DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 05/21/2021.Claims 5, 10, and 14 are amended. Claims 1-18 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/361,324.
Examiner note

Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Applicant’s amendment to claims 5 and 14 obviates previously raised claims 5, and 14 claim objection.
Applicant’s amendment to claim 10 obviates previously raised claim 10, claim rejections- 35 U.S.C .101 
 					Response to Arguments
Applicant's arguments filed 05/21/2021 have been fully considered but they are not persuasive:
Applicant submits on pages 7-9 of remarks that the independent claim 10 -7- U.S. Application No.: 16/361,324Attorney Docket No.: 72167.001688recites, inter alia, "an untrusted computing environment comprising an analytical engine." The Office ignores this element entirely in the Office Action. Thus, the Office's rejection is flawed for at 

Examiner respectfully disagrees with applicant argument for claim 10 filed on 05/21/2021 on pages 7-9 of remarks. VASIC in his application discloses this limitation as: [¶9, to prevent unauthorized access, organizations use firewalls and sound system administration techniques.  Firewalls filter or restrict the types of packets allowed to pass between external public networks and internal networks.  However, firewalls must allow the exchange of at least some packets to and from a public network in order for the connection to the public network to be of any value], and [¶10, accordingly, as long as some packets are being exchanged with the public network, there are opportunities for attackers to gain unauthorized access.  The next level of defense is to keep operating system level security layers secure.  System level security layers include the pieces of software that require user names and passwords to allow connections and the like]. 
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that by implementing a firewall( equated to analytical engine) to filter and prevent the unauthorized access( unsecure environment)].Examiner maintain his rejection.

Applicant submits on pages 7-9 of remarks that Claim 1 recites, inter alia, "separating each data record into a confidential data attribute and a non-confidential data attribute" (claim 10 recites a similar element)… There is no disclose of the "separating" recited in the claim. Having an attribute (or flag) set indicating contents of a data object is not the same as "separating each data record . . ." as recited. Thus, VASIC fails to disclose this element.

Examiner respectfully disagrees with applicant argument for claims 1, and 10 filed on 05/21/2021 on pages 7-9 of remarks. VASIC in Paragraphs 26, 28, 93-95 and FIGS 3-7 discloses that the protection of confidential information( such as: credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees, credit card numbers, bank account numbers, social security numbers, birth dates, and highly personal and private medical records) requires a greater assurance that the customer's or patient's confidential information is secure. For example, the doctor may grant permission to view private data (confidential data) to other doctors but not permit nurses to view private data.  The roles can include any security level: secretary, shareholder, custodian, and administrative, for example.  In this fashion, the doctor controls who can view what information and who can edit what information.  The same holds true for patient records; where nurses and doctors may have full access, clerical staff may have limited access to name, address, payment, and appointment information (non-confidential data).  This privacy can be applied to any vertical market such as banking, intellectual property systems, e-Commerce, law firms, and all applications that deal with highly sensitive or classified information. When an authenticated client user requests information… After the information is retrieved, the system checks the 

Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that the information’s/records are separated from each other and will be displayed if the person have proper permission to view them. Examiner maintain his rejection.

Applicant submits on pages 7-9 of remarks that Claim 1 further recites, inter alia, "calculating an encrypted value for the confidential data attribute using an encryption key." The Office alleges that VASIC (alone, and not in combination with Arad) discloses this element.

Examiner respectfully disagrees with applicant argument for claim 1 filed on 05/21/2021 on pages 7-9 of remarks. VASIC in his application discloses : [¶79-81, the encryption key manager (EKM) 24, as its name indicates, generally manages encryption keys, which as described below are used to encrypt and decrypt the data entities 30C, 30D…], and  [¶91”FIG.4, a security key identification attribute 32 is also an attribute of the data entity 30A and contains security key information. The security key information includes the encrypted SEKID 112 and the SKCN hash value 114, which are used, as described below, to find the SEK used to encrypt associated data entities”], and [¶92], and [ see FIGS. 8-9, ¶¶98-99,The SEK object/entity includes as attributes the SEKID 153 in a normal/decrypted form, the encrypted SEK 154, the SEK integrity check 155, which is a hash value of the SEK, and the optional SKCN hash value 156…, and [ see FIG.15 and ¶¶106, When a user causes the business application to store information at the database server, the cryptographic agent facilitates encryption of the information before the business application provides the information to the database server… ].
Examiner Note: examiner maintain his rejection.

