DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


2.    Pending claims for reconsideration are claims 1-20. Claims 1, 3-7, 9-11, 13-16, and 18-20 have been amended.

Response to Arguments
3.    Applicant's arguments filed 04/05/2022 are moot in view of new grounds of rejection.


Information Disclosure Statement

4.	The information disclosure statement (IDS) submitted on 2/28/2022  was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5.	Claims 1-8, 11-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No.: US 7,870,398 B2 to Perng et al (hereafter referenced as Perng), in view of Pub.No.: US 2013/0191650 to Balakrishnanet al(hereafter referenced as Balakrishnan).
Regarding claim 1, Perng discloses “a method for query processing with adaptive risk decisioning” (analyze result of query for decision [Fig.4B/item 424]), “the method comprising: receiving a query( receive query [Fig.4B/422]) by a client in communication with a plurality of servers” (A query interface 114 may manipulate queries issued by the one or more clients and query results returned by the one or more database servers[Col.5/lines 58-60]).
Perng does not explicitly disclose  “each of the plurality of servers having a level of security”, each of the plurality of servers having a data source”; acquiring, by the client, a security profile of each of the plurality of servers; generating, by the client and based on the security profile, two or more subqueries from the query, each of the two or more subqueries having a data sensitivity; sending, by the client, a first subquery of the two or more subqueries to a first server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the first server, and a second subquery of the two or more subqueries to a second server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the second server, the first server processing the first subquery and the second server processing the second subquery and providing a result for the query, the result comprising combined output from the first server and the second server.
		

