DETAILED ACTION
Summary and Status of Claims
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Applicant’s reply filed 2/10/2026.
Claims 6 and 19 are cancelled.
Claims 1-5, 7-18, and 20 are pending.
Claims 1-5, 7-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rogers et al. (US Patent Pub 2018/0096166), in view of Antonopoulos et al. (US Patent Pub 2016/0283728), further in view of Winjum et al. (US Patent Pub 2010/0049974).
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim Objections
Claims 11 and 15 are objected to for minor informalities.
In claims 11 and 15, first limitation, “query statements that that specify” should be “query statements that specify”.
Appropriate correction is required.
Note on Prior Art Rejections
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-5, 7-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rogers et al. (US Patent Pub 2018/0096166) (Rogers), in view of Antonopoulos et al. (US Patent Pub 2016/0283728) (Antonopoulos), further in view of Winjum et al. (US Patent Pub 2010/0049974) (Winjum).
In regards to claim 1, Rogers discloses a computer-implemented method for processing data being stored on server-computers in a data-center (Rogers at para. 0017)1, the method comprising:
by a transformer module, receiving an original query from a client-side computer (Rogers at paras. 0017, 0020, 0022)2, wherein the original query comprises query statements that specify a value, and that include:
(i) first and second data statements that identify the data to be accessed (Rogers at paras. 0016, 0037-38), and
(ii) an operation statement that identifies an operation to be performed with the data (Rogers at paras. 0016, 0037-38)3;
by the transformer module and according to a pre-defined security policy, analyzing the first and second data statements of the original query and analyzing the operation statement to identify a corresponding processing mechanism (Rogers at paras. 0043-45)4;
by the transformer module, rewriting the original query to a secure query (Rogers at paras. 0043-45)5; and
by the transformer module, forwarding the secure query to a server-computer in the data-center. Rogers at paras. 0022, 0043-45.6
Rogers does not expressly disclose by the transformer module, identifying a corresponding encryption mechanism for the data to be accessed and annotating the original query by predefined annotations that identify both the corresponding encryption mechanism and the corresponding processing mechanism, including selecting an annotation for the pre-defined annotations that corresponds to the value in accordance with the encryption mechanism, to thereby obtain an annotated query that includes the value and the annotation, and forwarding the annotated query to the server.
Antonopoulos discloses a system and method for performing queries on encrypted data. The method includes a data server receiving a query from a user, where a query processor analyzes the query based on encryption metadata and protocol of the database system, to determine whether the received query can be processed at the data server. Antonopoulos at paras. 0038, 0043-46. If the query can be processed, the query processor generates encryption configuration (i.e., annotations identifying a corresponding encryption mechanism based on the identified corresponding encryption mechanism and a processing mechanism) for the query and transmits the query with the encryption configuration back to the database application. The encryption configuration is selected from pre-defined encryption schemes, associated with a particular parameter value (i.e., selecting an annotation for pre-defined annotations that corresponds to the value in accordance with the encryption mechanism). Antonopoulos at paras. 0070-74. The database application transforms the query based on the encryption configuration and sends the transformed query to the transformed query evaluator in the data server, where the transformed query is evaluated to generate results (i.e., sending the annotated query to the server computer). Antonopoulos at paras. 0104-0106, 0133, 0140-0142.
Rogers and Antonopoulos are analogous art because they are directed to the same field of endeavor of executing secure queries.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Rogers by adding the features of by the transformer module, identifying a corresponding encryption mechanism for the data to be accessed and annotating the original query by predefined annotations that identify both the corresponding encryption mechanism and the corresponding processing mechanism, including selecting an annotation for the pre-defined annotations that corresponds to the value in accordance with the encryption mechanism, to thereby obtain an annotated query that includes the value and the annotation, and forwarding the annotated query to the server, as disclosed by Antonopoulos.
The motivation for doing so would have been to allow queries from untrusted clients without having to deploy complex clients. Antonopoulos at para. 0028.
Rogers in view of Antonopoulos does not expressly disclose the pre-defined security policy uses a lattice structure with a finite and pre-defined number of ordered confidentiality levels and identifying the encryption mechanism for the data that is level-compatible with respect to the lattice structure. As set forth in the rejection above, Rogers in view of Antonopoulos discloses analyzing the data statements based on a security policy. Rogers at paras. 0021, 0043. What is not expressly disclosed is that the policy is a lattice and identifying an encryption mechanism that is level compatible.
Winjum discloses a system and method for verifying information access using security policies. Security policies take the form of a lattice with a finite and predefined number of ordered confidentiality levels (i.e., finite and pre-defined number of ordered confidentiality levels), where each level has its own requirements for encryption (i.e., identifies encryption mechanisms that are level-compatible). Winjum at paras. 0019-21, 0054-62.