Applicant is encourage to review the relevant references mentioned at the conclusion section of this office action.
Claim Rejections - 35 USC § 103
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 2008/0301445 issued to VASIC et al (“VASIC”)( filed in IDS 08/14/2020) and further in view of US Patent No. 2018/0373885 issued to Arad et al (“Arad”).
Regarding claim 1 , VISIC discloses A method for manipulation of private information in untrusted environments comprising: in a trusted computing environment comprising at least one computer processor [¶¶66-67, 133-139, “computer system 20 broadly includes a security domain 22 having an encryption key manager (EKM) 24, system key 
	for a plurality of data records [¶67, the computer system 20 also includes a plurality of client business domains 26 having an information database 28… encryption, decryption and storage of data entities (see FIG. 3]; and
 separating each data record into a confidential data attribute and a non-confidential data attribute [Paragraphs 26, 28, 93-95 and FIGS 3-7 discloses that the protection of confidential information( such as: credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees, credit card numbers, bank account numbers, social security numbers, birth dates, and highly personal and private medical records) requires a greater assurance that the customer's or patient's confidential information is secure. For example, the doctor may grant permission to view private data (confidential data) to other doctors but not permit nurses to view private data.  The roles can include any security level: secretary, shareholder, custodian, and administrative, for example.  In this fashion, the doctor controls who can view what information and who can edit what information.  The same holds true for patient records; where nurses and doctors may have full access, clerical staff may have limited access to name, address, payment, and appointment information (non-confidential data).  This privacy can be applied to any vertical market such as banking, intellectual property systems, e-Commerce, law firms, and all applications that deal with highly sensitive or classified information. When an authenticated client user requests information… After the information is retrieved, the system checks the 
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that the information’s/records are separated from each other and will be displayed if the person have proper permission to view them. 
 calculating an encrypted value for the confidential data attribute using an encryption key [¶79-81, the encryption key manager (EKM) 24, as its name indicates, generally manages encryption keys, which as described below are used to encrypt and decrypt the data entities 30C, 30D…], and [¶91”FIG.4, a security key identification attribute 32 is also an attribute of the data entity 30A and contains security key information. The security key information includes the encrypted SEKID 112 and the SKCN hash value 114, which are used, as described below, to find the SEK used to encrypt associated data entities”], and [¶92], and [ see FIGS. 8-9, ¶¶98-99,The SEK object/entity includes as attributes the SEKID 153 in a 
 calculating an authentication value for the confidential data attribute, wherein the authentication value is an unsigned hash or a signed hash [¶91”FIG.4, a security key identification attribute 32 is also an attribute of the data entity 30A and contains security key information. The security key information includes the encrypted SEKID 112 and the SKCN hash value 114, which are used, as described below, to find the SEK used to encrypt associated data entities” ], and [¶92,  FIG.3, the data entity 30A also includes a security integrity attribute (Seclntegrity) 116, which contains the data entity hash value. The data entity hash value is obtained by hashing all or selective attributes within the data entity. This is controlled by business needs and policies, which are preferably determined by the client and recorded in the BLC's. When a data entity is retrieved, it is hashed using, for example, SHA-1 and that data entity hash value is compared with the stored hash value in the security integrity attribute 116. If the hash values are the same, then the integrity of the retrieved data entity is confirmed to be correct and not altered"]; and 
associating the encrypted value and the authentication value in a protected data set[¶¶ 99, FIG.8, The SEK object/entity includes as attributes the SEKID 153 in a normal/decrypted form, the encrypted SEK 154, the SEK integrity check 155, which is a hash value of the SEK, and the optional SKCN hash value 156. The SEK data entity 151 preferably does not include the encrypted SEKID. This creates a hidden link between the encrypted data 
and associating the non-confidential data record with the associated encrypted value and the authentication value [¶93, a security privacy attribute 118 controls access to the information in the associated data entities 30C, 30D. When a client user, a doctor for example, marks his information private, a special access list (SAL), data entity/class 30B is automatically created and the doctor is automatically added to the special access list. The doctor can thereafter add and delete user identifications attributes 120 and/or role identifications 122 from the special access list. The user attributes 120 are based on specific user identifications from the smart cards or any other authentication method. The role attributes 122 are based on different security levels of users. For example, the doctor may grant permission to view private data to other doctors but not permit nurses to view private data. The roles can include any security level: secretary, shareholder, custodian, and administrative, for example], and [¶¶98-99], [ ¶96, FIG.3, the persistent data entity 30A also includes several association attributes, which are used by the database schema to associate or link related data entities 30B, 30C, 30D to the persistent data entities 30A. To that end, the persistent object 30A includes a class identification attribute 146 and at least two search attributes 148. For faster and secured searching, the searchable attributes 148 are preferably hash values of user information such as the patient name. The database uses these attributes 146, 148 and others to associate related persistent objects 30A and related class security key identification 32 that was used to encrypt data attributes in the class objects”].
and exporting the protected data set to an untrusted computing environment.  
