DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to communication: response to original application filed on 06/13/2024..
Claims 1-20 are currently pending in this application.
The IDS filed on 08/15/2024 has been accepted.
Examiner Interpretation
As per claims 18-20, the claims utilize multiple “means for” instances. Such language will be interpreted according to the applications specification. For example, paragraph 84 of the applicant’s specification (from publication 2024/0331577) describes such means).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 7, 9-13, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Das et al. US Patent Application Publication 2021/0279357 (Das), in view of Cameron US Patent Application Publication 2012/0246695 (Cameron).
As per claim 1, Das teaches a method comprising: receiving a data set having values in a plurality of different fields for a plurality of different customers (see paragraph 41 with obtaining data files; data files may be encrypted; see example in paragraph 69-70 with different fields for different customers in a financial setting); associating operations with at least a portion of the fields of the data set to form a plurality of operation field combinations (see paragraph 41, with data file having multiple fields; filds may have different operations); attaching an encryption scheme to each operation field combination, the attached encryption scheme to enable the attached operation on values in the field when the values are encrypted without decrypting the values (paragraph 41, wherein each field is encrypted using an encryption standard such that operations can be performed; see pargarph 48 with utilizing deterministic, order-preserving encryption, or numeric encryption; see paragraphs 39, 46, 49, and throughout wherein requests may be processed without decryption); encrypting the values in the at least a portion of the plurality of different fields in accordance with the attached encryption scheme (paragraph 41, 42, and throughout with encrypting accordingly); storing the encrypted values in a data vault (paragraph 45 wherein encrypted data can be stored in repository); providing access to perform an operation on a stored encrypted value in a field that is associated with an operation field combination (paragraph 46 wherein requests may be processed and performed without decrypting; further, see utilizing access control lists; see also paragraph 38 with permissions and access levels).
Das does not explicitly teach associating a role with at least one operation field combination, and prviding access through the role to perform an operation that is assocaited with the role. However, utilizing role based access control is notoriously well known in the art. For example, see Cameron (see paragraph 43-45 and throughout with access control to resources based on roles; resources may be information or computing functions).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Das with Cameron. One of ordinary skill in the art would have been motivated to perform such an addition to create more security by controlling access to distributed computing resources (paragraph 8 of Cameron).
As per claim 2, it would have been obvious over the Das combination wherein encrypting the values comprises encrypting at least a subset of values in accordance with more than one encryption scheme and storing each encrypted value having a different encryption scheme (Das paragraph 41 with subsets encrypted using multiple different encryption standards).
As per claim 7, it would have been obvious over the Das combination further comprising associating a user with the role, authenticating the user, wherein providing access comprises providing access to the authenticated user (obvious over Das; see paragraph 38 with permissions including access levels and credentials; see also Cameron paragraph 47 with user having roles associated with authentication).
As per claim 9, it would have been obvious over the Das combination wherein attaching an encryption scheme comprises selecting an encryption scheme based on the assocaited operation and a data loss prevention policy of the respective field (Das paragraph 41 wherein subsets of data are encrypted such that a full range of operations can be performed; standards for each subset can be selected also based on data type and performance).
As per claim 10, it would have been obvious over the Das combination wherein the attached encryption scheme is selected to enable the operation of the operation field combination to be performed without decrypting the encrypted respective value (Das paragraphs 48, 49, and throughout with operations without decrypting data using encryption schemes such as order-preserving encryption).
Claim 11 is rejected using the same basis of arguments used to reject claim 1 above.
As per claim 12, the Das combination teaches further comprising a governance layer having a plurality of policies, at least a first policy configured to enable the operation that is assocaited with the role for an authenticated user (Das paragraph 48 with different encryption policies; see paragraph 38 wherein smart encrypting utilizes access levels and permissions such as access levels/credentials for encryption and processing; see throughout Cameron with utilization of roles with users)
As per claim 13, it would have been obvious over the Das combination further comprising an interface layer having a plurality of roles, each role supporting a selected policy, the interface layer further comprising a user interface to receive user credentials, to link the credentials to a role, and to send an authentication of the user and the role to the governance layer (obvious over Cameron; see paragraph 47 wherein users may utilize a password, which would require an interface/authentication of user; see paragraph 49 with access control when a user attempts to access resource and provides access privileges accordingly when the user is authorized to access that particular resource; see also paragraph 58; see also throughout Das paragraph 38 with utilizing permissions including access levels and credentials to access data).
