DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 2/3/2022. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/18/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Election/Restrictions
Applicant’s election without traverse of Group I, claim 1-6 and 15-20 in the reply filed on 2/3/2022 is acknowledged. Claim 7-14 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 2/3/2022.

Examiner’s Notes
Analysis under 35 U.S.C. 101, Double Patenting, and 35 U.S.C. 112 have been conducted, but no issues are found.

Claim Objections
Claims 6 and 16-20 are objected to because of the following informalities: 
Claim 6 recites “The method of claim 1, further comprising: decrypting, by the processor, the sensitive data value; generating, by a processor, an updated unencrypted fuzzed value for the decrypted sensitive data value, the updated unencrypted fuzzed value being within the predetermined value range and being different from the decrypted sensitive data value; and replacing, by the processor, the unencrypted fuzzed value by the updated unencrypted fuzzed value in the same logical structural element in the database.” The expression “generating, by a processor” has already been defined previously in the claims and should therefore be referred to using a definite article.
Independent claim 15 recites “An encrypted database system...” whereas dependent claims 16-20 recite “The system of claim...”. It is suggested to change dependent claims 16-20 to “The encrypted database system of claim...” for clarity and consistency.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-6, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chang (US 20120158734 A1) in view of Yoshino (US 20190147770 A1).

Regarding claim 1, Chang teaches a method of configuring an encrypted database comprising:
generating, …, an unencrypted fuzzed value (Table 2, “ind-salary”) for a sensitive data value (Table 1, “salary”), the unencrypted fuzzed value being within a predetermined value range and being different from the sensitive data value; (¶91-108 detailing the transformation/generation, with ¶96&99 describing the general formula for the range, and ¶105&106 showing an example.) Here Chang discloses “user stores and utilizes his or her important data on the external serve” (¶6).
encrypting, …, the sensitive data value; and ([0088] A first column in an E-tuple of Table 2 means that 1100110011100 . . . =Ex(68,480), where Ex( ) denotes a symmetric key encryption algorithm having a private key K, and the E-tuple may denote a value obtained by encrypting the value in each row of Table 1.)
storing, …, the encrypted sensitive data value and the unencrypted fuzzed value in a same logical structural element in a database. ([0087, 0089] At the data encryption step S100, the user may randomly generate a private key K for encryption and may encrypt pieces of data stored in the DB using a symmetric key encryption algorithm. The index allocation step S102 includes generating bucket indices and allocating indices for pieces of data included in each bucket. [0109] The storage step S202 is to store the encrypted DB, obtained by performing steps S100 and S102, in the server-side data management apparatus 200. The storage step S202 denotes a procedure to store Table 2 on the server-side data management apparatus 200 when plaintext data is given as shown in Table 1.) Here rows of Table 2 in encrypted data DB 206 discloses “logical structural element in a database”.

Chang teaches client generating an unencrypted fuzzed value for a sensitive data value, encrypting the sensitive data value; and server storing the encrypted sensitive data value and the unencrypted fuzzed value, but does not explicitly teach encrypting and storing the sensitive data value are by the same processor. This aspect of the claim is identified as a difference.
However, Yoshino in an analogous art explicitly teaches
encrypting and storing the sensitive data value are by the same processor. ([0008] a first computer, the first computer comprising: a first processor; and a first storage apparatus coupled to the first processor, wherein the first storage apparatus is configured to hold: a plurality of pieces of encrypted data generated by encrypting a plurality of pieces of plain text data.) Indeed, it would be obvious to rearrange these functions if it is desired; See MPEP 2144.04(VI)(C).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “data management” concept of Chang, and the “data processing” approach of Yoshino. One of ordinary skill in the art would have been motivated to perform such a modification to achieve optimization of development costs and operational and maintenance costs of an information system by “cloud system” provided by a third party organization without maintaining the information system by itself, and thus an encryption technology as an effective measure to prevent information leakage (Yoshino [0006]).

