Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Claim Interpretation
1. Limitations appearing in the specification but not recited in the claim should not be read into the claim. E-Pass Techs., Inc. v. 3Com Corp., 343 F.3d 1364, 1369, 67 USPQ2d 1947, 1950 (Fed. Cir. 2003) (claims must be interpreted "in view of the specification" without importing limitations from the specification into the claims unnecessarily) [MPEP 2106 Sec I, C].
“Though understanding the claim language may be aided by explanations contained in the written description, it is important not to import into a claim limitations that are not part of the claim. For example, a particular embodiment appearing in the written description may not be read into a claim when the claim language is broader than the embodiment.” Superguide Corp. v. DirecTV Enterprises, Inc., 358 F.3d 870, 875, 69 USPQ2d 1865, 1868 (Fed. Cir. 2004). [MPEP 2111.01 Sec II].
Thus, the Examiner interprets Applicant’s claims "in view of the specification" and does not “import into a claim limitations that are not part of the claim”.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 6 is rejected under 35 the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claimed “program” is not patentable subject matter.
Applicant may amend the claim, for example, “A non-transitory computer-readable storage medium storing instructions which when executed ………..”.



Claim Rejections - 35 USC § 103
2. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

2a. Claims 1-6 are rejected under 35 U.S.C. 103 as being unpatentable over Yoshino (US 20190147770 A1) in view of Himura (US 20140010109 A1).

2b. Summary of the Cited Prior Art
Yoshino discloses a method for data anonymization (Fig 1-11).
Himura discloses a method for data server management (Fig 1-32).

