Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to Application filed on March 27, 2025. Claims 1-14 are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/27/2025 is being considered by the examiner.
Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The term “meaningful text string” in lines 8 of claims 1 and 14 is a relative term which renders the claims indefinite. The term “meaningful” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. For purposes of examination, Examiner will assume that the limitation reads ’[discriminating] a text string’.
Referring to claims 1 and 14, the claims recite the limitation “..converting the text string of the sensitive information..” in lines 9-10 of the respective claims. However, it is unclear as to which of the plurality of instances of the text strings of the log data is being referenced by this limitation- i.e. the text string recitations in lines 5, 6, 7 of the respective claims, and the Examiner interpreted ‘(discriminated) text string’ in line 8 of the respective claims, as addressed above. Examiner submits that the detection of sensitive information step recites two different text strings of the log data in lines 6-7 of the claims. For purposes of examination, Examiner will assume that the limitation reads ““..converting the text strings of the sensitive information..”.
Claim 4 recites the limitation “..for discriminating the text string of the log data” in line 3. However it is unclear as which of the plurality of instances of the text strings of the log data recited in claim 1, from which the claim depends, is being referenced by this limitation. For purposes of examination, Examiner will assume that the limitation reads “..for discriminating a text string of the log data”.
Claim 7 recites the limitation "the past conversion process" in line 3. There is insufficient antecedent basis for this limitation in the claim. For purposes of examination, Examiner will assume that the limitation reads “..a past conversion process”.
Claim 10 recites the limitation "the .. transmission for each line of the log data" in lines 3-4. However the term ‘the transmission ..of the log data’ lacks antecedent basis in the claim. For purposes of examination, Examiner will assume that the limitation reads “a transmission..”.
All claims depending from the aforenoted claims are also rejected by virtue of their dependencies.
Due to the 35 USC 112 rejections, the claims have been examined as best understood by the Examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1, 13 and 14 recite: acquiring log data to be transmitted between apparatuses constituting a blockchain network; discriminating a text string of the log data; detecting, as sensitive information, a text string of the log data based on a specific text set as a mark in a pre-setting, and a text string of the log data that is not discriminated based on a dictionary function for discriminating a meaningful text string; and performing a conversion process of converting the text string of the sensitive information into a different text or symbol.
The limitations of discriminating a text string of the log data; detecting, as sensitive information, a text string of the log data based on a specific text set as a mark in a pre-setting, and a text string of the log data that is not discriminated based on a dictionary function for discriminating a meaningful text string; and performing a conversion process of converting the text string of the sensitive information into a different text or symbol, as drafted, are processes that, under their broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “a processor” (in claim 1) nothing in the claim limitations precludes the steps from practically being performed in the mind. For example, but for the “a processor’ language (claim 1), “discriminating a text string of log data”, “detecting, as sensitive information, text strings of the log data based on set specific text and based on a dictionary function..” and “converting the text string of the sensitive information into a different text or symbol” in the context of these claims encompasses the user performing the discriminating, detecting, and converting steps in the human mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes’ grouping of abstract ideas. Accordingly, the claims recite an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional step of: acquiring log data to be transmitted between apparatuses constituting a blockchain network.
The acquiring step is recited at a high level of generality (i.e. as a general means of acquiring log data from a network) and amounts to mere data gathering, which is a form of insignificant extra-solution activity.
The combination of this additional step is no more than mere instructions to apply the exception using generic computer components (i.e. the processor). Accordingly, even in combination, this additional step does not integrate the abstract idea into a practical application because it does not impose meaningful limits on practicing the abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the processor is a generic computer processor which performs the acquiring step. Furthermore, this function is similar to those found by the courts to be well- understood, routine, and conventional when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity, namely Symantec (receiving or transmitting data over a network, e.g., using the Internet to gather data). As such, the acquiring step is well understood, routine and conventional activity performed by generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
Claims 2-7 depend from claim 1 and thus include all the limitations of claim 1, therefore claims 2-7 recite the same abstract idea of "mental process". Claims 2-7 furthermore recite: (claim 2) in the log data, detect a text string including the specific text, as the sensitive information; (claim 3) in the log data, detect a text string sandwiched between the specific text or between a text string including the specific text, as the sensitive information; (claim 4) use a dictionary function for discriminating the text string of the log data; and detect a text string sandwiched between a text string that is not discriminated based on the dictionary function, as the sensitive information; (claim 5) determine a text string after conversion by the conversion process according to a type of the sensitive information; (claim 6) in the pre-setting, apply a rule for listing the specific text, a rule for classifying a type of the sensitive information, and a rule for determining a conversion range, to the conversion process; and (claim 7) in the pre-setting, apply statistical data of the past conversion process for the sensitive information, to the conversion process.