Regarding claim 4, Chang in view of Yoshino teaches all the features with respect to claim 1, as outlined above. The combination further teaches 
receiving, at the processor, a data entry including a plurality of data values designated for storage in the same logical structural element in the database; ([Chang 0071, 0086] pieces of data user IDs and their salaries arranged in a DB.)
identifying, by the processor, at least one of the plurality of data values as the sensitive data value; ([Chang 0086] Table 1 indicates an example of user IDs and their salaries arranged in a DB.) Here salaries are the sensitive data value and user IDs are not the sensitive data value.
encrypting, by the processor, the remaining plurality of data values not identified as the sensitive data value; and ([Chang 0088] A first column in an E-tuple of Table 2 means that 1100110011100 . . . =Ex(68,480), where Ex( ) denotes a symmetric key encryption algorithm having a private key K, and the E-tuple may denote a value obtained by encrypting the value in each row of Table 1.) Here user IDs, which are part of the value in each row of Table 1 and are not the sensitive data value, are encrypted.
storing, by the processor, the encrypted remaining plurality of data values in the same logical structural element in the database with the encrypted sensitive data value and the unencrypted fuzzed value. ([Chang 0087, 0089] At the data encryption step S100, the user may randomly generate a private key K for encryption and may encrypt pieces of data stored in the DB using a symmetric key encryption algorithm. The index allocation step S102 includes generating bucket indices and allocating indices for pieces of data included in each bucket. [0109] The storage step S202 is to store the encrypted DB, obtained by performing steps S100 and S102, in the server-side data management apparatus 200. The storage step S202 denotes a procedure to store Table 2 on the server-side data management apparatus 200 when plaintext data is given as shown in Table 1.) Here rows of Table 2 in encrypted data DB 206 discloses “logical structural element in a database”.

Regarding claim 5, Chang in view of Yoshino teaches all the features with respect to claim 1, as outlined above. The combination further teaches storing, by the processor, an indication of the predetermined value range in the database. ([Chang 0091] As shown in Table 2, the allocated indices α, β, γ and δ are stored in B-index of the individual pieces of attribute information E-id_number and E-salary. Thereafter, the user stores (300, 420, α), (420, 500, β), (500, 620, γ), and (620, 800, δ) in which the buckets include the indices for later searching.) Here indices α, β, γ and δ are allocated to the respective buckets, which is an indication of the predetermined value range in the database.

Regarding claim 6, Chang in view of Yoshino teaches all the features with respect to claim 1, as outlined above. The combination further teaches 
decrypting, by the processor, the sensitive data value; ([Chang 0017] decrypt encrypted data corresponding to the user query.)
generating, by a processor, an updated unencrypted fuzzed value (Chang Table 2, “ind-salary”) for the decrypted sensitive data value (Chang Table 1, “salary”), the updated unencrypted fuzzed value being within the predetermined value range and being different from the decrypted sensitive data value; and (Chang ¶91-108 detailing the transformation/generation, with ¶96&99 describing the general formula for the range, and ¶105&106 showing an example.)
replacing, by the processor, the unencrypted fuzzed value by the updated unencrypted fuzzed value in the same logical structural element in the database. ([Chang 0087, 0089] At the data encryption step S100, the user may randomly generate a private key K for encryption and may encrypt pieces of data stored in the DB using a symmetric key encryption algorithm. The index allocation step S102 includes generating bucket indices and allocating indices for pieces of data included in each bucket. [Chang 0109] The storage step S202 is to store the encrypted DB, obtained by performing steps S100 and S102, in the server-side data management apparatus 200. The storage step S202 denotes a procedure to store Table 2 on the server-side data management apparatus 200 when plaintext data is 

Regarding claims 15 and 20, the scope of the claims are similar to that of claims 1 and 4 respectively. Accordingly, the claims are rejected using a similar rationale.

Claims 2-3 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Chang (US 20120158734 A1) in view of Yoshino (US 20190147770 A1) and Hare (US 8843997 B1).

Regarding claim 2, Chang in view of Yoshino teaches all the features with respect to claim 1, as outlined above. But the combination does not teach generating, by the processor, a pseudorandom number, wherein: the sensitive data value is a numeric value; and generating the unencrypted fuzzed value comprises adding the pseudorandom number to the numeric value or subtracting the pseudorandom number from the numeric value. This aspect of the claim is identified as a difference.
However, Hare in an analogous art explicitly teaches generating, by the processor, a pseudorandom number, wherein: 
The sensitive data value is a numeric value; and generating the unencrypted fuzzed value comprises adding the pseudorandom number to the numeric value or subtracting the pseudorandom number from the numeric value. ([Col.53, line 50-67] Transforms specific field values or substitutes alternative fields to partially obscure semantics so that they are still useful for analytical purposes, but quantitative information (i.e. weight, lab values, etc.) can be shifted by random amounts within an acceptable error range to prevent someone with access to some of the original source records from inferring the identity of the subject.) Here reference Chang discloses sensitive data value. Reference Hare discloses the value being a numeric value which can be shifted by random amounts (analogous to claim limitation “adding/subtracting pseudorandom number”). Therefore the combination discloses the entire limitation.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “data management” concept of Chang, and the “fuzzed value and date” approach of Yoshino. One of ordinary skill in the art would have been motivated to perform such a modification to provide a simple but effective mechanism to transform specific field values or substitutes alternative fields to partially obscure semantics so that they are still useful for analytical purposes, but can't be used by pattern-matching algorithms to determine the true subject of the records (Hare [Col.53, line 50-54]).

