DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 29 January 2021 has been entered.
 
Response to Arguments
Applicant's arguments filed 29 January 2021 have been fully considered but they are not persuasive.
In response to applicant’s arguments that the cited references do not teach “corresponding encryption keys…with other keys,” page 12, lines 7-10, the examiner respectfully disagrees.
O’Connor teaches a system wherein individual fields within a record may each be encrypted with different encryption keys or combinations of keys (Para. 66, 67).  For example, paragraph 66 states “an administrator may choose the key “All 
O’Connor further teaches sending encrypted data to the user device based on a received request, wherein the user device decrypts the data using the corresponding keys (Para. 55, 56, 59, 82, 83, 92).
Freeman teaches a system wherein selected data fields of a record or row may be encrypted by a database management system using a key of an authorized user (Para. 24, 37, 39).
Shoshan also teaches a system wherein individual fields within a record may each be encrypted with different encryption keys or combinations of keys (Para. 54, 55).  For example, each field may be encrypted with a different encryption key, wherein each encryption key may be associated with a single user or a set of users.  The entire record may be encrypted at the cloud in addition to the field-level encryption (Para. 62).
Shoshan further teaches providing the requested record to the client device, decrypting the fields that the user is authorized to decrypt, and presenting the record with the decrypted fields and the encrypted fields (Para. 58, 59).
Combining the references brings about a system wherein corresponding encryption keys provide at sub-row block of data level encryption so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data when receiving a larger block of data with other sub-row blocks encrypted with other keys.  Therefore, the claimed limitations are taught by the combination of the references. 

Claim Interpretation
The following is the examiner’s interpretation of and suggestions for portions of the claims:
It should be noted that regarding the “system master key” limitations of the independent claims, it is unclear as to whether the system master key is different than a “data encryption key” of an entity.  For example, the system master key could be another data encryption key associated with an entity, wherein the master key is used on some or all of the data in the table.  The examiner suggests clarifying how the master key is different than a data encryption key.

It should be further noted that regarding the “wherein a requesting electronic device can decrypt the first encrypted sub-row block of data and not the second encrypted sub-row block of data using an encryption key corresponding to the first sub-row block of data” (emphasis added) limitation of the independent claims, the decryption process is not required to be performed.  The limitation merely requires that the device can decrypt the data and does not require the actual decryption to take place.  The examiner suggests amending the claims to clearly indicate that the decryption process is being performed at the electronic device and how the decrypted/still encrypted data is displayed to the user.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-18 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claim 1, lines 20-21—“wherein the two or more entities authorized to access the first sub-row block is different than the two or more entities authorized to access the second sub-row block,” the limitation was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  The specification does not disclose four separate entities.  
	Claims 7 and 13 include similar limitations and are similarly analyzed.


Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, line 9 and line 20—“encryption key” it is not clear as to whether the encryption key is referring to the “data encryption key” of line 3 or is a separate encryption key.
Claims 7 and 13 include similar limitations and are similarly analyzed.

Regarding claim 1, line 14—“a first data encryption key” it is not clear as to whether the first data encryption key is referring to the “first data encryption key” of line 3 or is a separate data encryption key.
Claims 7 and 13 include similar limitations and are similarly analyzed.

Regarding claim 4, line 1—“data” is it not clear as to whether the data is referring to the data in claim 1 or is separate data; line 3—“multiple keys” and “individual keys” it is unclear as to whether any of the keys is referring to the system master key or data encryption keys of claim 1.
Claims 10 and 16 include similar limitations and are similarly analyzed.


Claims 11 and 17 include similar limitations and are similarly analyzed.

Regarding claim 6, line 2—“keys” it is not clear as to which keys the “keys” is referring.
Claims 12 and 18 include similar limitations and are similarly analyzed.

Claims 2-6, 8-12, and 14-18 are additionally rejected for being dependent on a rejection base claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-11, and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over O’Connor et al. (US 2010/0257351) in view of Freeman et al. (US 2015/0039901) and further in view of Shoshan (US 2016/0344724).
Regarding claim 1, O’Connor teaches a method comprising: 
encrypting a first sub-row block of data, using a system master key and a first data encryption key for each of two or more entities authorized to access the first sub-row block of data in a database, i.e. a multi-tenant database (Fig. 1A, el. 16), wherein each of the two or more entities authorized to access the first sub-row block of data has its own corresponding encryption key to provide at the sub-row block of data level so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data, e.g. encrypting an entire object or specific fields using a plurality of encryption keys, wherein each key is assigned to a specific group authorized access to the object and/or the field (Para. 26, 30, 52, 63, 66, 67); a Human Resources group, a Human Resources HQ group, a Human Resources Europe group, an All Representatives group, a sales and service representatives group, and an Accounting department (Para. 64-66, 70, 84); 
encrypting a second sub-row block of data using the system master key and a first data encryption key for each of two or more entities authorized to access the second sub-row block of data wherein each of the two or more entities authorized to access the second sub-row block of data has its own corresponding encryption key, and wherein the two or more entities authorized to access the first sub-row block of data is different than the two or more entities e.g. encrypting an entire object or specific fields using a plurality of encryption keys, wherein each key is assigned to a specific group authorized access to the object and/or the field (Para. 26, 30, 52, 63, 66, 67); a Human Resources group, a Human Resources HQ group, a Human Resources Europe group, an All Representatives group, a sales and service representatives group, and an Accounting department (Para. 64-66, 70, 84); 
storing the first encrypted sub-row block of data in a table in the database table; and storing the second encrypted sub-row block of data in the database table, e.g. storing the encrypted data in a table in the database (Para. 47, 53, 77); 
sending, in response to a request for the first sub-row block of data from the database, an encrypted block of data including the first encrypted sub-row block of data, e.g. requesting the stored data by the user system and sending the encrypted data to the user system, where in the encrypted data may include a plurality of encrypted and unencrypted fields (Para. 55, 56, 82, 83),
wherein a requesting electronic device, i.e. a user system (Fig. 1A, el. 12), can decrypt the first encrypted sub-row block of data and not the second encrypted sub-row block of data using an encryption key corresponding to the first sub-row block of data, e.g. decrypting the fields that the user is authorized to decrypt (Para. 59, 92).