However, Balakrishnan in an analogous art discloses “each of the plurality of servers having a level of security” (the layers of encryption include increasing a level of security of the encryption moving toward outer layers of the encryption layers Balakrishnan [par.0009]), “each of the plurality of servers having a data source” (The DBMS server Balakrishnan [Fig.1/item 102]); “acquiring, by the client, a security profile of each of the plurality of servers” (database management system comprising an encryption query of a system Balakrishnan [par.0008]) ; “generating, by the client and based on the security profile, two or more subqueries from the query”(modify SQL query from the application Balakrishnan [Fig.2//item 202])  , “each of the two or more subqueries having a data sensitivity” (i.e. SQL modified query is optionally adjusted via encryption process Balakrishnan [Fig.2/item 204]) ; “sending, by the client”(sending by user 1 Balakrishnan [Fig.1/item 108]) , a first subquery of the two or more subqueries to a first server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the first server” (Once the onion layers in the DBMS are at the layer necessary to execute a query, the proxy transforms the query to operate on these onions. In particular, the proxy replaces column names in a query with corresponding onion names, based on the class of computation performed on that column. For example, for the schema shown in Balakrishnan [Fig.3A]), “and a second subquery of the two or more subqueries to a second server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the second server” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]) , “the first server processing the first subquery and the second server processing the second subquery and providing a result for the query, the result comprising combined output from the first server and the second server.” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service  with Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme for each data item specified in the query, and executing the encrypted query at the database system in order to provide additional security. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches a security system comprising sub querying method to also determine data integrity, and both are from the same field of endeavor. 
Regarding claim 2 in view of claim 1, the references combined disclose “wherein the query includes plaintext.” (the proxy 106 decrypts the query result from the database and sends the plaintext query result to the initiating application 104 Balakrishnan [par.0032]).
Regarding claim 3 in view of claim 1, the references combined disclose “further comprising storing, by the client, a database of security profiles of the plurality of servers” (database management system comprising an encryption query of a system Balakrishnan [par.0008]) via DBMS servers Balakrishnan [Fig.1/item 102]).
Regarding claim 4 in view of claim 3, the references combined disclose “further comprising providing, by the client, a user interface to configure the security profiles of the plurality of servers” (DBMS servers Balakrishnan [Fig.1/item 102] via database management system).
Regarding claim 5 in view of claim 1, the references combined disclose “wherein: the first subquery is unencrypted” (a plaintext primary data set 202 is available in a local (e.g., non-outsourced) environment. It is contemplated that the plaintext primary data set is in its original, unencrypted form Perng[Col.9/lines 49-51]) ; “and the first server is configured to execute the first subquery over unencrypted data of the data source associated with the first server”(the query interface receives the secondary data result and provides a data invalid notification if any definable unit of data (hat is, data satisfying the Substantive query) included in an unencrypted form of the secondary data result is not contained in an unencrypted form of the primary data result Perng[Col.4/lines 62-67]).
Regarding claim 6 in view of claim 1, the references combined disclose “wherein: the generating the two or more subqueries includes encrypting, based on an encryption scheme, the second subquery to generate an encrypted subquery” (encrypt secondary data set using secondary encryption Perng[Fig.4a/item 410]); “and the second  server is configured to execute the encrypted subquery over unencrypted data of the data source of the second server.” (Combine encrypted primary data set and encrypted secondary data set Perng [Fig.4a/item 418] via an unencrypted form of the of secondary data also see the query interface 114 is configured to issue validating queries against the data store and provide a data invalid notification if any definable unit of data included in an unencrypted form of the secondary data Perng [Col.38/lines 12-15]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein: the generating two or more subqueries includes encrypting, based on an encryption scheme”, the second subquery to generate an encrypted subquery” (encrypt secondary data set using secondary encryption [Fig.4a/item 410]); “and the second server is configured to execute the encrypted subquery over encrypted data of the data source of the second server ” (Combine encrypted primary data set and encrypted secondary data set Perng [Fig.4a/item 418] via an unencrypted form of the of secondary data also see the query interface 114 is configured to issue validating queries against the data store and provide a data invalid notification if any definable unit of data included in an unencrypted form of the secondary data Perng [Col.38/lines 12-15]).
Regarding claim 8 in view of claim 7, the references combined disclose “ wherein the encryption scheme includes a homomorphic encryption” (encrypt primary data set using third encryption to determine confirmation values Perng[Fig.4a/item 406] and then Apply mathematical modifications to confirmation values Perng [Fig.4a/item 408]).
Regarding claim 11, Perng discloses “a system for query processing with adaptive risk decisioning” (analyze result of query for decision [Fig.4B/item 424]), “the system comprising: at least one processor; and a memory communicatively coupled with the at least one processor, the memory storing instructions, which when executed by the at least one processor performs a method comprising: receiving a query( receive query [Fig.4B/422])  by a client in communication with a plurality of servers” (A query interface 114 may manipulate queries issued by the one or more clients and query results returned by the one or more database servers[Col.5/lines 58-60]).
Perng does not explicitly disclose “each of the plurality of servers having a level of security” (the layers of encryption include increasing a level of security of the encryption moving toward outer layers of the encryption layers Balakrishnan [par.0009], “each of the plurality of servers having at least one data source” (The DBMS server Balakrishnan [Fig.1/item 102]); “acquiring, by the client, a security profile of each of the plurality of servers” (database management system comprising an encryption query of a system Balakrishnan [par.0008]) ; “generating by the client and based on the security profile” (modify SQL query from the application Balakrishnan [Fig.2//item 202]), “two or more subqueries from the query, each of the two or more subqueries having a data sensitivity” (i.e. SQL modified query is optionally adjusted via encryption process Balakrishnan [Fig.2/item 204]) ; “sending, by the client”(sending by user 1 Balakrishnan [Fig.1/item 108]); “sending, by the client, a first subquery of the two or more subqueries to a first server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the first server” (Once the onion layers in the DBMS are at the layer necessary to execute a query, the proxy transforms the query to operate on these onions. In particular, the proxy replaces column names in a query with corresponding onion names, based on the class of computation performed on that column. For example, for the schema shown in Balakrishnan [Fig.3A]), “and a second subquery of the two or more subqueries to a second server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the second server” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]), the first server processing the first subquery and the second server processing the second subquery providing a result for the query, the result comprising combined output from the first server and the second server” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service  with Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme for each data item specified in the query, and executing the encrypted query at the database system in order to provide additional security. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches a security system comprising sub querying method to also determine data integrity, and both are from the same field of endeavor. 
Regarding claim 12 in view of claim 11, the references combined disclose “wherein the query includes plaintext.” (the proxy 106 decrypts the query result from the database and sends the plaintext query result to the initiating application 104 Balakrishnan [par.0032]).
Regarding claim 13 in view of claim 11, the references combined disclose “wherein the method further comprises: storing, by the client, a database of security profiles of the plurality of servers; and providing, by the client, a user interface to configure the security profiles of the plurality of servers.” (database management system comprising an encryption query of a system Balakrishnan [par.0008]) via DBMS servers Balakrishnan [Fig.1/item 102]).

