Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 12/8/2021 & 12/8/2021 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.

Previous Claim Objections
Claim objection maintained:
In claim 8, the use of “an access control list” is found twice.  Is the second occurrence of “an access control list” referring to a second access control list or is this the original access control list after being modified? The applicant is requested to either amend the claims to further clarify this distinction or is requested to indicate in a response that the two access control lists are different. 
The examiner notes that the applicants amendments to the claims did not address this objection (by removing the second instance of “an access control list”), and additionally, the applicant did not describe on the bottom of page 8 of the remarks why a second instance of “an access control list” is necessary.
Thus, the objection to claim 8 for including two instances of “an access control list” is maintained by the examiner.
Claim objections withdrawn:
In light of the applicant’s amendments, the other claim objections included in the previous Office action mailed 9/08/2021 have been withdrawn.

Previous Claim Rejections - 35 USC § 112


Response to Applicant’s Arguments regarding independent claim rejections Under 35 U.S.C. 103
	These arguments were included on pages 9-11 of the applicant’s response, with the examiner’s emphasis in bold:
Claims 5-11, 15-23, and 26-27 stand rejected as unpatentable over Patti, in view of Arngren and further in view of Zargarian. Claim 5 has been rejected partly on the grounds that it would have been obvious, in view of Arngren, to have introduced to Patti the features of "apply a lossy feature extraction algorithm to the plaintext data, to extract a feature set" and "send the encrypted feature set to a feature server". Applicant respectfully disagrees. 
The Examiner has the initial burden of showing a primafacie case of obviousness. See In re Kahn, 441 F.3d 977, 985-86 (Fed. Cir. 2006). In order to establish a primafacie case of obviousness, each and every limitation of the claims must be considered. See M.P.E.P. § 2143.03 citing In re Wilson, 424 F.2d 1382, 1385, 165 USPQ 494, 496 (CCPA 1970). There must be an apparent reason for one of ordinary skill in the art to combine known elements in the fashion claimed by the patent at issue. This analysis should be made explicit. See KSR International Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007), citing In re Kahn, 441 F. 3d 977, 988 (CA Fed. 2006). 
Arngren teaches an indexing server that allows "family members" to "query and discover content across their respective client devices" (Arngren, paragraph 0032). Notably, while the indexing server maintains an index of the content, based on "structure-searchable data" it receives from the client devices (e.g., Arngren, paragraph 0047), the multimedia files themselves remain "stored on the remote client devices" (Arngren, paragraph 0009). 
By contrast, Patti teaches "securely storing a plurality of encrypted data objects" on a server (Patti, paragraph 0010). For instance, paragraph 0038 describes how an encrypted data object may be stored "on server 140", as shown in Fig. 1 of Patti. 
Nothing in Arngren or Patti provide an apparent reason to lead the person of ordinary skill in the art to consider combining these teaching to arrive at the combination of features in claim 5-specifically, the features of sending an "encrypted feature set [extracted from plaintext data by a lossy feature extraction algorithm] to a feature server" while also encrypting the same plaintext data using a cryptographic encryption key, associated with an access control list of entities that are permitted to decrypt the encrypted plaintext data. 
The Examiner contends that it would have been obvious to the person of ordinary skill in the art to combine these teachings into a single system because all three documents are "directed to the art of security and privacy for the purpose of keeping user's data out of the public eye" (Office Action, page 7, lines 1-2). However, Applicant respectfully submits that Arngren is not concerned with security or privacy at all. On the contrary, Arngren seeks to facilitate the sharing of multimedia content between members of a family and does not anywhere contain the terms "security" or "privacy". 

The previous Office action mailed on 9/08/2021 in the middle of page 7, at the end of the prior art 
Similarly, Arngren describes authenticating a user in (39) which states, “registration step 305 may comprise creating authentication credentials (e.g., username/password), specifying a group of devices to which the device belongs, and/or other setup steps.” Arngren in (70-71) further discuss the specifics of authentication in figure 6.

Because the examiner in the previous rejection of claim 5, addressed Arngren’s use of authentication techniques, the examiner previously asserted and continues to assert that Arngren is concerned with security.
Further, the examiner asserts that modifying Arngren’s SSD (keyword extractor) to also include the SSL encryption of [0029] would be obvious to one of ordinary skill in the art. 

As set forth in the M.P.E.P, the claimed combination cannot change the principle operation of the primary reference or render the reference inoperable for its intended purpose. See M.P.E.P. §2145 and 2143.01. Indexing content that is stored on remote client devices, as Arngren teaches, would undermine the technical purpose of Patti, which relates to the secure storage of data on a server. The person of ordinary skill in the art would therefore not have considered combining their teaching, and would also not have been able to without negating the teachings of Patti with regard to security. Claim 5 therefore represents a non-obvious development over the cited art. Method claim 10 recites corresponding features to system claim 5 and is patentable for at least the same reasons. 

