DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 06/02/2020.  	Claims 1-9 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 06/02/2020 are accepted. 
Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 06/02/2020 and 10/14/2020 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copies of the Applicant’s IDS forms 1449 filed on 06/02/2020 and 10/14/2020 are attached to this office action. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



4.	Claims 1-9 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2012/0198241 A1 to O’Hare, (hereinafter, “O’Hare”) in view of US Pub. No. US 2016/0240108 A1 to Furukawa, (hereinafter, “Furukawa”), as disclosed in IDS submitted on 06/02/2020.

As per claims 1 and 9, O’Hare teaches a data comparison device and a data comparison method, respectively, executed by a data comparison device, wherein the data comparison device includes 
a processor and a memory, wherein the memory holds first encrypted data in which a first plaintext is encrypted and second encrypted data in which a second plaintext is encrypted (O’Hare, para. [0403] “Secure data processor 3000 then parses and splits the data it takes as input from assembled data buffer 3008…It outputs the data shares into split shares buffers 3010. At step 3104, wrapper layer 3022 obtains from stored information 3106 any suitable share information (i.e., stored by wrapper 3022 at step 3102) and share location(s) (e.g., from one or more configuration files), Wrapper layer 3022 then writes the output shares (obtained from split shares buffers 3010) appropriately (e.g., written to one or more storage devices, communicated onto a network, etc.” and para. [0406] “the original data desired to be parsed and split is plain text 3306 (i.e., the word "SUMMIT" is used as an example). It will be understood that any other type of data may be parsed and split in accordance with the present invention. A session key 3300 is generated. If the length of session key 3300 is not compatible with the length of original data 3306, then cipher feedback session key 3304 may be generated.” And para. [0407] “original data 3306 may be encrypted prior to parsing, splitting, or both. For example, as FIG. 33 illustrates, original data 3306 may be XORed with any suitable value (e.g., with cipher feedback session key 3304, or with any other suitable value)” and para. [0408] “The resultant encrypted data is then hashed to determine how to split the encrypted data among the output buckets (e.g., of which there are four in the illustrated example).”), 
for the first plaintext divided into a plurality of blocks, the first encrypted data is data generated by executing processing including encryption of each of the plurality of blocks and shuffling of the plurality of blocks, for the second plaintext divided into the plurality of blocks, the second encrypted data is data generated by executing processing including encryption of each of the plurality of blocks (O’Hare, para. [0265] “A cryptographic split (cryptosplit) partitions the data into N number of shares. The partitioning can be on any size unit of data, including an individual bit, bits, bytes, kilobytes, megabytes, or larger units, as well as any pattern or combination of data unit sizes whether predetermined or randomly generated. The units can also be of different sized, based on either a random or predetermined set of values. This means the data can be viewed as a sequence of these units. In this manner the size of the data units themselves may render the data more secure, for example by using one or more predetermined or randomly generated pattern, sequence or combination of data unit sizes. The units are then distributed (either randomly or by a predetermined set of values) into the N shares. This distribution could also involve a shuffling of the order of the units in the shares. It is readily apparent to those of ordinary skill in the art that the distribution of the data units into the shares may be performed according to a wide variety of possible selections, including but not limited to size-fixed, predetermined sizes, or one or more combination, pattern or sequence of data unit sizes that are predetermined or randomly generated.” And para. [0407] “original data 3306 may be encrypted prior to parsing, splitting, or both. For example, as FIG. 33 illustrates, original data 3306 may be XORed with any suitable value (e.g., with cipher feedback session key 3304, or with any other suitable value)” and para. [0408] “The resultant encrypted data is then hashed to determine how to split the encrypted data among the output buckets (e.g., of which there are four in the illustrated example).”), 
