DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Claim Interpretation
The Examiner is interpreting “invisible masked data” as in independent claims 1, 12, and 20, to mean the same as “hidden” masked data in light of the originally filed disclosure demonstrating that invisible masked data is represented by “********” in paragraph [0052].
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The term “safe execution environment” in claims 1, 12 and 20 is a relative term which renders the claim indefinite. The term” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
Dependent claims fall together for the same reasons.
Claim Rejections - 35 USC § 102
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-3, 6-14, and 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jackson et. al. (US Publication No. US 20140075571 A1) hereinafter Jackson.
Regarding Claims 1, 12, and 20:
Claim 12. Jackson discloses an electronic device, comprising: a processor; and a memory configured to store instructions executable by the processor; wherein the processor is configured to read the instructions from the memory, and execute the instructions to implement a method comprising (Jackson Fig. 2, [0028-0030]): receiving an access request to a database, the access request carrying a user identifier of an accessor and a data processing instruction (Jackson Fig. 7; [0067] “The routine begins at step 700 upon receipt of a read request for reading the encrypted column data. At step 702, the role of the user associated with the read request is determined or ascertained. Steps 700 and 702 may be combined, as the request may identify the user's role”), wherein the data processing instruction is used to instruct to process specified data in the database to obtain target data (Jackson Fig. 7; [0067] “If the outcome of the test at step 705 indicates that the user has full access, the routine continues at step 707 to decrypt the entire column data (e.g., an entire credit card or social security number). Typically, decryption is performed by the OS and, in particular, by a resource access control facility.”), and the database is deployed in an independent, safe execution environment (Fig. 3 discloses trust domain 301; [0045-0046]); in a case that a part of the target data is encrypted data, querying, based on the user identifier of the accessor, an authorization information table in the database, to detect whether the accessor is an authorized user of the part of the target data (Jackson Fig. 7; [0067] “At step 704, a test is made to determine whether the request has been received from a user in a role having authority to access the encrypted column.”; Jackson queries the role table disclosed in Fig. 6), wherein the encrypted data comprises data stored in the database in an encrypted form, and the authorization information table is used to record authorized user information configured by a data provider for the encrypted data (Jackson Fig. 6-7; [0067]); and in a case that the accessor is not an authorized user of the part of the target data, performing mask processing on the part of the target data to generate invisible masked data (Jackson Fig. 7; [0067] “If the outcome of the test at step 705, however, indicates that the user with access authority does not have full access, the routine continues at step 706 to decrypt only a permitted subset of the encrypted column (e.g., the last four digits of the credit card or social security number) and masking the remainder.”), and returning the masked data and remaining unencrypted target data in the target data in response to the access request (Jackson Fig. 7; [0067] “If the outcome of the test at step 705, however, indicates that the user with access authority does not have full access, the routine continues at step 706 to decrypt only a permitted subset of the encrypted column (e.g., the last four digits of the credit card or social security number) and masking the remainder.”).
Claims 1 and 20 recite substantially the same content and are therefore rejected under the same rationales. Jackson further discloses a database processing method (Jackson claim 1), and a non-transitory computer readable storage medium having a computer program stored thereon for performing a method (Jackson claim 15).
Regarding Claims 2 and 13:
Claim 13. Jackson further discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]), wherein the method further comprises: in a case that the accessor is an authorized user of the part of the target data, returning the target data in response to the access request (Jackson Fig. 7; [0067] “If the outcome of the test at step 705 indicates that the user has full access, the routine continues at step 707 to decrypt the entire column data (e.g., an entire credit card or social security number). Typically, decryption is performed by the OS and, in particular, by a resource access control facility.”).
Claim 2 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claims 3 and 14:
Claim 14. Jackson further discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]), wherein the method further comprises: in a case that all of the target data are encrypted data, querying, based on the user identifier of the accessor, the authorization information table in the database, to detect whether the accessor is an authorized user of all of the target data (Jackson Fig. 7; [0067] “At step 704, a test is made to determine whether the request has been received from a user in a role having authority to access the encrypted column.”; Jackson queries the role table disclosed in Fig. 6); in a case that the accessor is the authorized user of all of the target data, returning all of the target data in response to the access request (Jackson Fig. 7; [0067] “If the outcome of the test at step 705 indicates that the user has full access, the routine continues at step 707 to decrypt the entire column data (e.g., an entire credit card or social security number). Typically, decryption is performed by the OS and, in particular, by a resource access control facility.”); or in a case that the accessor is not the authorized user of all of the target data, returning a processing failure notification message in response to the access request (Jackson Fig. 7 step 708 deny access to data if access authority returns no).
