Cryptographic Data Structure Management Across Security Domains

§101 §102 §112

DETAILED ACTION Notice of AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The supplemental amendment filed 2026-02-18 has been entered and fully considered. Election/Restrictions Applicant’s election with traverse of Invention I (claims 1-2 and 10-11) in the reply filed on 2026-02-17 is acknowledged. The traversal is on the grounds that the restricted claims are similar and that there is no search burden. This is not found persuasive. Although the restricted claims in the various inventive groups may share similarity or overlap, the restriction requirement does not consider the shared subject matter (aside from determining whether the inventions are completely independent or related but distinct). Rather, the restriction requirement for related but distinct inventions analyzes whether the differences between the respective inventive groups cause them to be patentably distinct. More particularly, if, among any set of identified inventions, each identified invention has at least one distinct element that is not an “obvious variation” of the other inventions (regardless of how much overlap the inventions share), then the inventions are mutually-exclusive and hence demonstrate two-way distinction; (“Related inventions in the same statutory class are considered mutually exclusive, or not overlapping in scope, if a first invention would not infringe a second invention, and the second invention would not infringe the first invention”, MPEP § 806.05). Further, Applicant has merely provided allegations of similarity between the restricted claims (e.g., “all directed to the same [nebulous] cryptographic data structure management method”), but did not amend the claims to similar scope or make a clear admission on the record that the inventions are not patentably distinct because they are all “obvious variations”, which would have been sufficient to successfully traverse the restriction requirement; See MPEP § 1504.05(III). Applicant further alleges a lack of search burden because of the similarity amongst the restricted claimed groups and that “all of claims 1 through 19 appear to fit within the scope of Cooperative Patent Classification (CPC) H04L 9/32”; however, the Examiner respectfully submits that the patentably distinct variations in the non-overlapping subject matter of the inventions would require employing different search queries, applying potentially different prior art, and analyzing the claims separately for different non-prior art issues under 35 U.S.C. 101 and/or 35 U.S.C. 112. Further, applicant points to a single CPC classification, but H04L 9/32 is not applicable to any of the claims because none of them deal user authentication. Further, the Examiner notes that applicant has focused on the similarity amongst the claimed groups but has not addressed the burden that would arise from searching and examining the patentability distinctions that exist amongst each of the restricted groups. Thus, the Examiner respectfully submits that a search burden exists and that the restriction is proper. The Examiner additionally notes that a search and examination burden exists if the prior art applicable to one invention would not likely be applicable to another invention; however, the Examiner will readily concede this point and withdraw the restriction requirement for any non-elected subject matter that Applicant demonstrates or concedes to be anticipated or rendered obvious by the cited prior art of record. The Examiner does note, however, that the presence of the linking claims does mean that the restriction requirement will be withdrawn with respect to all dependent claims of an allowed claim, though this is not germane to the propriety of the restriction requirement itself. Further, the Examiner notes that applicant is welcome to amend the independent claims during prosecution to include non-elected subject matter, as the restriction requirement is formed on the basis of the burden of determining patentability on the subcombinations separately. The requirement is still deemed proper and is therefore made FINAL. In view of the supplemental amendment filed 2026-02-18, the restriction requirement among Inventions I-VIII, as set forth in the Office action mailed on 2026-01-30, has been reconsidered. In particular, because the subcombinations of Inventions II-VII are no longer separately claimed, the restriction requirement is no longer applicable to their claims and thus claims 3-9 and 12-18 are no longer withdrawn from consideration. However, claim 19, directed to Invention VIII remains withdrawn from consideration. Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) is acknowledged. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea (35 U.S.C. 101 Judicial Exception) without significantly more. The claims recite transmitting data to another security domain based on a determination that the data may be shared, which is a form of observation, evaluation, judgment, and/or opinion, which is a concept performed in the human mind and thus grouped as Mental processes. This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, when considered separately and in combination, do not add significantly more to the abstract idea, as they are well-understood, routine, conventional computer functions as recognized by the courts. Based upon consideration of all the relevant factors with respect to the claimed invention as a whole, the claims are determined to be directed to an abstract idea without significantly more. The rationale for this determination is explained infra: The following are Principles of Law: A patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”; 35 U.S.C. § 101. The Supreme Court has consistently held that this provision contains an important implicit exception: laws of nature, natural phenomena, and abstract ideas are not patentable; See Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work.”). Notwithstanding that a law of nature or an abstract idea, by itself, is not patentable, an application of these concepts may be deserving of patent protection; See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293–94 (2012). In Mayo, the Court stated that “to transform an unpatentable law of