	The examiner asserts that Arngren is cited for teaching that a structure-searchable data SSD that is a hierarchy of keywords (e.g., list of words used in an email, where the order of the words is removed from the hierarchy of keywords), where the search is performed on the client device. The examiner continues to allege that Arngren’s SSD teaches “apply a lossy feature extraction algorithm to the plaintext data, to extract a feature set.”
Moreover, the examiner disagrees that the combination would render Patti inoperable due to Arngren’s indexing of data on  a remote client device because Patti is cited for teaching the access control list. Thus, the examiner does not find that the combination would change the principle of operation of the primary reference or render it inoperable.   

Claim 8 recites a key server which is configured for use in methods such as the method of claim 10. It stands rejected in light of Patti, Arngren and Zargarian. However, 
Among other features, claim 8 recites the key server being configured, "if the entity is on the access control list, to retrieve or generate a cryptographic decryption key associated with the incoming data identifier, and to send the cryptographic decryption key associated with the incoming data identifier to the electronic decryption apparatus". 
Examiner asserts, at page 10 of the Office Action, that this "cryptographic decryption key" is met by the "meta-data" feature of Patti, and quotes paragraph 0081 of Patti in support of this. This passage of Patti recites that "if the user does have permission to write the data object, server 140 may store the encrypted data object and selected meta-data". 
Meta-data in Patti is said to include "data object names, accounting records, encryption methods, ACL key identifiers, initialization vectors, and any other data useful for managing data objects" (Patti, paragraph 0053). However, Applicant can find no suggestion in Patti of this meta-data including a cryptographic decryption key, as required by claim 8. Furthermore, paragraph 0081 of Patti teaches storing meta-data, which is very different from sending a cryptographic decryption key to the electronic decryption apparatus, as claim 8 requires. Applicant submits that at least this feature of claim 8 is not known from the combination of cited references, and the claim 8 is patentable over the cited art.

The examiner has modified the rejection of the last three limitation of claim 8, which used to rely upon Patti [0081-82] with an updated rejection relying of Patti [0029] and [0078], as included below. The examiner has also made additions to the rejections of the other limitations in claim 8.
The Examiner has also removed Zargarian as a reference in the rejections of claims 8-11 and 26-27. 
The examiner notes that the applicant did not include arguments regarding any distinguishing characteristics of independent claim 10.

Response to Applicant’s Arguments regarding Rejections of claims 24-25 Under 35 U.S.C. 103
	These arguments were included on pages 11-13 of the applicant’s response:

Claims 24 and 25 stand rejected as unpatentable over Patti, in view of Arngren, in view of Zargarian, and further in view of Ramzan. Claim 24 depends from claim 23 which in turn depends from 5, and recites the additional limitation that "the feature server is further configured to extract or process information in the encrypted feature set without fully decrypting the feature set." Examiner asserts it would have been obvious in view of Ramzan to have introduced this feature to the combination of Patti, Arngren and Zargarian. Applicant respectfully disagrees for at least for the following reasons. 
Ramzan teaches computationally-efficient private information retrieval (PIR) methods for enabling a user to query a database without allowing the database owner to determine the query (paragraph 0033). By contrast, Arngren teaches an indexing server Arngren does not contain any teaching regarding privacy, but rather seeks to facilitate the sharing of content between members of a family-i.e., between trusted individuals. 

The previous Office action mailed on 9/08/2021 in the middle of page 7, at the end of the prior art rejection of independent claim 5, stated:
Similarly, Arngren describes authenticating a user in (39) which states, “registration step 305 may comprise creating authentication credentials (e.g., username/password), specifying a group of devices to which the device belongs, and/or other setup steps.” Arngren in (70-71) further discuss the specifics of authentication in figure 6.

Because the examiner in the previous rejection of claim 5, addressed Arngren’s use of authentication techniques, the examiner previously asserted and continues to assert that Arngren is concerned with security.
Further, the examiner asserts that modifying Arngren’s SSD (keyword extractor) to also include the SSL encryption of [0029] would be obvious to one of ordinary skill in the art. 
Firstly, Arngren therefore provides no motivation to implement a private information retrieval (PIR) protocol when sending queries to the indexing server. Secondly, the person of ordinary skill in the art could not apply the teaching of Ramzan to Arngren without undermining the correct technical operation of Arngren. 
Ramzan teaches a method "comprising obtaining an index corresponding to information to be retrieved from the database and generating a query that does not reveal the index to the database" (Ramzan, paragraph 0018), where the index "represents an address specifying a specific location in the database" (Ramzan, paragraph 0073). However, the server of Arngren does not host a database that can be queried by a simple address. Rather, it teaches the queries comprising "one or more keywords and/or multimedia content" (Arngren, paragraph 0096) with the server services by "correlating keywords with file names and/or segments most relevant to that keyword" (Arngren, paragraph 0089). The private information retrieval (PIR) methods taught by Ramzan are not compatible with the searching performed by the indexing server of Arngren. 

	The examiner points out that Ramzan is not being used to modify Arngren, but rather to modify the data storage in Patti. Arngren merely teaching providing the SSD data (e.g., keywords) to the database of Patti. 
For both these reasons, Applicant submits that dependent claim 24 (and also claim 25 which depends from claim 24) is not obvious in view of the cited combination of documents.
	