in at least one of the first encrypted data and the second encrypted data, a value of the at least one plaintext is embedded as a value indicating a magnitude comparison result (O’Hare, para. [0196] “This measure (degree of match) produced by the comparator 515 is the factor representing the basic issue of whether an authentication is correct or not. However, as discussed above, this is only one of the factors which may be used in determining the reliability of a given authentication instance. Note also that even though a match to some partial degree may be determined, that ultimately, it may be desirable to provide a binary result based upon a partial match. In an alternate mode of operation, it is also possible to treat partial matches as binary, i.e. either perfect (100%) or failed (0%) matches, based upon whether or not the degree of match passes a particular threshold level of match. Such a process may be used to provide a simple pass/fail level of matching for systems which would otherwise produce partial matches.” And para. [0213] “Once the authentication engine 215 produces an authentication confidence level for the authentication data provided, this confidence level (magnitude comparison result) is used to complete the authentication request in step 1640, and this information is forwarded from the authentication engine 215 to the transaction engine 205 for inclusion in a message (embedded) to the authentication requestor.”), and 
O’Hare teaches all the limitations of claims 1 and 9 above, however fails to explicitly teach but Furukawa teaches:
the processor compares blocks at the same position before shuffling of the first encrypted data and the second encrypted data based on the embedded value of the at least one plaintext and determines a magnitude relationship between the first plaintext and the second plaintext (Furukawa, para. [0077] “A ciphertext generation apparatus and a ciphertext comparison system including the ciphertext generation apparatus and a ciphertext comparison apparatus according to the second embodiment of the present invention will be described next. In the ciphertext comparison system according to this embodiment, a derived key generator generates a derived key based on a main key and a document…Using the first derived key generated from the first document, the first identifier of the first document, the first ciphertext including the first identifier-specific ciphertext in which the first identifier is encrypted and the first relative value ciphertext in which the first relative value is encrypted, the second identifier of the second document, and the second ciphertext including the second identifier-specific ciphertext in which the second identifier is encrypted and the second relative value ciphertext in which the second relative value is encrypted, a ciphertext comparator determines the magnitude relationship between the first document as the original of the first ciphertext and the second document as the original of the second ciphertext in a ciphertext form.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Furukawa’s ciphertext comparison into O’Hare’s method for securing data, with a motivation to provide a technique capable of comparing the magnitudes of encrypted numerical values and largely reducing the risk of information leakage while maintaining the confidentiality (Furukawa, para. [0009]). 
As per claim 2, the combination of O’Hare and Furukawa teach the data comparison device according to claim 1, wherein in the encryption of each of the plurality of blocks in at least one of the first encrypted data and the second encrypted data, a value of each block of the one plaintext is converted to a different value (O’Hare, para. [0324] “In order to securely store the resulting encrypted data, in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into "n" segments, or shares, according to the value of K5. This operation results in "n" pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1”).
As per claim 3, the combination of O’Hare and Furukawa teach a data comparison system that is the data comparison device according to claim 2, wherein the first plaintext and the second plaintext are bit strings (O’Hare, para. [0501] “a rearrangement process receives a data set with a first arrangement as an input and provides the data set with a second, different arrangement as an output. One example of a rearrangement process is a k-shift process, which takes an input data set D with sequentially arranged blocks D(1), D(2), . . . , D(N) and cyclically shifts the blocks by k positions to obtain a rearranged data set. When k=2, for example, the output data set will be D(N-1), D(N), D(1), D(2), . . . D(N-2). A block of data may have any size (e.g., one or more bits, bytes, or other data units).” And para. [0502] “For example, an input data set of a linear string of 36 characters may be rearranged to form a 6.times.6 array of characters.”), 
for the first plaintext divided for each bit, the first encrypted data is data generated by executing processing including encryption in which for each bit value, a value of the bit, a value of a bit higher than the bit, and a value of a secret key input to a first function are obtained, and the value of the bit in the first plaintext is embedded in a value obtained by inputting the obtained values and a random number to a second function, and shuffling of the first plaintext in 1-bit units, the first encrypted data includes the random number (O’Hare, para. [0097] “the data splitting process 800 begins at step 805 when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A." For example, the random number A may be generated in a wide number of varying conventional techniques available to one of ordinary skill in the art, for producing high quality random numbers suitable for use in cryptographic applications. In addition, according to one embodiment, the