DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 12/28/2021.  Claims 1, 8, and 15 are amended. Claims 1-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/750,545.

                                                         Examiner notes

Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Applicant encouraged to review the relevant references mention in the conclusion section.
Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 12/28/2021 have been fully considered but they are not persuasive:
Applicant submits on page 10 of remarks filed on 12/28/2021 that The proposed Fukuda-Hager-Chung combination does not disclose, teach, or suggest at least the following elements of the independent claims: transmit, to the device of the first user the encrypted dataset with the first access control measure and the second access control measure; and instructions configured to automatically execute on the device of the first user and to provide the first user with access to the unencrypted dataset. 

Examiner respectfully disagrees with applicant argument for independent claims filed on 12/28/2021 on page 10 of remarks.
 Chung in his application discloses transmit, to the device of the first user: the encrypted dataset with the first access control measure [¶84, Once Alice has received the encrypted message 15, she would have to take a real-time face image from the camera 16 of her device.  This live face image will be sent to the server as a request for face image validation 13.  Only when this live face image is validated, a private key 19 will be released to Alice for decrypting the message].
 and instructions configured to automatically execute on the device of the first user and to provide the first user with access to the unencrypted dataset [¶32, The present invention provides access to data on mobile devices, using biometric encryption. For example, with the built-in camera or other biometric detector on the mobile device, the user's facial image is readily available, which make the authentication process very convenient. In this particular example, data exchange are encrypted using the live facial image of the mobile device as the encryption key. The decryption process requires a successful facial authentication of the recipient (first user) t, by presenting his/her face in front of the camera of the mobile device, and [¶68, If the option of data encryption is turned ON, the mobile App is bundled with the registered user. The data is encrypted with the registered user's biometric feature. For example, the mobile App will constantly check if the user is a registered user, using the built-in camera or other biometric detector on the device, e.g. using facial authentication. If the facial authentication is successful, the App will run normally. Otherwise, the App will not decrypt the data received, and the screen will show the data as “ciphertext”], and ¶84, Once Alice has received the encrypted message 15, she would have to take a real-time face image from the camera 16 of her device.  This live face image will be sent to the server as a request for face image validation 13.  Only when this live face image is validated, a private key 19 will be released to Alice for decrypting the message (automatically access the message as soon as the image gets validated], and [ Abstract ¶¶36, 69, see claim 1].
. Examiner note: it would be obvious that another user with different facial image cannot decrypt the encrypted data the message and the message would only be accessed by a user with correct facial image. Examiner still maintains his rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-5, 8-12, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 9,411,968) issued to Fukuda and in view of US Patent No. (US2015/0310219) issued to Hager and further in view of US Patent No. (US2016/0100314) issued to Chung.
Regarding claims 1, 8, and 15 Fukuda discloses  a memory configured to store: a first encryption algorithm; and a second encryption algorithm stronger than the first encryption algorithm[ Abstract, a communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm]; and
 determining, based on a characteristic of the first block of data, a first level of security for the first block of data [Col. 32, Lines 11-22, in addition, the base station 100 or the communication terminal 200 assigns a cryptographic class for each service type, and it is possible to provide a different cryptographic algorithm for each service (for example, FIG. 9A, FIG. 9B, FIG. 10A, and FIG. 10B).  For example, the base station 100 according to the second embodiment applies a cryptographic algorithm providing … and applies a cryptographic algorithm providing a low security level (for example, the DES) to the other packet data such as the "voice" (for example, FIG. 9B or the like)]; and
 in response to determining the first level of security for the first block of data, encrypting the first block of data, wherein 20encrypting the first block of data comprises applying the first encryption algorithm to the first block of data, the first encryption algorithm assigned to the first level of security [Col.2 lines 26-32, the communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class]; and
 determining, based on a characteristic of the second block of data, a second level of security for the second block of 25data [Col. 4 lines 36-41,  for example, the communication apparatus 700 may also apply the second cryptographic algorithm to data related to "confidential packets" with regard to a bank or a card settlement and apply the first cryptographic algorithm to [Col. 32, Lines 11-22, the base station 100 or the communication terminal 200 assigns a cryptographic class for each service type, and it is possible to provide a different cryptographic algorithm for each service (for example, FIG. 9A, FIG. 9B, FIG. 10A, and FIG. 10B).  For example, the base station 100 according to the second embodiment applies a cryptographic algorithm providing a high security level (for example, the AES) to the "confidential packet"]; and
 in response to determining the second level of security for the second block of data, encrypting the second block of data, wherein encrypting the second block of data comprises applying the second encryption algorithm to the second block of data, the 30second encryption algorithm assigned to the second level of security[ Col.2 lines 26-32, the communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class]. 
Fuduka do not explicitly disclose, however, Hager discloses a data store comprising a dataset, the dataset comprising a first block of data 5and a second block of data [Abstract, shuffling and multi-key encryption are presented.  The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys]; and
 10a hardware processor communicatively coupled to the memory, the hardware processor configured to: receive a request to transmit the dataset to a device of a first user 
