DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after 16 March 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 23 August 2024. Claims 1, 8, and 15 are independent. Claims 1-20 are pending.
Priority
Acknowledgment is made of Applicant’s claim for domestic benefit priority. This application is a continuation of U.S. Patent Application No. 17/211,948, filed 25 March 2021.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 23 August 2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As per claim 19:
Claim 19 recites: “… wherein the identified data element corresponds to ...”. The term “the identified data element” makes the claims indefinite as it lacks proper antecedent basis.
Claim 15, which claim 19 depends on, talks about instructions to “identify the trusted data element”, while claim 19 refers to “the identified data element”, not “the identified trusted data element”. Claim 15 introduces “a data element” and separately “a trusted data element”. The verb “identify” in claim 15 applies to “the trusted data element,” not to “a/the data element” generally. Thus, no claim introduces “an identified data element”. The identification action in claim 15 is directed at “the trusted data element”, not “the data element”.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-11 and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Eldefrawy et al., US 2022/0052835 A1 (hereinafter, “Eldefrawy ‘835”), in view of Irwin, US 2014/0068265 A1 (hereinafter, “Irwin ‘265”), and further in view of Liu et al., US 2017/0006025 A1 (hereinafter, “Liu ‘025”).
As per claim 1: Eldefrawy ‘835 discloses:
A computer implemented method for protecting individual data elements within an unstructured dataset (a computer-implemented method for selectively encrypting and protecting portions of data, i.e., data subgroups, within unstructured data containers such as Microsoft Word files, Microsoft Excel files, image files, PDF files, and the like [Eldefrawy ‘835, ¶¶3, 9, 24, 93; Figs. 1-3]), the method comprising:
encrypting a data element within an unstructured dataset comprising generating a trusted data element encrypted using a specific key (selectively encrypting one or more data subgroups within an unstructured data container using encryption keys, such as AES-256 or RSA keys, to generate an encrypted ciphertext, where the encrypted data subgroup corresponds to a “trusted data element” [Eldefrawy ‘835, ¶¶7, 9, 43, 55, 67-74, 97; Figs. 2-3])
wherein the trusted data element is encapsulated and (the encrypted data subgroups are encapsulated with security attributes or security policies that are applied as metadata, e.g., XML tags, to the data subgroups, where the security attributes/policies determine which users are entitled to decrypt and access the data based on whether their decryption keys satisfy the security policy [Eldefrawy ‘835, ¶¶21-23, 73, 91, 94, 97]); and
(as stated above, metadata comprising security attributes or security policies is associated with the encrypted data subgroups [Eldefrawy ‘835, ¶¶73, 94]),
wherein the encrypted data element and the metadata are (the data subgroups are encrypted using data encryption keys, such as AES keys or RSA keys, and are associated with metadata including encryption policy information [Eldefrawy ‘835, ¶¶55, 67-74, 82]).
As stated above, while Eldefrawy ‘835 discloses encrypting data elements within unstructured data containers and associating the encrypted data with metadata containing security policy information to determine user entitlement, Eldefrawy ‘835 does not explicitly disclose the limitation “cryptographically bound” and “… metadata that identifies an access controller …”.
Irwin ‘265, however, discloses:
... wherein the trusted data element is encapsulated and cryptographically bound to metadata ... (a primary node configured to create a local encryption key to cryptographically bind metadata labels to data messages [Irwin ‘265, ¶¶7, 10, 12])
... cryptographically binding the encrypted data element to metadata ... (the security metadata is obtained and then cryptographically bound to the message using a local encryption key [Irwin ‘265, ¶¶10, 12, 35])
... wherein the encrypted data element and the metadata are cryptographically bound using data encryption keys ... (the security metadata for the source node is obtained and then cryptographically bound to the message using a local encryption key, where the message is later decoded using the local encryption key [Irwin ‘265, ¶¶7, 10, 12, 35]).
Eldefrawy ‘835 and Irwin ‘265 are analogous art because they are from the same field of endeavor, namely that of protecting data through encryption and associating security metadata with data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 and Irwin ‘265 before them, to modify the method in Eldefrawy ‘835 to include the teachings of Irwin ‘265, namely to implement the association between the encrypted data subgroups and the security policy metadata of Eldefrawy ‘835 using the cryptographic binding technique disclosed in Irwin ‘265, where the metadata is cryptographically bound to the data using encryption keys. A motivation for doing so would be to ensure that the metadata cannot be tampered with or separated from the data it protects, thereby maintaining the integrity of the security information associated with the protected data (see Irwin ‘265, ¶¶6-7, 27, 35).