Regarding claim 14 in view of claim 11, the references combined disclose “wherein: the first subquery is unencrypted” (a plaintext primary data set 202 is available in a local (e.g., non-outsourced) environment. It is contemplated that the plaintext primary data set is in its original, unencrypted form Perng [Col.9/lines 49-51]; “and first server is configured to execute the first subquery over unencrypted data of the data source associated with the first server” (the query interface receives the secondary data result and provides a data invalid notification if any definable unit of data (hat is, data satisfying the Substantive query) included in an unencrypted form of the secondary data result is not contained in an unencrypted form of the primary data result Perng [Col.4/lines 62-67]).
Regarding claim 15 in view of claim 11, the references combined disclose “wherein: the generating two or more subqueries includes encrypting, based on an encryption scheme” (encrypt secondary data set using secondary encryption Perng[Fig.4a/item 410]), “the second subquery to generate an encrypted subquery; and the second server is configured to execute the encrypted subquery over unencrypted data of the data source of the second server.” (Combine encrypted primary data set and encrypted secondary data set Perng [Fig.4a/item 418] via an unencrypted form of the of secondary data also see the query interface 114 is configured to issue validating queries against the data store and provide a data invalid notification if any definable unit of data included in an unencrypted form of the secondary data Perng [Col.38/lines 12-15]).

Regarding claim 16 in view of claim 11, the references combined disclose “wherein the processing includes: the generating two or more subquery includes encrypting, based on an encryption scheme, the second subquery to generate an encrypted subquery” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]); and the second server is configured to execute the encrypted subquery over encrypted data of the data source of the second server” (Combine encrypted primary data set and encrypted secondary data set Perng[Fig.4a/item 418] via an unencrypted form of the of secondary data also see the query interface 114 is configured to issue validating queries against the data store and provide a data invalid notification if any definable unit of data included in an unencrypted form of the secondary data Perng[Col.38/lines 12-15]).
Regarding claim 17 in view of claim 16, the references combined disclose “wherein the encryption scheme includes a homomorphic encryption” (encrypt primary data set using third encryption to determine confirmation values Perng[Fig.4a/item 406] and then Apply mathematical modifications to confirmation values Perng [Fig.4a/item 408]).
Regarding claim 20, Perng discloses “a non-transitory computer-readable storage medium having embodied thereon instructions, which when executed by at least one processor, perform steps of a method, the method comprising: receiving a query ( receive query [Fig.4B/422]) by a client in communication with a plurality of servers” (A query interface 114 may manipulate queries issued by the one or more clients and query results returned by the one or more database servers[Col.5/lines 58-60]).
Perng does not explicitly disclose “each of the plurality of servers having a level of security, each of the plurality of servers having a data source; acquiring, by the client, a security profile of each of the plurality of servers ; generating, by the client and based on the security profile, two or more subqueries from the query, each of the two or more subqueries having a data sensitivity; sending, by the client, a first subquery of the two or more subqueries to a first server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the first server, and a second subquery of the two or more subqueries to a second server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the second server, the first server processing the first subquery and the second server processing the second subquery the at least one subquery; and providing a result for the query, the result comprising combined output from the first server and the second server.
However, Balakrishnan in an analogous art discloses “each of the plurality of servers having a level of security” (the layers of encryption include increasing a level of security of the encryption moving toward outer layers of the encryption layers Balakrishnan [par.0009]), “(The DBMS server Balakrishnan [Fig.1/item 102]) “each of the plurality of servers having a data source; acquiring, by the client, a security profile of each of the plurality of servers” (database management system comprising an encryption query of a system Balakrishnan [par.0008]) ; “generating, by the client and based on the security profile, two or more subqueries from the query” (modify SQL query from the application Balakrishnan [Fig.2//item 202]), “each of the two or more subqueries having a data sensitivity” (i.e. SQL modified query is optionally adjusted via encryption process Balakrishnan [Fig.2/item 204]); “sending, by the client” (sending by user 1 Balakrishnan [Fig.1/item 108]), “a first subquery of the two or more subqueries to a first server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the first server” (Once the onion layers in the DBMS are at the layer necessary to execute a query, the proxy transforms the query to operate on these onions. In particular, the proxy replaces column names in a query with corresponding onion names, based on the class of computation performed on that column. For example, for the schema shown in Balakrishnan [Fig.3A]), “and a second subquery of the two or more subqueries to a second server of the plurality of servers when the data sensitivity of the first subquery corresponds to the level of security of the second server” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]), “the first server processing the first subquery and the second server processing the second subquery the at least one subquery” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]).; “and providing a result for the query, the result comprising combined output from the first server and the second server.” (Once the proxy has transformed the query, it sends the query to the DBMS server, receives query results (encrypted data), decrypts the results using the corresponding onion keys, and sends the decrypted result to the application Balakrishnan [par.0076]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service  with Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme for each data item specified in the query, and executing the encrypted query at the database system in order to provide additional security. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches a security system comprising sub querying method to also determine data integrity, and both are from the same field of endeavor. 