2c. Claim Analysis
Regarding Claim 1, Yoshino discloses:
A k-anonymization device comprising
[(Yoshino discloses a method for data anonymization, see:
[0047] The anonymization assist parameter is a general term for parameters to be used for k-anonymization. The anonymization assist parameter may contain, for example, a k-value, a k-anonymization algorithm, and an attribute to be anonymized (or column number or row number of encrypted database to be anonymized).
Figs 1-11)]:
a list creation unit that creates, based on generalization hierarchies about attribute values of attributes of a database, lists of values
[(Yoshino discloses a management server to generate hierarchies database with a plurality of lists based on attributes of the data, see:
[0050] (9) Generalization Hierarchy Tree
[0051] The generalization hierarchy tree is data to be used for a procedure of re-encoding (anonymizing) data, which is generally defined for each attribute. As illustrated in a generalization hierarchy tree 112A of FIG. 5B described later, a generalization hierarchy tree is given to a single attribute (attribute 1 in example of FIG. 5B). Values (e.g., a, b, and ab) are labeled on nodes in the generalization hierarchy tree, and the nodes have a connection structure. Each node is given a height in the generalization hierarchy tree, and for example, in the generalization hierarchy tree 112A, a node {*} is at the highest position, followed by nodes {abc, def} and {bc, de}, and lastly, by nodes {a, b, c, d, e, f} (namely, at the lowest position). Of the nodes directly connected by a line, a node at the higher position is called “parent node”, and a node at the lower position is called “child node”. Further, a node that does not have a parent node is called “root node”, and a node that does not have a child node is called “leaf node”. The leaf node directly indicates an original value of data, and for example, the value {a, b, c, d, e, f} in the attribute 1 of a plane text database 111 of FIG. 4B described later is assigned as the label of a leaf node. A position at which the node height is the lowest is set as a layer 0, and as the position becomes higher by one level, the layer is increased by one level. For example, the generalization hierarchy tree 112A has four kinds of layers, namely, the layer 0, a layer 1, a layer 2, and a layer 3. In the anonymization technology disclosed in the first embodiment, the generalization hierarchy tree is used for a procedure of re-encoding (anonymizing) data. For example, in the generalization hierarchy tree 112A, values {a, b, c, d, e, f} of the plain text space of data are enumerated at the layer 0. {bc}, which is a value obtained by re-encoding {b, c}, and {de}, which is a value obtained by re-encoding {d, e}, are at the layer 1. {abc}, which is a value obtained by re-encoding {a} and {bc}, and {def}, which is a value obtained by re-encoding {de, f}, are at the layer 2. A symbol {*}, which is a value obtained by re-encoding {abc, def}, is at the layer 3.
[0056] The management server 200 uses encrypted anonymization assist information 200B to create anonymized encrypted data 200C, which is obtained by anonymizing the encrypted data 200A, and provides the anonymized encrypted data 200C to the decryption PC 300 via the network 400. The decryption PC 300 uses a decryption key 300B to decrypt anonymized encrypted data 300C to obtain anonymized data 300A.
[0057] In the processing described above, the management server 200 can create anonymized data, and at the same time, content of data is not disclosed to the management server 200 due to encryption. Therefore, the data registration service provider (registration PC 100) can safely entrust anonymization processing of highly confidential data to the cloud system (management server 200).
Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)];
each being obtained by generalizing each attribute value of each attribute of the database to each generalization level of the corresponding generalization hierarchy, and codes representing the values
[(Yoshino discloses a management server to generate hierarchies database with a plurality of lists based on attributes of the data, see:
[0050] (9) Generalization Hierarchy Tree
[0051] The generalization hierarchy tree is data to be used for a procedure of re-encoding (anonymizing) data, which is generally defined for each attribute. As illustrated in a generalization hierarchy tree 112A of FIG. 5B described later, a generalization hierarchy tree is given to a single attribute (attribute 1 in example of FIG. 5B). Values (e.g., a, b, and ab) are labeled on nodes in the generalization hierarchy tree, and the nodes have a connection structure. Each node is given a height in the generalization hierarchy tree, and for example, in the generalization hierarchy tree 112A, a node {*} is at the highest position, followed by nodes {abc, def} and {bc, de}, and lastly, by nodes {a, b, c, d, e, f} (namely, at the lowest position). Of the nodes directly connected by a line, a node at the higher position is called “parent node”, and a node at the lower position is called “child node”. Further, a node that does not have a parent node is called “root node”, and a node that does not have a child node is called “leaf node”. The leaf node directly indicates an original value of data, and for example, the value {a, b, c, d, e, f} in the attribute 1 of a plane text database 111 of FIG. 4B described later is assigned as the label of a leaf node. A position at which the node height is the lowest is set as a layer 0, and as the position becomes higher by one level, the layer is increased by one level. For example, the generalization hierarchy tree 112A has four kinds of layers, namely, the layer 0, a layer 1, a layer 2, and a layer 3. In the anonymization technology disclosed in the first embodiment, the generalization hierarchy tree is used for a procedure of re-encoding (anonymizing) data. For example, in the generalization hierarchy tree 112A, values {a, b, c, d, e, f} of the plain text space of data are enumerated at the layer 0. {bc}, which is a value obtained by re-encoding {b, c}, and {de}, which is a value obtained by re-encoding {d, e}, are at the layer 1. {abc}, which is a value obtained by re-encoding {a} and {bc}, and {def}, which is a value obtained by re-encoding {de, f}, are at the layer 2. A symbol {*}, which is a value obtained by re-encoding {abc, def}, is at the layer 3.
[0087] The above-mentioned procedure is an example of encrypting the generalization hierarchy tree of one attribute (e.g., attribute 1). However, the registration PC 100 can also encrypt generalization hierarchy trees of other attributes (e.g., attribute 2, . . . , attribute n) with the query encryption function of the searchable encryption in the same manner.
Fig 5A, Steps S121-S123; Fig 5C, Hierarchical Attribute Tree; Fig 6; Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)];
