DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant’s amendments filed on 04/03/2026 has been received and entered. Currently Claims 1-20 are pending.
Response to Arguments
Claims 2, 11, and 13 rejected under 35 USC § 112, is withdrawn in light of the claim amendments.
Claims 1-20 rejected under 35 USC § 101, is withdrawn in light of the claim amendments.
Applicant’s argues on page 13-14 of applicant’s remarks that Fukuda in view of Collazo does not teach wherein “determining whether the target plaintext value is greater than a preset value, and ending current computing if the target plaintext value is greater than the preset value, wherein determining whether the target plaintext value is greater than the preset value is performed in a decryption phase rather than in an encryption phase to detect a plaintext overflow attack” as recited in the amended claims, however the arguments have been considered but are moot in view of the new ground(s) of rejection.
In response to applicant's argument that Collazo is nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, Fukuda is directed to the limitation of homomorphic encryption operation, a public key of the homomorphic encryption operation is in a public state, a private key is held by a first party, the private key comprises a first private key value, a decryption process of the homomorphic encryption operation is completed based on a modulo operation performed on the first private key value. Fukuda teaches homomorphic encryption operations including key generation, encryption, decryption, and modulo operations on the private key value (Fukuda [Col. 2, lines 37-39], [Col. 2, lines 47-48], [Col. 13, line 38], [Col. 13, lines 45-46]). Collazo is directed to the limitation of determining whether the value is greater than a preset value, and ending current computing if the value is greater than the preset value. Collazo teaches detection of malicious behavior through threshold-based comparison of observed values against expected patterns and remediative actions such as session termination upon detection of crafted malicious input (Collazo [0028-0029], [0059], [0068]).
Collazo is reasonably pertinent to the particular problem the applicant’s invention was concerned with such as detecting attacks wherein malicious actors submit crafted input designed to bypass conventional validation, with detection occurring and resulting in termination of the operation. Collazo addresses this same problem by teaching detection of crafted malicious input through threshold-based comparison after the input has entered the system, with remediative termination upon detection. A person of ordinary skill in the art of designing attack-detection mechanisms for a cryptographic system would have considered attack-detection architectures from adjacent computer security domains, because the underlying detection and remediation logic transfers across technical domain. Therefore, Collazo is analogous art.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 4-6, 10, 12, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Fukuda et al. US 11849019 hereinafter referred to as Fukuda, in view of Collazo US 20100299292 hereinafter referred to as Collazo and Yung US 9094378 hereinafter referred to as Yung.
As per claim 1, Fukuda teaches a data security detection method for privacy-preserving computing, wherein the privacy-preserving computing comprises a homomorphic encryption operation (Fukuda [Col. 2, lines 37-39]: "homomorphic public key encryption schemes can be applied to secure computation").
a public key of the homomorphic encryption operation is in a public state (Fukuda [Col. 3, lines 17-18]: "anyone with the encryption key can execute an encryption algorithm and homomorphic operation algorithm"),
a private key is held by a computing device of a first party (Fukuda [FIG. 5], [Col. 2, lines 47-48]: data user apparatus containing decryption key storage, see e.g., "data user decrypts the analysis result ciphertext received using a decryption key that he or she has"),
the private key comprises a first private key value (Fukuda [Col. 13, line 38]: "decryption key dk=(κ, n, g, p, q)"),
a decryption process of the homomorphic encryption operation is completed based on a modulo operation performed on the first private key value, and the method is performed by the computing device of the first party, and comprises (Fukuda [FIG. 5], [Col. 13, lines 45-46]: data user apparatus containing decryption key storage, the decryption part 163 computes gλ =gλ mod n2 from the decryption key dk):
receiving an operation request sent by a computing device of a second party, wherein the operation request comprises a first encrypted value obtained through encryption by using the public key (Fukuda [Col. 13, line 31]: encryption apparatus receives message input and outputs a ciphertext using encryption key, see e.g., "ciphertext output part 154 outputs the ciphertext c");
determining a second encrypted value to be decrypted, wherein the second encrypted value is obtained based on the first encrypted value (Fukuda [Col. 13, lines 35-36]: decryption apparatus must accept the ciphertext output from the encryption apparatus, see e.g., “ciphertext input part 161 accepts the ciphertext c to be decrypted”);
decrypting the second encrypted value by using the private key, to obtain a target plaintext value (Fukuda [Col. 13, lines 49-50]: uses decryption key to decrypt ciphertext, see e.g., "the decryption result output part 164 outputs the decryption result");
Fukuda does not explicitly disclose determining whether the target plaintext value is greater than a preset value, and ending current computing if the target plaintext value is greater than the preset value.
Collazo teaches that when a computed value exceeds the threshold, the system determines that an unacceptable condition has occurred and responsively terminates the current computing operation (Collazo [para. 0059]: “if the result of the dot product is greater than a certain threshold... associated with malicious activity may invoke… session termination”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda of a homomorphic encryption system for secure computing with the teachings of Collazo to include determining whether a value is greater than a preset threshold and ending current computing if the value exceeds the threshold in order to detect invalid decryption results and terminating computation before further errors, improving homomorphic encryption system security.
