim 1.
Hoshino does not specifically disclose secure function configured to prevent second database account from accessing underlying code of secure function.
However, Bhat discloses wherein the secure function is configured to prevent the second database account from accessing underlying code of the secure function. (see Bhat paragraph [0003]: An application executing in a sandbox operates in an isolated environment and is limited to accessing hardware resources and/or files or applications assigned to the sandbox. This prevents the application executing in the sandbox from accessing resources, either inadvertently or surreptitiously, for which the application does not have permission.; paragraph [0003], lines 1-7: system provides a secure communications framework to allow two sandboxed applications to communicate with each other; paragraph [0019], lines 1-8; paragraph [0019], lines 12-17: system calls and APIs provide various functions, such as the ability for applications executing in separate application sandboxes to communicate with each other or share data with each other in a controlled manner; application is able to call a function included in the sandbox execution/communication framework and provide an identifier of the other application and the contents of a message to be sent to the other application; the function called returns a response from the other application; paragraph [0032], lines 8-18: first application uses an asymmetric encryption algorithm to uniquely encrypt the requested application data so that only the second application can decrypt it; first application uses public key identified in application certificate of second application to encrypt requested application data; then second application uses private key identified in application certificate of the second application to decrypt requested application data; (enables execution of code only within a particular secure environment))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino-Schlegel for secure function configured to prevent second database account from accessing underlying code of secure function as taught by Bhat. One of ordinary skill in the art would have been motivated to employ the teachings of Bhat for the benefits achieved from a system that enables secure executions utilizing sandbox execution environments and shared data. (see Bhat paragraph [0019], lines 1-8; paragraph [0019], lines 12-17)
Regarding Claim 16, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of Claim 1.
Hoshino does not specifically disclose secure function configured to prevent second database account from accessing logs corresponding to usage by first database account.
However, Schlegel discloses wherein the secure function is configured to prevent the second database account from accessing logs corresponding to usage by the first database account of the secure function. (see Schlegel col 8, lines 1-5: provider system includes a gateway server, an administrative ("admin") server, an authentication server, an authentication database, an account linking server, an account linking database, and an instant messaging server; col 8, lines 31-36: accounts authenticated and validated on different basis including the presence of a correct account name and password; for validated accounts, account attributes are forwarded from authentication database through the authentication server for further use, processing, and storage by admin server; col 8, line 67 - col 9, line 6: request and receive authentication information using an authentication server and an authentication database; once user of the requester system has been authenticated and user's different accounts have been linked and the user has been signed-on to the linked accounts, and user sends and receives communications by interacting with instant messaging server using delivery network; (only authenticated user(s) can access objects associated with a particular user))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for secure function configured to prevent second database account from accessing logs corresponding to usage by first database account as taught by Schlegel. One of ordinary skill in the art would have been motivated to employ the teachings of Schlegel for the benefits achieved from a system that enables additional security requiring accounting information requirement before allowing access within a network environment. (see Schlegel col 8, lines 31-36; col 8, line 67 - col 9, line 6)
Regarding Claim 17, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of Claim 1.
Hoshino does not specifically disclose cross reference table includes cross references of the anonymized searchable dataset and the decrypted searchable dataset for overlapping data in the first dataset and the decrypted searchable dataset.
However, Nagasundaram discloses wherein the cross reference table includes cross references of the anonymized searchable dataset and the decrypted searchable dataset for overlapping data in the first dataset and the decrypted searchable dataset. (see Nagasundaram paragraph [0025]: sensitive data records and/or private information may be anonymized by applying any combination of two or more anonymization processes including: (i) removing unnecessary data, (ii) masking and/or scrubbing data, (iii) separating data into associated data groupings, and (iv) de-contexting sensitive data such that the information is no longer sensitive because there is no context to put the sensitive information into. Further, the anonymization engine may analyze the sensitive data for relevant search strings and flag those search strings to ensure they are not anonymized, tokenized, and/or encrypted by the anonymization engine. Accordingly, the anonymized data may be searchable and customizable for a number of purposes depending on the requestor.; paragraph [0136]: anonymization history database may include any suitable memory, database, or other information storage device that is capable of communicating with an anonymization computer 620. The anonymization history database may include a mapping of anonymization processes (cross reference of anonymization information) that may be applied to a sensitive data record in order to anonymize the data. Accordingly, the anonymization history database may include instructions for reversing an anonymization process. The anonymization history database may be similar to the hidden record described above in reference to FIGS. 1-5 above. Accordingly, the anonymization computer 620 may reverse the anonymization processes using anonymization data stored during anonymization and the anonymization history database.)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for cross reference table includes cross references of the anonymized searchable dataset and the decrypted searchable dataset for overlapping data in the first dataset and the decrypted searchable dataset as taught by Nagasundaram. One of ordinary skill in the art would have been motivated to employ the teachings of Nagasundaram for the enhanced security of a system the enables the utilization anonymization techniques to secure and protect sensitive information. (see Nagasundaram paragraph [0025]; paragraph [0136])
9. Claims 8 - 10 are rejected under 35 U.S.C. 103 as being unpatentable over Hoshino in view of Schlegel and further in view of Yim and Bhat and Nagasundaran and Stewart et al. (US PGPUB No. 20200225046).
