DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1-20 recite in part process steps which, under the broadest reasonable interpretation, are a series of mental processes including an observation, evaluation, judgment or opinion that could be performed in the human mind or with the aid of pencil and paper. If a claim, under its broadest reasonable interpretation, covers a mental process or a mathematical concept but for the recitation of generic computer components, then it falls within the "Mental Process" grouping of abstract ideas. The claims recite in part:
performing a pre-analysis on a possibility of communication data being encrypted, to obtain a pre-analysis result;
calling, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data;
searching in a discriminative feature library for a matching prestored discriminative feature that matches the data feature, based on a feature value of the data feature and discriminative feature values of a plurality of prestored discriminative features in the discriminative feature library; and
determining, in response to the matching prestored discriminative feature being found, that the communication data is encrypted.
Therefore, claims 1-20 recite an abstract idea. This judicial exception is not integrated into a practical application. As described in MPEP 2106.0S(g), limitations that amount to merely adding insignificant extra-solution activity to a judicial exception cannot integrate a judicial exception into a practical application. Therefore, claims 1-20 are directed to a judicial exception.
Claims 1-20 do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Claims 1-20 are not patent eligible.
Examiner’s note
Claim 11 is not rejected under prior art(s).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4, 6-10, 12, 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yefei et al (CN115174212) (from Applicant’s IDS) in view of Fujiwara et al (Pub. No. US 2021/0064741).
As per claim 1, Yefei discloses an encryption detection method comprising:
performing a pre-analysis on a possibility of communication data being encrypted, to obtain a pre-analysis result (…perform entropy calculation on the captured network packets, and measure the amount of information contained in each message based on the calculated information entropy…If the information entropy is within the standard value range, the data is determined to be the original data that has not been encrypted; otherwise, the data is determined to be encrypted data that has been encrypted…see par. 5-7); searching in a discriminative feature library for a matching prestored discriminative feature that matches the data feature, based on a feature value of the data feature and discriminative feature values of a plurality of prestored discriminative features in the discriminative feature library and determining, in response to the matching prestored discriminative feature being found, that the communication data is encrypted (discriminating whether network data transmission is encrypted or not by using an entropy technology…carrying out network packet capture; entropy operation is carried out on the captured network packets, and the amount of information contained in each piece of information is measured according to the calculated information entropy; and comparing the calculated information entropy with a standard value in a matching library, if the information entropy is within a standard value range, determining that the network packet data is unencrypted original data, otherwise, determining that the network packet data is encrypted data…abst., par. 5-7). Yefei does not explicitly disclose calling, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data. However Fujiwara discloses calling, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data (the TEE trusted part processing unit, as a functional unit, includes a key changing unit that changes a key encryption key of a data key or a processing key…a confidential extraction query generation unit that generates a confidential extraction query that enables search and order comparison while data is kept encrypted, a data processing execution unit that executes analysis processing such as regression analysis and machine learning, a processing result aggregation processing unit that collects a plurality of processing results output by division processing executed in a case where a data amount of processing target data is larger than the TEE trusted part, an encryption unit that performs basic encryption, a searchable encryption unit that performs searchable encryption that enables search while data is kept encrypted, an order comparable encryption unit that performs order comparable encryption that enables order comparison while data is kept encrypted, and a decryption unit that decrypts encrypted data, a processing query, various pieces of key information…par. 67). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Fujiwara in Yefei for including the above limitations because one ordinary skill in the art would recognize it would further improve confidential information processing by analyzing data by machine learning by keeping confidential information concealed while suppressing an increase in response time of a processing result…by providing a confidential information processing system that performs data processing on encrypted data…see par. 8-10.