For the reasons given above, the arguments regarding claims 24-25 are not persuasive.  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8-11 and 26-27 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. 2013/0073854 to Patti et al.  (hereinafter “Patti”) in view of U.S. 9,633,015 to Arngren et al.  et al. (hereinafter “Arngren”).
Regarding claim 8 Patti teaches,
A key server (Patti’s server 140) configured: 
to receive an access control list from an electronic encryption apparatus; 
(Patti, step 615 of figure 6)
to send a cryptographic encryption key to the electronic encryption apparatus; 
(Patti, step 625 of figure 6)
Patti and Arngren teach the following features,
to exchange a data identifier with the electronic encryption apparatus; 
Arngren teaches the above recitation, because Arngren describes the “content index 275” that corresponds to the “data identifier.” Additionally, Patti in [0052] describes a “data object identifier” and Patti teaches identifiers for data objects in [0078], which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added) (See also the rejection of claim 5, where Arngren is relied upon to teach a “structure-searchable data” (SSD) which is a hierarchy of extracted keywords from an email or a message.) 
Patti teaches,
to store the data identifier and the access control list, in mutual association in a data store; 

to receive, from an electronic decryption apparatus, an incoming data identifier; 
Patti at [0047] teaches an “object identifier” (“data identifier”) along with Patti in [0052] describes a “data object identifier.” Additionally, in fig. 7 and [0078] at step 705 a user 110 specifies a data object. User 110 may select a data object from a list displayed by client device 120. 
Similarly, Patti in the first sentence of [0077] teaches in Step 705 of fig. 7 that the user 100 specifies (i.e., selects) a data object (selects or specifies a “data identifier” of the claim), which leads to request 710 from the client 120 to the server 140.
[0098] of the printed publication of the application describes the “data identifier” and the “incoming data identifier” as being the same data identifier. For example,  [0098] states, “[0098] The key server may be configured to store the cryptographic decryption key corresponding to the cryptographic encryption key in the data store, preferably in mutual association with the data identifier and/or the access control list. It may then retrieve the decryption key in response to receiving the associated data identifier as an incoming data identifier from an electronic decryption apparatus.” (emphasis added) Thus, the Examiner will treat “data identifier” and the “incoming data identifier” as the same identifier.
to receive, from the electronic decryption apparatus, an identification of an entity; 
Patti describes the ALC including a data structure that identifies username fields (i.e., “entity”).  Patti in [0054] states, “Generally, ACL storage 350 may include a data structure similar to data structure 400 for each ACL stored on the server. Data structure 400 may include multiple fields for information about an ACL. Data structure 400 may include: ACL identifier field 405, ACL owner field 410, ACL namespace field 415, username field 420, permissions field 430, and encrypted ACL key field 440.” (emphasis added)
The examiner asserts that it would be obvious for the client 120, in figs. 5-7 of Patti to perform authentication before providing confidential information (e.g., ACLs and ACL keys in Step 715 of fig. 7). This authentication and the use of secure communications channels, is taught in [0029] of Patti, to 
 to identify, in the data store, an access control list associated with the incoming data identifier; 
Patti in [0077] states, “Method 700 may begin at step 705 where a user 110 specifies a data object. User 110 may select a data object from a list displayed by client device 120. Server 140 may provide a list of available data objects to client device 120 whenever client device 120 connects to server 140. Server 140 may maintain an index of data objects associated with each ACL.” (emphasis added) 
to use the incoming data identifier to identify the access control list in the data store;
Patti in [0077] (included above) teaches that the user specifies the data object. The server maintains a list of ACLs that are associated with each data object. Thus, the user specifying the data object enables server 140 to identify at least one ACL.
to check whether the entity is on the access control list; and 
if the entity is on the access control list, 
Patti in [0078] teaches that the client 120 sends a request for an encrypted ACL key of the user and that in response the server 140 may send the client 120 the ACL information and the ACL key. 
The examiner asserts that the server 140 only sends the ACL information and ACL key in Step 715 of fig. 7, if the client 120 is properly authenticated. 
The examiner asserts that it would be obvious to modify fig. 7 of Patti to include the server’s authentication protocols and secure communications channels, as taught in [0029] of Patti, to determine that the requesting user is authorized to access the data. One of ordinary skill in the art would be motivated to perform such an authentication to ensure that ACL keys and ACL information is not be given to any Client connecting to the server 140. 
to retrieve or generate a cryptographic decryption key associated with the incoming data identifier, and 
to send the cryptographic decryption key associated with the incoming data identifier to the electronic decryption apparatus. 
Patti in [0078] in Step 715 teaches the server 140 may (i.e., after proper authentication) send client device 120 (“electronic decryption apparatus”) the ACL and the encrypted ACL key. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, which teaches the passing of access control lists (ACLs) between a client and server, with Arngren’s teaching of a structure-searchable data SSD that is a hierarchy of keywords (e.g., list of words used in an email, where the order of the words is removed from the hierarchy of keywords), performed on a client. One of ordinary skill in the art would have been motivated to perform such an addition so that the ACL of Patti could be used to determine who is allowed to receive specific data, where the specific data are keywords and relevance data, as taught by the last sentence of Arngren’s Abstract.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, which includes the use of an SSL secure channel or HTTPS secure communication as taught in [0029] of Patti or the storage or encrypted data as taught in the first sentence of the Abstract of Patti, in order to encrypt the SSD data (extracted keywords) extracted in Arngren. One of ordinary skill in the art would have been motivated to perform such a modification in order to store the SSD data of Arngren in a secure manner.