As stated above, Eldefrawy ‘835 in view of Irwin ‘265 does not explicitly disclose the limitation “… metadata that identifies an access controller …”.
Liu ‘025, however, discloses:
... metadata that identifies an access controller (metadata received with protected media content includes a URL of a license server that acts as an access controller, where the license server is identified through the URL included in the metadata and determines whether access to the protected content is authorized [Liu ‘025, ¶¶27, 30, 33]) ...
Eldefrawy ‘835 (modified by Irwin ‘265) and Liu ‘025 are analogous art because they are from the same field of endeavor, namely that of protecting data through encryption and controlling access to protected content. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 (modified by Irwin ‘265) and Liu ‘025 before them, to modify the method in Eldefrawy ‘835 (modified by Irwin ‘265) to include the teachings of Liu ‘025, namely to include in the metadata associated with the encrypted data elements an identifier, such as a URL, that identifies the access controller responsible for managing access to the protected data, as disclosed in Liu ‘025. A motivation for doing so would be to enable the protected data elements to be properly routed to the correct access controller for authorization regardless of where the data travels, thereby ensuring consistent access control enforcement (see Liu ‘025, ¶¶27, 30).
As per claim 2: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
further comprising detecting an access attempt to the dataset (a decryption service receives a call from a user device to selectively decrypt one or more data subgroups within an encrypted document, where the call corresponds to detecting an access attempt to the dataset [Eldefrawy ‘835, ¶¶102-104]); and
determining whether the access attempt is acceptable according to access control information (the decryption service determines whether the user’s decryption keys satisfy the security policy assigned to the encrypted data subgroups, where decryption is possible only when the key attributes satisfy the security policy, i.e., the access control information [Eldefrawy ‘835, ¶¶22-23, 102-105]).
As per claim 3: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claims 1-2, as stated above, from which claim 3 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
further comprising denying the access attempt responsive to determining the access attempt is not acceptable according to the access control information (decryption is possible only when the key attributes satisfy the security policy; if the user’s decryption keys do not satisfy the security policy assigned to the encrypted data subgroups, the decryption service outputs an error and the data remains encrypted, thereby denying access to the data [Eldefrawy ‘835, ¶¶22-23, 36, 42, 105]).
As per claim 4: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claims 1-2, as stated above, from which claim 4 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
further comprising allowing the access attempt responsive to determining the access attempt is acceptable according to the access control information (when the user’s decryption keys satisfy the security policy assigned to the encrypted data subgroups, the decryption service selectively decrypts the data and provides the selectively decrypted document to the requesting user device, thereby allowing access to the data [Eldefrawy ‘835, ¶¶22-23, 105-106]).
As per claim 5: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the encrypted data element and the metadata are (the actual data is encrypted using a standardized symmetric encryption scheme, e.g., AES 256, where AES-256 is an industry standard encryption scheme [Eldefrawy ‘835, ¶¶7, 43, 55, 81]).
As stated above, Eldefrawy ‘835 does not explicitly disclose the limitation “… cryptographically bound …”.
Irwin ‘265, however, discloses:
... wherein the encrypted data element and the metadata are cryptographically bound ... (a primary node configured to create a local encryption key to cryptographically bind metadata labels to data messages [Irwin ‘265, ¶¶7, 10, 12, 35])
Eldefrawy ‘835 and Irwin ‘265 are analogous art because they are from the same field of endeavor, namely that of protecting data through encryption and associating security metadata with data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 (modified by Liu ‘025) and Irwin ‘265 before them, to modify the method in Eldefrawy ‘835 (modified by Liu ‘025) to include the teachings of Irwin ‘265.
As per claim 6: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 1, as stated above, from which claim 6 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the trusted data element corresponds to the data element containing confidential information (the encrypted data subgroups correspond to sensitive data requiring protection, such as information associated with clearance levels like TOP SECRET, SECRET, or CONFIDENTIAL, or fine-grained confidential information such as costs and fees [Eldefrawy ‘835, ¶¶4, 6, 21, 24]).