All of these limitations recite mental steps.
Claims 2-7 do not recite any additional elements that would integrate the judicial exception into a practical application or teach significantly more than the judicial exception. Claims 2-7 are therefore not patent eligible.
Claim 8 depends from claim 1 and thus include all the limitations of claim 1, therefore claim 8 recites the same abstract idea of "mental process".
This judicial exception is not integrated into a practical application. In particular, the claim recites the additional steps of: transmitting conversion-processed log data to another apparatus constituting the blockchain network; and acquiring feedback data having an analysis result of the conversion-processed log data from the other apparatus.
The recitation of the acquiring of feedback data step is recited at a high level of generality (i.e. as a general means of receiving feedback from an apparatus on the blockchain network) and amounts to mere data gathering, which is a form of insignificant extra-solution activity. The transmission of the conversion-processed log data to another apparatus on the network is also recited at a high level of generality and is considered insignificant extra-solution activity.
The combination of these additional steps are no more than mere instructions to apply the exception using generic computer components (i.e. the processor). Accordingly, even in combination, these additional steps do not integrate the abstract idea into a practical application because they do not impose meaningful limits on practicing the abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the processor is a generic computer processor which performs the transmitting and acquiring of feedback data over the network steps. Furthermore, these functions are similar to those found by the courts to be well- understood, routine, and conventional when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity, namely the transmission and acquiring of feedback data steps similar to Symantec (receiving or transmitting data over a network, e.g., using the Internet to gather data). As such, the transmission and acquiring of feedback data steps are well understood, routine and conventional activity performed by generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim 9 depends from claim 8 and thus include all the limitations of claim 8, therefore claim 9 recites the same abstract idea of "mental process". Claim 9 furthermore recites: in the pre-setting, receiving an update of a detection target of the sensitive information based on the analysis result.
The receiving an update of a detection target of the sensitive information is considered a mental step.
The claim does not recite any additional elements that would integrate the judicial exception into a practical application or teach significantly more than the judicial exception. Claim 9 is therefore not patent eligible.
Claim 10 depends from claim 1 and thus include all the limitations of claim 1, therefore claim 10 recites the same abstract idea of "mental process". Claim 10 furthermore recites: performing the conversion process and transmission for each line of the log data, in response to a command operation by another apparatus constituting the blockchain network.
The performing the conversion process step is considered a mental step.
This judicial exception is not integrated into a practical application. In particular, the claim recites the additional step of: transmission for each line of the log data, in response to a command operation by another apparatus constituting the blockchain network.
The recitation of the command operation step is recited at a high level of generality (i.e. as a general means of inputting a command from a device on a blockchain network) and amounts to mere data gathering, which is a form of insignificant extra-solution activity. The transmission of the log data is also recited at a high level of generality and is considered insignificant extra-solution activity.
The combination of this additional step is no more than mere instructions to apply the exception using generic computer components (i.e. the processor). Accordingly, even in combination, this additional step does not integrate the abstract idea into a practical application because it does not impose meaningful limits on practicing the abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the processor is a generic computer processor which performs the transmission and receiving of the command operation over the network steps. Furthermore, these functions are similar to those found by the courts to be well- understood, routine, and conventional when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity, namely the transmission and receiving of the command operation steps similar to Symantec (receiving or transmitting data over a network, e.g., using the Internet to gather data). As such, the transmission and receiving of the command operation steps are well understood, routine and conventional activity performed by generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claims 11 and 12 depend from claim 10 and thus include all the limitations of claim 10, therefore claims 11 and 12 recite the same abstract idea of "mental process". Claims 11 and 12 furthermore recite: (claim 11) in a case where the conversion process is performed in response to the command operation, determine a prohibited operation including an acquisition operation of the sensitive information by the other apparatus; and (claim 12) wherein the prohibited operation includes, in addition to editing and deleting of the text string of the log data, any one of operation for viewing, creating, editing, or deleting a directory that is unrelated to system maintenance.
The determination of a prohibited operation is considered a mental step.
The claims do not recite any additional elements that would integrate the judicial exception into a practical application or teach significantly more than the judicial exception. Claims 11 and 12 are therefore not patent eligible.
To expedite a complete examination of the instant application, the claims rejected under 35 U.S.C. 101 (nonstatutory} above are further rejected as set forth below in anticipation of applicant amending these claims to place them within the four statutory categories of the invention.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1, 2, and 5-14 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US PGPub 2023/0367903 by Dande et al (hereafter Dande).