random number A comprises a bit length which may be any suitable length, such as shorter, longer or equal to the bit length of the sensitive data, S.” and para. [0320] “for an n-byte secret, s, (or data set) to be split. The process will generate an n-byte random value, a, and then set: b=a XOR s.” and para. [0323] “The secure data parser of the present invention may utilize this function, performing multiple XOR functions incorporating multiple distinct secret key values: K1, K2, K3, Kn, K5. At the beginning of the operation, the data to be secured is passed through the first encryption operation, secure data=data XOR secret key 5: S=D XOR K5” and para. [0324] “In order to securely store the resulting encrypted data, in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into "n" segments, or shares, according to the value of K5. This operation results in "n" pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1”), and 
for the second plaintext divided for each bit, the second encrypted data is data generated by executing processing including encryption in which for each bit value, a value obtained by inverting the bit, a value of a bit higher than the bit, and the secret key are input to the first function (O’Hare, para. [0470] “Each output block may include data portion 4106 and integrity/authenticity portion 4108. As described above, each data share may be secured using a share integrity portion including share integrity information (e.g., a SHA-256 hash) of the encrypted, pre-partitioned data. To verify the integrity of the outputs blocks at recovery time, the secure data parser may compare the share integrity blocks of each share and then invert the split algorithm. The hash of the recovered data may then be verified against the share hash.” And para. [0519] “If the value of the index variable exceeds the total number of data blocks at step 4426, then the start variable is incremented by one at step 4428 (indicating that a complete pass has been made through the data blocks), and at step 4430, the value of the start index is compared to the rearrangement interval. If the value of the start index is less than or equal to the rearrangement interval, then there are data blocks that have not yet been stored in the rearranged data memory location, and the index variable is set equal to the value of the start index at step 4420 and additional data blocks are added to the rearranged data memory location as described above with reference to steps 4422-4426. If the value of the start index exceeds the value of the rearrangement interval, then all data blocks have been counted and stored in the rearranged data memory location and rearrangement is complete.” And para. [0520] “Next, a key K2 and an initialization vector IV2 are generated at step 4434, The key K1 and the initialization vector IV1 may be may be random or pseudo-random values generated, for example, by a cryptographically secure pseudo-random number generator. At step 4434, the rearranged data is encrypted with a Triple DES algorithm using the key K2 and the initialization vector IV2, and at step 4436, the encrypted rearranged data is output as ciphertext.”).

As per claim 4, the combination of O’Hare and Furukawa teach the data comparison device according to claim 3, wherein the processor 
obtains the random number from the first encrypted data (O’Hare, para. [0432] “Using previously encrypted data at step 3610, the data may be eventually split into a predefined number of shares. If the split algorithm requires a key, a split encryption key may be generated at step 3612 using a cryptographically secure pseudo-random number generator. The split encryption key may optionally be transformed using an All or Nothing Transform (AoNT) into a transform split key at step 3614 before being key split to the predefined number of shares with fault tolerance at step 3615. The data may then be split into the predefined number of shares at step 3616. A fault tolerant scheme may be used at step 3617 to allow for regeneration of the data from less than the total number of shares. Once the shares are created, authentication integrity information may be embedded into the shares at step 3618. Each share may be optionally post-encrypted at step 3619.” And para. [0465] “a secret sharing algorithm (e.g., Shamir) may be used to split the split encryption key, K, into key shares. Each key share may then be embedded into one of the output shares (e.g., in the share headers). Finally, a share integrity block and (optionally) a post-authentication tag (e.g., MAC) may be appended to the header block of each share. Each header block may be designed to fit within a single data packet.”), 