Freeman teaches encrypting a first sub-row block of data in a database, i.e. a server with a database management system (Fig. 1, el. 102, 114, 300), using a first encryption key, where the encryption key corresponds to a first group of one or more entities authorized within a multi-entity database environment to access the first sub-row block of data in the database, e.g. encrypting selected data fields of a record using a key of an authorized user (Para. 24, 37); 
storing the first encrypted sub-row block of data in a table in the database table, e.g. storing the record with the encrypted fields as a row in the database (Para. 38); 
encrypting a second sub-row block of data in the database using a second group of encryption keys, where each encryption key in the second group of encryption keys corresponds to a second group of one or more entities authorized to access the second sub-row block of data, e.g. encrypting selected data fields of a record using a key of an authorized user (Para. 24, 37, 39); and
e.g. storing the record with the encrypted fields as a row in the database (Para. 38).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify O’Connor to include encrypting a first sub-row block of data in a database using a system master key and a first data encryption key for each of two or more entities authorized to access the first sub-row block of data in the database, wherein each of the two or more entities authorized to access the first sub-row block of data has its own corresponding encryption key to provide at the sub-row block of data level so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data; storing the first encrypted sub-row block of data in a table in the database; encrypting a second sub-row block of data in the database using the system master key and a first data encryption key for each of two or more entities authorized to access the second sub-row block of data wherein each of the two or more entities authorized to access the second sub-row block of data has its own corresponding encryption key, and wherein the two or more entities authorized to access the first sub-row block of data is different than the two or more entities authorized to access the second sub-row block of data to provide at the sub-row block of data level so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data; and storing the second encrypted sub-row block of data in the database table, using the known method of encrypting 
O’Connor in view of Freeman does not clearly teach sending, in response to a request for the first sub-row block of data from the database, an encrypted block of data to including both the first encrypted sub-row block of data and the second sub-row block of data.
Shoshan teaches encrypting a first sub-row block of data in a database, i.e. a cloud system (Fig. 1, el. 102, 112), using a system master key and a first data encryption key for each of two or more entities authorized to access the first sub-row block of data in the database, e.g. providing field-level encryption for a record, wherein at least a portion of the fields may be encrypted for access by different users (Para. 31, 54, 61, 62); encrypting an entire record at the cloud in addition to the field-level encryption (Para. 62),
wherein each of the two or more entities authorized to access the first sub-row block of data has its own corresponding encryption key to provide at the sub-row block of data level so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data, e.g. the fields for the requesting user are decrypted at the client device and the record is presented with the decrypted fields and the encrypted fields (Para. 58, 59);
e.g. determining that an update has occurred on a field value in the record, encrypting the field value, and sending the record to the cloud storage for storage (Para. 61);
encrypting a second sub-row block of data in the database using the system master key and a first data encryption key for each of two or more entities authorized to access the second sub-row block of data wherein each of the two or more entities authorized to access the second sub-row block of data has its own corresponding encryption key, and wherein the two or more entities authorized to access the first sub-row block of data is different than the two or more entities authorized to access the second sub-row block of data, e.g. providing field-level encryption for a record, wherein at least a portion of the fields may be encrypted for access by different users (Para. 31, 54, 61, 62); encrypting an entire record at the cloud in addition to the field-level encryption (Para. 62), 
to provide at the sub-row block of data level so that only entities with the key corresponding to the sub-row block of data can decrypt the corresponding sub-row block of data, e.g. the fields for the requesting user are decrypted at the client device and the record is presented with the decrypted fields and the encrypted fields (Para. 58, 59); 
storing the second encrypted sub-row block of data in the database table, e.g. determining that an update has occurred on a field value in the record, encrypting the field value, and sending the record to the cloud storage for storage (Para. 61);
i.e. a client device (Fig. 1, el. 108), can decrypt the first encrypted sub-row block of data and not the second encrypted sub-row block of data using an encryption key corresponding to the first sub-row block of data, e.g. providing the record to the client device in response to a request for the data (Para. 31, 34, 42); wherein a first encrypted data field may be authorized for access by a single user, and a different second encrypted data field is authorized for access by a set of users; any combination of a single user or a plurality of users (Para. 54, 58); the fields for the requesting user are decrypted at the client device and the record is presented with the decrypted fields and the encrypted fields (Para. 58, 59).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify O’Connor in view of Freeman to include sending, in response to a request for the first sub-row block of data from the database, an encrypted block of data to including both the first encrypted sub-row block of data and the second sub-row block of data, wherein a requesting electronic device can decrypt the first encrypted sub-row block of data and not the second encrypted sub-row block of data using an encryption key corresponding to the first sub-row block of data, using the known method of providing the record to the client device in response to a request for the data, wherein a first encrypted data field may be authorized for access by a 