As per claim 16, Yefei discloses a computer device comprising: a processor; and a non-transitory computer-readable storage medium storing a computer program that, when executed by the processor, causes the processor to: perform a pre-analysis on a possibility of communication data being encrypted, to obtain a pre-analysis result (…perform entropy calculation on the captured network packets, and measure the amount of information contained in each message based on the calculated information entropy…If the information entropy is within the standard value range, the data is determined to be the original data that has not been encrypted; otherwise, the data is determined to be encrypted data that has been encrypted…see par. 5-7); search in a discriminative feature library for a matching prestored discriminative feature that matches the data feature, based on a feature value of the data feature and discriminative feature values of a plurality of prestored discriminative features in the discriminative feature library; and determine, in response to the matching prestored discriminative feature being found, that the communication data is encrypted (discriminating whether network data transmission is encrypted or not by using an entropy technology…carrying out network packet capture; entropy operation is carried out on the captured network packets, and the amount of information contained in each piece of information is measured according to the calculated information entropy; and comparing the calculated information entropy with a standard value in a matching library, if the information entropy is within a standard value range, determining that the network packet data is unencrypted original data, otherwise, determining that the network packet data is encrypted data…abst., par. 5-7). Yefei does not explicitly disclose calling, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data. However Fujiwara discloses call, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data (the TEE trusted part processing unit, as a functional unit, includes a key changing unit that changes a key encryption key of a data key or a processing key…a confidential extraction query generation unit that generates a confidential extraction query that enables search and order comparison while data is kept encrypted, a data processing execution unit that executes analysis processing such as regression analysis and machine learning, a processing result aggregation processing unit that collects a plurality of processing results output by division processing executed in a case where a data amount of processing target data is larger than the TEE trusted part, an encryption unit that performs basic encryption, a searchable encryption unit that performs searchable encryption that enables search while data is kept encrypted, an order comparable encryption unit that performs order comparable encryption that enables order comparison while data is kept encrypted, and a decryption unit that decrypts encrypted data, a processing query, various pieces of key information…par. 67). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Fujiwara in Yefei for including the above limitations because one ordinary skill in the art would recognize it would further improve confidential information processing by analyzing data by machine learning by keeping confidential information concealed while suppressing an increase in response time of a processing result…by providing a confidential information processing system that performs data processing on encrypted data…see par. 8-10.
As per claim 20, Yefei discloses a non-transitory computer-readable storage medium storing a computer program stored that, when executed by a processor, causes the processor to: perform a pre-analysis on a possibility of communication data being encrypted, to obtain a pre-analysis result (…perform entropy calculation on the captured network packets, and measure the amount of information contained in each message based on the calculated information entropy…If the information entropy is within the standard value range, the data is determined to be the original data that has not been encrypted; otherwise, the data is determined to be encrypted data that has been encrypted…see par. 5-7); search in a discriminative feature library for a matching prestored discriminative feature that matches the data feature, based on a feature value of the data feature and discriminative feature values of a plurality of prestored discriminative features in the discriminative feature library; and determine, in response to the matching prestored discriminative feature being found, that the communication data is encrypted (discriminating whether network data transmission is encrypted or not by using an entropy technology…carrying out network packet capture; entropy operation is carried out on the captured network packets, and the amount of information contained in each piece of information is measured according to the calculated information entropy; and comparing the calculated information entropy with a standard value in a matching library, if the information entropy is within a standard value range, determining that the network packet data is unencrypted original data, otherwise, determining that the network packet data is encrypted data…abst., par. 5-7). Yefei does not explicitly disclose calling, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data. However Fujiwara discloses call, in response to the pre-analysis result indicating that the possibility is greater than a preset possibility threshold, a data encryption discriminative model to extract a data feature from the communication data (the TEE trusted part processing unit, as a functional unit, includes a key changing unit that changes a key encryption key of a data key or a processing key…a confidential extraction query generation unit that generates a confidential extraction query that enables search and order comparison while data is kept encrypted, a data processing execution unit that executes analysis processing such as regression analysis and machine learning, a processing result aggregation processing unit that collects a plurality of processing results output by division processing executed in a case where a data amount of processing target data is larger than the TEE trusted part, an encryption unit that performs basic encryption, a searchable encryption unit that performs searchable encryption that enables search while data is kept encrypted, an order comparable encryption unit that performs order comparable encryption that enables order comparison while data is kept encrypted, and a decryption unit that decrypts encrypted data, a processing query, various pieces of key information…par. 67). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Fujiwara in Yefei for including the above limitations because one ordinary skill in the art would recognize it would further improve confidential information processing by analyzing data by machine learning by keeping confidential information concealed while suppressing an increase in response time of a processing result…by providing a confidential information processing system that performs data processing on encrypted data…see par. 8-10.