a list storage in which the created lists are stored [(see Fig 1, Anonymized Encrypted Data 200C; Fig 2, Storage Apparatus 203)];
a search unit that searches for a node with k-anonymity, based on an assumption that a lattice structure is made up of nodes representing generalization levels of the attributes of the database, 
[(Yoshino discloses searchable k-anonymity data that can be searched and decrypted with keys, see:
[0044] (6) Searchable Encryption
[0045] The searchable encryption has a function of encrypting/decrypting data and a function of encrypting a query. The searchable encryption can compare encrypted data with an encrypted query while encryption of the encrypted data is maintained, to determine whether or not original data is equal to a value of the query. In one embodiment of this invention, this determination function outputs 0 or 1. The value of 0 means that the original data is equal to the value of the query, whereas the value of 1 means that the original data is not equal to the value of the query. Even searchable encryption that does not have a decryption function at the cryptographic primitive level can be combined with another cryptographic primitive to construct searchable encryption
[0056] The management server 200 uses encrypted anonymization assist information 200B to create anonymized encrypted data 200C, which is obtained by anonymizing the encrypted data 200A, and provides the anonymized encrypted data 200C to the decryption PC 300 via the network 400. The decryption PC 300 uses a decryption key 300B to decrypt anonymized encrypted data 300C to obtain anonymized data 300A.
Fig 3, Decryption PC 300; Fig 6, Steps S211-S212; see also Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)];
of the lattice structure in parallel by determining whether a generalized database obtained by generalizing the database to generalization levels corresponding to each node of the lattice structure has k-anonymity based on the generalized database represented by the codes, which is obtained by referring to the lists read from the list storage
[(Yoshino discloses searching and decrypting the hierarchical tree with keys, the decrypt keys work concurrently as known in the art, see:
[0081] The encrypted generalization hierarchy tree is obtained by encrypting a node of the generalization hierarchy tree with a query encryption function of searchable encryption. For example, as illustrated in FIG. 5B, when the generalization hierarchy tree 112A is encrypted, an encrypted generalization hierarchy tree 122A is obtained. The notation “Q( )” represents an encrypted query, and for example, Q(a) represents an encrypted query of the value “a”. The management server 200 does not have a decryption key for decrypting encrypted data, and thus, for example, cannot decrypt the encrypted attribute value E(a) and know the attribute value “a”. However, the management server 200 can use the encrypted query Q(a) to retrieve the encrypted data E(a) contained in the encrypted database 121 without decrypting the encrypted data E(a). In this mariner, for example, the management server 200 can count the number of pieces of encrypted data E(a) contained in the encrypted database 121.
[0083] In FIG. 5D, a correspondence table 115A relating to the generalization hierarchy tree 112A is shown. The encrypted query and the encrypted data are not required to have a one-to-one relationship. For example, when there are a plurality of decryption PCs 300 that have different decryption keys (k1, k2, . . . ), as shown in a correspondence table 115B of FIG. 5E, one encrypted query may be associated with pieces of encrypted data for respective decryption keys. Further, the encrypted query and the encrypted data may have a many-to-many relationship.
[0084] The encrypted data for the decryption PC 300 held in the correspondence table is encrypted data for replacement, which is used to replace encrypted data retrieved through use of an encrypted query, and is encoded so that the encrypted data can be decoded by the decryption key 300B of the decryption PC 300. For example, when the decryption PC 300 holds a secret key of the public key cryptography as the decryption key 300B, the registration PC 100 may use its corresponding public key to generate encrypted data for replacement dedicated to the decryption PC 300, and register the encrypted data for replacement with the correspondence table 115A. Similarly, when there are a plurality of decryption PCs 300, the registration PC 100 may use public keys corresponding to their secret keys held by the respective plurality of decryption PCs 300 to generate pieces of encrypted data for replacement dedicated to the decryption PCs, and register those pieces of encrypted data for replacement with the correspondence table 115B. It is to be understood that an encryption key of the common key cryptography may be used to create encrypted data for replacement.
Fig 3, Decryption PC 300; Fig 6, Steps S211-S212; see also Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)];
an output unit that outputs a generalized database obtained by generalizing the database to generalization levels corresponding to a node with k-anonymity, which was found by the search, of the lattice structure
[(Yoshino discloses output unit that outputs generalized database k-anonymity data, see:
[0059] As illustrated in FIG. 2, the management server 200 is formed by an internal signal line 204 coupling a central processing unit (CPU) 201, a memory 202, a storage apparatus 203, an input apparatus 205, an output apparatus 206, a reading/writing apparatus 207, and a communication apparatus 208 to one another. A program is stored in the storage apparatus 203. The program is loaded into the memory 202 for execution by the CPU 201. In the following description, processing executed by the management server 200 is, in actuality, executed by the CPU 201 controlling the memory 202, the storage apparatus 203, the input apparatus 205, the output apparatus 206, the reading/writing apparatus 207, and the communication apparatus 208 as necessary.
Fig 2, Output Apparatus 206; see also Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)].
Yoshino does not use the term “search unit”.
However, Himura discloses about search unit:
a search unit that searches for a node with k-anonymity
[(Himura discloses about search unit, see:
[0104] The recursive search unit 272 sets an arbitrary virtual resource as a search origin and recursively searches adjacent resources in order to identify a partial topology corresponding to the tenant topology from the overall topology temporary management DB 251.
Fig 2, Recursive Search Unit 272, Figs 3-7)].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Yoshino’s method for data anonymization with Himura’s method for data server management with the motivation being to solve the problems of the conventional methods (Himura, Para [0010]).