Regarding claim 2, O’Connor in view of Freeman in view of Shoshan teaches wherein the sub-row encryption comprises encrypting the data on a field-by-field basis, e.g. encrypting specific fields or the entire record (O’Connor-Para. 52, 63, Freeman-Para. 24, 37). 

Regarding claim 3, O’Connor in view of Freeman in view of Shoshan teaches wherein the sub-row encryption comprises encrypting the data on a record-by-record basis, e.g. encrypting specific fields or the entire record (O’Connor-Para. 52, 63, Freeman-Para. 24, 37).

Regarding claim 4, O’Connor in view of Freeman in view of Shoshan teaches wherein encrypting data to be stored in the database table on a sub-row basis comprises encrypting the data with multiple keys for later decryption by individual keys, e.g. encrypting an entire object or specific fields using a plurality of encryption keys, wherein each key is assigned to a specific group authorized access to the object and/or the field (O’Connor-Para. 52, 63, 66, 67); encrypting an entire record at the cloud in addition to the field-level encryption (Shoshan-Para. 62).

Regarding claim 5, O’Connor in view of Freeman in view of Shoshan teaches further comprising adding a new key to the first group of encryption keys by re-encrypting the first sub-row block of data using the first group of encryption keys and the new key, e.g. re-encrypting the data with a new key (O’Connor-Para. 73, 74).

Regarding claim 7, the claim is analyzed with respect to claim 1.  O’Connor in view of Freeman in view of Shoshan further teaches a non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors (O’Connor-Fig. 1, el. 16; Freeman-Fig. 1, el. 102, 114, 300; Para. 15).

Regarding claim 8, the claim is analyzed with respect to claim 2.

Regarding claim 9, the claim is analyzed with respect to claim 3.

Regarding claim 10, the claim is analyzed with respect to claim 4.

Regarding claim 11, the claim is analyzed with respect to claim 5.

(O’Connor-Fig. 1, el. 16; Freeman-Fig. 1, el. 102, 114, 300; Para. 15).

Regarding claim 14, the claim is analyzed with respect to claim 2.

Regarding claim 15, the claim is analyzed with respect to claim 3.

Regarding claim 16, the claim is analyzed with respect to claim 4.

Regarding claim 17, the claim is analyzed with respect to claim 5.

Claims 6, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over O’Connor in view of Freeman in view of Shoshan and further in view of Kale et al. (US 2015/0143107).
Regarding claim 6, O’Connor in view of Freeman in view of Shoshan teaches all elements of claim 1.
O’Connor in view of Freeman in view of Shoshan further teaches encrypting the data with multiple keys and retiring a key and re-encrypting the data with a new key (O’Connor-Para. 67, 73).

Kale teaches removing a selected key from keys that can access selected data by re-encrypting the selected data using the reduced set of keys, e.g. removing user access to the data and removing the user key instance; re-encrypting the data (Para. 52-55).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify O’Connor in view of Freeman in view of Shoshan to include removing a selected key from keys that can access selected data by re-encrypting the selected data using the reduced set of keys, using the known method of removing user access to data, removing the user key instance, and re-encrypting the data, as taught by Kale, in combination with the multiple key encryption system and method of retiring a key and re-encrypting the data with a new key of O’Connor in view of Freeman in view of Shoshan, for the purpose of aiding in the prevention of access of data by unauthorized users.

Regarding claim 12, the claim is analyzed with respect to claim 6.

Regarding claim 18, the claim is analyzed with respect to claim 6.

Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Richards et al. (US 2010/0150342 A1)—Richards discloses multiple user groups, wherein a user may be a member of more than one of the groups and authorizing more than one group to decrypt a row of a report (Para. 18-21).  The system sends the entire data report even if the user is not authorized to see all the data (Para. 20).

Drews (US 2006/0277413 A1)—Drews discloses a record may be encrypted with its own key and each field in the record may be encrypted individually with one or more unique keys (Para. 92).  A user and/or a class of users may be associated with a decryption key (Para. 98).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643.  The examiner can normally be reached on Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





18 February 2021
/Jeremy S Duffield/Primary Examiner, Art Unit 2498