Regarding Claim 8, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose both the first and second database accounts reside in a distributed database.
However, Stewart discloses wherein both the first and second database accounts reside in a distributed database. (see Stewart paragraph [0294], lines 1-14: each MTS includes one or more logically and/or physically connected servers distributed locally or across one or more geographic locations; databases described herein may be implemented as single databases, distributed databases, collections of distributed databases, or any other suitable database system; database image includes one or more database objects; a relational database management system (RDBMS) or a similar system executes storage and retrieval of information against these objects; (distributed database, databases implemented across multiple geographic locations))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for both the first and second database accounts reside in a distributed database as taught by Stewart. One of ordinary skill in the art would have been motivated to employ the teachings of Stewart for the benefits achieved from a system that enables data searching and processing implementing multiple database configurations. (see Stewart paragraph [0294], lines 1-14)
Regarding Claim 9, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 1.
Hoshino does not specifically disclose the first database account resides in a first networked database platform, and the second database resides in a second networked database platform.
However, Stewart discloses wherein: the first database account resides in a first networked database platform; and the second database resides in a second networked database platform. (see Stewart paragraph [0294], lines 1-14: each MTS includes one or more logically and/or physically connected servers distributed locally or across one or more geographic locations; databases described herein may be implemented as single databases, distributed databases, collections of distributed databases, or any other suitable database system; database image includes one or more database objects; a relational database management system (RDBMS) or a similar system executes storage and retrieval of information against these objects; (distributed database, databases implemented across multiple geographic locations))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for first database account resides in a first networked database platform, and a second database resides in a second networked database platform as taught by Stewart. One of ordinary skill in the art would have been motivated to employ the teachings of Stewart for the benefits achieved from a system that enables data searching and processing implementing multiple database configurations. (see Stewart paragraph [0294], lines 1-14))
Regarding Claim 10, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of claim 9.
Hoshino does not specifically disclose the first networked database platform and the second networked database platform are in different geographic regions.
However, Stewart discloses wherein the first networked database platform and the second networked database platform are in different geographic regions. (see Stewart paragraph [0294], lines 1-14: each MTS includes one or more logically and/or physically connected servers distributed locally or across one or more geographic locations; databases described herein may be implemented as single databases, distributed databases, collections of distributed databases, or any other suitable database system; database image includes one or more database objects; a relational database management system (RDBMS) or a similar system executes storage and retrieval of information against these objects; (distributed database, databases implemented across multiple geographic locations))
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for the first networked database platform and the second networked database platform are in different geographic regions as taught by Stewart. One of ordinary skill in the art would have been motivated to employ the teachings of Stewart for the benefits achieved from a system that enables data searching and processing implementing multiple database configurations. (see Stewart paragraph [0294], lines 1-14)
10. Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Hoshino in view of Schlegel and further in view of Yim and Bhat and Nagasundaran and Mohassel et al. (US PGPUB No. 20190026362).
Regarding Claim 18, Hoshino-Schlegel-Yim-Bhat-Nagasundaram discloses the method of Claim 17.
Hoshino does not specifically disclose cross reference table includes dummy identifiers for non-overlapping data in the first dataset and the decrypted searchable dataset.
However, Mohassel discloses wherein the cross reference table includes dummy identifiers for non-overlapping data in the first dataset and the decrypted searchable dataset. (see Mohassel paragraph [0091]: Each partial block is filled or padded at 1120 with dummy encrypted document IDs, e.g. email IDs. At 1122, the partial blocks are encrypted and written to a location in the partial block index at the server.)
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Hoshino for cross reference table includes dummy identifiers for non-overlapping data in the first dataset and the decrypted searchable dataset as taught by Mohassel. One of ordinary skill in the art would have been motivated to employ the teachings of flexibility of a system that enables . (see Mohassel paragraph [0091])
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032. The examiner can normally be reached Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached at 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CJ/
March 9, 2026
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436