nature into a patent-eligible application of such a law, one must do more than simply state the law of nature while adding the words ‘apply it.’” Mayo, 132 S. Ct. at 1294 (citation omitted). In Alice, the Court reaffirmed the framework set forth previously in Mayo “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of these concepts.” Alice, 134 S. Ct. at 2355. The test for determining subject matter eligibility requires a first step of determining whether the claims are directed to a process, machine, manufacture, or composition of matter. If the claims are directed to one of the four patent-eligible subject matter categories, then the Examiner must perform a two-part analysis to determine whether a claim that is directed to a judicial exception recites additional elements that amount to significantly more than the exception. The first part of the second step in the analysis is to “determine whether the claims at issue are directed to one of those patent-ineligible concepts.” Id. If the claims are directed to a patent-ineligible concept, then the second part of the second step in the analysis is to consider the elements of the claims “individually and ‘as an ordered combination”’ to determine whether there are additional elements that “‘transform the nature of the claim’ into a patent-eligible application.” Id. (quoting Mayo, 132 S. Ct. at 1298, 1297). In other words, the second step in the analysis is to “search for an ‘inventive concept’‒ i.e., an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent on the [ineligible concept] itself.’” Id. (brackets in original) (quoting Mayo, 132 S. Ct. at 1294). The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). In the “2019 Revised Patent Subject Matter Eligibility Guidance” (2019 PEG), the USPTO has prepared revised guidance for use by USPTO personnel in evaluating subject matter eligibility based upon rulings by the courts. The Examiner is bound by and applies the framework as set forth by the Court in Mayo and reaffirmed by the Court in Alice and follows the 2019 PEG for determining whether the claims are directed to patent-eligible subject matter. Step 1: Are the claims at issue directed to a process, machine, manufacture, or composition of matter? The Examiner finds that the claims are directed to one of the four statutory categories. Step 2A – Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon? The Examiner finds that the claims are directed to the abstract idea of transmitting data to another security domain based on a determination that the data may be shared, which is a form of observation, evaluation, judgment, and/or opinion, which is a concept performed in the human mind and thus grouped as Mental processes. Step 2A – Prong Two: Does the claim recite additional elements that integrate the Judicial Exception into a practical application? The abstract idea is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. In determining whether the abstract idea was integrated into a practical application, the Examiner has considered whether there were any limitations indicative of integration into a practical application, such as: (1) Improvements to the functioning of a computer, or to any other technology or technical field; See MPEP § 2106.05(a) (2) Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; See Vanda Memo (Recent Subject Matter Eligibility Decision: Vanda Pharmaceuticals Inc. v. West-Ward Pharmaceuticals) (3) Applying the judicial exception with, or by use of, a particular machine; See MPEP § 2106.05(b) (4) Effecting a transformation or reduction of a particular article to a different state or thing; See MPEP § 2106.05(c) (5) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception; See MPEP § 2106.05(e) and Vanda Memo The Examiner notes that clam features of: transmitting data to another security domain based on a determination that the data may be shared do not improve the functioning of a computer or technical field, do not effect a particular treatment or prophylaxis for a disease or medical condition, do not apply or use a particular machine, do not effect a transformation or reduction of a particular article to a different state or thing, and do not apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Instead of a practical application, the claim features of transmitting data to another security domain based on a determination that the data may be shared merely use a general-purpose computer as a tool to perform the abstract idea (See MPEP § 2106.05(f)) and merely generally link the use of the abstract idea to a field of use (See MPEP § 2106.05(h)). Thus, the Examiner finds that the claimed invention does not recite additional elements that integrate the Judicial Exception into a practical application. Step 2B: Is there something else in the claims that ensures that they are directed to significantly more than a patent-ineligible concept? The claims, as a whole, require nothing significantly more than generic computer implementation or can be performed entirely by a human. The additional element(s) or combination of element(s) in the claims other than the abstract idea per se amount to no more than recitation of generic computer structure (e.g. processor and memory) that serves to perform generic computer functions (e.g. receiving information, generating a data structure, determining something, generating another data structure, transmitting data, ...) that are well-understood, routine, and conventional activities previously known to the pertinent industry. The claimed first security domain, information, user identifier, action identifier, data elements, first data element, second data element, first security domain cryptographic data structure, qualification, security boundary, second security domain, second security data structure are all numbers, data structures, or datum. Each of these elements are individually dispositive of patent eligibility because of the following legal holdings: “Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101.” Digitech Image Techs., LLC v. Electronics for Imaging, Inc., 758 F.3d 1344, 1350 (Fed. Cir. 2014). The Supreme Court has also explained that “[a]bstract software code is an idea without physical embodiment,” i.e., an abstraction. Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007). A claim that recites no more than software, logic, or a data structure (i.e., an abstract idea) – with no structural tie or functional interrelationship to an article of manufacture, machine, process or composition of matter does not fall within any statutory category and is not patentable subject matter; data structures in ethereal, non-physical form are non-statutory subject matter. In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994); see Nuijten, 500 F.3d at 1357. Furthermore, the claimed invention does not have a specific asserted improvement in computer capabilities, nor is it a specific implementation of a solution to a problem in the software arts; See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016). Rather, the claims are merely directed towards transmitting data to another security domain based on a determination that the data may be shared, which is similar to ideas that the courts have found to be abstract, as noted supra, and the claims are without a “practical application” or anything “significantly more”. Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality. For example, receiving and transmitting data is even more generic than merely receiving or transmitting data over a network, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network). Further, generating data structures encompasses a form of storing and retrieving information in memory, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93. Further, determination processing of a binary decision is a generic form of performing repetitive calculations, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Flook, 437 U.S. at 594, 198 USPQ2d at 199 (recomputing or readjusting alarm limit values); Bancorp Services v. Sun Life, 687 F.3d 1266, 1278, 103 USPQ2d 1425, 1433 (Fed. Cir. 2012) (“The computer required by some of Bancorp’s claims is employed only for its most basic function, the performance of repetitive calculations, and as such does not impose meaningful limits on the scope of those claims.”). Further note that the abstract idea of transmitting data to another security domain based on a determination that the data may be shared to which the claimed invention is directed has a prior art basis outside of a computing environment, e.g. mail inspection. The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). Viewed as a whole, the claims simply recite the steps of using generic computer components. The claims do not purport, for example, to improve the functioning of the computer system itself. Nor does it effect an improvement in any other technology or technical field. Instead, the claims amount to nothing significantly more than an instruction to implement the abstract idea using generic computer components. This is insufficient to transform an abstract idea into a patent-eligible invention. The dependent claims likewise incorporate the deficiencies of a claim upon which they ultimately depend and are also directed to non-patent-eligible subject matter. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(d): (d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers. Claims 6, 8, 15, and 17 are rejected under 35 U.S.C. 112(d) as being of improper dependent form for failing to contain a reference to a claim previously set forth. Specifically, claim 6 refers to claim 9, which is subsequently set forth. Claim 15 is rejected under a similar rationale. The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Redlich et al. (US Pre-Grant Publication No. 20050138110-A1, hereinafter “Redlich”). With respect to independent claim 1, Redlich discloses a system for managing cryptographic data structures across a plurality of security domains, the system comprising: a processing unit comprising one or more processors {para. 0125: “any general purpose computer”}. a memory unit storing computer-readable instructions {para. 0125: a “computer medium which may be used to hold or contain the computer program product”}, wherein the system is configured to: receive, within a first security domain, information indicating a user performed an action {paras. 0138, 0196, 0317-0319, 0345-0348, and 0394: “the plaintext or the source document (data object) is created; (b) when the source document or data object is saved”}, wherein the information comprises: a user identifier configured to identify the user {paras. 0226, 0232, 0363-0370, 0408, and 0413-0414: “security systems identified each file with: owner”}, an action identifier configured to identify the action {paras. 0015, 0138, 0196, 0212, 0317-0319, 0345-0348, 0363-0370, and 0394: created files have “file names” and other “attributes”}, and a plurality of data elements relating to the action, the plurality of data elements comprising at least a first data element and a second data element {paras. 0129-0131: created files have “text, words, characters, icons or data objects”}. generate, within the first security domain, a first security domain cryptographic data structure that indicates a qualification of the user relating to the action {paras. 0310, 0321-0322, and 0334: “verifies that the originator 922a, identified by the digital signature, has the authority”}, the first security domain cryptographic data structure comprising both the first data element and the second data element {paras. 0310, 0321-0322, and 0334: “Originator at 922a digitally signs and sends the document to the file server”}. determine that at least the first data element can be shared across a security boundary with a second security domain, wherein the second security domain is at a different level of security than the first security domain {paras. 0205, 0216, 0297-0300, 0313-0317, and 0344: “identifying the communities of interest and the particular security level and security clearance for each community of interest” to determine if data objects may be disseminated}. based on the determination, generate a second security domain cryptographic data structure comprising the first data element {paras. 0205-0208, 0258-0259, and 0304: “create the multiple encryption or ML document or data object” such that each “user must retrieve his or her cipher key to decode all or a portion of the ML encrypted document or data object”}. transmit the second security domain cryptographic data structure across the security boundary to the second security domain {paras. 