calculates an exclusive OR of a value obtained by inputting the bit and the random number to the second function and a bit at the same position before shuffling of the first encrypted data, for the (O’Hare, para. [0320] “for an n-byte secret, s, (or data set) to be split. The process will generate an n-byte random value, a, and then set: b=a XOR s.” and para. [0323] “The secure data parser of the present invention may utilize this function, performing multiple XOR functions incorporating multiple distinct secret key values: K1, K2, K3, Kn, K5. At the beginning of the operation, the data to be secured is passed through the first encryption operation, secure data=data XOR secret key 5: S=D XOR K5” and para. [0324] “In order to securely store the resulting encrypted data, in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into "n" segments, or shares, according to the value of K5. This operation results in "n" pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1” and para. [0414] “parsing and splitting may be randomly or pseudo-randomly processed on a bit by bit basis. A random or pseudo-random value may be used (e.g., session key, cipher feedback session key, etc.) whereby for each bit in the original data, the result of a hash function on corresponding data in the random or pseudo-random value may indicate to which share to append the respective bit. In one suitable approach the random or pseudo-random value may be generated as, or extended to, 8 times the size of the original data so that the hash function may be performed on a corresponding byte of the random or pseudo-random value with respect to each bit of the original data.”), and 
determines a magnitude relationship between the first plaintext and the second plaintext based on the calculated exclusive OR (Furukawa, para. [0123] “ciphertext comparison apparatus 220 includes the first ciphertext acquirer that acquires the first ciphertext encrypted by the ciphertext generation apparatus 210, the first identifier, and the first derived key. Although not shown, the ciphertext comparison apparatus 220 also includes the second ciphertext acquirer that acquires the second identifier and the second ciphertext encrypted by an apparatus having the same encryption function as that of the ciphertext generation apparatus 210. The ciphertext comparison apparatus 220 further includes the ciphertext comparator 221 that determines the magnitude relationship between the first document as the original of the first ciphertext and the second document as the original of the second ciphertext in the ciphertext form using the first ciphertext, the first identifier, the first derived key, the second ciphertext, and the second identifier.” And para. [0126] “Using the identifier ID′ 207, the derived key D 204 of the identifier ID, and an identifier-specific ciphertext C′ 601 of the identifier ID′, the maximum mismatch counter determiner 611 confirms, in descending order of a counter r=n−1, . . . , 0, whether an equation 0=Hash(ID′, d[r], c′[r]) holds. The counter r when this equation does not hold for the first time is set as a maximum mismatch counter r 603.” And para. [0127] “With respect to e and e′ which satisfy e, e′ε{0, 1, 2} for the maximum mismatch counter r, using the identifier ID 203, the relative value ciphertext F 503 of the identifier ID, the identifier ID′, and a relative value ciphertext F′ 602 of the identifier ID′, the relative value reconstructor 612 confirms whether f[r]=Hash3(1, ID, d[r+1])+e mod 3f[r]=Hash3(1, ID′, d[r+1])+e′ mod 3 holds. A set 604 of relative values e and e′ is generated when the equation holds.” And para. [0128] “If e−e′=(1 mod 3) for the set of e and e′, the relative value comparator and determiner 613 outputs, as the determination result R 209, a signal (for example, “0”) representing that the document of the identifier ID is larger than that of the identifier ID′. On the other hand, if e−e′=(2 mod 3), the relative value comparator and determiner 613 outputs, as the determination result R 209, a signal (for example, “1”) representing that the document of the identifier ID′ is larger than that of the identifier ID.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Furukawa’s ciphertext comparison into O’Hare’s method for securing data, with a motivation to provide a technique capable of comparing the magnitudes of encrypted numerical values and largely reducing the risk of information leakage while maintaining the confidentiality (Furukawa, para. [0009]). 
As per claim 5, the combination of O’Hare and Furukawa teach a data comparison system that is the data comparison device according to claim 4, wherein the processor 
determines that a first plaintext is larger than a second plaintext if the calculated exclusive OR is 1, determines that a first plaintext is smaller than a second plaintext if the calculated exclusive OR is 0, and determines that the first plaintext is equal to the second plaintext if the calculated exclusive OR is a random number (O’Hare, para. [0318] “A wide variety of encryption methodologies are suitable for use in the methods of the present invention, as is readily apparent to those skilled in the art. The One Time Pad algorithm, is often considered one of the most secure encryption methods, and is suitable for use in the method of the present invention. Using the One Time Pad algorithm requires that a key be generated which is as long as the data to be secured. The use of this method may be less desirable in certain circumstances such as those resulting in the generation and management of very long keys because of the size of the data set to be secured. In the One-Time Pad (OTP) algorithm, the simple exclusive-or function, XOR, is used. For two binary streams x and y of the same length, x XOR y means the bitwise exclusive-or of x and y. 0 XOR 0=0, 0 XOR 1=1, 1 XOR 0=1, 1 XOR 1=0, b=a XOR s, s=a XOR b.”).

