DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Priority/Benefit
Acknowledgment is made of applicant’s claim for priority under 35 U.S.C. 119 (a)-(d). The certified copy of CHINA 202310987794.4 filed on 08/07/2023 has been received.
Response to Amendment
The Amendment filed on 03/30/2026 has been entered.
The rejection of claims 1-20 under 35 U.S.C 112(b) is withdrawn in view of the amendment.
Claims 1, 11 and 20 are amended.
Claims 1-20 are pending of which claims 1, 11 and 20 are independent claims.
Response to Arguments
Applicant's arguments filed on 03/30/2026 have been fully considered.
Regarding to Applicant's arguments of limitation “when the designated data is secret state data, querying an authorization information table in the database based on the user identification of the accessing party to detect whether the accessing party is an authorized user of the designated data” that “Zaharia appears to be entirely silent about maintaining the authorization information table for authenticating”, Examiner acknowledged Applicant’s perspective but respectfully disagrees for the following reasons:
The claimed “authorization information table” is a form of data storage. The data in the table is retrieved through data query. However, the claim does not provide any algorithm or method of data query that is different from Zaharia’s query disclosed in Zaharia paragraph [0043]. Further, with the newly amended claim limitation, a new ground of rejection is made below.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Specifically, while the claim recites “each column of data includes identification information indicating the data, first identification information of accessing parties having an accessing authority of the data and second identification information of accessing parties having a control authority of the data”, the specification lacks a detailed description of each column data includes all the information listed above. As a result, the disclosure does not appear to show possession of the full breadth of the claimed column data.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The claims recite limitations “each column of data includes identification information indicating the data, first identification information of accessing parties having an accessing authority of the data and second identification information of accessing parties having a control authority of the data”, without providing sufficient detail to inform, with reasonable certainty, those skilled in the art about the scope of the invention.
As established in Nautilus, Inc. v. Biosig Instruments, Inc., 572 U.S. 898, 901, 910, 110 USPQ2d 1688, 1693 (2014), a claim is indefinite if, when read in light of the specification and the prosecution history, it fails to inform, with reasonable certainty, those skilled in the art about the scope of the invention. Additionally, MPEP § 2173.02 emphasizes that claims must be clear and precise to delineate the metes and bounds of the subject matter to be protected.
Claims that depend on rejected base claims (i.e. claims 1, 11) inherit by the nature of their dependency all rejections that are applied to their corresponding base claims. Thus, claims 2-10 and 12-19 are, in addition to any separate rejection disclosed above, also rejected using the same grounds of rejection as indicated in the rejection of their corresponding base claims above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 6-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Tyagi et al. (Pub. No.: US 2021/0049284, hereinafter Tyagi) in view of Zaharia et al. (US 2025/0131118, hereinafter Zaharia) and Doshi et al. (Pub. No.: US 2020/0134207, hereinafter Doshi).
Regarding claim 1: Tyagi teaches: A database-based data processing method, comprising:
receiving a data processing request to a database, wherein the data processing request carries a user identification of an accessing party and a data processing instruction for indicating a processing of designated data to obtain target data (Tyagi - [0065]: A registered buyer device 250 may log into marketplace application 410 on cloud platform 210 to search for (or request a list of) products available to the buyer. Using an API call, buyer device 250 may submit, to marketplace application 410, a query that includes search terms for public and/or private buyer data);
when the accessing party is an authorized user of the designated data after querying the authorization information table, decrypting the designated data based on a key of the data party in the isolated security environment and executing the data processing instruction based on decrypted data to obtain the target data, and encrypting the target data based on a key of the accessing party to obtain a target data ciphertext (Tyagi - [0058]: After retrieving relevant contracts from contract store 510, marketplace application 410 may send a driver API call 570 to TEE instance 130. Driver API call 570 may include encrypted private data from the relevant contracts, a seller identifier for each contract, and a buyer identifier. Secure application 415 in TEE instance 130 may receive driver API call 570 and may validate that the requesting buyer is authorized to view private data. Assuming validation, secure application 415 may use the seller's private key to decrypt the private data included in driver API call 570. As shown at reference 575, using the decrypted data, secure application 415 may perform processing consistent with the aggregated data (e.g. applying discount to the pricing data based on volume, buyer location, etc.) and re-encrypt the resulting data with the buyer's public key from key store 520. [0048]: Access to contract store 510 may be restricted to specific functions, such as, for example, receiving query requests from authorized buyers); and
returning a response message carrying the target data ciphertext in response to the data processing request (Tyagi - [0058]: Secure application 415 may then return the re-encrypted data (e.g., including modified data and/or different encryption from the original private data) to the marketplace application 410 via driver API response 580).