Referring to claim 1, Dande discloses a confidential information processing apparatus comprising a processor [server 170 comprising processor 172, Fig 1, para 149], wherein the processor is configured to:
acquire log data to be transmitted between apparatuses constituting a blockchain network [wherein obfuscation engine 188 accesses a task log 104, para 150, Fig 6, element 602; Fig 3; task logs sent from server 170 to third-party vendors 122, para 33; block-chain ledgers 160 in blockchain network 140 are assigned to corresponding third-party vendors 122, para 126, Fig 1];
discriminate a text string of the log data [wherein a portion of the task log 104 such as a line of text, or number of lines and words 332 within the portion of the task log are selected, para 151-152, Fig 6, elements 604-606];
detect, as sensitive information, a text string of the log data based on a specific text set as a mark in a pre-setting [wherein it is determined that word 332 is among keywords 334 included among the confidential information 180 within the task log 104, para 106, 153, Fig 6, element 608; the training dataset 194 (used by the machine learning module 190 implemented by the obfuscation engine 188) stores the confidential information 180- wherein if a historical task log includes confidential information, the confidential information 180 is marked (indicated as confidential information) (reads on: mark), para 60-62; machine learning model 190 is implemented by a set of rules (reads on: presetting) to identify the confidential information 180, e.g. a rule that indicates if a word is followed by a port number, it is a confidential information 180 etc., para 64], and
a text string of the log data that is not discriminated based on a dictionary function for discriminating a meaningful text string [wherein a word (e.g. a third word 332) is determined to be a neighboring word to the selected word from the task log- a template pattern is generated that includes the selected word 332 and the third word 332 (indicated as confidential information) even if the third word 332 is not among the keywords 334 (in the confidential information 180 stored in training dataset 194), para 155,106; Fig 6, elements 610-612]; and
perform a conversion process of converting the text string of the sensitive information into a different text or symbol [a template pattern is generated that comprises the selected word 332 and neighboring words (third word 332) that are associated with the word and is obfuscated, para 155-156, Fig 6, elements 612-614; the obfuscation of the template pattern is performed by encrypting the words 332 using an encryption function such as SHA or MD5, para 124, 156].
Referring to claim 14, the limitations of the claim are similar to those of claim 1 in the form of a method [Dande, method, Abstract; Fig 6 and corresponding portions of specification]. As such, claim 14 is rejected for the same reasons as claim 1.
Referring to claim 2, Dande discloses: in the log data, detecting a text string including the specific text, as the sensitive information [a word followed by a port number is considered confidential information, para 64; words such as port, database name, and hostname are confidential information abased on the training dataset, para 104].
Referring to claim 5, Dande discloses: determining a text string after conversion by the conversion process according to a type of the sensitive information [a pattern 192 that includes confidential information types such as port 320, database name 322, hostname 324 and DBMS 326 and user 328 is used as a template to identify and detect similar patterns 192 that include the confidential information types above in the task logs, para 105].
Referring to claim 6, Dande discloses that: in the pre-setting, apply a rule for listing the specific text [set of rules to identify confidential information are used in order to include (i.e. list) within a template pattern that is then obfuscated, para 64, obfuscation of template pattern, Fig 6, element 614], a rule for classifying a type of the sensitive information [set of rules to identify confidential information include that if a word is followed by a port number or a date or timestamp (i.e. type), it is confidential information, see also server name as type, para 64], and a rule for determining a conversion range, to the conversion process [set of rules to identify confidential information include that if a word is followed by a port number or a date or timestamp, it is confidential information, para 64].
Referring to claim 7, Dande discloses that: in the pre-setting, apply statistical data of the past conversion process for the sensitive information, to the conversion process [machine learning module determines a probability score 196 of confidentiality for each portion of the task log by extracting features (e.g. vector of numerical values) of the portion of the task log and comparing them with features of previously known confidential information in the training data set, para 119; confidential information is obfuscated, Fig 6, element 608-614].
Referring to claim 8, Dande discloses: transmitting conversion-processed log data to another apparatus constituting the blockchain network [task logs with obfuscated confidential information are sent to third party vendors 122, para 11-12, 31, Fig 1; each blockchain ledger 160 is associated with a particular application 102 associated with a particular vendor 122, para 126]; and acquire feedback data having an analysis result of the conversion-processed log data from the other apparatus [privacy violation detected when a vendor receives and accessed confidential information within a task log associated with another vendor, para 137].
Referring to claim 9, Dande discloses that: in the pre-setting, receive an update of a detection target of the sensitive information based on the analysis result [message to authorities and respective users to initiate investigation of detected anomaly is sent, para 138].
Referring to claim 10, Dande discloses: performing the conversion process and transmission for each line of the log data, in response to a command operation by another apparatus constituting the blockchain network [anomaly detection engine 198 within server 170 accesses blockchain network 140 and conducts a blockchain transaction 162 on task log 104, the blockchain transaction associated with obfuscating the confidential information, para 163-164, Fig 7, elements 702-704; obfuscation of confidential information performed for all portions of the accessed task log, Fig 6, element 616-618].