As per claim 6, the combination of O’Hare and Furukawa teach the data comparison device according to claim 2, wherein 
the first plaintext and the second plaintext are base-p numeric strings (Furukawa, para. [0176] “it is possible to effectively prevent magnitude determination of plaintexts corresponding to the ciphertexts based on character strings included in the ciphertexts. It is thus possible to effectively prevent the third party having no knowledge of the keys of the ciphertexts from checking the magnitude relationship between numerical data as plaintexts.”), 
p is an integer of 3 or more (O’Hare, para. [0506] “the data is rearranged at step 4210 such that a particular integer number of blocks of the rearranged data are required to obtain a full block of encrypted data (e.g., three or four blocks of rearranged data).” And para. [0515] “At step 4412, the temporary data is portioned into a sequence of N blocks denoted by B(1), B(2), . . . , B(N). The number N could be any integer greater than 1, and the size of each block need not be the same. Additionally, a linear sequence of blocks is used for illustrative purposes only; the steps of flow diagram are readily applied to multi-dimensional data sets.” And para. [0273] “Generate two sets of numbers, PrimaryShare is 0 to 3, BackupShare is 1 to 3. Then put each data unit into share[primaryshare[1]] and share[(primaryshare[1]+backupshare[1]) mod 4, with the same process as in cryptosplitting described above. This method will be scalable to any size N, where only N-1 shares are necessary to restore the data.”), 
for the first plaintext divided every predetermined number of digits, the first encrypted data is data generated by executing processing including encryption in which for each digit value, a value of the digit, a value of a digit higher than the digit, and a value of the secret key input to a first function are obtained, and the obtained values and a first random number are input to a second function, and shuffling of the first plaintext in units of the predetermined number of digits, the first encrypted data includes the first random number (O’Hare, para. [0097] “the data splitting process 800 begins at step 805 when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A." For example, the random number A may be generated in a wide number of varying conventional techniques available to one of ordinary skill in the art, for producing high quality random numbers suitable for use in cryptographic applications. In addition, according to one embodiment, the random number A comprises a bit length which may be any suitable length, such as shorter, longer or equal to the bit length of the sensitive data, S.” and para. [0320] “for an n-byte secret, s, (or data set) to be split. The process will generate an n-byte random value, a, and then set: b=a XOR s.” and para. [0323] “The secure data parser of the present invention may utilize this function, performing multiple XOR functions incorporating multiple distinct secret key values: K1, K2, K3, Kn, K5. At the beginning of the operation, the data to be secured is passed through the first encryption operation, secure data=data XOR secret key 5: S=D XOR K5” and para. [0324] “In order to securely store the resulting encrypted data, in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into "n" segments, or shares, according to the value of K5. This operation results in "n" pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1”And para. [0269] “the data units in each share could be shuffled utilizing a different algorithm. This data unit shuffling may be performed as the original data is split into the data units, or after the data units are placed into the shares, or after the share is full, for example.”), and 
for the second plaintext divided every predetermined number of digits, the second encrypted data is data generated by executing processing including encryption in which for each digit value, a value of the digit, a value of a digit higher than the digit, and the secret key are input to the first function or a newly generated random number is set as the value of the digit (O’Hare, para. [0470] “Each output block may include data portion 4106 and integrity/authenticity portion 4108. As described above, each data share may be secured using a share integrity portion including share integrity information (e.g., a SHA-256 hash) of the encrypted, pre-partitioned data. To verify the integrity of the outputs blocks at recovery time, the secure data parser may compare the share integrity blocks of each share and then invert the split algorithm. The hash of the recovered data may then be verified against the share hash.” And para. [0519] “If the value of the index variable exceeds the total number of data blocks at step 4426, then the start variable is incremented by one at step 4428 (indicating that a complete pass has been made through the data blocks), and at step 4430, the value of the start index is compared to the rearrangement interval. If the value of the start index is less than or equal to the rearrangement interval, then there are data blocks that have not yet been stored in the rearranged data memory location, and the index variable is set equal to the value of the start index at step 4420 and additional data blocks are added to the rearranged data memory location as described above with reference to steps 4422-4426. If the value of the start index exceeds the value of the rearrangement interval, then all data blocks have been counted and stored in the rearranged data memory location and rearrangement is complete.” And para. [0520] “Next, a key K2 and an initialization vector IV2 are generated at step 4434, The key K1 and the initialization vector IV1 may be may be random or pseudo-random values generated, for example, by a cryptographically secure pseudo-random number generator. At step 4434, the rearranged data is encrypted with a Triple DES algorithm using the key K2 and the initialization vector IV2, and at step 4436, the encrypted rearranged data is output as ciphertext.”).