Regarding claim 9, Patti and Arngren teach,
The key server of claim 8, configured to 
generate said cryptographic encryption key in response to receiving the access control list. 
(Patti step 625 User public keys, being sent to client device in figure 6)

Regarding claim 10, Patti and Arngren teach,
Patti teaches,
A method comprising, performed by an electronic encryption apparatus, the method comprising: (Patti client device 120)  
receiving an instruction to encrypt plaintext data to generate encrypted data; 
(Figure 7 of Patti depicts, in response to receiving 715 access control list (ACL) and ACL Key, the client device 120 that 725 encrypts data.)  
receiving an access control list that identifies one or more entities that are to be permitted to decrypt the encrypted data; 
Figure 8 of Patti depicts the client 120 receiving 815 ACL, where the access control list includes data regarding the files that the client has privileges to access. Additionally, Patti in [0007] describes multiple user accounts being linked to ACL. [0007] states, “In various alternative embodiments, the record of user accounts may include at least one administrative account and the record of at least one other user account may be linked to the administrative account, wherein the access control module requires an administrative account to have access to any ACL to which the linked user account has access.”(emphasis added)
sending the access control list to a key server; 
Patti figure 6, the client device 120 in step 615 sends the access control list (ACL) to server 140 (i.e., “key server”).
receiving, from the key server, a cryptographic encryption key; 
Patti figures 6-8, all show keys being sent from the server 140 to the client 120, in steps: 625, 715, and 815.
Patti fails to specifically teach the recitation of, 
exchanging, with the key server, a data identifier for the plaintext data; 
However, Arngren teaches the above features,
Arngren teaches the above recitation, because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] identifiers of data objects associated with the ACL.” (emphasis added)
applying a lossy feature extraction algorithm to the plaintext data, to extract a feature set; 
Arngren in (5) describes identifying features of one or more keywords that are segmented in order to create a searchable data structure.  For example, (5) of Arngren states, “The method comprises using a client device to segment the content of the multimedia file into a plurality of segments and to determine structure-searchable data for each segment. Determining structure searchable data for a segment comprises (1) identifying one or more features of respective multimedia types in the segment; (2) correlating each of the identified features to one or more respective keywords; and (3) calculating one or more respective relevance factors for each of the keywords, where at least one of the relevance factors is based on one or more characteristics of the client device. The method also comprises the client device transmitting the structure-searchable data (including the keywords, relevance factors, and respective media types of the identified features) to an indexing server. In some embodiments, the client device may transmit the multimedia file in response to receiving a request from the indexing server.”)
encrypting the feature set to generate an encrypted feature set; 
It would be obvious to one of ordinary skill in the art to use the encryption methods taught in Patti, such as the SSL or HTTPS client server encryption protocols discussed in [0029] of Patti,  in order to encrypt the “feature set” which is taught by Arngren. Additionally, Arngren in (32) teaches authentication using a password, credentials and user name.)
Additionally, the Examiner notes that the encryption described in [0164] of the printed publication of the application states, “the first communication device 3 then initiates a secure communication exchange 10 with the feature server 7 (e.g., using SSL or HTTPS).” However, the applicant’s specification does not describe using a key from the key server to encrypt a feature set. Thus, the Examiner interprets encrypting the “feature set” as being performed with a key and/or encryption key that is different than the key and encryption used by the key server. 
sending the encrypted feature set to a feature server; 

using the received cryptographic encryption key to encrypt the plaintext data, to generate the encrypted data; and  
Figure 7 of Patti shows, the client device 120 that 725 encrypts data. It would be obvious for one of ordinary skill in the art to use the encryption described in Patti to encrypt the structure searchable data of Arngren (i.e., “feature set”).
storing the encrypted data and the data identifier. 
Patti in Step 725 encrypts the data, which would then inherently have to be stored in a memory before sending the data to the server 140, in Step 730.  Regarding the data identifier, Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added). Again, because both Arngren and Patti teach identifiers, it is inherent that these identifiers are stored in a memory.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, which teaches the passing of access control lists (ACLs) between a client and server, with Arngren’s teaching of a structure-searchable data SSD that is a hierarchy of keywords (e.g., list of words used in an email, where the order of the words is removed from the hierarchy of keywords), performed on a client. One of ordinary skill in the art would have been motivated to perform such an addition so that the ACL of Patti could be used to determine who is allowed to receive specific data, where the specific data are keywords and relevance data, as taught by the last sentence of Arngren’s Abstract.