As per claim 7: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 1, as stated above, from which claim 7 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the data encryption keys are user defined (users select document fields to encrypt and specify decryption policy, i.e., which attributes should be used for each field, where encryption keys are generated for each user-specified attribute; accordingly, the encryption keys are user defined in the sense that they are determined based on user-specified attributes and policies [Eldefrawy ‘835, ¶¶48, 66, 91]) and
the metadata comprises required instructions on how to open and identify the trusted data element (metadata for the encryption includes the encryption policy with identifiers of the public keys of the attributes used for encryption, where the encryption policy and key identifiers provide the required instructions on how to open and identify the encrypted data subgroup [Eldefrawy ‘835, ¶73]).
As per claims 8-11: Claims 8-11 define a computer program product that recites substantially similar subject matter as the method of claims 1-4, respectively. Specifically, claims 8-11 are directed to a computer program product comprising one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising instructions to perform the computer-implemented method of claims 1-4, respectively. Thus, the rejection of claims 1-4 is equally applicable to claims 8-11, respectively.
As per claim 13: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claims 8-9, as stated above, from which claim 13 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the trusted data element corresponds to the data element containing confidential information (the encrypted data subgroups correspond to sensitive data requiring protection, such as information associated with clearance levels like TOP SECRET, SECRET, or CONFIDENTIAL, or fine-grained confidential information such as costs and fees [Eldefrawy ‘835, ¶¶4, 6, 21, 24]).
As per claim 14: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claims 8-9, as stated above, from which claim 14 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the data encryption keys are user defined (users select document fields to encrypt and specify decryption policy, i.e., which attributes should be used for each field, where encryption keys are generated for each user-specified attribute; accordingly, the encryption keys are user defined in the sense that they are determined based on user-specified attributes and policies [Eldefrawy ‘835, ¶¶48, 66, 91]) and
the metadata comprises required instructions on how to open and identify the trusted data element (metadata for the encryption includes the encryption policy with identifiers of the public keys of the attributes used for encryption, where the encryption policy and key identifiers provide the required instructions on how to open and identify the encrypted data subgroup [Eldefrawy ‘835, ¶73]).
As per claim 15: Claim 15 defines a computer system that recites substantially similar subject matter as the method of claim 1, with the additional limitations of claims 6 and 7 incorporated into the independent claim. Specifically, claim 15 is directed to a computer system comprising one or more computer processors, one or more computer-readable storage media, and program instructions stored on the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising instructions to perform the computer-implemented method of claim 1, wherein the trusted data element corresponds to the data element containing confidential information (as in claim 6), and wherein the data encryption keys are user defined and the metadata comprises required instructions on how to open and identify the trusted data element (as in claim 7). Thus, the rejection of claims 1, 6, and 7 is equally applicable to claim 15.
As per claims 16-18: Claims 16-18 define a computer system that recites substantially similar subject matter as the method of claims 2-4, respectively. Specifically, claims 16-18 are directed to a computer system comprising one or more computer processors, one or more computer-readable storage media, and program instructions stored on the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising instructions to perform the computer-implemented method of claims 2-4, respectively. Thus, the rejection of claims 2-4 is equally applicable to claims 16-18, respectively.
As per claim 19: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 15, as stated above, from which claim 19 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the identified data element corresponds to a data element containing confidential information (the encrypted data subgroups correspond to sensitive data requiring protection, such as information associated with clearance levels like TOP SECRET, SECRET, or CONFIDENTIAL, or fine-grained confidential information such as costs and fees [Eldefrawy ‘835, ¶¶4, 6, 21, 24]).
As per claim 20: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claims 15-16, as stated above, from which claim 20 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
further comprising instructions to (in response to determining that the user’s key attributes satisfy the security policy, allowing access to the data by decrypting the data subgroups for the authorized user [Eldefrawy ‘835, ¶¶22-23, 102-106]).
As stated above, Eldefrawy ‘835 does not explicitly disclose the limitation “… notify an external system to allow access …”.
