Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 9/13/2021, in which Applicant elected Group 1. Therefore, claims 18-20 and 24-28 are pending. The examiner recommends to mark the non-elected claims as withdrawn or cancelled.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 8/22/2019 and 3/10/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 26-28 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The 
Claim 26 and 27 recite ...”validating the existence of re-encryption keys, with cryptographic permissions and characteristics associated with the second client”, however, the claim lack support in the specifications, the disclosure fails to sufficiently identify how the validating is performed or is achieved. 
The written description requirement is not necessarily met when the claim language appears in ipsis verbis in the specification (MPEP 2163.03). "Even if a claim is supported by the specification, the language of the specification, to the extent possible, must describe the claimed invention so that one skilled in the art can recognize what is claimed. The appearance of mere indistinct words in a specification or a claim, even an original claim, does not necessarily satisfy that requirement."Enzo Biochem, Inc. v. Gen-Probe, Inc., 323 F.3d 956, 968, 63 USPQ2d 1609, 1616 (Fed. Cir. 2002).
Claim 28 is also rejected because the claim is recited ipsis verbis in the specification but the specification does not describe changing the fine-grained cryptographic permissions.
Correction is kindly requested.


The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 18-20 and 24-28 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 18 recites two instances of “a database” in lines 2 and 3, it is unclear to what instance “the database” in line 5 refers to, rendering the claim indefinite. Claims  19-20 are also rejected because they are dependent from claim 18 and also recite the indefinite limitation.
Claim 27 recites two instances of “a database” in lines 2 and 3, it is unclear to what instance “the database” in line 5 refers to, rendering the claim indefinite. Claim 27 additionally recites two instances of “a second key” in limitations starting with “performing fine0grained control ....” , “retrieving from a repository of re-encryption keys ..”, therefore “the second key” in limitation starting with “re-encrypting the at least one encrypted record ...”, is indefinite, so are the instance of “the second key” recited in claim 28.  Claims  28 is also rejected because it is  dependent from claim 27 and also recites the indefinite limitation. Additionally, claim 28 recite other instances of “a first client”, “a first key”, “a second client” and “a second key”; it is not clear whether they refer to the ones already recited (see claim 27).
Correction or clarification is kindly requested.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 18 and 20  are rejected under 35 U.S.C. 103 as being unpatentable over US 20170155628 to Rohloff et al., hereinafter Rohloff.
Regarding claim 18, Rohloff discloses 
A computer implemented method of re-encrypting encrypted records stored in a database for distribution to a plurality of clients, comprising: using at least one processor of a server associated with a database comprising a plurality of encrypted records, the at least one processor is adapted for (Fig. 1A, [0033]: PRE server with associated database 115):  storing in the database at least one encrypted record received from a first client, the at least one encrypted record is encrypted by the first client using a first key ([0054][0077] user A (publisher) encrypt data with a public key, [0036] transmit encrypted data to PRE server); receiving, from a second client, a request to provide the at least one encrypted record ([0078] subscriber request user’s data); retrieving a second key associated with the second client ([0078][0079] second key is the subscriber public key or the re-encryption key generated from the publisher and a subscriber’s key prior to deployment); re-encrypting the at least one encrypted record by applying at least one proxy re- encryption algorithm using the second key ([0220] PRE server receives re-; and providing the at least one re-encrypted record to the second client ([0062] send re-encrypted data to second user or subscriber ), the second client decrypts the at least one re-encrypted record using a decryption key ([0062]: subscriber decrypts the data).  
Although Rohloff does not explicitly teach retrieving from a repository of re-encryption keys a second key associated with the second client, Rohloff discloses the database may store different type of keys including re-encryption keys ([0034][0068]), in addition to teaching generating multiple re-encryption keys for a plurality of publishers and subscribers ([0207]). Therefore it would have been obvious to a skilled artisan before the instant application was effectively filed, to have the PRE server  or policy authority retrieve the subscriber’s public key (second key) as claimed because storing /retrieving the users keys in/from a repository would allow a more efficient application of the re-encryption algorithm to compute the re-encryption keys using the stored keys and perform re-encryption.
Regarding claim 20, Rohloff discloses the computer implemented method of claim 18, further comprising re-encrypting the at least one encrypted record stored in the database using a rotation key generated from the first key and the second key ([0068] periodic or event-triggered re-encryption key update (where an updated re-encryption key is the rotation key), the re-encryption key generated based on publisher and subscriber ‘s keys ([0079], used to re-encrypt publisher encrypted data ([0065][0083]).