Regarding claim 11, Patti and Arngren teach,
further comprising the key server: 
receiving the access control list from the electronic encryption apparatus; 
(Patti figure 6, the client device 120 in step 615 sends the access control list (ACL) to server 140 (i.e., “key server”).)
sending the cryptographic encryption key to the electronic encryption apparatus; 
(Patti figures 6-8, all show keys being sent from the server 140 to the client 120, in steps: 625, 715, and 815) 
Patti and Arngren together teach the recitation of, 
exchanging said data identifier with the electronic encryption apparatus; and 
Arngren teaches the above recitation, because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
storing the data identifier and the access control list, in mutual association in a data store. 
(Patti in [0052] states, “Data objects within data object storage 360 may be identified by a data object identifier and may be associated with an ACL identifier.”)

Regarding claim 26, Patti and Arngren teach,
The Examiner notes that claim 26 is rejected on a similar basis as claim 21, included below.
further comprising an electronic decryption apparatus: 
receiving an instruction to decrypt the encrypted data; 
Figure 8 of Patti depicts the client 120 decrypting data.  Patti in [0088] states, “In step 840, client device 120 may decrypt the received data objects and any encrypted meta-data using the unencrypted ACL key obtained in step 820. Symmetric cryptographic engine 230 may perform the decryption.”
sending the data identifier to the key server; 
Arngren teaches sending a data identifier because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
identifying an entity to the key server; 
Patti’s client 120 in step 725 sends meta data to the server 140 that is used to identify an entity. Patti in [0081] states, “In step 730, client device 120 may send the encrypted data and selected meta-data to server 140 along with a request to write the data object. The write request may be a request to write a new data object or a request to update an existing data object. In step 735, server 140 may verify the user's permission to write a data object associated with the ACL. Server 140 may authenticate the identity of user 110 and may determine the permissions of user 110 based on the permissions of the username in the ACL stored on server 140.” (emphasis added)
receiving, from the key server, a cryptographic decryption key associated with the data identifier; and 
Patti in step 815 ACL and ACL key of figure 8 has the client device 120 receiving the ACL key from the server 140.
decrypting the encrypted data, using the cryptographic decryption key, to recover the plaintext data.  
Patti in step 840 Decrypt data of figure 8 has the client device 120 decrypting data.

Regarding claim 27, Patti and Arngren teach,
The Examiner notes that claim 27 is rejected on a similar basis as claim 22, included below.
further comprising the key server: 
receiving the data identifier from the electronic decryption apparatus; 
Arngren teaches sending a data identifier because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
receiving the identification of an entity from the electronic decryption apparatus; 
Patti’s client 120 in step 725 sends meta data to the server 140 that is used to identify an entity.
identifying, in the data store, the access control list associated with the data identifier; 
Patti in [0081] states, “In step 735, server 140 may verify the user's permission to write a data object associated with the ACL. Server 140 may authenticate the identity of user 110 and may determine the permissions of user 110 based on the permissions of the username in the ACL stored on server 140.” (emphasis added)
checking that the entity is on the access control list associated with the data identifier; and 
See step 735 of figure 7, as described above.
in response to determining that the entity is on the access control list associated with the data identifier, retrieving or generating the cryptographic decryption key associated with the data identifier, 
See also, rejection of claim 8, which is similar.  Patti in [0081], which describes figure 7, states, “In step 740, if the user does have permission to write the data object, server 140 may store the encrypted data object and selected meta-data.”
and sending the cryptographic decryption key associated with the data identifier to the electronic decryption apparatus.  


Claims 5-7 and 15-23 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. 2013/0073854 to Patti et al.  (hereinafter “Patti”), in view of U.S. 9,633,015 to Arngren et al.  et al. (hereinafter “Arngren”) and further in view of U.S. 2016/0239642 to Zargarian et al.    (hereinafter “Zargarian”). 
Regarding claim 5, Patti teaches the following recitation,
A system comprising an electronic encryption apparatus (Patti client device 120) configured to: 
receive an instruction to encrypt plaintext data to generate encrypted data; 
Figure 7 of Patti depicts, in response to receiving 715 access control list (ACL) and ACL Key, the client device 120 that 725 encrypts data.
send the access control list to a key server; 
Patti figure 6, the client device 120 in step 615 sends the access control list (ACL) to server 140. (i.e., “key server”)
receive, from the key server, a cryptographic encryption key; 
Patti figures 6-8, all depict keys being sent from the server 140 to the client 120, in steps: 625, 715, and 815.
Patti and Arngren together teach the recitation of, 
exchange, with the key server, a data identifier for the plaintext data; 
Arngren teaches the above recitation, because Arngren teaches the “content index 275” that corresponds to the “data identifier.” Additionally, Patti teaches identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
Patti fails to specifically teach the recitation of, 
apply a lossy feature extraction algorithm to the plaintext data, to extract a feature set;