Claim 18 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 2 above.
Claim 20 is rejected using the same basis of arguments used to reject claim 7 above.
Claim(s) 3-5, 8, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over the Das combination as applied above, and further in view of Gauda US Patent Application Publication 2017/0185790 (Gauda).
As per claim 3, it would have been obvious over the Das combination comprising attaching a second encryption scheme to a second operation field combination of the plurality of operation field combinations, an operation of the second operation field combination being different from an operation of the first operation field combination; encrypting values in the field of the second operation field combination in accordance with the second encryption scheme, the second encryption scheme being different from a first encryption scheme of the first operation field combination, the second encryption scheme to enable the second operation on values encrypted in the second encryption scheme without decrypting the values; and storing the encrypted values encrypted in the second encryption scheme in the data vault (obvious over Das combination; see paragraph 41 wherein each field is encrypted, and fields may be encrypted using different encryption standards; see paragarphs 39, 46, and throughout with performing operations without encryption; see paragraph 49 wherein queries may be different and the result/operations from the query are different; ).
Although the Das combination teaches utilizing different schemes, the combination does not explicitly teach a field of the second operation field combination being the same field as a field of the first operation field combination. However, this would have been obvious. For example, see Gauda (paragraph 57 with plurality of copies of value/field, the fields/copies encrypted using different schemes).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Das combination with Gauda. One of ordinary skill in the art would have been motivated to perform such an addition to provide dynamic access control (paragraph 1 of Gauda).
As per claim 4, the Das combination teaches wherein the first and the second encryption schemes correspond to different data loss prevention policies (paragraph 48 with encryption schemes such as deterministic, order-preserving, numeric; see also paragraph 41 wherein different type of data may be encrypted accordingly).
As per claim 5, the Das combination teaches associating a second role with the second operation field combination (see Cameron paragraph 43-44 with role based access control with different access privileges; see also Das paragraph 38 with permissions and access levels).
As per claim 8, the Das combination teaches associating an encryption type with the attache encryption scheme (paragraph 41 and throughout), but does not explicitly teach storing the encryption type in association with values that are encrypted in accordance with the attached encryption scheme. However, this would have been obvious. For example, see Gauda (paragraph 59 wherein encrypted data includes metadata that identifies encryption scheme).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Das combination with Gauda. One of ordinary skill in the art would have been motivated to perform such an addition to provide dynamic access control (paragraph 1 of Gauda).
Claim 14 is rejected using the same basis of arguments used to reject claim 4 above.
Claim 15 is rejected using the same basis of arguments used to reject claim 5 above.
As per claim 16, the Das combination teaches wherein the first and the second encryption schemes correspond to different data loss prevention policies (Das paragraph 41, 48, and throughout with different encryption schemes with provide for different data loss prevention; different type of data may be encrypted accordingly)
As per claim 17, the Das combination teaches wherein the operations comprise at least oen of match operations, aggregation operations, and order operations (Das paragraph 48 with order-preserving encryption; data may be searched for and data may be provided for (order or match operations) without decrypting; also see paragraph 41 with operations including sums, selects, reorder, combine).
Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over the Das combination as applied above, and further in view of Benz et al. US Patent Application Publication 2015/0310228 (Benz).
As per claim 6, the Das combination does not explicitly teach wherein storing the encrypted values in the second encryption scheme comprises storing the encrypted values in a second partition of the data vault, wherein the second partition is accessible through the second role and not accessible through the first role. However, this would have been obvious. For example, see Benz (paragraph 31 with different secure partitions wherein access to a partition may be accessible by one party but not others)
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Das combination with Benz. One of ordinary skill in the art would have been motivated to perform such an addition to provide a secure method of data presentation and interaction (paragraph 9 of Benz).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431. The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/JASON K GEE/Primary Examiner, Art Unit 2495