Fukuda in view of Collazo does not explicitly teach wherein determining whether the target plaintext value is greater than the preset value is performed in a decryption phase rather than in an encryption phase to detect a plaintext overflow attack.
Yung teaches determining is performed in a decryption phase rather than in an encryption phase to detect a plaintext overflow attack (Yung [Col. 17, lines 58-60,], [Col. 18, lines 6-16]: “After decryption, overflow of the extended plaintext is detected if the sign bits (i.e., bits 63 to 95 in region 724) are neither all zeros nor all ones… decrypted using the Paillier technique… decryption operation yields an extended plaintext… an overflow is indicated and detected (e.g., may raise an overflow error or exception in implementation))”.
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo of determining plaintext value is greater than a preset value with the teachings of Yung of determining after decryption to detect plaintext overflow in order to detect plaintext values that fall outside expected ranges after homomorphic operations, including attacker inputs (Yung [Col. 18, lines 6-16]).
As per claim 4, Fukuda in view of Collazo and Yung teach the method according to claim 1, wherein an Okamoto-Uchiyama (OU) algorithm is used for the homomorphic encryption operation (Fukuda [Col. 14, lines 24-26]: “Okamoto-Uchiyama encryption scheme is an example of public key encryption schemes with an additive homomorphism").
As per claim 5, Fukuda in view of Collazo and Yung teach the method according to claim 1, wherein determining the second encrypted value to be decrypted comprises: determining the first encrypted value as the second encrypted value (Fukuda [Col. 14, lines 47-52]: output of encryption is the first encrypted value and before decryption apparatus must first accept the output from the encryption apparatus, input is based on the output).
As per claim 6, Fukuda in view of Collazo and Yung teach the method according to claim 1, wherein determining the second encrypted value to be decrypted comprises: performing a target homomorphic operation based on the first encrypted value, to obtain the second encrypted value (Fukuda [Col. 15, lines 4-9]: output ciphertext c is mathematically derived from input c1).
As per claim 10, the claim discloses a non-transitory computer-readable storage medium corresponding to the method claim 1 above, and they are rejected, at least for the same reasons.
As per claim 12, the claim discloses a device corresponding to the method claim 1 above, and they are rejected, at least for the same reasons.
As per claim 15-17, the claims disclose a device corresponding to the method claims 4, 5, and 6 above, and they are rejected, at least for the same reasons.
Claims 2, 11, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Fukuda in view of Collazo and Yung, and further in view of Feng et al. CN 113592097 A (corresponding English translation is used in the below rejections) hereinafter referred to as Feng, and Zhu CN 116074027 A (corresponding English translation is used in the below rejections) hereinafter referred to as Zhu.
As per claim 2, Fukuda in view of Collazo and Yung teaches the method of claim 1 and the privacy-preserving computing (Fukuda [Col. 2, lines 37-39]: "homomorphic public key encryption schemes can be applied to secure computation"). Fukuda in view of Collazo and Yung does not explicitly disclose wherein the preset value is greater than a maximum value of service data processed.
Feng teaches wherein the maximum value is less than the preset threshold (Feng et al. [n0071]: “measurement score of the feature information of each group of samples in the corresponding dimension in the data square is calculated based on the cryptographic derivative aggregation value. If the maximum measurement score of the corresponding dimension is less than a preset threshold”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo and Yung of secure computation with homomorphic encryption with the teachings of Feng to include a maximum score being less than a preset threshold in order to improve the reliability of encryption (Feng [n0087]).
Fukuda in view of Collazo, Yung, and Feng does not explicitly disclose a ratio of the preset value to the first private key value is less than a preset ratio threshold, such that the preset value is less than the first private key value by an order of magnitude.
Zhu teaches constraining system parameters by calculating a ratio of two values to be less than a preset ratio threshold (Zhu [para. n0056]: “calculate the ratio of the total number of results corresponding to successful voting results to the total number of results corresponding to voting results… the ratio of the number of results is less than the threshold for the ratio of successful results”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo, Yung, and Feng of secure computation with homomorphic encryption with the teachings of Zhu of comparing a ratio of two values to be less than a preset ratio threshold in order to apply mathematical constraints to system parameters to ensure parameters remain within acceptable bounds.
As per claim 11, the claim discloses a non-transitory computer-readable storage medium corresponding to the method claim 2 above, and they are rejected, at least for the same reasons.
As per claim 13, the claim discloses a device corresponding to the method claim 2 above, and they are rejected, at least for the same reasons.
Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Fukuda in view of Collazo and Yung, and further in view of Cui et al US 20100083002 hereinafter referred to as Cui, and Joseph et al. US 6965992 hereinafter referred to as Joseph.
As per claim 3, Fukuda in view of Collazo and Yung teaches the method of claim 1.