Regarding claim 3, Chang in view of Yoshino teaches all the features with respect to claim 1, as outlined above. Chang in view of Yoshino and Hare further teaches generating, by the processor, a pseudorandom number, wherein: the sensitive data value is a date; and generating the unencrypted fuzzed value comprises adding a number of days equal to the pseudorandom number to the date or subtracting the number of days equal to the pseudorandom number from the date to obtain a second date as the unencrypted fuzzed value. ([Hare Col.53, line 50-67] Transforms specific field values or substitutes alternative fields to partially obscure semantics so that they are still useful for analytical Dates and ages could be “fuzzed” to prevent identity pattern matching—either transformed to time ranges rather than specific dates, or shifted by random periods within an acceptable range when constructing longitudinal time series data (i.e. lab results). Similarly, quantitative information (i.e. weight, lab values, etc.) can be shifted by random amounts within an acceptable error range to prevent someone with access to some of the original source records from inferring the identity of the subject.) Here reference Chang discloses sensitive data value. Reference Hare discloses the value being a date which can be shifted by random periods (analogous to claim limitation “adding/subtracting pseudorandom number of days”). Therefore the combination discloses the entire limitation.

Regarding claims 18-19, the scope of the claims are similar to that of claims 2-3 respectively. Accordingly, the claims are rejected using a similar rationale.

Allowable Subject Matter
Claims 16-17 are objected to over prior art as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and further amended to overcome claim objections set forth in this office action.
The following is a statement of reasons for the indication of allowable subject matter: 
In interpreting the claim, in light of the specification, the examiner finds the claimed invention to be patentably distinct from the prior art of record. The examiner notes the consideration of relevant prior art used in determining patentability.

Chang (US 20120158734 A1) teaches to transmit a user query to the server-side data management apparatus in order to search for a desired encrypted data, and decrypt encrypted data corresponding to the user query from the server-side data management apparatus. The user query includes the index of first bucket interval and the index of second bucket interval neighboring to the first bucket interval.

Chang (US 20100161957 A1) teaches receiving query information, which comprises data type information and data range information, from a user; identifying index information of a bucket region, which comprises data corresponding to the query information, based on random number information and index information stored in advance; transmitting the identified index information to the external server; receiving encrypted data, which belongs to the bucket region corresponding to the index information, from the external server; decrypting and outputting at least a portion of the found, encrypted data.

Although both references disclose searching an encrypted database, the prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention “formulating a query comprising a value range defined by a lower value bound and an upper value bound between which a query target value lies; querying the unencrypted fuzzed values using the query; in response to the querying, returning a subset of the logical structural elements, each respective returned logical structured element including an unencrypted fuzzed value within the value range; decrypting the encrypted sensitive data of each respective returned logical structured element; determining that the decrypted sensitive data of at least one returned logical structured element includes the query target value; and providing identifying information for each at least one returned logical structured element that includes the query target value as a response to the query.”. Thus, the .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20160285623 A1, "Method, server and computer program for security management in database", by Yoon, teaches reading one or more data encrypted at a column level from a persistent storage medium or a memory; decrypting one or more data encrypted at the column level to generate one or more decrypted data; generating an index table based on the one or more generated decrypted data; and performing an operation of encrypting the generated index table at a block level.
US 20120078914 A1, "Searchable symmetric encryption with dynamic updating", by Roeder, teaches a Searchable Symmetric Encryption (SSE) mechanism which allows efficient dynamic updating of encrypted index information. The encrypted index information includes pointer information that is encrypted using a malleable encryption scheme. The SSE mechanism updates the encrypted index information by modifying at least one instance of the pointer information without decrypting the pointer information, and thereby without revealing the nature of the changes being made. In one implementation, the SSE mechanism includes a main indexing structure and a deletion indexing structure. An updating operation involves patching applied to both the main indexing structure and deletion indexing structure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HAN YANG/Examiner, Art Unit 2493