Claims 24-25 are rejected under 35 USC 103 as being unpatentable over Rohloff, in view of US 10313119 to Koike et al., hereinafter Koike.
Regarding claim 24, Rohloff discloses the computer implemented method of claim 18,  but does not explicitly teach the method further comprising r e-encrypting the at least one encrypted record stored in the database using a rotation key generated from a. new first key and the second key, as a backup mechanism.  
In an analogous art, Koike discloses a conversion of the re-encryption key (rotation key) in which either the key of a target user (recipient) or the key of the group manager (source) is updated (col. 2, lines 42-46). When the group manager key is updated (and the target key is not), record are converted with a conversion key based on the update of the group key (new first key) (col. 9, lines 60-67), teaching the limitation. It would have been obvious to a skilled artisan before the instant application was effectively filed, to update the record using a rotation key generated from a new first key as taught by Koike because it would be more efficient to only update some components of the re-encryption key (group key or recipient key), while ensuring data confidentiality.
Regarding claim 25, Rohloff discloses the computer implemented method of claim 18, but does not teach further comprising re-encrypting the at least one encrypted record stored in the database using a rotation key generated from the first key and a new second key, as a backup mechanism.  
In an analogous art, Koike discloses a conversion of the re-encryption key (rotation key) in which either the key of a target user (recipient) or the key of the group manager (source) is updated (col. 2, lines 42-46). When the target user key is updated .

Claims 19 and 26-28 are rejected under 35 USC 103 as being unpatentable over Rohloff, in view of US 20160330022 to Ito et al., hereinafter Ito.

Regarding claim 19, Rohloff discloses the computer implemented method of claim 18, but does not teach the method further comprising revoking the second key in case the second client is removed from a list of trusted computing nodes.  
In an analogous art, Ito discloses a method of efficiently performing re-encryption with flexible access control ([0020]); Ito teaches revoking the second key in case the second client is removed from a list of trusted computing nodes (a user key may be revoked meaning his private key invalidated ([0197][0213]). The user attribute is subsequently updated in the database listing authorized users (Fig. 12, and use of “NOT” condition to exclude users [0156]).
It would have been obvious to a skilled artisan before the instant application was effectively filed, to revoke the second key when the client is removed from a list of 

Regarding claim 26, Rohloff discloses the computer implemented method of claim 18, but does not explicitly teach the method further comprising validating the existence of re-encryption keys, with cryptographic permissions and characteristics associated with the second client. In an analogous art, Ito discloses validating the existence of re-encryption keys ([0068], Fig. 6: re-encryption keys mapped to user ids), with cryptographic permissions and characteristics associated with the second client ([0052][0056]: encryption key and decryption key must correspond to each other, the decryption permitted only if certain user attributes are set). It would have been obvious to a skilled artisan before the instant application was effectively filed, to validate the re-encryption keys and permissions and characteristic associated with the second user because it would allow enforcing fine-grained access control on encrypted files, and enhance data security.