Arngren in (5) states, “The method comprises using a client device to segment the content of the multimedia file into a plurality of segments and to determine structure-searchable data for each segment. Determining structure searchable data for a segment comprises (1) identifying one or more features of respective multimedia types in the segment; (2) correlating each of the identified features to one or more respective keywords; and (3) calculating one or more respective relevance factors for each of the keywords, where at least one of the relevance factors is based on one or more characteristics of the client device. The method also comprises the client device transmitting the structure-searchable data (including the keywords, relevance factors, and respective media types of the identified features) to an indexing server. In some embodiments, the client device may transmit the multimedia file in response to receiving a request from the indexing server.”
encrypt the feature set to generate an encrypted feature set; 
It would be obvious to one of ordinary skill in the art to use the encryption methods taught in Patti, such as the SSL or HTTPS client server encryption protocols discussed in [0029] of Patti or the storage of or encrypted data as taught in the first sentence of the Abstract of Patti, in order to encrypt the “feature set” (i.e., SSD of Arngren) which is taught by Arngren. Additionally, Arngren in (32) teaches authentication using a password, credentials and user name, where authentication may include the establishment of an encrypted channel.
Additionally, the Examiner notes that the encryption described in [0164] of the printed publication of the application states, “the first communication device 3 then initiates a secure communication exchange 10 with the feature server 7 (e.g., using SSL or HTTPS).” However, the applicant’s specification does not describe using a key from the key server to encrypt a feature set. Thus, 
send the encrypted feature set to a feature server; 
The “feature server” corresponds to the Indexing Server 115 of Arngren. Additionally, (5) of Arngren states, “The method also comprises the client device transmitting the structure-searchable data (including the keywords, relevance factors, and respective media types of the identified features) to an indexing server.”   Patti in [0029] teaches the encryption of the data (i.e., “encrypted feature set”), as discussed above) 
encrypt the plaintext data, using the received cryptographic encryption key, to generate the encrypted data; and 
Figure 7 of Patti shows, the client device 120 that 725 encrypts data. It would be obvious for one of ordinary skill in the art to use the encryption described in Patti to encrypt the structure searchable data of Arngren (i.e., “feature set”)
store the encrypted data and the data identifier.  
Patti in Step 725 encrypts the data, which would then inherently have to be stored in a memory before sending the data to the server 140, in Step 730.  Regarding the data identifier, Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added). Again, because both Arngren and Patti teach identifiers, it is inherent that these identifiers are stored in a memory.
Patti and Arngren fail to specifically teach the recitation of, 
receive an access control list that identifies one or more entities that are to be permitted to decrypt the encrypted data; 
However, Zargarian teaches the above recitation,
Zargarian teaches an access control list (ACL) that is used to determine if users A and B have the ability to encrypt and decrypt data. For example, Zargarian in [0039] states, “For example, during 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, which teaches the passing of access control lists (ACLs) between a client and server, with Arngren’s teaching of a structure-searchable data SSD that is a hierarchy of keywords (e.g., list of words used in an email, where the order of the words is removed from the hierarchy of keywords), performed on a client. One of ordinary skill in the art would have been motivated to perform such an addition so that the ACL of Patti could be used to determine who is allowed to receive specific data, where the specific data are keywords and relevance data, as taught by the last sentence of Arngren’s Abstract.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, which includes the use of an SSL secure channel or HTTPS secure communication as taught in [0029] of Patti or the storage or encrypted data as taught in the first sentence of the Abstract of Patti, in order to encrypt the SSD data (extracted keywords) extracted in Arngren. One of ordinary skill in the are would have been motivated to perform such a modification in order to store the SSD data of Arngren in a secure manner.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the ACL of Patti with the ACL of Zargarian that is used to determine who (which entity) is permitted to decrypt data. Figure 8 of Patti depicts the client 120 receiving 815 ACL, where the access control list includes data regarding the files that the client has privileges to access. Additionally, Patti in [0007] describes multiple user accounts being linked to ACL. Patti in [0051] also teaches usernames (“entities”) that are included in ACLs. Patti in [0081] also states, “Server 140 may username in the ACL stored on server 140.” (emphasis added) Thus, the ACL of Patti, when modified with Zargarian, includes user names that could be used to identify users (i.e., user B of Zargarian) who are allowed to decrypt data. One of ordinary skill in the art would have been motivated to perform such an addition so that the ACL of Patti could be modified by Zargarian to determine who (which entity) is permitted to decrypt data.

Regarding claim 6, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus, is further configured to receive the plaintext data into a secure environment, and to perform one or more of (i) said lossy feature extraction, (ii) encrypting the feature set, and (iii) encrypting the plaintext data, within the secure environment. (emphasis added) 
(Arngren in (5) describes identifying features of one or more keywords that are segmented in order to create a searchable data structure, which corresponds to “lossy feature extraction,” as discussed above with regards to “apply a lossy feature extraction algorithm to the plaintext data, to extract a feature set.” Additionally, figure 7 of Patti shows, the client device 120 that 725 encrypts data) 