As per claim 2, the combination of Yefei and Fujiwara discloses wherein performing the pre-analysis includes: determining information entropy of the communication data according to information amount of the communication data; comparing the information entropy with an entropy threshold, to obtain a comparison result; and performing the pre-analysis based on the comparison result (Fujiwara: see par. 67). The motivation for claim 2 is the same motivation as in claim 1 above.
As per claim 3, the combination of Yefei and Fujiwara discloses wherein the pre-analysis result indicates that the possibility is: greater than the preset possibility threshold in response to the comparison result indicating that the information entropy is greater than or equal to the entropy threshold; and less than or equal to the preset possibility threshold in response to the comparison result indicating that the information entropy is less than the entropy threshold (Yefei: compare the calculated information entropy with the standard value in the matching library. If the information entropy is within the standard value range, then determine that the network packet data is the original data that is not encrypted; otherwise, determine that the network packet data is the encrypted data that has been encrypted…par. 35…the data processing center receives network data packets, preprocesses them, and sends the preprocessed data packets to the entropy calculation module. The entropy calculation module performs entropy calculation on the network data packets and returns the resulting entropy to the data processing center. The data processing center then sends the calculated entropy to the entropy value statistical analysis module for data encryption analysis…par. 40).
As per claim 4, the combination of Yefei and Fujiwara discloses obtaining a communication data packet from a communication system; extracting, using a data analysis tool and from the communication data packet, transmission data of the communication system, the communication data including at least one of multimedia data, document data, database data, webpage data, or protocol data; and performing preprocessing on the transmission data using the data analysis tool, to obtain the communication data, the preprocessing including at least one of data deduplication or data cleaning (Fujiwara: see par. 137-139). The motivation for claim 4 is the same motivation as in claim 1 above.
As per claim 6, the combination of Yefei and Fujiwara discloses determining, in response to the pre-analysis result indicating that the possibility is less than or equal to the preset possibility threshold, that the communication data is unencrypted (Yefei: see par. 40).
As per claim 7, the combination of Yefei and Fujiwara discloses determining, in response to no matching prestored discriminative feature being found, that the communication data is unencrypted (Yefei: the matching library provides standard values to the entropy statistical analysis module. If the information entropy is within the standard value range, the network data packet is determined to be the original data without encryption…see par. 40).
As per claim 8, the combination of Yefei and Fujiwara discloses generating, in response to the communication data being determined to be encrypted, a first discrimination result, and generating, in response to the communication data being determined to be unencrypted, a second discrimination result; and displaying the first discrimination result or the second discrimination result on an application interface according to a target format, the target format including one or more of an image, a text, a form, audio, and video (Yefei: the matching library can provide data types (i.e., which data needs to be encrypted and which data can be sent directly in its original form). After determining whether the data has been encrypted, the entropy value statistical analysis module can perform secure encryption on the data that needs to be encrypted but is not encrypted in the network data packet according to the data types provided by the matching library, and send the processing results to the report generation module…see par. 40-41).
As per claim 9, the combination of Yefei and Fujiwara discloses displaying, in response to the first discrimination result being displayed, one or two of a current encryption method and a current encryption strength of the communication data on the application interface; and displaying, in response to the second discrimination result being displayed, one or two of a recommended encryption method and a recommended encryption strength that match security of the communication data on the application interface (Yefei: par. 40-41, 157).