Fukuda in view of Collazo and Yung does not explicitly disclose wherein a number of bits of the first private key value is greater than 500.
Cui teaches that private keys are greater than 500 bits (Cui [para. 0022]: “private keys are 1024-bit keys, but may be of greater or lesser lengths in other embodiments”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo and Yung of performing homomorphic operations with the teachings of Cui of private keys being greater than 500 bits in order to establish security parameters for cryptographic systems with an identified range for the private key.
Fukuda in view of Collazo, Yung, and Cui does not explicitly disclose a number of bits of the preset value is 64 or 128.
Joseph teaches that the threshold value is 64 bits (Joseph [Col. 15, lines 27-28]: “64 bit threshold”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo, Yung, and Cui of performing homomorphic operations with a private key value greater than 500 with the teachings of Joseph of threshold values being 64 bits in order to establish security parameters for cryptographic systems with an identified range for the threshold.
As per claim 14, the claim discloses a device corresponding to the method claim 3 above, and they are rejected, at least for the same reasons.
Claims 7-8 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Fukuda in view of Collazo and Yung, and further in view of Ding et al. CN 109361510 (corresponding English translation is used in the below rejections) hereinafter referred to as Ding.
As per claim 7, Fukuda in view of Collazo and Yung teaches the method of claim 6.
Fukuda in view of Collazo and Yung does not explicitly disclose wherein an algorithm for the target homomorphic operation is specified by the computing device of the second party.
Ding teaches wherein an algorithm for the target homomorphic operation is specified by the computing device of the second party (Ding para. [n0013]: data provider, second party, specifies encryption algorithm to encrypt the data).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo and Yung of performing homomorphic operations with the teachings of Ding to include that the second party specifies the algorithm to be used in order to provide computational flexibility and enable the second party to request specific privacy-preserving analyses.
As per claim 8, Fukuda in view of Collazo and Yung teaches the method of claim 1.
Fukuda in view of Collazo and Yung does not explicitly disclose determining that the plaintext value is not greater than the preset value and returning the target plaintext value to the computing device of the second party, or performing a further operation based on the target plaintext value.
Ding teaches conditional processing where normal operations continue with further operations when no overflow is detected, and results are returned to authorized parties (Ding [para. n0014]: performs an overflow check and if there is none, then continues further operation, see e.g., “if there is no overflow, directly call the multiplication operation”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda of a homomorphic public key cryptography with secure computing with the teachings of Ding to include a detection if no overflow occurs to do further operations like multiplication calculation in order to apply conditional processing flow that both detects overflow conditions and continue computation (see Ding [para. n0014]).
As per claims 18 and 19, the claims disclose a device corresponding to the method claims 7 and 8 above, and they are rejected, at least for the same reasons.
Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Fukuda in view of Collazo and Yung, and further in view of Gulak et al. US 20170293913 hereinafter referred to as Gulak.
As per claim 9, Fukuda in view of Collazo and Yung teaches the method of claim 1 and prompt information is used to indicate that there is a risk of the plaintext overflow attack (Collazo [para. 0068]: “text fields may be vulnerable because hackers and attackers can use the field to perform a buffer overflow attack”), and further indicating comparing with a threshold value and indicating the vulnerability/non-human behavior based on the comparison (Collazo [para. 0026]: compares to a threshold to indicate vulnerability/non-human activity, see e.g., “correlation methods may comprise checking the quantitative values in the behavior pattern against some known value, such as a threshold… if the variance is below… may indicate a robotic, non-human-like functional user behavior/activity on the web application… indicating user behavior is robotic”; (Collazo [para. 0059]: a computed value exceeds the threshold and associate with act of exploiting vulnerability, see e.g., “correlation engine… if the result of the dot product is greater than a certain threshold... associated with malicious activity may invoke… session termination”).
Fukuda in view of Collazo and Yung does not explicitly disclose sending prompt information to send an alert or notification or prompt information if the target plaintext value is greater than the preset value.
Gulak teaches that when a condition is met or exceeded, then an alert is sent out (Gulak [para. 0153]: “if met or exceeded, causes the alert trigger 122 to send an electronic alert message to remote devices 130 operated by a professional”) and that the alert specifies the condition (Gulak [para. 0152]: “the alert be a general indication of the nature of the alert”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Fukuda in view of Collazo and Yung of detecting an overflow attack when plaintext value is greater than a preset value with the teachings of Gulak to include sending an alert if the threshold is met with an alert condition in order to establish a threshold-based detection that identifies a potential vulnerability which can be used to warn against potential vulnerabilities (Collazo [para. 0026]).
As per claim 20, the claim discloses a device corresponding to claim 9 above, and they are rejected, at least for the same reason.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAROLINE HOANG-ANH NGUYEN whose telephone number is (571)272-8309. The examiner can normally be reached Monday-Thursday 7am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.H.N./Examiner, Art Unit 2495
/HENRY TSANG/Primary Examiner, Art Unit 2495