Even though VASIC discloses this limitation as: [¶122, FIG.18C, mobile computer 1816, such as a personal digital assistant, contains a version of a storeless cryptographic engine that is capable of performing key exchange with repository server 1806. The mobile computer system 1816 can securely retrieve the encrypted data from data store 1802 over the public network", and [¶123 , FIG.18E, Secure and granular sharing of information between enterprises over the public network 1810, through optional firewalls 1812, is possible because of the secure key exchange between repository servers 1806 and 1816 that reside in different enterprises. Trust is optionally established between the repository servers 1806 and 1816 by way of signed certificates from certification authority1832")].
VASIC does not explicitly disclose this limitation, however Arad discloses [ Abstract, obtaining, within a trusted computing environment, data comprising confidential values and non-confidential values; replacing, within the trusted computing environment, the confidential values with obfuscated identifiers; sending, from the trusted computing environment, into an untrusted computing environment, an obfuscated representation of the data; transforming, in the untrusted computing environment, the obfuscated representation of the data …].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of VASIC, with the teaching Arad in order  In order overcome the security concerns and  elevate confidence  that sensitive information in not being exhilarated[ Arad, ¶¶19-20].
Regarding claims 2 and 11,  VASIC discloses  wherein the confidential data attribute comprises personal identifiable information[¶26, for example, credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees], and 
Regarding claims 3 and 12, VASIC discloses, wherein the encryption key is used in a strong encryption algorithm [¶77, The GSM 82 is also operable to encrypt the data entities 30 (FIG. 3) using, for example, a three-key, triple data encryption standard (3DES), RC4, or any strong cryptographic algorithm on selected attributes of the data entities 30C, 30D as directed and requested by the BLC's and other components of the computer system 20… Other strong cryptographic algorithms can be employed, such as 128-bit IDEA or AES].
Regarding claims 4 and 13, VASIC discloses, wherein the encryption key is used in an AES/CBC algorithm or an AES/GCM algorithm [¶77, other strong cryptographic algorithms can be employed, such as 128-bit IDEA or AES].
Regarding claims 5 and 14, VASIC discloses, where confidential data attributes having the same value also have the same authentication value [¶78, The GSM 82 also performs the decryption of the data entities 30 when other components of the computer system 20 request decryption.  Further, the GSM 82 is operable to perform hashing operations using message digest 5 (MD5), SHA-1, or other strong hashing algorithms as instructed by other components.  The hash values or integrity values generated in the one way hashing process are typically stored as attributes in data entities for integrity check purposes.  Preferably, the GSM 82 hashes all of the data attributes of the data entities and stores that data hash value as an attribute.  After the data has been decrypted, it is again hashed and the before and after hash values are compared.  If the two hash values are identical, the integrity of the data in the data 
Regarding claims 6 and 15, VASIC discloses, wherein the signed hash is a HMAC [¶15, other methods of providing verification of data integrity include Keyed Hashing for Message Authentication (HMAC).  HMAC is a mechanism that can authenticate both the source of a message and its integrity…], and [¶¶99, 124, 141].
Regarding claims 7 and 16, VASIC discloses, further comprising aggregating data in the protected data set based on the authentication values [¶78, The GSM 82 also performs the decryption of the data entities 30 when other components of the computer system 20 request decryption.  Further, the GSM 82 is operable to perform hashing operations using message digest 5 (MD5), SHA-1, or other strong hashing algorithms as instructed by other components.  The hash values or integrity values generated in the one way hashing process are typically stored as attributes in data entities for integrity check purposes.  Preferably, the GSM 82 hashes all of the data attributes of the data entities and stores that data hash value as an attribute.  After the data has been decrypted, it is again hashed and the before and after hash values are compared.  If the two hash values are identical, the integrity of the data in the data entity has been confirmed], and [see FIGS. 3-5, and corresponding text for more detail, ¶¶90-96, 99, 121-124].
Regarding claims 8 and 17, VASIC discloses, wherein the untrusted computing environment comprises a public cloud, a private cloud, a hybrid cloud, or a third-party managed infrastructure [¶2, for various reasons, organizations frequently need to exchange confidential information over a network.  Sometimes organizations establish private networks over dedicated leased lines], and [¶3, connect an organization to an Internet Service Provider (ISP).  The ISP connects its customer to a public network, such as the Internet.  With a 
Regarding claims 9 and 18  VASIC discloses, further comprising: executing a query against the authentication values in the protected data set; returning a responsive authentication value for the query; returning at least one encrypted value associated with the responsive authentication value to the trusted computing environment; and decrypting the at least one encrypted value resulting in the confidential data attribute for that at least one encrypted value
Regarding claim 10, the subject matter of independent claim 7 contains the corresponding features as the method of claim 1 expressed respectively in analogous terms and additionally the features disclosed in 10: VASIC discloses wherein "an untrusted computing environment comprising an analytical engine.": [¶3, connect an organization to an Internet Service Provider (ISP).  The ISP connects its customer to a public network, such as the Internet.  With a connection to a public network, a customer may send and receive messages to any other party also connected to the public network] , and [¶9,  To prevent unauthorized access, organizations use firewalls and sound system administration techniques.  Firewalls filter or restrict the types of packets allowed to pass between external public networks and internal networks.  However, firewalls must allow the exchange of at least some packets to and from a public network in order for the connection to the public network to be of any value], and [¶10, accordingly, as long as some packets are being exchanged with the public network, there are opportunities for attackers to gain unauthorized access.  The next level of defense is to keep operating system level security layers secure.  System level security layers include the pieces of software that require user names and passwords to allow connections and the like]. 
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that by implementing a firewall (equated to analytical engine) to filter and prevent the unauthorized access (unsecure environment)].