As per claim 7, the combination of O’Hare and Furukawa teach the data comparison device according to claim 6, wherein the processor 
obtains the first random number from the first encrypted data (O’Hare, para. [0097] “the data splitting process 800 begins at step 805 when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A." For example, the random number A may be generated in a wide number of varying conventional techniques available to one of ordinary skill in the art, for producing high quality random numbers suitable for use in cryptographic applications. In addition, according to one embodiment, the random number A comprises a bit length which may be any suitable length, such as shorter, longer or equal to the bit length of the sensitive data, S.”), 
calculates an exclusive OR of a value obtained by inputting the bit and the random number to the second function and the same digit before shuffling of the first encrypted data, for the bits of the second encrypted data (O’Hare, para. [0320] “for an n-byte secret, s, (or data set) to be split. The process will generate an n-byte random value, a, and then set: b=a XOR s.” and para. [0323] “The secure data parser of the present invention may utilize this function, performing multiple XOR functions incorporating multiple distinct secret key values: K1, K2, K3, Kn, K5. At the beginning of the operation, the data to be secured is passed through the first encryption operation, secure data=data XOR secret key 5: S=D XOR K5” and para. [0324] “In order to securely store the resulting encrypted data, in, for example, four shares, S1, S2, S3, Sn, the data is parsed and split into "n" segments, or shares, according to the value of K5. This operation results in "n" pseudorandom shares of the original encrypted data. Subsequent XOR functions may then be performed on each share with the remaining secret key values, for example: Secure data segment 1=encrypted data share 1 XOR secret key 1” and para. [0414] “parsing and splitting may be randomly or pseudo-randomly processed on a bit by bit basis. A random or pseudo-random value may be used (e.g., session key, cipher feedback session key, etc.) whereby for each bit in the original data, the result of a hash function on corresponding data in the random or pseudo-random value may indicate to which share to append the respective bit. In one suitable approach the random or pseudo-random value may be generated as, or extended to, 8 times the size of the original data so that the hash function may be performed on a corresponding byte of the random or pseudo-random value with respect to each bit of the original data.”), and 
(Furukawa, para. [0123] “ciphertext comparison apparatus 220 includes the first ciphertext acquirer that acquires the first ciphertext encrypted by the ciphertext generation apparatus 210, the first identifier, and the first derived key. Although not shown, the ciphertext comparison apparatus 220 also includes the second ciphertext acquirer that acquires the second identifier and the second ciphertext encrypted by an apparatus having the same encryption function as that of the ciphertext generation apparatus 210. The ciphertext comparison apparatus 220 further includes the ciphertext comparator 221 that determines the magnitude relationship between the first document as the original of the first ciphertext and the second document as the original of the second ciphertext in the ciphertext form using the first ciphertext, the first identifier, the first derived key, the second ciphertext, and the second identifier.” And para. [0126] “Using the identifier ID′ 207, the derived key D 204 of the identifier ID, and an identifier-specific ciphertext C′ 601 of the identifier ID′, the maximum mismatch counter determiner 611 confirms, in descending order of a counter r=n−1, . . . , 0, whether an equation 0=Hash(ID′, d[r], c′[r]) holds. The counter r when this equation does not hold for the first time is set as a maximum mismatch counter r 603.” And para. [0127] “With respect to e and e′ which satisfy e, e′ε{0, 1, 2} for the maximum mismatch counter r, using the identifier ID 203, the relative value ciphertext F 503 of the identifier ID, the identifier ID′, and a relative value ciphertext F′ 602 of the identifier ID′, the relative value reconstructor 612 confirms whether f[r]=Hash3(1, ID, d[r+1])+e mod 3f[r]=Hash3(1, ID′, d[r+1])+e′ mod 3 holds. A set 604 of relative values e and e′ is generated when the equation holds.” And para. [0128] “If e−e′=(1 mod 3) for the set of e and e′, the relative value comparator and determiner 613 outputs, as the determination result R 209, a signal (for example, “0”) representing that the document of the identifier ID is larger than that of the identifier ID′. On the other hand, if e−e′=(2 mod 3), the relative value comparator and determiner 613 outputs, as the determination result R 209, a signal (for example, “1”) representing that the document of the identifier ID′ is larger than that of the identifier ID.”).