Referring to claim 11, Dande discloses that: in a case where the conversion process is performed in response to the command operation, determine a prohibited operation including an acquisition operation of the sensitive information by the other apparatus [anomaly detection engine 198 determines whether the blockchain transaction conducted is an anomaly and unexpected, para 166, Fig 7, element 708].
Referring to claim 12, Dande discloses that the prohibited operation includes, in addition to editing and deleting of the text string of the log data [blockchain transaction 162 includes obtaining the confidential information 180 from the machine learning module, para 127; blockchain ledger 160 with blockchain transactions updated to include any addition, modification, deletion, obfuscation that occurred in respective log files 104, para 135], any one of operation for viewing, creating, editing, or deleting a directory that is unrelated to system maintenance [blockchain transaction 162 is removed from blockchain ledger 160, Fig 7, element 710].
Referring to claim 13, Dande discloses a data transmission and reception system comprising: the confidential information processing apparatus according to claim 1 [system 100, Abstract; Fig 1].
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub 2023/0367903 by Dande et al (hereafter Dande), as applied to claim 1 above, and further in view of US Patent 10,963,590 issued to Dash et al (hereafter Dash).
Referring to claim 3, Dande discloses all of the above claimed subject matter and also discloses detecting a text string followed by a specific text as the sensitive information [word followed by a port number is considered confidential information, para 64; words such as port, database name, and hostname are confidential information abased on the training dataset, para 104]. However it remains silent as to the text string being sandwiched between the specific text or between a text string including the specific text, as the sensitive information. Dash discloses that service request communications within a service request document are enclosed by note entry tags and include sensitive customer information [col. 5, lines 53-62, Fig 2B]. Dash also discloses that general text pre-processing is performed on the actual text (excerpt 200B) enclosed in the note entry tags as part of a tokenization process of anonymization logic 160 to determine tokens including sensitive information [col. 6, line 9 – col. 7, line 21, Fig 2B, 5].
Dande and Dash are analogous art because they are directed to the same field of endeavor- analyzing documents to detect sensitive information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the detected confidential information type of Dande to include the note entry tags of Dash because it would achieve predicable results.
The ordinary skilled artisan would have been motivated to make this modification because the extraction of service document data enclosed within the note entry tags as containing sensitive information in Dash further refines the set of rules for determining confidential information in Dande.
Referring to claim 4, Dande discloses all of the above claimed subject matter and also discloses using a dictionary function for discriminating the text string of the log data [Dande, wherein it is determined that word 332 is among keywords 334 included among the confidential information 180 within the task log 104, para 106, 153, Fig 6, element 608; the training dataset 194 stores the confidential information 180, para 60-62] and detecting a text string that is not discriminated based on the dictionary function, as the sensitive information [Dande, wherein a word determined to be a neighboring word to the selected word from the task log is selected as confidential information to include in generated template pattern even if the third word 332 is not among the keywords 334 (in the confidential information 180 stored in training dataset 194), para 155,106; Fig 6, elements 610-612].
However Dande does not teach that the text string sandwiched between a text string is detected as sensitive information. Dash discloses that service request communications within a service request document are enclosed by note entry tags and include sensitive customer information [col. 5, lines 53-62, Fig 2B]. Dash also discloses that general text pre-processing is performed on the actual text (excerpt 200B) enclosed in the note entry tags as part of a tokenization process of anonymization logic 160 to determine tokens including sensitive information [col. 6, line 9 – col. 7, line 21, Fig 2B, 5].
Dande and Dash are analogous art because they are directed to the same field of endeavor- analyzing documents to detect sensitive information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the detected confidential information type of Dande to include the note entry tags of Dash because it would achieve predicable results.
The ordinary skilled artisan would have been motivated to make this modification because the extraction of service document data enclosed within the note entry tags as containing sensitive information in Dash further refines the set of rules for determining confidential information in Dande.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Allen et al (US 10,380,355) directed to: obfuscation of sensitive user content in structured user files [Abstract; Fig 1-4, and 7 and corresponding portions of specification]; and
Spertus et al (US 10,326,772) directed to: anonymization of log entries including pattern detection to determine sensitive data [Abstract; Fig 3-4 and corresponding portions of specification].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHERYL M SHECHTMAN whose telephone number is (571)272-4018. The examiner can normally be reached on Mon-Fri: 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amy Ng can be reached on 571-270-1698. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
CHERYL M SHECHTMANPatent Examiner
Art Unit 2164
/C.M.S/
/AMY NG/Supervisory Patent Examiner, Art Unit 2164