Claim 3 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claims 6 and 17:
Claim 17. Jackson further discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]), wherein the method further comprises: receiving an authorization deleting instruction sent by the data provider, the authorization deleting instruction carrying a user identifier of the data provider, a data identifier of the target data, and a user identifier of the authorized user, wherein the authorization deletion instruction is used to instruct to delete configuration information that the authorized user is authorized to access the target data (Jackson Fig. 6 DBA SYSADM creates, updates, and maintains tables; [0050] “Members of the group with SYSADM authority can perform the following tasks: migrate databases, modify the database manager configuration and database configuration files, safeguard the data by performing database and log file backups, and perform restoration of databases and database objects such as table spaces, and grant and revoke other authorities and privileges to and from users, groups, or roles, for example, SYSCTRL, SYSMAINT, SYSMON, DBADM, and SECADM.”); and in response to the authorization deletion instruction, deleting, from the authorization information table, a corresponding relationship among the user identifier of the data provider, the data identifier of the target data, and the user identifier of the authorized user (Jackson Fig. 6 DBA SYSADM creates, updates, and maintains tables; [0050] “Members of the group with SYSADM authority can perform the following tasks: migrate databases, modify the database manager configuration and database configuration files, safeguard the data by performing database and log file backups, and perform restoration of databases and database objects such as table spaces, and grant and revoke other authorities and privileges to and from users, groups, or roles, for example, SYSCTRL, SYSMAINT, SYSMON, DBADM, and SECADM.”).
Claim 6 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claims 7 and 18:
Claim 18. Jackson further discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]), wherein, for a piece of target data of the data provider, user identifiers of multiple authorized users are configured in the authorization information table (Jackson Fig. 6 application developer, user, and auditor all have access to the column data).
Claim 7 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claims 8 and 19:
Claim 19. Jackson further discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]), wherein the authorization information table is dynamically updated with an authorization configuration instruction sent by the data provider (Jackson Fig. 6 DBA SYSADM creates, updates, and maintains tables; [0050]).
Claim 8 recites substantially the same content and is therefore rejected under the same rationales.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 4-5 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Jackson in view of Niu et. al. (US Publication No. US 2023/0289464 A1), hereinafter Niu.
Regarding Claims 4 and 15:
Claim 15. Jackson discloses the electronic device of claim 12 (Jackson Fig. 2, [0028-0030]).
Jackson does not explicitly disclose wherein the method further comprises: receiving an authorization configuration instruction sent by the data provider, the authorization configuration instruction carrying a user identifier of the data provider, a data identifier of the target data, and a user identifier of the authorized user, wherein the authorization configuration instruction is used to instruct to configure the authorized user to be authorized to access the target data; and in response to the authorization configuration instruction, recording, in the authorization information table, a corresponding relationship among the user identifier of the data provider, the data identifier of the target data, and the user identifier of the authorized user.
Niu teaches wherein the method further comprises: receiving an authorization configuration instruction sent by the data provider, the authorization configuration instruction carrying a user identifier of the data provider, a data identifier of the target data, and a user identifier of the authorized user (Niu Fig. 4 managing field-level security policy, [0087-0095]), wherein the authorization configuration instruction is used to instruct to configure the authorized user to be authorized to access the target data (Niu Fig. 4 managing field-level security policy, [0087-0098]); and in response to the authorization configuration instruction, recording, in the authorization information table, a corresponding relationship among the user identifier of the data provider, the data identifier of the target data, and the user identifier of the authorized user (Niu Fig. 4 managing field-level security policy, [0087-0098]).
It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the database management disclosed by Jackson with the granular field-level security management taught by Niu. The motivation for this combination would be to ensure that all illegal access is blocked by providing a flexible and effective policy updating scheme as discussed by Niu [0099].
Claim 4 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claims 5 and 16:
Claim 16. The combination of Jackson and Niu further teaches the electronic device of claim 15 (Jackson Fig. 2, [0028-0030]), wherein the authorization configuration instruction further comprises: an access time limit for authorization that is used to limit an access time of the authorized user to the target data (Niu Fig. 4, [0052-0057] access parameters may include the time trust condition used for restricting the access time), wherein the authorization information table specifically records a corresponding relationship among the user identifier of the data provider, the data identifier of the target data, the user identifier of the authorized user, and the access time limit for authorization (Niu Fig. 4, [0052-0057] access parameters may include the time trust condition used for restricting the access time).
Claim 16 recites substantially the same content and is therefore rejected under the same rationales.
Claim(s) 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Jackson in view of Sprague et. al. (US Publication No. US 2018/0254898 A1) hereinafter Sprague.
Regarding Claim 10:
Jackson discloses the method of claim 1 (Jackson claim 1).
Jackson does not explicitly disclose wherein the database is deployed in a trusted execution environment.
Sprague teaches wherein the database is deployed in a trusted execution environment (Sprague [0051-0054]).
It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the database management method disclosed by Jackson with the trusted execution environment taught by Sprague. The motivation would be to protect code and data from malware and snooping as highlighted by Sprague [0051].
Regarding Claim 11:
The combination of Jackson and Sprague further teaches the method of claim 1 (Jackson claim 1), wherein the database is deployed in a trusted hardware-based trusted execution environment (Sprague [0051-0054]).
Conclusion
The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.L./ Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496