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
BAUM(US2015/0229613)[ JSON data, see Tables inside the spec.].
Moore(US2010/0185862[ JSON message, see the examples inside the spec.].
(Sipcic(US2020/0076777[ Schema, see FIGS. 2A-2B].
Chebaro (US210, 079,683) [(53), PIN structure 300 may comprise a mixture of one or more fields, which have non-confidential data (e.g., region field 310, service field 320, 
Ledet ( US10,521,610) (Delivering secure content in an unsecure environment ,   see FIG. 8 and corresponding text for more details, (63-66),  In order to hide secure content when transmitted from secure environment to unsecured environment]
Krajec (US2014/0019756) FIG. 1,  [¶59]where tracing may occur within a secure environment, then trace data may be analyzed in an unsecure environment without compromising the integrity of the sensitive data], and [¶70] Before transmitting the trace data outside of the secure environment 102, an obfuscator 108 may obfuscate the trace data to create obfuscated trace data 110.  Once obfuscated, the data may be analyzed by a remote system].
Fink (US2017/0177890) [¶3, confidential and public information, encryption, hashing].  
Nunes (US2018/0082074) [¶1, 10-11, 29,  non-confidential or confidential data].
Roberson (US2007/0033398) [Abstract, PIN encryption].
Robinson (US2015/0261916) [Abstract, non-confidential or confidential data].
Saito(US2009/0022321)[¶20, data is hashed, encrypted, or unprocessed according to the security protection level, and the hashed or encrypted data or the data remaining in a plain text is stored in the search keyword management database].


Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20


THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
                                                                                                                                                                                                      Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497