Regarding claim 7, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus, is further configured to 
use one or more encrypted channels when (i) sending the access control list to the key server, (ii) receiving the cryptographic encryption key from the key server, and (iii) exchanging the data identifier with the key server. 
(Patti figure 6, the client device 120 in step 615 sends the access control list (ACL) to server 140 (i.e., “key server”).  Additionally, Patti in [0029] describes the server 140 (i.e., “key server”) using SSL, which is a secure channel, for communication.  Patti in [0029] states, “Server 140 may use known client-server encryption and authentication protocols such as HTTPS and SSL to provide additional security for cleartext communications. Server 140 may hold a certificate issued by a recognized commercial 
Regarding claim 15, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus (client server 120 of Patti) is further configured to transmit the encrypted data over a communication channel or network. 
(Patti figures 5-8 depict the client device 120 and server 140 communicating over a network)

Regarding claim 16, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus is further configured to 
send the encrypted data and the data identifier to one or more of the entities identified in the access control list. 
Figure 8 of Patti depicts the client 120 receiving 815 ACL, where the access control list includes data regarding the files that the client has privileges to access. Additionally, Patti in [0007] describes multiple user accounts being linked to ACL. [0007] states, “In various alternative embodiments, the record of user accounts may include at least one administrative account and the record of at least one other user account may be linked to the administrative account, wherein the access control module requires an administrative account to have access to any ACL to which the linked user account has access.”(emphasis added)  

Regarding claim 17, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus is a cell phone. 
Patti in [0027] states, “User devices 120 may include common computing devices such as personal computers, notebook computers, tablet computers, personal digital assistants, mobile phones and other electronic devices.” (emphasis added)

Regarding claim 18, Patti, Arngren, and Zargarian teach,
wherein the feature set comprises an unordered set of elements extracted from the plaintext data.  
Arngren teaches,
Arngren describes “structure-searchable data” (SSD) that is determined based on relevance in (45) of Arngren. The Examiner interprets “unordered” as corresponding to the SSD because the SSD does not have to be alphabetized and may otherwise be structured or include an index that is based on relevance or any other characteristic. Arngren in (45) states, “In such embodiments, the server need only determine the relevance of each keyword to the content containing the associated features. In some embodiments, the relevance determination step of 325 may depend on device-specific parameters and/or on group-specific parameters.” (emphasis added)

Regarding claim 19, Patti, Arngren, and Zargarian teach,
wherein the electronic encryption apparatus is further configured 
to receive response data from the feature server, and 
to change the plaintext data, or to output a message to a user, in dependence on the received response data.  
Arngren in (28) states, “Client device 200 may also include indexing client 215, which may facilitate the indexing of content 205 on indexing server 115115. In various embodiments, indexing client 215 may be configured to monitor content 205 for changes (e.g., new files, modified files, etc.), to analyze the new/updated content, and to report the analysis results to indexing server 115 115 through a network interface, such as 220.” (emphasis added)

Regarding claim 20, Patti, Arngren, and Zargarian teach,
further comprising the key server, wherein the key server is configured: 
to receive the access control list from the electronic encryption apparatus; 
Patti figure 6, the client device 120 in step 615 sends the access control list (ACL) to server 140 (i.e., “key server”).
to send the cryptographic encryption key to the electronic encryption apparatus; 
Patti figures 6-8, all show keys being sent from the server 140 to the client 120, in steps: 625, 715, and 815.
Patti and Arngren together teach the recitation of, 
to exchange the data identifier with the electronic encryption apparatus; and 
Arngren teaches the above recitation, because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
to store the data identifier and the access control list, in mutual association in a data store. 
(Patti in [0052] states, “Data objects within data object storage 360 may be identified by a data object identifier and may be associated with an ACL identifier.”)

Regarding claim 21, Patti, Arngren, and Zargarian teach,
further comprising an electronic decryption apparatus, (client device 120 of Patti) wherein the electronic decryption apparatus is configured to: 
receive an instruction to decrypt the encrypted data; 
Figure 8 of Patti depicts the client 120 decrypting data.  Patti in [0088] states, “In step 840, client device 120 may decrypt the received data objects and any encrypted meta-data using the unencrypted ACL key obtained in step 820. Symmetric cryptographic engine 230 may perform the decryption.”
send the data identifier to the key server; 
Arngren teaches sending a data identifier because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
identify an entity to the key server; 
of the username in the ACL stored on server 140.” (emphasis added).
receive, from the key server, a cryptographic decryption key associated with the data identifier; 
Patti in step 815 ACL and ACL key of figure 8 has the client device 120 receiving the ACL key from the server 140.
decrypt the encrypted data, using the cryptographic decryption key, to recover the plaintext data; and 
Patti in step 840 Decrypt data of figure 8 has the client device 120 decrypting data.
store the plaintext data.  
The Examiner asserts that after the data is decrypted in step 840, which is performed on the client device 120, that it would be inherent that the data is then stored at the end of the decryption process.

