Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
No foreign priority is claimed.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 07/29/2019 and 02/04/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13, 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (US 2011/0145918 A1, hereinafter Jung), in view of Wilhelm et al. (US 8,127,360 B1, Wilhelm hereinafter).
For claim 1, Jung teaches a computer implemented method, comprising: storing, by one or more computing devices, a first string in a data structure having metadata; storing, by the one or more computing devices, taint data corresponding to the first string in a base layer of the metadata (Fig. 1; para 0013, 0016-0017, 0024-0028, 0031, 0042 – storing strings/data including tainted data with other metadata in a table, wherein the tainted data may be encrypted); 
performing, by the one or more computing devices, an operation on the first string to create a result string, wherein the result string is stored in place of the first string in the data structure (para 0029-0031 – transformation operation on tainted data elements and storage in the data structure memory); and 
storing, by the one or more computing devices, the operation and taint data corresponding to the operation into a delta layer of the metadata (para 0035-0038, 0042 – operations as metadata associated with the tainted data is stored in another section of the data structure memory).
Although Jung indicates or suggests data transformation associated with the tainted data (para 0031), for which, the extension of that methodology to encode or encrypt any type of data is well-known in the art, Jung does not appear to explicitly disclose, however Wilhelm discloses encoding/encrypting data corresponding to tainted data and operational metadata (col. 3 lines 12-43; col. 8 lines 21-31 – tainted data and analysis with associated data encryption or encoding, and storage).
Therefore, based on Jung in view of Wilhelm, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Wilhelm in the system of Jung, in order to protect sensitive data by using widely-known data encryption techniques as applicable to various desired data elements, thereby securing the system during normal as well as security operations.

For claim 2, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung does not appear to explicitly teach, however Wilhelm teaches wherein the taint data corresponding to the first string comprises a range indicating tainted characters of the first string (col. 3 lines 12-43 – range of data bytes tainted).

For claim 3, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches determining, by the one or more computing devices, that the result string is needed in a security sensitive operation (Fig. 1; para 0029-0033 – translation, transformation and function needed and associated with sensitive data operations); and resolving, by the one or more computing devices, responsive to the determining that the result string is needed in the security sensitive operation, the taint data corresponding to the first string and the taint data corresponding to the operation into taint data corresponding to the result string (para 0030-0032, 0035-0038, 0042 – operations as metadata associated with the tainted data is determined, wherein the tainted data itself is tracked or resolved during propagation).

For claim 4, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches wherein resolving the taint data corresponding to the result string is deferred until the result string is needed in the security sensitive operation (para 0030-0033, 0035 – operations or functions on the tainted data are for the purpose of data sensitivity preservation, wherein the tainted data is tracked during propagation and for sensitive operations associated with the tainted (sensitive) data).

For claim 5, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Although Jung teaches detection of malicious data in line with detection of tainted data (para 0002-0003, 0013), Jung does not appear to explicitly teach, however Wilhelm teaches detecting, by the one or more computing devices, malicious data in the result string based on the taint data corresponding to the first string and the taint data corresponding to the operation (col. 2 lines 6-19; col. 8 lines 21-31, lines 53-57).

For claim 6, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches wherein the taint data corresponding to the first string comprises a source for tainted characters of the first string (para 0024, 0042 – source of the input data marked as tainted data, is available and taken into account for analysis).

For claim 8, Jung teaches a system, comprising: a memory configured to store operations; and one or more processors configured to perform the operations (Fig. 1; para 0017), the operations comprising: storing a first string in a data structure having metadata,  storing taint data corresponding to the first string in a base layer of the metadata (Fig. 1; para 0013, 0016-0017, 0024-0028, 0031, 0042 – storing strings/data including tainted data with other metadata in a table, wherein the tainted data may be encrypted); 
performing an operation on the first string to create a result string, wherein the result string is stored in place of the first string in the data structure (para 0029-0031 – transformation operation on tainted data elements and storage in the data structure memory); and 
storing the operation and taint data corresponding to the operation into a delta layer of the metadata (para 0035-0038, 0042 – operations as metadata associated with the tainted data is stored in another section of the data structure memory).
Although Jung indicates or suggests data transformation associated with the tainted data (para 0031), for which, the extension of that methodology to encode or encrypt any type of data is well-known in the art, Jung does not appear to explicitly disclose, however Wilhelm discloses encoding/encrypting data corresponding to tainted data and operational metadata (col. 3 lines 12-43; col. 8 lines 21-31 – tainted data and analysis with associated data encryption or encoding, and storage).
Therefore, based on Jung in view of Wilhelm, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Wilhelm in the system of Jung, in order to protect sensitive data by using widely-known data encryption techniques as applicable to various desired data elements, thereby securing the system during normal as well as security operations.

For claim 9, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung does not appear to explicitly teach, however Wilhelm teaches wherein the taint data corresponding to the first string comprises a range indicating tainted characters of the first string (col. 3 lines 12-43 – range of data bytes tainted).

For claim 10, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches determining that the result string is needed in a security sensitive operation (Fig. 1; para 0029-0033 – translation, transformation and function needed and associated with sensitive data operations); and resolving, responsive to the determining that the result string is needed in the security sensitive operation, the taint data corresponding to the first string and the taint data corresponding to the operation into taint data corresponding to the result string (para 0030-0032, 0035-0038, 0042 – operations as metadata associated with the tainted data is determined, wherein the tainted data itself is tracked or resolved during propagation).

For claim 11, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches wherein resolving the taint data corresponding to the result string is deferred until the result string is needed in the security sensitive operation (para 0030-0033, 0035 – operations or functions on the tainted data are for the purpose of data sensitivity preservation, wherein the tainted data is tracked during propagation and for sensitive operations associated with the tainted (sensitive) data).

For claim 12, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Although Jung teaches detection of malicious data in line with detection of tainted data (para 0002-0003, 0013), Jung does not appear to explicitly teach, however Wilhelm teaches detecting malicious data in the result string based on the taint data corresponding to the first string and the taint data corresponding to the operation (col. 2 lines 6-19; col. 8 lines 21-31, lines 53-57).

For claim 13, Jung in view of Wilhelm teaches the claimed subject matter as discussed above. Jung further teaches wherein the taint data corresponding to the first string comprises a source for tainted characters of the first string (para 0024, 0042 – source of the input data marked as tainted data, is available and taken into account for analysis).
As to claim 15, the claim limitations are similar to those of claims 1 and 8 above, except the instant claim 15 is drawn to a computer readable storage device having instructions stored thereon, execution of which, by one or more processing devices, causes the one or more processing devices to perform operations (Fig. 1; para 0017) as claimed in claims 1 and 8. Therefore claim 15 is rejected according to claims 1 and 8 as above.

As to claims 16-19, the claim limitations are similar to those of claim 2-5 respectively. Therefore claims 16-19 are rejected according to claims 2-5 respectively as above.


Allowable Subject Matter
Claims 7, 14 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if incorporated in their respective base claims 1, 8 and 15 including all of the limitations of their base claims and any intervening claims.

    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433