As per claim 8, O’Hare teaches a data comparison system comprising: 
a data comparison device; a first encrypted data generation device that encrypts a first plaintext (O’Hare, para. [0403] “Secure data processor 3000 then parses and splits the data it takes as input from assembled data buffer 3008…It outputs the data shares into split shares buffers 3010. At step 3104, wrapper layer 3022 obtains from stored information 3106 any suitable share information (i.e., stored by wrapper 3022 at step 3102) and share location(s) (e.g., from one or more configuration files), Wrapper layer 3022 then writes the output shares (obtained from split shares buffers 3010) appropriately (e.g., written to one or more storage devices, communicated onto a network, etc.” and para. [0406] “the original data desired to be parsed and split is plain text 3306 (i.e., the word "SUMMIT" is used as an example). It will be understood that any other type of data may be parsed and split in accordance with the present invention. A session key 3300 is generated. If the length of session key 3300 is not compatible with the length of original data 3306, then cipher feedback session key 3304 may be generated.” And para. [0407] “original data 3306 may be encrypted prior to parsing, splitting, or both. For example, as FIG. 33 illustrates, original data 3306 may be XORed with any suitable value (e.g., with cipher feedback session key 3304, or with any other suitable value)” and para. [0408] “The resultant encrypted data is then hashed to determine how to split the encrypted data among the output buckets (e.g., of which there are four in the illustrated example).”); and 
a second encrypted data generation device that encrypts a second plaintext, wherein 
the first encrypted data generation device divides the first plaintext into a plurality of blocks, and generates a first encrypted data by executing processing including encryption of the first plaintext (O’Hare, para. [0265] “A cryptographic split (cryptosplit) partitions the data into N number of shares. The partitioning can be on any size unit of data, including an individual bit, bits, bytes, kilobytes, megabytes, or larger units, as well as any pattern or combination of data unit sizes whether predetermined or randomly generated. The units can also be of different sized, based on either a random or predetermined set of values. This means the data can be viewed as a sequence of these units. In this manner the size of the data units themselves may render the data more secure, for example by using one or more predetermined or randomly generated pattern, sequence or combination of data unit sizes. The units are then distributed (either randomly or by a predetermined set of values) into the N shares. This distribution could also involve a shuffling of the order of the units in the shares. It is readily apparent to those of ordinary skill in the art that the distribution of the data units into the shares may be performed according to a wide variety of possible selections, including but not limited to size-fixed, predetermined sizes, or one or more combination, pattern or sequence of data unit sizes that are predetermined or randomly generated.” And para. [0407] “original data 3306 may be encrypted prior to parsing, splitting, or both. For example, as FIG. 33 illustrates, original data 3306 may be XORed with any suitable value (e.g., with cipher feedback session key 3304, or with any other suitable value)” and para. [0408] “The resultant encrypted data is then hashed to determine how to split the encrypted data among the output buckets (e.g., of which there are four in the illustrated example).”), 
the second encrypted data generation device divides the second plaintext into the plurality of blocks, generates a second encrypted data by executing processing including encryption of the second plaintext for each of the plurality of blocks (Furukawa, para. [0107] FIG. 3 is a block diagram showing the functional arrangement of the derived key generator 211 of the ciphertext generation apparatus 210 according to this embodiment. The derived key generator 211 generates a derived key based on the main key and the document.” And para.[0108] “The derived key generator 211 includes a deriving unit 311. The operation of the deriving unit 311 is as follows. If the main key K 201 and M=(b[0], . . . , b[n−1]) of the document M 202 are provided for each block, the derived key D 204 is generated as follows. An element d[n]=K is set as an initial value. An element b[i] 301 is selected in descending order of a counter i=n−1, . . . , 0, and used together with the main key K 201 and an element d[i+1] 303 of the derived key D to generate an element d[i] 302 of the derived key D by d[i]=Hash(K, (d[i+1], b[i])) by recursively using the deriving unit 311. As a result of repeating the above processing, the derived key D 204 is obtained as D=(d[0], d[1], . . . , d[n−1]).” And para.[0123] “the ciphertext comparison apparatus 220 includes the first ciphertext acquirer that acquires the first ciphertext encrypted by the ciphertext generation apparatus 210, the first identifier, and the first derived key. Although not shown, the ciphertext comparison apparatus 220 also includes the second ciphertext acquirer that acquires the second identifier and the second ciphertext encrypted by an apparatus having the same encryption function as that of the ciphertext generation apparatus 210. The ciphertext comparison apparatus 220 further includes the ciphertext comparator 221 that determines the magnitude relationship between the first document as the original of the first ciphertext and the second document as the original of the second ciphertext in the ciphertext form using the first ciphertext, the first identifier, the first derived key, the second ciphertext, and the second identifier.”), 