Regarding claim 22, Patti, Arngren, and Zargarian teach,
wherein the key server is further configured: 
to receive the data identifier from the electronic decryption apparatus; 
Arngren teaches sending a data identifier because Arngren describes the “content index” that corresponds to the “data identifier.” Additionally, Patti describes identifiers for data objects in [0078] which states, “The ACL information may include the user's permissions for the ACL and identifiers of data objects associated with the ACL.” (emphasis added)
to receive the identification of an entity from the electronic decryption apparatus; 
Patti’s client 120 in step 725 sends meta data to the server 140 that is used to identify an entity.
to identify, in the data store, the access control list associated with the data identifier; 
Patti in [0081] states, “In step 735, server 140 may verify the user's permission to write a data object associated with the ACL. Server 140 may authenticate the identity of user 110 and may determine the permissions of user 110 based on the permissions of the username in the ACL stored on server 140.” (emphasis added)
to check that the entity is on the access control list associated with the data identifier; and 
See step 735 of figure 7, as described above.
in response to determining that the entity is on the access control list associated with the data identifier, 
to retrieve or generate the cryptographic decryption key associated with the data identifier, and 
See also, rejection of claim 8, which is similar.  Patti in [0081], which describes figure 7, states, “In step 740, if the user does have permission to write the data object, server 140 may store the encrypted data object and selected meta-data.”
to send the cryptographic decryption key associated with the data identifier to the electronic decryption apparatus.  
See also, rejection of claim 8, which is similar.  Patti in [0082], which also describes figure 7, states, “In step 750, server 140 may send the updated meta-data to client device.”

Regarding claim 23, Patti, Arngren, and Zargarian teach,
further comprising the feature server, wherein the feature server is configured to receive the encrypted feature set from the electronic encryption apparatus and to store the encrypted feature set in a memory of the feature server.  
Arngren describes “structure-searchable data” (SSD) which can be a hierarchy of keywords.  Arngren in (5) describes identifying features of one or more keywords that are segmented in order to create a searchable data structure.  For example, (5) of Arngren states, “The method comprises using a 
The structure searchable database (SSD) of Arngren is sent to the server. 
It would be obvious to one of ordinary skill in the art to use the encryption methods taught in Patti, such as the SSL or HTTPS client server encryption protocols discussed in [0029] of Patti,  in order to encrypt the “feature set” (i.e., SSD) which is taught by Arngren. Additionally, Arngren in (32) teaches authentication using a password, credentials and user name.)

Claims 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Patti, in view of Arngren, in view of Zargarian, and further in view of U.S. 2005/0259817 to Ramzan et al. (hereinafter “Ramzan”). 
Regarding claim 24, Patti, Arngren, and Ramzan teach,
wherein the feature server is further configured to extract or process information in the encrypted feature set without fully decrypting the feature set.  
Patti in figure 7 depicts the server 140 receiving the data in step 730, and then verifying user’s write permissions regarding the data in step 735, and also storing the data in step 740.  The Examiner interprets these steps as corresponding to “process information in the encrypted feature set.”
Ramzan in [0146] states, “The processes described herein can be extended to achieve Oblivious File Transfer. The example scenario is that the querier wants a file from the database, and the database 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patti, Arngren, and Zargarian to incorporate the teachings of Ramzan incorporate the ability of extracting part of the data (i.e., a file in a database in Ramzan), as taught by Ramzan, to enable the combination of Patti, Arngren, and Zargarian to have the server 140 in Patti extract part of the encrypted information from the encrypted feature data (keyword data), without decrypting the data. One of ordinary skill in the art would have been motivated to make this modification because Patti is directed to a client server system for storing encrypted data and Ramzan is directed to allowing partial extraction of information from encrypted information without decrypting the data to enhance security by not requiring the decryption of the data, which enhances security and decreases the likelihood of hacking. 
Patti’s Abstract states, “Various exemplary embodiments relate to a system for storing encrypted data and providing access to a group of users.” (emphasis added) Similarly, Ramzan’s in paragraph [0146] describes how the private information retrieval can be used to extract partial information from an encrypted database without decrypting the database.

Regarding claim 25, Patti, Arngren, and Ramzan teach,
wherein the feature server is configured to process the encrypted feature set using a private information retrieval (PIR) protocol and to send response data to the electronic encryption apparatus, without the feature server determining the contents of the encrypted feature set, wherein the response data depends on the contents of the encrypted feature set.  
Private Information Retrieval And Oblivious Transfer” (emphasis added) Ramzan in [0012] specifically teaches a “private information retrieval protocol.”
Ramzan in [0141] states, “One embodiment of a system communicates data between a client and server to provide single-database oblivious transfer. In one embodiment, the system comprises a client component is capable of oblivious transfer database queries and transmitting such queries over a communications network to a server and an oblivious transfer response via a communications network from the server and reconstructing the database item in which it is interested. In one embodiment, the server component generates a database response and transmitting such a response over a communications network to a client.” (emphasis added)
Ramzan in [0146] states, “The processes described herein can be extended to achieve Oblivious File Transfer. The example scenario is that the querier wants a file from the database, and the database wants to limit the user to one file per query. It is possible to construct a more efficient solution than the bit-wise solution by associating each file with a prime power (rather than each l-bit string). A long file can be obliviously transferred with only constant-factor ciphertext expansion.” Thus, a database which contains multiple files on a server can extract one file from the database and provide it to the client without decrypting the entire database or the file itself.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495