However, Tyagi doesn’t explicitly teach, but Zaharia discloses:
when the designated data is secret state data, querying an authorization information table in the database based on the user identification of the accessing party to detect whether the accessing party is an authorized user of the designated data, wherein the secret state data refers to data stored by the database in encrypted form (Zaharia - [0028]: in connection with requesting access to a high-level data object, the data requesting service provides authentication information to the data manager service, and the data manager service uses the authentication to authenticate the data requesting service and/or determine access permissions/authorizations for the data requesting service. [0013]: The high-level data object is stored in accordance with a predefined data protocol, such as on a cloud storage (e.g., a storage system hosted by a third party). See also [0043]), and the authorization information table is used for recording authorized user information of the secret state data configured by a data party (Zaharia - [0028]: Providing authentication information can include providing a credential(s) to data manager service (e.g., a token, a username and password, etc.));
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Tyagi with Zaharia so that authentication information is used to verify the user before accessing the data. The modification would have allowed the system to enhance security.
However, the combination of Tyagi and Zaharia doesn’t explicitly teach, but Doshi discloses:
and wherein the authorization information table is stored in an isolated security environment and includes a plurality of columns of data, each column of data includes identification information indicating the data, first identification information of accessing parties having an accessing authority of the data and second identification information of accessing parties having a control authority of the data (Doshi - [0172]: the registration by the memory controller (e.g., in authorizations table 1050) may specify a list of functions that can be used by the PASID and a tenant (or ECD) ID. [0174]: If the memory address belongs to a configured shared memory (e.g., a memory region operating in open mode, protected mode, shared mode, or shared protected mode), the memory controller 1010 identifies whether the PASID and the tenant ID (e.g., as accessed from the authorizations table 1050) that have access to the memory space indicated by the received address. [0201]: the protected memory region is configured as a trusted execution environment (TEE) of the edge computing device);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Tyagi and Zaharia with Doshi so that the data storage can be in the form of table with TEE and is used to verify requesting ID and provide data accessing permission. The modification would have allowed the system to be more secure.
Regarding claim 2: Tyagi as modified teaches: further comprising:
receiving an authorization configuration instruction sent by the data party, wherein the authorization configuration instruction carries a user identification of the data party, a data identification of the designated data, and user identifications of authorized users, and the authorization configuration instruction is used to instruct configuring that the authorized users are authorized to access to the designated data (Zaharia - [0028]: the authentication information can include an IP address (e.g., for IP address-based access control), a geographic location of the data requesting service (e.g., for geographic region-based access control), a data requesting service identifier, etc. [0034]: an administrator of data sharing system (e.g., an administrator of a dataset) can provide a data requesting service with access to a dataset by adding the data recipient (e.g., the entity associated with the data requesting service) to a policy or account or access control metadata structure); and
recording a correspondence of the user identification of the data party, the data identification of the designated data, and the user identifications of the authorized users in the authorization information table in response to the authorization configuration instruction (Zaharia - [0028]: the authentication information can include an IP address (e.g., for IP address-based access control), a geographic location of the data requesting service (e.g., for geographic region-based access control), a data requesting service identifier, etc).
The reason to combine is in the same rational as claim 1.
Regarding claim 3: Tyagi as modified teaches: wherein the authorization configuration instruction further comprises: an authorization access time limit, and the authorization information table records the correspondence of the user identification of the data party, the data identification of the designated data, and the user identifications of the authorized users and corresponding authorized access time limit, wherein the authorized access time limit is used to limit access time of the authorized users to the designated data (Zaharia - [0030]: a system (e.g., a data sharing service) provides access to a set of data via a Uniform Resource Locator (URL) … the URL expires after a predefined period of time (e.g., an amount of time after generation of the URL or an amount of time after sending the URL to the data requesting service or other system associated with the corresponding data access request)).
The reason to combine is in the same rational as claim 1.
Regarding claim 6: Tyagi as modified teaches: wherein the authorization information table is dynamically updated with authorization configuration instructions sent by the data party (Zaharia - [0034]: an administrator of data sharing system (e.g., an administrator of a dataset) can … adding the data recipient (e.g., the entity associated with the data requesting service) to a policy or account or access control metadata structure).
Regarding claim 7: Tyagi as modified teaches: wherein the designated data comprises at least one column of secret state data in at least one data table corresponding to a designated column identification; or
the designated data comprises at least one row of secret state data in at least one data table corresponding to a designated row identification; or
the designated data comprises at least one secret state data element in at least one data table corresponding to a designated column identification and a designated row identification (Zaharia - [0019]: a low-level data object may be a data construct that is a constituent part of a corresponding high-level data object. The low-level data object can be mapped to (or otherwise associated with) a corresponding high-level data object. [0018]: a high-level data object may be a data construct that can be partitioned into a set of lower-level data constructs (e.g., low-level data object(s) or sets of low-level data object(s)). Examples of a high-level data object include a model, a table, a view, a schema, a storage location, etc).