when at least one of processing of embedding a value of the first plaintext as a value indicating a magnitude comparison result in the generation of the first encrypted data by the first encrypted data generation device and processing of embedding a value of the second plaintext as a value indicating a magnitude comparison result in the generation of the second encrypted data by the second encrypted data generation device is executed (O’Hare, para. [0196] “This measure (degree of match) produced by the comparator 515 is the factor representing the basic issue of whether an authentication is correct or not. However, as discussed above, this is only one of the factors which may be used in determining the reliability of a given authentication instance. Note also that even though a match to some partial degree may be determined, that ultimately, it may be desirable to provide a binary result based upon a partial match. In an alternate mode of operation, it is also possible to treat partial matches as binary, i.e. either perfect (100%) or failed (0%) matches, based upon whether or not the degree of match passes a particular threshold level of match. Such a process may be used to provide a simple pass/fail level of matching for systems which would otherwise produce partial matches.” And para. [0213] “Once the authentication engine 215 produces an authentication confidence level for the authentication data provided, this confidence level (magnitude comparison result) is used to complete the authentication request in step 1640, and this information is forwarded from the authentication engine 215 to the transaction engine 205 for inclusion in a message (embedded) to the authentication requestor.”), 
the first encrypted data generation device transmits the first encrypted data to the data comparison device and the second encrypted data generation device transmits the second encrypted data to the data comparison device (O’Hare, para. [0130] “After the user system 105 receives the transaction ID and authentication request, the user system 105 gathers the current authentication data, potentially including current biometric information, from the user. The user system 105, at step 1015, encrypts at least the current authentication data "B" and the transaction ID, with the public key of the authentication engine 215, and transfers that data to the trust engine 110. The transmission preferably comprises XML documents encrypted with at least conventional % SSL technology. In step 1020, the transaction engine 205 receives the transmission, preferably recognizes the data format or request in the URL or URI, and forwards the transmission to the authentication engine 215.” And para. [0131] “During steps 1015 and 1020, the vendor system 120, at step 1025, forwards the transaction ID and the authentication request to the trust engine 110, using the preferred FULL SSL technology. This communication may also include a vendor ID, although vendor identification may also be communicated through a non-random portion of the transaction ID. At steps 1030 and 1035, the transaction engine 205 receives the communication, creates a record in the audit trail, and generates a request for the user's enrollment authentication data to be assembled from the data storage facilities D1 through D4. At step 1040, the depository system 700 transfers the portions of the enrollment authentication data corresponding to the user to the authentication engine 215. At step 1045, the authentication engine 215 decrypts the transmission using its private key and compares the enrollment authentication data to the current authentication data provided by the user.”), and 
O’Hare teaches all the limitations of claim 1 above, however fails to explicitly teach but Furukawa teaches:
the data comparison device compares blocks at the same position before shuffling of the first encrypted data and the second encrypted data based on the embedded value of the at least one plaintext and determines a magnitude relationship between the first plaintext and the second plaintext based on a value indicating the magnitude comparison result (Furukawa, para. [0077] “A ciphertext generation apparatus and a ciphertext comparison system including the ciphertext generation apparatus and a ciphertext comparison apparatus according to the second embodiment of the present invention will be described next. In the ciphertext comparison system according to this embodiment, a derived key generator generates a derived key based on a main key and a document…Using the first derived key generated from the first document, the first identifier of the first document, the first ciphertext including the first identifier-specific ciphertext in which the first identifier is encrypted and the first relative value ciphertext in which the first relative value is encrypted, the second identifier of the second document, and the second ciphertext including the second identifier-specific ciphertext in which the second identifier is encrypted and the second relative value ciphertext in which the second relative value is encrypted, a ciphertext comparator determines the magnitude relationship between the first document as the original of the first ciphertext and the second document as the original of the second ciphertext in a ciphertext form.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Furukawa’s ciphertext comparison into O’Hare’s method for securing data, with a motivation to provide a technique capable of comparing the magnitudes of encrypted numerical values and largely reducing the risk of information leakage while maintaining the confidentiality (Furukawa, para. [0009]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20190103959 A1 – Hash offset based key version embedding.
US 20190018968 A1 – Security reliance scoring for cryptographic processes. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437