As per claim 10, the combination of Yefei and Fujiwara discloses obtaining a training sample set, the training sample set including a plurality of pieces of communication sample data each being a piece of encrypted communication sample data or a piece of unencrypted communication sample data; obtaining a plurality of sample features each being extracted from one of the plurality of pieces of communication sample data; and training an initial discriminative model according to the plurality of sample features, to obtain the data encryption discriminative model (Fujiwara: par. 67). The motivation for claim 10 is the same motivation as in claim 1 above.
As per claim 12, the combination of Yefei and Fujiwara discloses wherein: each piece of communication sample data in the training sample set carries a label; and training the initial discriminative model includes: generating, according to the sample feature of each piece of communication sample data, a predicted label of corresponding piece of communication sample data; and training the initial discriminative model using the predicted label of each piece of communication sample data and the label of the corresponding piece of communication sample data (Fujiwara: par. 137-139). The motivation for claim 12 is the same motivation as in claim 1 above.
As per claim 15, the combination of Yefei and Fujiwara discloses wherein determining that the communication data is encrypted includes: determining that the communication data is obtained through an encryption method corresponding to the matching prestored discriminative feature, and determining that the communication data is encrypted (Fujiwara: see par. 55, 136-137). The motivation for claim 15 is the same motivation as in claim 1 above.
As per claim 17, the combination of Yefei and Fujiwara discloses wherein the computer program, when executed by the processor, further causes the processor to, when performing the pre-analysis includes: determine information entropy of the communication data according to information amount of the communication data; compare the information entropy with an entropy threshold, to obtain a comparison result; and perform the pre-analysis based on the comparison result (Fujiwara: see par. 67). The motivation for claim 17 is the same motivation as in claim 16 above.
As per claim 18, the combination of Yefei and Fujiwara discloses wherein the pre-analysis result indicates that the possibility is: greater than the preset possibility threshold in response to the comparison result indicating that the information entropy is greater than or equal to the entropy threshold; and less than or equal to the preset possibility threshold in response to the comparison result indicating that the information entropy is less than the entropy threshold (Yefei: compare the calculated information entropy with the standard value in the matching library. If the information entropy is within the standard value range, then determine that the network packet data is the original data that is not encrypted; otherwise, determine that the network packet data is the encrypted data that has been encrypted…par. 35…the data processing center receives network data packets, preprocesses them, and sends the preprocessed data packets to the entropy calculation module. The entropy calculation module performs entropy calculation on the network data packets and returns the resulting entropy to the data processing center. The data processing center then sends the calculated entropy to the entropy value statistical analysis module for data encryption analysis…par. 40).
As per claim 19, the combination of Yefei and Fujiwara discloses wherein the computer program, when executed by the processor, further causes the processor to: obtain a communication data packet from a communication system; extract, using a data analysis tool and from the communication data packet, transmission data of the communication system, the communication data including at least one of multimedia data, document data, database data, webpage data, or protocol data; and perform preprocessing on the transmission data using the data analysis tool, to obtain the communication data, the preprocessing including at least one of data deduplication or data cleaning (Fujiwara: see par. 137-139). The motivation for claim 19 is the same motivation as in claim 16 above.
Claims 5, 14 are rejected under 35 U.S.C. 103 as being unpatentable Yefei et al (CN115174212) (from Applicant’s IDS) in view of Fujiwara et al (Pub. No. US 2021/0064741) as applied to claim 1 above, and in further view of Sun (CN113987543).