Regarding claim 27, Rohloff discloses: 
A computer implemented method of providing fine-grained control over access to data by re-encrypting encrypted records stored in a database for distribution between a plurality of clients, comprising: using at least one processor of a server associated with a database comprising a plurality of encrypted records, the at least one processor is adapted for (Fig. 1A, [0033]: PRE server with associated database 115): storing in the database at least one encrypted record received from a first client, the at least one encrypted record is encrypted by the first client using a first key ([0054][0077] user A (publisher) encrypt data with a public key, [0036] transmit encrypted data to PRE server); receiving, from a second client, a request to provide the at least one encrypted record ([0078] subscriber request user’s data); retrieving a second key associated with the second client ([0078][0079] second key is the subscriber public key or the re-encryption key generated from the publisher and a subscriber’s key prior to deployment); re-encrypting the at least one encrypted record by applying at least one proxy re- encryption algorithm using the second ([0220] PRE server receives re-encryption key ([0079], re-encrypts user A encrypted data using encryption schemes ([0065][0083]); and providing the at least one re-encrypted record to the second client, the second client decrypts the at least one re-encrypted record using a decryption key ([0062] send re-encrypted data to second user or subscriber who decrypts the data).  
Although Rohloff does not explicitly teach retrieving from a repository of re-encryption keys a second key associated with the second client, Rohloff discloses the database may store different type of keys including re-encryption keys ([0034][0068]), in addition to teaching generating multiple re-encryption keys for a plurality of publishers and subscribers ([0207]). Therefore it would have been obvious to a skilled artisan before the instant application was effectively filed, to have the PRE server  or policy authority retrieve the subscriber’s public key (second key) as claimed because storing /retrieving the users keys in/from a repository would allow a more 
Rohloff while mentioning fine-grained control access policies ([0209]), does not explicitly teach performing fine-grained control is cryptographically permitting access to data encrypted by the first client with a first key to the second client with a second key; validating the existence of re-encryption keys, with cryptographic permissions and characteristics associated with the second client.
In an analogous art, Ito discloses a method of efficiently performing re-encryption with flexible access control ([0020]). Ito discloses performing fine-grained control is cryptographically permitting access to data encrypted by the first client with a first key to the second client with a second key (Fig. 12, [0152][0168]]: set conditions to decrypt the encrypted file, Fig. 20: the file encrypted with the user first key, re-encrypted to be decrypted by a recipient decryption key) ; validating the existence of re-encryption keys ([0068], Fig. 6: re-encryption keys mapped to user ids), with cryptographic permissions and characteristics associated with the second client ([0052][0056]: encryption key and decryption key must correspond to each other, the decryption permitted only if certain user attributes are set). It would have been obvious to a skilled artisan before the instant application was effectively filed perform fine-grained access control as taught by Ito because it would “enable user or key invalidation to be implemented efficiently in a cryptographic scheme capable of flexible access control, such as functional encryption” ([0014] in Ito). 

Regarding claim 28, Rohloff in view of Ito discloses the computer implemented method of claim 27, further comprising changing line- grained cryptographic permissions of the second key to change the fine-grained control between a first client with a first key to a second client with a second key (Ito, [0152][0264]: modify user attributes to exclude users from decrypting data or set more restrictions to decrypt the data).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Haeterich et al 20150019879 disclose proxy re-encryption, and deleting keys from key table.
Zhang et al 8769705 disclose encrypting content using a group key to produce ciphertext, encrypt the ciphertext using a proxy key and  publish  to cloud.
Mori et al 20180026785 disclose a database stores encrypted file from a user , re-encrypted periodically, and access control of the encrypted files based on user attributes defining a fine-grained access control.
Yoshida 20130339726 discloses receiving encrypted data, generating re-encryption key, re-encrypt the encrypted data.
Hayashi et al 20160380767 disclose using  a user public key to encrypt a message, generate a re-encryption key using key pair for the data owner, key pair for a recipient,  use the re-encryption key to encrypt the encrypted message and provide to recipient.
Park et al. 20160055347 discloses updating user’s  private key  and re-process the data by re-encrypting using the new key.
Xu et al., “CL-PRE: a Certificateless Proxy Re-Encryption Scheme for Secure Data Sharing with Public Cloud”, ACM, 2012, 10 pages: secure data sharing with public cloud, in which a user encrypts data with a first key, the encrypted data is further encrypted by a re-encryption key generated from the private key of the user and public key of the recipient.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138.  The examiner can normally be reached on Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 






/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        9/20/2021