The reason to combine is in the same rational as claim 1.
Regarding claim 8: Tyagi as modified teaches: wherein the database is deployed in a trusted execution environment (Tyagi - [0042]: A secure enclave (e.g., a TEE instance 130) in secure world 120 may be used to protect the private data (e.g., “at rest” data) and its processing (e.g., “in use” data) from marketplace application 410, any OS/firmware, and the cloud services provider).
Regarding claim 9: Tyagi as modified teaches: wherein the database is deployed in a trusted execution environment based on trusted hardware (Tyagi - [0042]: A secure enclave (e.g., a TEE instance 130) in secure world 120 may be used to protect the private data (e.g., “at rest” data) and its processing (e.g., “in use” data) from marketplace application 410, any OS/firmware, and the cloud services provider).
Regarding claim 10: Tyagi as modified teaches: wherein the data processing instruction is used to instruct the processing of the designated data to obtain the target data, wherein the designated data comprises first designated data of the accessing party and second designated data of the data party, and the first designated data and the second designated data are both secret state data;
wherein the target data ciphertext is obtained by:
querying the authorization information table in the database based on the user identification of the accessing party, and detecting whether the accessing party is an authorized user of the second designated data;
when the accessing party is an authorized user of the second designated data, decrypting the second designated data in the isolated security environment based on the key of the data party to obtain second decrypted data, and decrypting the first designated data based on the key of the accessing party to obtain first decrypted data;
executing the data processing instruction based on the first decrypted data and the second decrypted data to obtain the target data, and encrypting the target data based on the key of the accessing party to obtain the target data ciphertext (rejected for the similar reasons as claim 1. Further, Figure 4C discloses plural sellers and buyers to obtain records of private data use on a cloud platform using a TEE).
The reason to combine is in the same rational as claim 1.
Regarding claims 11-13 and 16-19: Claims are directed to apparatus/device computer claims and do not teach or further define over the limitations recited in claims 1-3 and 6-19. Therefore, claims are also rejected for similar reasons set forth in claims 1-3 and 6-19. Furthermore, Tyagi in Fig. 3 discloses a processor and machine-readable medium on which is stored a set of instructions.
Regarding claim 20: Claim are directed to readable medium claim and does not teach or further define over the limitations recited in claim 1. Therefore, claim 20 also rejected for similar reasons set forth in claim 1. Furthermore, Tyagi in Fig. 3 discloses a processor and machine-readable medium on which is stored a set of instructions.
Claims 4-5 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Tyagi et al. (Pub. No.: US 2021/0049284, hereinafter Tyagi) in view of Zaharia et al. (US 2025/0131118, hereinafter Zaharia), and Doshi et al. (Pub. No.: US 2020/0134207, hereinafter Doshi). and ITO et al. (Pub. No.: US 2018/0012029, hereinafter ITO).
Regarding claims 4 and 14: Tyagi as modified doesn’t explicitly teach but ITO teaches: further comprising:
receiving an authorization deletion instruction sent by the data party, wherein the authorization deletion instruction carries a user identification of the data party, a data identification of the designated data, and user identifications of authorized users, and wherein the authorization deletion instruction is used to instruct deletion of configuration information that the authorized users are authorized to access to the designated data; and deleting a correspondence of the user identification of the data party, the data identification of the designated data, and the user identifications of the authorized users in the authorization information table in response to the authorization deletion instruction (ITO - [0099]: the formal registration unit 215 of the user authentication apparatus 200 may delete information, such as a temporary ID, of a document operator from the user authentication table, if the document operator does not complete formal registration within a predetermined period after the user information receiving unit 211 receives the email address of the document operator (or after a temporary ID has been created for the document operator)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Krakowiecki and Zaharia, Doshi with ITO so that information related to user ID can be deleted. The modification would have allowed the system to keep the table updated for security enhancement.
Regarding claims 5 and 15: Tyagi as modified doesn’t explicitly teach but ITO teaches: wherein designated data of the data party in the authorization information table is configured with user identifications of a plurality of authorized users (ITO - [0057]: the temporary ID creating unit 213 registers, in the user authentication table, the email address of the document operator and the newly created temporary ID in association with each other (step S106)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Krakowiecki and Zaharia with ITO so thatuser authentication table is configured with user identification. The modification would have allowed the system to retrieve information based on ID for verification.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Cords et al. US2015/0046416 - Method for writing and reading data
Calafato et al. US 11977657 - Method And System For Confidential Repository Searching And Retrieval
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729. The examiner can normally be reached M-F 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MENG LI/
Primary Examiner, Art Unit 2437