DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/03/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim interpretations under 112 (f)
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 5-6 and 9-10 contain limitations invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph as detailed in the following:
Each of the following Claim limitations:
Claim 1: “the initialization module configured to initialize …;
the addition module configured to add …;
the listing module configured to decrypt…”;
Claim 5: “the initialization module is further configured to fill …; the initialization module is further configured to: generate … output …”;
Claim 6: “the addition module is further configured to: use …; XOR … and store …”;
Claim 9: “the listing module is further configured to: decrypt …; determine … and list …”;
Claim 10: “the listing module is further configured to verify …”;
has been interpreted under 35 U.S.C. 112 (f), or pre-AIA  35 U.S.C. 112 sixth paragraph, because it uses a generic placeholder “module” coupled with functional languages without reciting sufficient structure to achieve the function and equivalents thereof. Furthermore, the generic placeholder is not preceded by a structural modifier.  
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 1-2 and 6 have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: NONE. It should be noted that specification Fig. 2A states that “Each of these modules are implemented by the one or more processors 112 in order to initialize, populate, maintain, and/or recover the logging database 116” It appears that the stated hardware and software are generic and therefore, the specification fails to show the corresponding structures of the modules.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that 
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-10 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1, 5-6 and 9-10 are interpreted under 35 U.S.C. 112(f) (see above).  Therefore Claims 5-6 and 9-10 contain placeholders that require corresponding structure(s).  It is unclear whether the recited structure, material, or acts in these claims are sufficient for performing the claimed function because the Specification is unclear about the corresponding structure(s).  A block diagram such as FIG. 2A does not provide indications of corresponding structure(s).  Therefore, claims 1-10 are rejected under 35 U.S.C. 112 (b) for the above reasons.  
Claims 10 and 20 are also rejected because each claims recites “if” conditions. Examiner submits that “if” limitations do not positively claim the subject matter, thus, the claim fails to particularly point out and distinctly claim the subject matter. Examiner respectfully suggests to change the “if” language to “when” to obviate this rejection.  
Claims 1, 11 and 21 are further rejected because each claim recites “the encrypted data items” which is lack of antecedent basis in lines 12-13, 18, 14 respectively.