Irwin ‘265, however, discloses:
... notify an external system to allow access to the data element ... (in response to determining that the external interface security metadata and source security metadata are compatible, the message is sent to the external interface, thereby notifying the external system to allow access [Irwin ‘265, ¶¶31-32, 34])
Eldefrawy ‘835 (modified by Liu ‘025) and Irwin ‘265 are analogous art because they are from the same field of endeavor, namely that of protecting data through encryption and controlling access based on security metadata. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 (modified by Liu ‘025) and Irwin ‘265 before them, to modify the method in Eldefrawy ‘835 (modified by Liu ‘025) to include the teachings of Irwin ‘265, namely to implement the access control system of Eldefrawy ‘835 to notify an external system or interface when access is determined to be acceptable, as disclosed in Irwin ‘265. A motivation for doing so would be to enable the protected data elements to be accessed through external systems or interfaces while maintaining consistent access control enforcement across distributed system components (see Irwin ‘265, ¶¶6-7, 32).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Eldefrawy ‘835, in view of Irwin ‘265, and further in view of Liu ‘025, and further in view of Madden, US 2021/0258167 A1 (hereinafter, “Madden ‘167”).
As per claim 12: Eldefrawy ‘835 in view of Irwin ‘265, and further in view of Liu ‘025 discloses all limitations of claim 8, as stated above, from which claim 12 is dependent upon. Furthermore, Eldefrawy ‘835 discloses:
wherein the encrypted data element and the metadata are (the data subgroups are encrypted using data encryption keys, such as AES keys or RSA keys, and are associated with metadata including encryption policy information [Eldefrawy ‘835, ¶¶55, 67-74, 82]).
As stated above, Eldefrawy ‘835 does not explicitly disclose the limitations “cryptographically bound” and “data encryption keys that are stored in keystores and are protected internally in a key hierarchy”.
Irwin ‘265, however, discloses:
... wherein the encrypted data element and the metadata are cryptographically bound using data encryption keys ... (a primary node configured to create a local encryption key to cryptographically bind metadata labels to data messages [Irwin ‘265, ¶¶7, 10, 12, 35])
Eldefrawy ‘835 (modified by Liu ‘025) and Irwin ‘265 are analogous art because they are from the same field of endeavor, namely that of protecting data through encryption and associating security metadata with data. For the reasons stated in claim 8, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 (modified by Liu ‘025) and Irwin ‘265 before them, to modify the method in Eldefrawy ‘835 (modified by Liu ‘025) to include the teachings of Irwin ‘265.
As stated above, Eldefrawy ‘835 in view of Irwin ‘265 does not explicitly disclose the limitation “data encryption keys that are stored in keystores and are protected internally in a key hierarchy”.
Madden ‘167, however, discloses:
... data encryption keys that are stored in keystores and are protected internally in a key hierarchy (an untrusted keystore stores keys in keyblocks; the keys are protected internally in a key hierarchy with a root key block protection key (KBPK) having one or more class KBPKs, and each class KBPK having one or more keyblock KBPKs, such that keys at each level of the hierarchy are protected by encryption using keys from the level above [Madden ‘167, ¶¶39-41, 46, 49, 54])
Eldefrawy ‘835 (modified by Irwin ‘265 and Liu ‘025) and Madden ‘167 are analogous art because they are from the same field of endeavor, namely that of secure key management for cryptographic operations. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Eldefrawy ‘835 (modified by Irwin ‘265 and Liu ‘025) and Madden ‘167 before them, to modify the method in Eldefrawy ‘835 (modified by Irwin ‘265 and Liu ‘025) to include the teachings of Madden ‘167, namely to store the data encryption keys in keystores and to protect the keys internally using a key hierarchy, as disclosed in Madden ‘167. A motivation for doing so would be to provide secure key management with limited secure storage requirements, where the hierarchical structure enables verification that no keys have been removed or added while minimizing the amount of secure storage needed (see Madden ‘167, ¶¶2-3, 61).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Wong et al., US 20160148021 A1: A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key.
Feng et al., US 20170104762 A1: parse a file into a plurality of nodes. The computing device may associate, based on the parsing, at least a first encryption policy with a first node of the plurality of nodes. The computing device may associate, based on the parsing, at least a second encryption policy with a second node of the plurality of nodes.
Negrea et al., US 20150096053 A1: a method and corresponding content protection server for managing access to electronic content comprise retrieving access policies, or permissions, associated with a content item from a corresponding content sharing application, or rights issuer.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN L KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ALAN L KONG/
Examiner, Art Unit 2494
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494