As per claim 5, the combination of Yefei and Fujiwara does not explicitly disclose obtaining, in response to the communication data being determined to be encrypted, current encryption strength of the communication data; comparing the current encryption strength with a preset strength threshold, to obtain a comparison result; and recommending, in response to the comparison result indicating that the current encryption strength is less than the preset strength threshold, encryption strength matching security of the communication data and greater than the current encryption strength. However Sun discloses obtaining, in response to the communication data being determined to be encrypted, current encryption strength of the communication data; comparing the current encryption strength with a preset strength threshold, to obtain a comparison result; and recommending, in response to the comparison result indicating that the current encryption strength is less than the preset strength threshold, encryption strength matching security of the communication data and greater than the current encryption strength (compare the comprehensive score of the encryption algorithm with the preset score threshold to obtain the comparison result…the preset score threshold includes a first preset score threshold and a second preset score threshold…the first preset score threshold is less than the second preset score threshold…this preset score threshold is the standard for measuring the encryption level of the encryption algorithm…determine the encryption level of the encryption algorithm based on the comparison results. The encryption levels include low encryption level, medium encryption level and high encryption level…par. 100-112). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Sun in the combination of Yefei and Fujiwara for including the above limitations because one ordinary skill in the art would recognize it would further ensure the security of encrypted data by monitoring data include collecting and parsing encrypted communication data that includes the communication protocol and encryption algorithm, par. 10-11.
As per claim 14, the combination of Yefei, Fujiwara and Sun discloses performing feature extraction on encrypted communication sample data to obtain the discriminative feature library, the encrypted communication sample data being obtained by encrypting corresponding unencrypted communication sample data; wherein the unencrypted communication sample data includes one or more types of: analogue communication data obtained by calling an analogue communication system for communication simulation, real communication data obtained by calling a real communication system for real communication; standard communication data randomly generated that satisfies a communication standard, and merged communication data obtained by merging at least two pieces of existing unencrypted communication sample data (Sun: n0030, n0060-62). The motivation for claim 14 is the same motivation as in claim 5 above.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Yefei et al (CN115174212) (from Applicant’s IDS) in view of Fujiwara et al (Pub. No. US 2021/0064741) as applied to claim 1 above, and in further view of Carley (Pub. No. US 2022/0067181).
As per claim 13, the combination of Yefei and Fujiwara does not explicitly disclose wherein: none of the plurality of pieces of communication sample data in the training sample set carries a label; and training the initial discriminative model includes: performing classification prediction on the plurality of pieces of communication sample data according to the plurality of sample features, to obtain a classification prediction result; and training the initial discriminative model using the classification prediction result. However Carley discloses wherein: none of the plurality of pieces of communication sample data in the training sample set carries a label; and training the initial discriminative model includes: performing classification prediction on the plurality of pieces of communication sample data according to the plurality of sample features, to obtain a classification prediction result; and training the initial discriminative model using the classification prediction result (the system may receive a corpus of unlabeled data…such data may include any now or hereafter known types of data that may be used for generating a machine learning model…the system may generate and assign discrete data units for labeling to different labeling devices and/or labeling users…for unlabeled data including images, a discrete data unit may include a subset of images with particular attributes that are sent to a labeling device for labeling or classification…certain users or labeling devices may not have access to privacy sensitive information, and the discrete data units assigned to such labeling devices or users may be identified to not include any privacy sensitive information…par. 49…the system may encrypt various model artifacts such as convergence results, evaluation metrics, the model data, checkpoints, and the model itself, and store them for further use and/or deployment for making predictions…par.58). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Carley in the combination of Yefei and Fujiwara for including the above limitations because one ordinary skill in the art would recognize it would further preserve the secrecy and integrity of machine learning models and/or datasets that have been found to be particularly vulnerable to adversarial perturbations and therefore enhance the integrity of machine learning models, par. 3-4.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to performing encryption detection on communication data based on machine learning.
Kim et al (Pub. No. US 2024/0061931); “Executable File Unpacking System and Method for Static Analysis of Malicious Code”;
-Teaches a pre-analysis unit that receives an input of a file to be detected…wherein the entropy-based packer detection module may extract the entropy value of the file to be detected and compare the value with a predefined threshold to guess whether the file is packed or not, and a step of, when it is guessed by the entropy-based detection that the file is packed, recovering IAT by tracing from an EP of the file to be detected…see par. 16-17.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499