in response to receiving the request: encrypt the dataset to form an encrypted dataset, wherein 15encrypting the dataset comprises [¶64, As such, in an embodiment the software client 190 operating on the recipient computer processor 150 at the recipient computer system 120 may be configured to perform a method 390 of decrypting and combining the encrypted file segments 180 received]. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fukuda with the teaching of Hager in order to provide a systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption [Hager, Abstract].
Fukuda and Hager do not explicitly disclose; however, Chung discloses determine a first characteristic of the first user [¶32, with the built-in camera or other biometric detector on the mobile device, the user's facial image is readily available, which make the authentication process very convenient]; and
apply a first access control measure to the encrypted dataset, based on the first characteristic of the first user, the first access control measure configured to prevent a device of a second user from accessing 5the encrypted dataset, wherein a first characteristic of the second user is incompatible with the first characteristic of the first user [¶32, data exchange are encrypted using the live facial image of the mobile device as the encryption key.  The decryption process requires a successful facial authentication of the recipient, by presenting his/her face in front of the camera of the mobile device], and [¶36, see claim 1]. Examiner note: 
and transmit, to the device of the first user; the encrypted dataset with the first access control measure [¶84, Once Alice has received the encrypted message 15, she would have to take a real-time face image from the camera 16 of her device.  This live face image will be sent to the server as a request for face image validation 13.  Only when this live face image is validated, a private key 19 will be released to Alice for decrypting the message]; and 
and instructions configured to automatically execute on the device of the first user and to provide the first user with access to the unencrypted dataset [¶32, The present invention provides access to data on mobile devices, using biometric encryption. For example, with the built-in camera or other biometric detector on the mobile device, the user's facial image is readily available, which make the authentication process very convenient. In this particular example, data exchange are encrypted using the live facial image of the mobile device as the encryption key. The decryption process requires a successful facial authentication of the recipient (first user) t, by presenting his/her face in front of the camera of the mobile device, and [¶68, If the option of data encryption is turned ON, the mobile App is bundled with the registered user. The data is encrypted with the registered user's biometric feature. For example, the mobile App will constantly check if the user is a registered user, using the built-in camera or other biometric detector on the device, e.g. using facial authentication. If the facial authentication is successful, the App will run normally. Otherwise, the App will not decrypt the data received, and the screen will show the data as “ciphertext”], and ¶84, Once Alice has received the encrypted message 15, she would have to take a real-time face image from the camera 16 of her device.  This live face image will be sent to the server as a request for face image validation 13.  a private key 19 will be released to Alice for decrypting the message (automatically access the message as soon as the image gets validated], and [ Abstract ¶¶36, 69, see claim 1].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fukuda, Hager with the teaching of Chung in order to provide secured data communication by using biometric encryption and decryption for privacy and security having both authentication and recognition functions [ Chung, Abstract].
Regarding claims 2, 9, and 16,  Fukuda discloses wherein the first characteristic of the first user 10comprises at least one of a geographic location of the first user, biometric information of the first user, information stored in a user profile of the first user, and information stored in an authorization token of the first user [ ¶32, with the built-in camera or other biometric detector on the mobile device, the user's facial image is readily available, which make the authentication process very convenient].
Regarding claims 3, 10, and 17,  Fukuda discloses wherein: the characteristic of the first block of data comprises at least one of:  15a sensitivity level of the first block of data; a regulation associated with the first block of data; and a data access history of the first block of data; and the characteristic of the second block of data comprises at least one of: a sensitivity level of the second block of data;  20a regulation associated with the second block of data; and a data access history of the second block of data[Col. 32, Lines 11-22, the base station 100 or the communication terminal 200 assigns a cryptographic class for each service type, and it is possible to provide a different cryptographic algorithm for each service (for example, FIG. 9A, FIG. 9B, FIG. 10A, and FIG. 10B).  For example, the base station 100 
Regarding claims 4, 11, and 18,wherein each of the sensitivity level of the first block of data and the sensitivity level of the second block of data comprises at least one of public, non-public, and confidential [ Col..4 lines 36-41, for example, the communication apparatus 700 may also apply the second cryptographic algorithm to data related to "confidential packets" with regard to a bank or a card settlement and apply the first cryptographic algorithm to "normal packets" with regard to an electronic mail or the like and "voice"], and  [ Col. 32, Lines 11-22, the base station 100 or the communication terminal 200 assigns a cryptographic class for each service type, and it is possible to provide a different cryptographic algorithm for each service (for example, FIG. 9A, FIG. 9B, FIG. 10A, and FIG. 10B).  For example, the base station 100 according to the second embodiment applies a cryptographic algorithm providing a high security level (for example, the AES) to the "confidential packet" or the like for which the security level is higher than the other services, and applies a cryptographic algorithm providing a low security level (for example, the DES) to the other packet data such as the "voice" (for example, FIG. 9B or the like)].
25 Regarding claims 5, 12, and 19, wherein the second encryption algorithm comprises at least one of a double encryption algorithm, a triple encryption algorithm, and a split key encryption algorithm [Col. 6 lines 21-28, the packet data or the like to which the encryption based, for example, on an Advanced Encryption Standard (AES) system is applied is exchanged .

Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 9,411,968) issued to Fukuda and in view of US Patent No. (US2015/0310219) issued to Hager and further in view of US Patent No. (US2016/0100314) issued to Chung and further in view of US Patent No. (US2016/0224777) issued to Rebelo.
Regarding claims 6, and 13, Fukuda, Hager, and Chung do not explicitly disclose, however, Rebelo discloses wherein the hardware processor is further configured to: determine a second characteristic of the first user, the second characteristic of the first user different from the first characteristic of the first user; and  5apply a second access control measure to the encrypted dataset, based on the second characteristic of the second user, the second access control measure configured to prevent the device of the second user from accessing the encrypted dataset, wherein a second characteristic of the second user is incompatible with the second characteristic of the first user [¶50, one or more types of biometric pattern data is generated from the collected data.  For example, biometric pattern data may be representative of data input via the movements of the fingers of the authentic user across the touchscreen 130…Additionally, biometric pattern data may be representative of one or more fingerprint scans or iris recognition of the authentic user…  one or more deviation thresholds, depending on type of biometric pattern data, is determined, and stored, in operation 910.  Deviations in biometric pattern beyond the deviation threshold can indicate that a user of the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fukuda, Hager and Chung with the teaching of Rebelo in order to provide usage patterns of an authentic user of a mobile device are generated from data collected representing usage by the authentic user.  These usage patterns may then be compared to monitored usage of the mobile device.  If usage of the mobile device exceeds a threshold based on one or more of the usage patterns, access to data on the mobile device can be prevented [Rebelo, Abstract].

Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 9,411,968) issued to Fukuda and in view of US Patent No. (US2015/0310219) issued to Hager and further in view of US Patent No. (US2016/0100314) issued to Chung and further in view of US Patent No. (US2020/0074091) issued to Jain.
Regarding claims 7, 14  and 20, Fukuda, Hager, and Chung do not explicitly disclose, however, Jain discloses 10 wherein: the dataset further comprises a third block of data, the third block of data comprising public information; and the encrypted dataset transmitted to the device of the first user comprises the encrypted first block of data, the encrypted second block of data, and the third block of 15data, wherein the third block of data is not encrypted[ see claim 5, the plurality of security levels comprises a first security level, a second security level, a third security level, and a fourth security level;  one or more portions of the set of data stored on a first storage partition of the storage device and assigned the first security level Advanced Encryption Standard 256-bit (AES-256) encryption technique;  one or more portions of the set of data stored on a second storage partition of the storage device and assigned the second security level are encrypted using an AES-192 encryption technique;  one or more portions of the set of data stored on a third storage partition of the storage device and assigned the third security level are encrypted using an AES-128 encryption technique;  and one or more portions of the set of data stored on a fourth storage partition of the storage device and assigned the fourth security level are stored unencrypted].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fukuda, Hager and Chung with the teaching of Jain in order to provide multi-layered data security with plurality of assigned security level [Jain, Abstract].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Acerly(US2015/0264020)[ ¶34, …the recipient user's browser automatically executes a process of authenticating the recipient user to the access control manager and receiving information with which to automatically decrypt the encrypted message…].
Karimzadeh(7661146)[ Method And System For Providing A Secure Multi-user Portable Database].
WO2002029577A2[Field of the Invention The present invention relates to computer security and databases within computer systems. More specifically, the present invention relates to a method and apparatus for automatically encrypting and decrypting data to be stored in a database].
Hashii (US2016/0117519) [ Abstract, A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves.  Each enclave is assigned a security classification level.  Each enclave resides in a different storage partition of the storage medium.  Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis.  Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted.  The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves.  The reference monitor allows an enclave having a first classification level to 
Erturk (US2018/0046236) [ ¶41, In some other example embodiments, in order to permit access to the encrypted backup data, the fingerprint scanner 306 provides fingerprint data from a user to the processor 144 which is compared to a database of authorized users.  If a match/authentication occurs, the processor 144 permits access to the encrypted data].
Celikhan (US2007/0253549) [ ¶¶16,72-73, FIGS.6-7, encrypting a first block of data, in the sequence of data, using a first encryption mechanism and encrypting a second block of data, in the sequence of data, using a second encryption mechanism that is different from the first encryption mechanism].
KIM (US2016/0359916) [Abstract, an electronic device for encrypting content and a method thereof are provided.  First and second data segments of a content file may be received.  The first data segment may be encrypted on the basis of a policy of a content provider providing the content file.  The second data segment may be encrypted using an encryption scheme that differs from that used for the first data segment.  The second encryption scheme may utilize a different key and/or algorithm than that used in the first encryption scheme].
Candelore (US2005/0169473) [¶50, A computer data signal embodied in a bit stream consistent with certain embodiments, thus, has a segment of data representing an unencrypted packet.  Another segment of data represents a first duplicate packet encrypted under a first encryption method, wherein the first encryption method comprises a Digital Rights Management (DRM) encryption method.  Another segment of data represents a second duplicate packet encrypted under a second encryption method].
Seshadri (US2004/0193871) [Abstract, see claim9, ¶3, the present invention relates generally to data transmission and more specifically to a system and method for increasing data transmission efficiency by selecting particular portions of a message for strong encryption while other parts of the message are less strongly encrypted or even unencrypted].
Sharifi (US10,291,589) [ see claim 20, the non-transitory computer-readable storage medium of claim 13, wherein: the first set of parameters corresponds to a first encryption algorithm; the second set of parameters corresponds to a second encryption algorithm; and the second encryption algorithm is cryptographically stronger than the first encryption algorithm].
Watanabe (US2007/0154018) [see Abstract].

                                                                                                                                                                                                               Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount 

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496