Rogers, Antonopoulos, and Winjum are analogous art because they are directed to the same field of endeavor of executing secure queries.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Rogers in view of Antonopoulos by adding the features of the pre-defined security policy uses a lattice structure with a finite and pre-defined number of ordered confidentiality levels and identifying the encryption mechanism for the data that is level-compatible with respect to the lattice structure, as disclosed by Winjum.
The motivation for doing so would have been to because lattice models allow precise formulation of security requirements. Winjum at para. 0022.
In regards to claim 2, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 1, further comprising: by an executor module that is associated with the server-computer, receiving and processing the annotated query, wherein according to the annotations, the executor module processes the query statements at different storage locations in the data-center and activates the corresponding encryption mechanism. Rogers at para. 0045; Antonopoulos at paras. 0133-140.7
In regards to claim 3, Rogers in view of Antonopoulos discloses a method according to claim 2, wherein the corresponding encryption mechanism and the corresponding processing mechanism use partially homomorphic encryption so that the executor module accesses and processes the data in encrypted form. Antonopoulos at paras. 0022, 0070.
In regards to claim 4, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 1, wherein the query statements are defined by symbols in a first programming language, and wherein the transformer module provides the annotations in a second programming language that is an extension to the first programming language. Antonopoulos at paras. 0071-76.8
In regards to claim 5, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 1, wherein the step of annotating the original query comprises annotating the original query with runtime-only constructs that the data-center does not persist. Antonopoulos at para. 0046.9
In regards to claim 7, Rogers in view of Antonopoulos and Winjum and Winjum discloses a method according to claim 6, wherein the corresponding encryption mechanism is specific to encryption schemes and to domains. Winjum at paras. 0054.10
In regards to claim 8, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 7, wherein in the step of analyzing, the transformer module identifies the corresponding processing mechanism also according to the policy with the lattice structure. Rogers at paras. 0060-61; Winjum at paras. 0023, 0054-62.11
In regards to claim 9, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 1, wherein the step of annotating the original query is followed by compiling the annotated query by a compiler-optimizer module so that forwarding is performed with a compiled query. Rogers at para. 0045.12
In regards to claim 10, Rogers in view of Antonopoulos and Winjum discloses a method according to claim 1, wherein the step analyzing the first and second data statements and the operation statement of the received original query comprises identifying an encryption scheme according to which the data from the first and second data statements is being processed by homomorphic encryption. Antonopoulos at paras. 0022, 0070.13
Claims 11-14 are essentially the same as claims 1-4, respectively, in the form of a computer program product embodied on a non-transitory computer readable storage medium (Rogers at para. 0136). Therefore, it is rejected for the same reasons.
In regards to claim 15, Rogers discloses a system for processing data being stored on server-computers in a data-center (Rogers at para. 0017)14, the system comprising:
at least one memory including instructions (Rogers at para. 0135); and
at least one processor that is operably coupled to the at least one memory (Rogers at para. 0135) and that is arranged and configured to execute instructions that, when executed, cause the at least one processor to:
by a transformer module, receive an original query from a client-side computer (Rogers at paras. 0017, 0020, 0022)15, wherein the original query comprises query statements that specify a value, and that include:
(i) first and second data statements that identify the data to be accessed (Rogers at paras. 0016, 0037-38), and
(ii) an operation statement that identifies an operation to be performed with the data (Rogers at paras. 0016, 0037-38)16;
by the transformer module and according to a pre-defined security policy, analyze the first and second data statements of the original query to identify a corresponding processing mechanism (Rogers at paras. 0043-45)17;
by the transformer module, rewriting the original query to a secure query (Rogers at paras. 0043-45)18; and
by the transformer module, forward the secure query to a server-computer in the data-center. Rogers at paras. 0022, 0043-45.19
Rogers does not expressly disclose by the transformer module, identifying a corresponding encryption mechanism for the data to be accessed and annotating the original query by predefined annotations that identify both the corresponding encryption mechanism and the corresponding processing mechanism, including selecting an annotation for the pre-defined annotations that corresponds to the value in accordance with the encryption mechanism, to thereby obtain an annotated query that includes the value and the annotation, and forwarding the annotated query to the server.
Antonopoulos discloses a system and method for performing queries on encrypted data. The method includes a data server receiving a query from a user, where a query processor analyzes the query based on encryption metadata and protocol of the database system, to determine whether the received query can be processed at the data server. Antonopoulos at paras. 0038, 0043-46. If the query can be processed, the query processor generates encryption configuration (i.e., annotations identifying a corresponding encryption mechanism based on the identified corresponding encryption mechanism and a processing mechanism) for the query and transmits the query with the encryption configuration back to the database application. The encryption configuration is selected from pre-defined encryption schemes, associated with a particular parameter value (i.e., selecting an annotation for pre-defined annotations that corresponds to the value in accordance with the encryption mechanism). Antonopoulos at paras. 0070-74. The database application transforms the query based on the encryption configuration and sends the transformed query to the transformed query evaluator in the data server, where the transformed query is evaluated to generate results (i.e., sending the annotated query to the server computer). Antonopoulos at paras. 0104-0106, 0133, 0140-0142.