 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-6, 8-11, 15-16, and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over Waters et al. (NPL: “Building an Encrypted and Searchable Audit Log”, 11th Annual Network and Distributed System Security Sympton, 05-01-2004, IDS provided reference) in view of Blass (EP3163789, IDS provided reference).
Regarding claim 1: Waters discloses A secure logging system in electronic communication with a display or a log file, the secure logging system comprising: 
one or more computing systems comprising one or more processors and non-transitory computer readable media (Waters - [Section 6, Line 7-10]: The proxy was developed on a Linux platform and is multi-threaded so that multiple users can be served simultaneously and that the logging component runs in parallel with the rest of the system);
a logging database comprising one or more cells (Waters - [Section 6, Line 11-13]: The log entries are written to another MySQL database server that is dedicated to storing audit log entries);
an initialization module, implemented by the one or more processors, the initialization module configured to initialize each cell of the logging database with a pseudo-random number based at least in part on a first random cryptographic key generated by the initialization module (Waters - [Section 5.1, Line 4-10]: Suppose the audit escrow agent has issued a random secret S to a particular audit log server. Let H be a keyed pseudorandom function (PRF); we denote by HS the PRF H keyed with the secret S);
Waters - [Section 5.1, step 5]: The server writes <EK(m), r, c1, c2, . . ., cn> as the encrypted entry to the audit log),
wherein the encrypted data items are encrypted using an indexed random cryptographic key before being added (Waters - [Section 5.1]: Suppose the server is to encrypt the log entry, m, step 1: The server chooses a random symmetric encryption key, K, to be used only for this entry. Step 2: The server computes the encryption EK(m)); and
a listing module, implemented by the one or more processors, the listing module configured to decrypt the one or more encrypted data items using the indexed random cryptographic key (Waters - [Section 5.1, Search and Decryption]: the investigator uses the computed K to decrypt EK(m) to obtain m, the original audit log entry).
However Waters doesn’t explicitly teach, but Blass discloses: transmit unencrypted versions of the one or more encrypted data items from the logging database to the display or the log file for user inspection following a crash by the secure logging system or a breach of the secure logging system by an adversary system (Blass - [0046]: When the logging device 10 is suspected to be compromised, the storage device 12 may be disconnected from the logging device 10 and connected to a verification device 30 as shown in Fig. 2. [0062]: verification device 30, V verifies the HMAC and adds a decrypted mi to a result set R).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Waters with Blass so that the decrypted data is added to a result set when the system is compromised. The modification would have allowed the system to further analyze decrypted data. 
Regarding claim 5: Waters as modified discloses wherein the initialization module is further configured to fill each cell of the logging database with a pseudo random number equal to an output of a pseudo-random number generator, the output being based at least in part on the random cryptographic key (Waters - [Section 5.1]); and wherein the initialization module is further configured to: generate and output a new indexed random cryptographic key based on a pseudo-random function output of a random Blass - [0044]: GenCr also initializes initial secret κo containing keys for encryption, generation of authentication codes and pseudo random generators); output a number of data items currently in the logging database to the addition module; and  output all entries in the logging database to the addition module (Waters - [Section 4]: audit log L consists of a series of individual audit records, R0, R1, . . ., Rn. Each record Ri contains the encryption of the data to be logged under a key Ki. The string mi consists of the database query to be logged, along with metadata such as the identity of the user who issued the query).
Blass is combined with Waters herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 6: Waters as modified discloses wherein the addition module is further configured to: use authenticated encryption to encrypt a new data item according to the new indexed random cryptographic key to a ciphertext; XOR at least a portion of each of a plurality of cells of the one or more cells of the logging database with the ciphertext to obtain a plurality of corresponding results; and store each of the plurality of corresponding results in their respective cells of the plurality of cells (Waters - [Section 5.1, Encryption]).
Regarding claim 8: Waters as modified discloses wherein the plurality of cells are chosen in a pseudo-random fashion (Blass - [0018]: determining the selected log entry location from the previously used log entry locations using a pseudo random generator); 
wherein a corresponding key ID, at least partially based on the new indexed random cryptographic key, is also stored in each of the plurality of cells with the corresponding result; and wherein the corresponding key ID can be used to determine a corresponding indexed random cryptographic key that is associated with a corresponding one of the one or more cells of the logging database (Waters - [Section 4]: 1. EKi (mi), the encryption of the data to be logged under a key Ki. The string mi consists of the database query to be logged, along with metadata such as the identity of the user who issued the query. Optionally, it could also contain the query results. In our system, the key Ki is chosen randomly for each log entry. [Section 5.1, step 5]: The server writes <EK(m), r, c1, c2, . . ., cn> as the encrypted entry to the audit log).

Regarding claim 9: Waters as modified discloses wherein the listing module is further configured to: 
decrypt one or more data items, that was encrypted and XORed into the logging database, based on at least the first random cryptographic key; determine if the one or more data items has been corrupted (Waters - [Section 5.1, Search and Decryption]: step 2: For each ci in the entry, the investigator computes p⊕ci. If the first l bits of the result matches flag, then the party extracts K as the remainder of the result to decrypt EK(m) to obtain m, the original audit log entry); and 
list all of the one or more data items, that have been decrypted and that have not been corrupted, for transmission to the display or the log file (Waters - [Section 5, Line 8-10]: For those audit log entries that match the keyword, the investigator can decrypt the entry and view its contents (see Figure 2)).
Regarding claim 10: Waters as modified discloses wherein the listing module is further configured to verify if the one or more data items at a given cell is supposed to be stored in the given cell by comparing an expected integrity tag T with an integrity tag stored in the given cell (Waters - [Section 5.1, below Fig. 2]: the beginning bits of the result can be tested against flag to determine if there is a match).

Regarding claims 11, 15-16 and 18-20: Claims are directed to method claims and do not teach or further define over the limitations recited in claims 1, 5-6 and 8-10. Therefore, claims 11, 15-16 and 18-20 are also rejected for similar reasons set forth in claims 1, 5-6 and 8-10. 

Regarding claim 21: The limitations of claim 21 are substantially similar to the limitations of claim 1, thus it is interpreted and rejected for the reasons set forth above in the rejection of claim 1.

Allowable Subject Matter


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437