Regarding Claim 2, Yoshino discloses:
wherein when the database is compressed, the list creation unit decompresses the database and creates the lists based on the decompressed database
[(Yoshino discloses compressing k-anonymity data, and decompress the data when decrypt as implies, see:
[0155] In the creation (Step S222b) of the generalization hierarchy tree with frequencies in the processing of aggregating frequencies of parent nodes and creating the generalization hierarchy tree with frequencies, the management server 200 in the second embodiment may adopt information entropy as an evaluation function, and use a compression technique such as Huffman coding or Hu-Tucker coding so that a loss of this information entropy is minimized, to thereby create the generalization hierarchy tree. Those techniques are described in detail in US 2013/0138698 A1.
Fig 1, k-anonymization, Anonymized Encrypted Data 200C; Figs 3, 4A-4B; Figs 5A-5E, Hierarchy Tree; see also Figs 8A-8C, 9A-9C and 10-11)].

Regarding Claim 3, Yoshino does not discloses depth-first search.
However, Himura discloses:
wherein the search unit conducts a depth-first search for a node with k-anonymity of the lattice structure in parallel
[(see:
[0212] …….. Furthermore, a plurality of partial topologies (or topologies of a plurality of virtual networks) can be extracted by repeating the processing for selecting another new arbitrary node after extraction of one partial topology, setting the selected node as a new search origin, and sequentially searching for nodes having the connection relationship with this origin. Components of a partial topology include a series of nodes and a series of edges which are obtained by the search. As the search method, any appropriate method may be used such as a width-first search or a depth-first search.
Fig 2, Recursive Search Unit 272, Figs 3-7)].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Yoshino’s method for data anonymization with Himura’s method for data server management with the motivation being to solve the problems of the conventional methods (Himura, Para [0010]).

Regarding Claim 4, Yoshino does not discloses depth-first search.
However, Himura discloses:
 wherein the search unit conducts a width-first search for a node with k-anonymity of the lattice structure in parallel
[(see:
[0212] …….. Furthermore, a plurality of partial topologies (or topologies of a plurality of virtual networks) can be extracted by repeating the processing for selecting another new arbitrary node after extraction of one partial topology, setting the selected node as a new search origin, and sequentially searching for nodes having the connection relationship with this origin. Components of a partial topology include a series of nodes and a series of edges which are obtained by the search. As the search method, any appropriate method may be used such as a width-first search or a depth-first search.
Fig 2, Recursive Search Unit 272, Figs 3-7)].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate Yoshino’s method for data anonymization with Himura’s method for data server management with the motivation being to solve the problems of the conventional methods (Himura, Para [0010]).

Regarding Claim 5, the claim discloses similar features as of Claim 1, and is rejected based on the same rationales of Claim 1.
Regarding Claim 6, the claim discloses similar features as of Claim 1, and is rejected based on the same rationales of Claim 1.





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jung-Jen Liu whose telephone number is 571-270-7643.  The examiner can normally be reached on Monday to Friday, 9:00 AM to 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kwang B. Yao can be reached on 571-272-31823182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





	


/JUNG LIU/Primary Examiner, Art Unit 2473