DETAILED ACTION
This action is response to communication: response to original application filed on 06/13/2024.
Claims 1-20 are currently pending in this application.
The IDS filed on 08/15/2024 has been accepted.
Examiner Interpretation
As per claims 19, the claims utilize multiple “means for” instances. Such language will be interpreted according to the applicant’s specification. For example, paragraph 84 of applicant’s specification (from Publication 2024/0331576) describes such means.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Das et al. US Patent Application Publication 2021/0279357 (Das), in view of Gauda et al. US Patent Application Publication 2017/0185790 (Gauda), and further in view of Benz et al. US Patent Application Publication 2015/0310228 (Benz).
As per claim 1, Das teaches a secure data access system comprising: a data vault having a plurality of values, a first subset being encrypted according to a first encryption scheme to enable a first operation on the first data when the data is encrypted without decrypting the first data and a second subset being encrypted according to a second encryption scheme to enable a second operation on the second data when the second data is encrypted without decrypting the second data (paragraph 41 with smart encryption; data sets and data values may be encrypted differently or using different standards; see paragraph 48 wherein data is encrypted utilizing deterministic encryption or order-preserving encryption; see paragraph 49 wherein data is not decrypted); a governance layer having a plurality of policies, at least a first policy configured to enable the first operation, the governance layer configured to permit the first operation (paragraph 46 with utilizing access control lists and managing encryption keys; see also paragraph 49 with permitting different operations based on access).
Although Das teaches a data vault with multiple encryption schemes and subsets of data, Das does not explicitly teach a data vault having a plurality of copies of a value. This would have been obvious. For example, see Gauda (paragraph 57 with plurality of copies of a value, the copies encrypted using different schemes). Gauda further teaches permitting operations based on authenticated users (paragraph 75-76), and an interface layer having a plurality of roles, each role supporting a selected policy, the interface layer further comprising a user interface to receive user credentials, to link the credentials to a group and to send an authentication of the user and the role to the governance layer (paragraphs 75-76 with authenticating users such as via a password; see paragraphs 77-84 with granting access to users based on access policies and the user; see paragraph 84 wherein users may be part of a group of users with access control; see also Gauda paragraph 56 with different levels of authentication).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Das with Gauda. One of ordinary skill in the art would have been motivated to perform such an addition to provide dynamic access control (paragraph 1 of Gauda).
Although Gauda teaches access control based on groups and policies, Gauda does not explicitly teach that the groups are associated with roles. However, utilizing role based access control is notoriously well known in the art. For example, see Benz (paragraph 31 wherein access to data is based on roles).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Benz with the Das combination. One of ordinary skill in the art would have been motivated to perform such an addition to provide a secure method of data presentation and interaction (paragraph 9 of Benz).
As per claim 2, it would have been obvious over the Das combination wherein the second copy is encrypted and partially redacted (Gauda paragraph 57 wherein data may be encrypted and partially redacted).
As per claim 3, it would have been obvious over the Das combination wherein the first encryption scheme includes at least one of masking, redacting, and tokenizing (Das paragraph 41 and throughout wherein data may be encrypted; Gauda paragraph 57 wherein data may be encrypted or redacted).
As per claim 4, it would have been obvious over the Das combination wherein the first encryption scheme and the second encryption scheme correspond to different data loss prevention policies (see Das paragraph 41 wherein different type of data may be encrypted accordingly).
As per claim 5, it would have been obvious over the Das combination wherein the second operation includes at least one of match operations, aggregation operations, and order operations (Das paragraph 48 with order-preserving encryption; data may be searched for and data may be provided for (order or match operations) without decrypting; also see Benz paragraph 31 wherein particular users can access restricted data on a computer via roles; also see Das paragraph 41 with operations including sums, selects, reorder, combine).
As per claim 6, it would have been obvious over the Das combination wherein the match operation is attached to a second policy of the governance layer to access records in a second partition of the data vault using the match operation and wherein the match operation is accessible to a user through the interface (Das paragraph 48 with order-preserving encryption and data can be searched for/matched without decryption; also see Gauda paragraph 37 wherein encrypted data may be stored and managed in storage partition; see further Das paragraph 41)
As per claim 7, it would have been obvious over the Das combination wherein the second policy is attached to a role of the interface layer and the user has credentials to access the role (see Benz paragraph 31 with role based access control; see paragraph 49 wherein data is subject to roles based on authentication).
As per claim 8, it would have been obvious over the Das combination wherein the governance layer controls access to encrypted values and operations using the plurality of policies (Das paragraph 41 with data encrypted accordingly to different standards; see paragraphs 48 and 49 wherein data may be accessed according to policies).
As per claim 9, it would have been obvious over the Das combination wherein the first copy is encrypted in the first encryption scheme in a first field of a primary partition of the data vault and the second copy is encrypted in the second encryption scheme in a second field of a secondary partition of a data vault (see Das paragraph 41 with different encryption schemes; see also Gauda paragraph 57 with particular data/fields being encrypted/redacted based on data; see also paragraph 57 wherein data is stored accordingly in different partitions).
As per claim 10, it would have been obvious over the Das combination further comprising an encryption type field associated with each field of the primary partition, wherein the encryption type field identifies the first encryption scheme (Gauda paragraph 57 with different encrypted versions of data based on access level; paragraph 59 with different storage volumes; also see Benz paragraph 31 with nested secure partitions based on different keys/encryption; further see Gauda paragraph 59 with metadata identifying encryption schemes).
As per claim 11, it would have been obvious over the Das combination further comprising a privacy data type assocaited with each field of the primary partition as a classification of identifiability and sensitivity (see throughout Gaus and Benz with different partitions; see paragraph 41 with field level encryption with different classes being encrypted differently).
As per claim 12, it would have been obvious over the Das combination further comprising a ternary partition having a plurality of records, wherein the values of the plurality of records are encrypted according to a third encryption scheme that is different form the first and the second encryption scheme, wherein the third encryption scheme is configured to permit the values of the records to be accessed by a user having credentials linked to a third role (obvious over Gauda with various versions of encryption/keys; also see Benz paragraph 31 with at least 3 levels).
As per claim 13, it would have been obvious over the Das combination wherein the governance layer comprises role-based access control to provide access to permit the first operation based on the role (see throughout Benz, such as paragraph 31, with role-based access control).
Claim 14 is rejected using the same basis of arguments used to reject claim 1 above. See Gauda paragraph 37 with storing data in different storage parittions. Also see Gauda paragraphs 75-76 with receiving user credentials and authenticating accordingly. Further see throughout Benz (such as paragraph 31) with plurality of roles and providing data according to the roles.
Claim 15 is rejected using the same basis of arguments used to reject claim 2 above.
As per claim 16, the Das combination teaches controlling access to encrypted values and operations using the selected policy (see Das paragraph 46 with managing encryption and access control lists).
Claim 17 is rejected using the same basis of arguments used to reject claim 9 above.
Claim 18 is rejected using the same basis of arguments used to reject claim 10 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 14 above.
As per claim 20, it would have been obvious over the Das combination wherein selecting the first encryption scheme based on the first operation and a data loss prevention policy for the value (Das paragraph 41 with smart encryption; encryption may be based on data type, values, or performance; see paragraph 48 with different types of encryption such as deterministic or order-preserving encryption; data is encrypted smartly based on such factors).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431. The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-37393739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/JASON K GEE/Primary Examiner, Art Unit 2495