Rogers and Antonopoulos are analogous art because they are directed to the same field of endeavor of executing secure queries.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Rogers by adding the features of by the transformer module, identifying a corresponding encryption mechanism for the data to be accessed and annotating the original query by predefined annotations that identify both the corresponding encryption mechanism and the corresponding processing mechanism, including selecting an annotation for the pre-defined annotations that corresponds to the value in accordance with the encryption mechanism, to thereby obtain an annotated query that includes the value and the annotation, and forwarding the annotated query to the server, as disclosed by Antonopoulos.
The motivation for doing so would have been to allow queries from untrusted clients without having to deploy complex clients. Antonopoulos at para. 0028.
Rogers in view of Antonopoulos does not expressly disclose the pre-defined security policy uses a lattice structure with a finite and pre-defined number of ordered confidentiality levels and identifying the encryption mechanism for the data that is level-compatible with respect to the lattice structure. As set forth in the rejection above, Rogers in view of Antonopoulos discloses analyzing the data statements based on a security policy. Rogers at paras. 0021, 0043. What is not expressly disclosed is that the policy is a lattice and identifying an encryption mechanism that is level compatible.
Winjum discloses a system and method for verifying information access using security policies. Security policies take the form of a lattice with a finite and predefined number of ordered confidentiality levels (i.e., finite and pre-defined number of ordered confidentiality levels), where each level has its own requirements for encryption (i.e., identifies encryption mechanisms that are level-compatible). Winjum at paras. 0019-21, 0054-62.
Rogers, Antonopoulos, and Winjum are analogous art because they are directed to the same field of endeavor of executing secure queries.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Rogers in view of Antonopoulos by adding the features of the pre-defined security policy uses a lattice structure with a finite and pre-defined number of ordered confidentiality levels and identifying the encryption mechanism for the data that is level-compatible with respect to the lattice structure, as disclosed by Winjum.
The motivation for doing so would have been to because lattice models allow precise formulation of security requirements. Winjum at para. 0022.
Claims 16-18 and 20 are essentially the same as claims 2-4 and 9, respectively, in the form of a system. Therefore, they are rejected for the same reasons.
Response to Amendment
Drawings
Applicant’s amendment to the drawings to address missing reference numbers in the specification is acknowledged. Consequently, objection to the drawings is withdrawn.
Specification
Applicant’s amendment to the specification to address typographical errors is acknowledged. Consequently, objection to the specification is withdrawn.
Objection to claims 5-10, 14, and 18-20 for Minor Informalities
Claims 6 and 19 are cancelled rendering their objections moot.
Applicant’s amendment to claims 5, 7-10, 14, 18, and 20 to address the minor informalities is acknowledged. Consequently, the objection to claims 5, 7-10, 14, 18, and 20 is withdrawn.
Rejection of Claims 2-4, 6-8, 10, 12, 13, and 16-19 under 35 U.S.C 112(b)
Claims 6 and 19 are cancelled rendering their rejections moot.
Applicant’s amendment to claims 2-4, 7, 8, 10, 12, 13, and 16-18 is acknowledged. The rejection to claims 2-4, 7, 8, 10, 12, 13, and 16-18 under 35 U.S.C. 112(b) is withdrawn.
Rejection of Claims 1-5 and 10-18 under 35 U.S.C 101
Applicant’s amendment to claims 1-5 and 10-18 to incorporate additional limitations is acknowledged. Consequently, the rejection to claims 1-5 and 10-18 under 35 U.S.C. 101 is withdrawn.
Response to Arguments
Rejection of claims 1-5, 9-18, and 20 under 35 U.S.C. 103
Applicant’s arguments in regards to the rejections to claims 1-5, 9-18, and 20 under 35 U.S.C. 103, have been fully considered but they are not persuasive.
In regards to claim 1, Applicant alleges Rogers in view of Antonopoulos fails to disclose “… annotating the original query … to thereby obtain an annotated query that includes the value and the annotation.” Remarks at 11-12. In particular, Applicant argues Antonopoulos fails to disclose the limitation because “in Antonopoulos, the original query contains values, the parameterized query contains dummy/placeholders for those values, and the transformed query includes encrypted versions of those values … “ but there is no query that “… includes both a value and an annotation selected for that value.” Remarks at 12. The Examiner respectfully disagrees.