0205, 0216, 0297-0300, 0313-0317, and 0344: “peer to peer dissemination of data objects is quickly and readily available to all at the same or higher security levels”}. With respect to dependent claim 2, Redlich discloses wherein the system is further configured to determine that the second data element is not authorized to be shared across the security boundary to the second security domain; and generating the second security domain cryptographic data structure comprises causing the second security domain cryptographic data structure to comprise the first data element but to omit the second data element {para. 0198 and 0208-0215: “multiple filters may be useful in the operation of the system with a plurality of security levels. Each filter could filter out different levels of security sensitive items and each bundle or group of security sensitive items (from each distinct filter) could be stored at different computer storage locations”}. With respect to dependent claim 3, Redlich discloses wherein the plurality of data elements are records within at least one database, wherein the records are grouped together based on having matching key values associated with, at least one of, the user identifier and the action identifier {paras. 0317 and 0405: “document creators tag their documents, sign them digitally, and post them to a D&R file server 926, 932, which is actually a proxy using storage in the database servers 928,929, 930, 934, and others” – the databases are “relational databases”}. With respect to dependent claim 4, Redlich discloses wherein determining that the first data element can be shared across the security boundary with the second security domain comprises comparing the first data element, or a field thereof, to a data structure containing a plurality of authorizations indicating types of data elements that can be shared within respective security domains {paras. 0135, 0198-0202, and 0226: “a plurality of filters would be created, each filter associated with a different security level” such as for “government security levels”}. With respect to dependent claim 5, Redlich discloses wherein the action relates to a competency of the user in a particular area of expertise {para. 0228: “user 1, 2 or 3, each having a security clearance s1, s2 or s3, respectively”}, and wherein the information indicating the user performed the action is received from an issuing authority {para. 0228: “process 803 detects and confirms the user's clearance level”}. With respect to dependent claim 6, Redlich discloses wherein the system is further configured to determine that at least some of the plurality of data elements can be shared across a security boundary with a third security domain, wherein the third security domain is configured with a level of lower security than the second security domain, wherein a number of data elements that are shareable with the third security domain is less than a number of data elements that are shareable with the second security domain {paras. 0214, 0226, and 0344: “several filters are used, on one for each security level, whether hierarchical or orthogonal”}. With respect to dependent claim 7, Redlich discloses wherein the first security domain is isolated from the second security domain, and transmitting the second security domain cryptographic data structure across the security boundary to the second security domain comprises transmitting the second security domain cryptographic data structure to a cross-domain device that is configured to assess whether information can be shared between the first security domain and the second security domain {paras. 0303-0333: “Dispersion and Reassembly (D&R) server 926,932, (a MLS device connected to all networks), and database servers TS, S and U data servers (928, 929 and 930 in the upper domain and 934 in the lower domain) to support the D&R server's proxy document server functionality” to ensure the recipient will only be able to read to their clearance level}. With respect to dependent claim 8, Redlich discloses wherein the third security domain indexes the cryptographic data structure on a public repository such that members of the public can access content of the cryptographic data structure {para. 0297: “security level SL1 is public or non-confidential information”}. With respect to dependent claim 9, Redlich discloses wherein the system is further configured to: generate, within the first security domain, the first security domain cryptographic data structure that indicates a qualification of the user relating to the action {paras. 0310, 0321-0322, and 0334: “verifies that the originator 922a, identified by the digital signature, has the authority”}, the first security domain cryptographic data structure comprising both the first data element and the second data element {paras. 0129-013, 0310, 0321-0322, and 0334: “Originator at 922a digitally signs and sends the document to the file server”, and the created files have “text, words, characters, icons or data objects”}. after the first security domain cryptographic data structure is generated: receive a prompt to generate the second security domain cryptographic data structure to be shared across the security boundary with the second security domain {paras. 0147 and 0228: “user, typically at a computer terminal, inputs a reconstruction request 120”}. in response to the prompt, generate the second security domain cryptographic data structure {paras. 0205-0208, 0258-0259, and 0304: “create the multiple encryption or ML document or data object” such that each “user must retrieve his or her cipher key to decode all or a portion of the ML encrypted document or data object”}. With respect to claims 10-18, a corresponding reasoning as given earlier in this section with respect to claims 1-9 applies, mutatis mutandis, to the subject matter of claims 10-18; therefore, claims 10-18 are rejected, for similar reasons, under the grounds as set forth for claims 1-9. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is 571-270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William (“Bill”) Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Kevin Bechtel/ Primary Examiner, Art Unit 2491