METHOD AND APPARATUS FOR SECURING SENSOR DATA

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This is the initial office action has been issued in response to patent application, 18/946077, filed on 13 November 2024 with a foreign priority date of 10 June 2022. Claims 1-20, as originally filed, are currently pending and have been considered below. Information Disclosure Statement The information disclosure statement filed 11/13/2024, 06/03/2025, 08/13/2025 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shen et al. (US2017/0220817 A1, publish date 08/03/2017) in view of Ekambaram et al. (US2019/0163544 A1, publish date 05/30/2019). (on applicants IDS filed 11/13/2024) Claims 1, 8, 15: With respect to claims 1, 8, 15, Shen et al. discloses a method/an electronic device configured/a non-transitory computer-readable storage medium storing instructions to/for securing sensor data by an electronic device (to protect different types of real-time device sensed data monitored and/or collected by the electronic device 50 (e.g., sensor data collected by IoT devices for healthcare services, location data collected by mobile smartphones for Points of Interest (PoI) recommendations, television/movie data collected by smart televisions for television/movie recommendations and/or advertising services), 0038), the electronic device comprising: memory storing instructions (electronic device 50, Figure 1 and 11); and at least one processor, comprising processing circuitry, coupled to the memory, (processor 601, memory 603, Figure 11) wherein the instructions, when executed by the at least one processor, individually and/or collectively, cause the electronic device to/the method/the operations comprising: obtaining context information by fetching a plurality of sensor data by a plurality of applications (if the electronic device 50 is an IoT device, the real-time device sensed data comprises sensor data (e.g., data identifying contextual information, such as temperature, etc.) 0048); mapping the plurality of sensor data to the plurality of applications and storing the mapped plurality of sensor data (software sensors include software applications configured for one or more of the following: log search history of online searches performed via the electronic device 50, log usage of other software applications residing on the electronic device 50 (e.g., shopping applications, mobile payment applications, etc.), log browser history of a browser utilized on the electronic device 50, etc. 0047) (if the application 260 is a health application, code analysis of application code for the health application may identify one or more data accesses to obtain real-time device sensed data, such as BMI, etc, 0052); generating pre-processed information based on the context information and the mapped plurality of sensor data (a user 30 to provide user input specifying one or more privacy concern levels for one or more types of general private data, such as age, gender, etc., 0057) (to provide user input specifying one or more privacy concern levels for one or more types of real-time device sensed data requested by an application 260, such as blood glucose levels, blood pressure, etc., 0058); creating an inference category of the pre-processed information based on the pre-processed information and information from a database (privacy risk analysis, Inference models, Figure 4); and predicting at least one useful inference and at least one harmful inference of the plurality of sensor data based on the inference category, the context information and the plurality of sensor data (The privacy control manager 250 performs risk assessments on the data requested using the corresponding truncated risk analytics inference model 332, and generates a notification 460 indicating an inference risk level based on the risk assessments. For example, as shown in FIG. 8, the inference risk level may be “High”. The privacy control manager 250 determines which types of general private data may be inferred from the real-time device sensed data requested based on the corresponding truncated risk analytics inference model 332., 0105). Ekambaram et al. teaches timely access by applications 108/208 to sensor data from the user device 102 based on the current activity of the user 101, obtain access to motion sensor data only when the user 101 is walking rather than at all times (0040) applications can register user activities during which the applications need access to sensor data (e.g., from the OS of user device 102). Such registered user activities are examples of the above-described “legitimate” activities or activity types. (0046). predicting at least one useful inference and at least one harmful inference of the plurality of sensor data based on the inference category, the context information and the plurality of sensor data ([0048] "sensor data for specific activities (which match their registered legitimate activities)" or [0053] "activity detector selects from a list of activities that match current activity of the user of user device. The sensor data from user device are also provided to a data transformation module, which is configured to transform the data as described above (e.g., to encrypt or otherwise render the original sensor data unusable absent access to a transformation key)"; Those activities that match and are provided to the app are the "useful" activities the others are "harmful". This categorization is also provided [0031] "the term "leak" refers to an application receiving more information than is required to complete agreed upon functionality. As an example, the walking application receiving motion sensor data from user device when the user is sleeping represents a leak"). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Ekambaram et al. in Shen et al. to prevent applications from leaking private or sensitive data by restricting the categories of data which applications can access, may expose sensitive or confidential information. (see Ekambaram et al. 0025, 0035) Claims 2, 9: With respect to claims 2, 9, Shen et al. discloses wherein the information from the database includes a known set of the plurality of sensor data required with the inference category (listing each type of real-time device sensed data requested by a service provider 100 associated with the application 260. The data requested may include information that the user 30 considers non-private, such as “oil fat”, “water required”, etc. The data requested, however, may also include information that the user 30 considers private and from which general private data (e.g., age, whether the user 30 has diabetes, etc.) may be inferred, such as “blood pressure”, etc. Figure 7). Ekambaram et al. teaches wherein the information from the database includes a known set of the plurality of sensor data required with the inference category (Figure 2). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8. Claims 3, 10, 16: With respect to claims 3, 10, 16, the combination of Shen et al. Ekambaram et al. discloses the limitations of claims 1, 8, 15, as addressed. Ekambaram et al. teaches further comprising: encrypting or modifying, at least partially, the plurality of sensor data based on the inference category (transforming the sensor data may include encrypting the sensor data or otherwise rendering the sensor data unusable without access to the transformation key, 0046) (The sensor data from user device 102 are also provided to a data transformation module 408, which is configured to transform the data as described above (e.g., to encrypt or otherwise render the original sensor data unusable absent access to a transformation key), 0053); and utilizing and feeding the encrypted or modified plurality of sensor data (will select those applications whose legitimate registered activities match the current activity of the user 101 of user device 102. The transformation keys are output 416 to such selected applications 414 so that the selected applications 414 can demodulate or otherwise process the transformed data to obtain the original sensor data., 0078). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8, 15. Claims 4, 11, 17: With respect to claims 4, 11, 17, the combination of Shen et al. Ekambaram et al. discloses the limitations of claims 3, 10, 16, as addressed. Ekambaram et al. teaches wherein the encrypting or modifying, at least partially, the plurality of sensor data based on the inference category includes feeding the at least one useful inference and at least one harmful inference, in conjunction with the plurality of sensor data (transforming the sensor data may include encrypting the sensor data or otherwise rendering the sensor data unusable without access to the transformation key, 0046) (The sensor data from user device 102 are also provided to a data transformation module 408, which is configured to transform the data as described above (e.g., to encrypt or otherwise render the original sensor data unusable absent access to a transformation key), 0053) (will select those applications whose legitimate registered activities match the current activity of the user 101 of user device 102. The transformation keys are output 416 to such selected applications 414 so that the selected applications 414 can demodulate or otherwise process the transformed data to obtain the original sensor data., 0078). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8, 15. Claims 5, 12, 18: With respect to claims 5, 12, 18, the combination of Shen et al. Ekambaram et al. discloses the limitations of claims 3, 10, 16, as addressed. Ekambaram et al. teaches wherein the encrypting or modifying the plurality of sensor data based on the inference category comprises: abstracting various sub-portions of datatype of the plurality of sensor data (sensor data, in some embodiments, may relate to multiple distinct activities of the user 101 of user device 102. simultaneously walking and typing, 0055); identifying a portion of the plurality of sensor sub-data mapped for various inferences (Certain ones of the applications 108 may be provided access to typing sensor data but not walking sensor data, 0055); and encrypting or modifying the portion of the plurality of sensor sub-data, such that the useful inferences of the plurality of sensor data are made by the plurality of applications and the harmful inferences are not made (different types of sensor data (or sensor data associated with different types of activities) may have different transformations applied thereto by data transformation module 408. Thus, the key generation module 410 may generate multiple distinct transformation keys for different portions of the sensor data, Such distinct transformation keys may be provided to different ones of the applications 108 based on their associated legitimate activities (e.g., a first key provided to a walking application allowing the walking application to obtain original walking sensor data from transformed data streamed to the applications 108 from data transformation module 408, and a second key provided to a social media application allowing the social media application to obtain original typing sensor data from transformed data streamed to the applications 108 from data transformation module 408, etc.)., 0055) Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8, 15. Claims 6, 13, 19: With respect to claims 6, 13, 19, the combination of Shen et al. Ekambaram et al. discloses the limitations of claims 3, 10, 16, as addressed. Ekambaram et al. teaches wherein the utilizing the encrypted or modified plurality of sensor data includes at least one useful inference of the plurality of sensor data is made and used by the plurality of applications and the at least one harmful inference is not made ([0048] "sensor data for specific activities (which match their registered legitimate activities)" or [0053] "activity detector selects from a list of activities that match current activity of the user of user device. The sensor data from user device are also provided to a data transformation module, which is configured to transform the data as described above (e.g., to encrypt or otherwise render the original sensor data unusable absent access to a transformation key)"; Those activities that match and are provided to the app are the "useful" activities the others are "harmful". This categorization is also provided [0031] "the term "leak" refers to an application receiving more information than is required to complete agreed upon functionality. As an example, the walking application receiving motion sensor data from user device when the user is sleeping represents a leak"). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8, 15. Claims 7, 14, 20: With respect to claims 7, 14, 20, the combination of Shen et al. Ekambaram et al. discloses the limitations of claims 3, 10, 16, as addressed. Ekambaram et al. teaches wherein the encrypted or modified plurality of sensor data is fed into the plurality of applications of a hand-held device; and wherein the hand-held device includes at least one of a smartphone, mobile phone or a cellular phone (The mobile device 106 may be a smartphone, personal digital assistant (PDA), tablet, laptop, etc., 0027). Shen et al. and Ekambaram et al. are analogous art because they are from the same field of endeavor of secure sensor data. The motivation for combining Shen et al. and Ekambaram et al. is recited in claims 1, 8, 15. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892). Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468. The examiner can normally be reached on Monday - Friday from 9 am to 5 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HELAI SALEHI/ Examiner, Art Unit 2433 /JEFFREY C PWU/ Supervisory Patent Examiner, Art Unit 2433