Examiner is required to give claim limitations their broadest reasonable interpretation in light of the specification. However, limitations from the specification are not read into the claims. MPEP 2111.
While the limitation recites “a value”, the limitations in the claim do not particularly specify what it is. Applicant’s remarks point to Fig. 3 of the disclosure and states “… an annotated query Q’ that also includes query statements 150-A, 150-B, and 155 and selected annotations 310-A, 310-B, 315.” Remarks at 12. In other words, Applicant seems to equate a “query statement” itself as “a value”. A review of the specification does not particularly define “a value”. Thus, the broadest reasonable interpretation of the limitation in light of the specification is any specified parameter in a query statement. Given this interpretation, Antonopoulos discloses the data server receiving a query from the client, annotating the received query with appropriate encryption configuration based on analysis of the query, and returning the annotated query with the encryption configuration. Antonopoulos at paras. 0031-34. Accordingly, the original query includes a “specified value” (such as parameter) and the returned annotated query also includes the same “specified value” and encryption configuration (i.e., annotation). For at least these reasons, Rogers in view of Antonopoulos discloses annotating the original query to obtain an annotated query that includes the value and the annotation.
Applicant does not present additional arguments with regards to the remaining limitations. Therefore, Examiner asserts the cited prior art discloses all the limitations of claim 1 for the reasons explained above. In regards to the remaining claims, Applicant refers to the arguments presented in regards to claim 1, which are addressed above. Consequently, the rejection to claims 1-5, 9-18, and 20 under 35 U.S.C. 103 is maintained under the new grounds of rejection necessitated by Applicant’s amendments.
Rejection of claims 6-8 and 19 under 35 U.S.C. 103
Claims 6 and 19 are cancelled rendering their rejections moot.
Applicant does not present specific arguments in regards to the rejections to claims 7 and 8 under 35 U.S.C. 103. Consequently, the rejection to claims 7 and 8 under 35 U.S.C. 103 is maintained for the reasons explained above.
Additional Prior Art
Additional relevant prior art are listed on the attached PTO-892 form. Some examples are:
Das et al. (US Patent Pub 2021/0279357) discloses a system and method for encryption and application agnostic querying of encrypted data.
Vijaysankar et al. (US Patent Pub 2019/0065788) discloses a system and method for encryption management with host side data reduction.
Burns et al. (US Patent 8,316,051) discloses a system and method for adding multiple security policies to a database system.
Babiskin et al. (US Patent 6,950,824) discloses a system and method for data labeling and a policy manager system.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Examiner Michael Le whose telephone number is 571-272-7970 and fax number is 571-273-7970. The examiner can normally be reached Mon-Fri 9:30 AM – 6 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached on 571-272-4078. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL LE/Examiner, Art Unit 2163
/TONY MAHMOUDI/Supervisory Patent Examiner, Art Unit 2163
1 The data is stored on data providers.
2 A honest broker (i.e., transformer) receives a query from the user (i.e., client-side computer).
3 The query statements include data statements to identify the data to be accessed. For example “SELECT” and identifying parameters like “patient_id” and “diag”. The query also includes an operation statement like DISTINCT or COUNT. The statements also include various elements that could be interpreted as “a value”, such as any of the identifying parameters, the placeholder, or the original value input by the user.
4 The honest broker analyzes the received query according to a shared schema and security policy. This includes identifying which parts of the query require secure computation (i.e., processing mechanism).
5 The honest broker rewrites the user query to a secure query based on the analysis.
6 The secure query is sent to data providers (i.e., servers) for execution.
7 The combination discloses executing the transformed query at distributed data providers (i.e., different storage locations) and utilizing the identified encryptions where necessary.
8 The query is in SQL (i.e., first language) and the encryption configuration is in another (i.e., second language) that extends the first.
9 Encryption configuration is generated for the query (i.e., annotating the query …) each time a query is received and is specific to the received query (i.e., does not persist).
10 Each level has its own requirements for encryption and each level has specific rules between countries and/or organizations (i.e., schemes and domains).
11 The security policy defines what attributes can be accessed and how (i.e., processing mechanism). The policy is in the form of a lattice.
12 The modified query is compiled and optimized into code for execution.
13 Homomorphic encryption schemes are used to process the query statements.
14 The data is stored on data providers.
15 A honest broker (i.e., transformer) receives a query from the user (i.e., client-side computer).
16 The query statements include data statements to identify the data to be accessed. For example “SELECT” and identifying parameters like “patient_id” and “diag”. The query also includes an operation statement like DISTINCT or COUNT.
17 The honest broker analyzes the received query according to a shared schema and security policy. This includes identifying which parts of the query require secure computation (i.e., processing mechanism).
18 The honest broker rewrites the user query to a secure query based on the analysis.
19 The secure query is sent to data providers (i.e., servers) for execution.