6.	Claims 9-10 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No.: US 7,870,398 B2 to Perng et al(hereafter referenced as Perng), in view in view of Pub.No.: US 2013/0191650 to Balakrishnanet al(hereafter referenced as Balakrishnan), in further view of EP 2,887,607 A1 to Ahmad Z et al(hereafter referenced as Ahmad).
Regarding claim 9 in view of claim 1, the references combined disclose “wherein: the generating two or more subqueries includes encrypting, based on an encryption scheme, second subquery to generate an encrypted subquery” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]). 

Neither Perng nor Balakrishnanet explicitly disclose “and second server is configured to: decrypt, in a Trusted Execution Environment (TEE) and based on the encryption scheme, the encrypted subquery to obtain an unencrypted subquery ; execute, in the TEE, the unencrypted subquery over unencrypted data of the data source of the second server to obtain an unencrypted result; encrypt, in the TEE and based on the encryption scheme, the unencrypted result to obtain an encrypted result of the subquery; and send the encrypted result of the subquery to the client, wherein the client is configured to decrypt, based on the encryption scheme, the encrypted result of the subquery to obtain the result of the subquery.” 
However, Ahmad teaches “and second server is configured to: decrypt, in a Trusted Execution Environment (TEE) and based on the encryption scheme” (In Step S5, the TEE-TSM server 60 receives the encrypted request and decrypts it using the public key corresponding to HUKS of the source device Ahmad[par.0044]) , “the encrypted subquery to obtain an unencrypted subquery; execute, in the TEE” (OS 20 is configured to allow the query to take place in the present instance on behalf of this specific ’Change Device’ trustlet Ahmad[par.0048), “the unencrypted subquery over unencrypted data of the at least one data source of the second server to obtain an unencrypted result; “encrypt, in the TEE and based on the encryption scheme” (Change Device" trustlet 21-encrypts the aggregated data using the public key corresponding to HUKD Ahmad[par.0049]), “the unencrypted result to obtain an encrypted result of the subquery”; and send the encrypted result of the subquery to the client” (unencrypted information is outputted and encrypted  for the destination device Ahmad[par.0019/lines 51-52]), “wherein the client is configured to decrypt, based on the encryption scheme, the encrypted result of the subquery to obtain the result of the subquery.” (decrypting the received encrypted information using said key unique to the destination device Ahmad [par.0023]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service and Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme with Ahmad’s  TEE system which utilizes a querying system in order to provide additional security as suggested by Ahmad. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches transforming the input query to an encrypted query using the selected encryption scheme, Ahmad teaches a TEE system which utilizes a querying system and all are from the same field of endeavor 
Regarding claim 10 in view of claim 1, the references combined disclose “wherein: the generating two or more subqueries includes encrypting, based on an encryption scheme” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]), the at least one subquery to generate an encrypted subquery” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]).
Neither Perng nor Balakrishnan explicitly disclose “and second server is configured to: decrypt, in a Trusted Execution Environment and based on the encryption scheme, the encrypted subquery to obtain an unencrypted subquery; execute, in the TEE, the unencrypted subquery over encrypted data of the data source of the second server to obtain an encrypted result; encrypt, in the TEE and based on the encryption scheme, the encrypted result to obtain doubly-encrypted result; and send the doubly-encrypted result to the client, wherein the client is configured to decrypt the doubly-encrypted result to obtain the result of the subquery.”
However, Ahmad teaches  “and second server is configured to: decrypt, in a Trusted Execution Environment and based on the encryption scheme” (In Step S5, the TEE-TSM server 60 receives the encrypted request and decrypts it using the public key corresponding to HUKS of the source device Ahmad[par.0044]), the encrypted subquery to obtain an unencrypted subquery” (In Step S5, the TEE-TSM server 60 receives the encrypted request and decrypts it using the public key corresponding to HUKS of the source device Ahmad[par.0044]); execute, in the TEE, the unencrypted subquery over encrypted data of the data source of the second server to obtain an encrypted result” (Change Device" trustlet 21-encrypts the aggregated data using the public key corresponding to HUKD Ahmad[par.0049]);” encrypt, in the TEE and based on the encryption scheme, the encrypted result to obtain doubly-encrypted result” (OS 20 is configured to allow the query to take place in the present instance on behalf of this specific ’Change Device’ trustlet Ahmad[par.0048); “and send the doubly-encrypted result to the client, wherein the client is configured to decrypt the doubly-encrypted result to obtain the result of the subquery.”(in step 9, change device utilizes double factor authentication Ahmad [par.0048]).

Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service and Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme with Ahmad’s  TEE system which utilizes a querying system in order to provide additional security as suggested by Ahmad. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches transforming the input query to an encrypted query using the selected encryption scheme, Ahmad teaches a TEE system which utilizes a querying system and all are from the same field of endeavor.
Regarding claim 18 in view of claim 11, the references combined disclose “wherein: the generating the two or more subqueries includes encrypting, based on an encryption scheme.” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]).
Neither Perng nor Balakrishnan explicitly disclose  “second subquery to generate an encrypted subquery”; and the second server is configured to: decrypt, in a Trusted Execution Environment (TEE)and based on the encryption scheme, the encrypted subquery to obtain an unencrypted subquery; execute, in the TEE, the unencrypted subquery over unencrypted data of the data source of the second server to obtain an unencrypted result; encrypt, in the TEE and based on the encryption scheme, the unencrypted result to obtain an encrypted result of the subquery; and send the encrypted result of the subquery to the client, wherein the client is configured to decrypt, based on the encryption scheme, the encrypted result of the subquery to obtain the result of the subquery.”
However, Ahmad teaches “second subquery to generate an encrypted subquery; and second server is configured to: decrypt, in a Trusted Execution Environment (TEE) and based on the encryption scheme” (In Step S5, the TEE-TSM server 60 receives the encrypted request and decrypts it using the public key corresponding to HUKS of the source device Ahmad[par.0044], “the encrypted subquery to obtain an unencrypted subquery; execute, in the TEE, the unencrypted subquery over unencrypted data of the at least one data source of the second server to obtain an unencrypted result” (Change Device" trustlet 21-encrypts the aggregated data using the public key corresponding to HUKD Ahmad[par.0049]); “encrypt, in the TEE and based on the encryption scheme, the unencrypted result to obtain an encrypted result of the subquery; and send the encrypted result of the subquery to the client” (unencrypted information is outputted and encrypted  for the destination device Ahmad[par.0019/lines 51-52]), wherein the client is configured to decrypt, based on the encryption scheme, the encrypted result of the subquery to obtain the result of the subquery.” (decrypting the received encrypted information using said key unique to the destination device Ahmad [par.0023]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service and Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme with Ahmad’s  TEE system which utilizes a querying system in order to provide additional security as suggested by Ahmad. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches transforming the input query to an encrypted query using the selected encryption scheme, Ahmad teaches a TEE system which utilizes a querying system and all are from the same field of endeavor.
Regarding claim 19 in view of claim 11, the references combined disclose “wherein: the generating the at least one subquery includes encrypting, based on an encryption scheme” (encrypt secondary data set using secondary encryption Perng [Fig.4a/item 410]), the at least one subquery to generate an encrypted subquery” (encrypt secondary data set using generated 1st encryption for secondary encryption Perng [Fig.4a/item 410])
Neither Perng nor Balakrishnan explicitly disclose “the at least one subquery to generate an encrypted subquery; and the at least one server is configured to: decrypt, in a Trusted Execution Environment and based on the encryption scheme, the encrypted subquery to obtain an unencrypted subquery; execute, in the TEE, the unencrypted subquery over encrypted data of the at least one data source to obtain an encrypted result; encrypt, in the TEE and based on the encryption scheme, the encrypted result to obtain doubly-encrypted result; and send the doubly-encrypted result to the client, wherein the client is configured to decrypt the doubly-encrypted result to obtain the result of the subquery” 
	However, Ahmad in an analogous art teaches “and the at least one server is configured to: decrypt, in a Trusted Execution Environment and based on the encryption scheme, the encrypted subquery to obtain an unencrypted subquery” (In Step S5, the TEE-TSM server 60 receives the encrypted request and decrypts it using the public key corresponding to HUKS of the source device Ahmad[par.0044]; “execute, in the TEE, the unencrypted subquery over encrypted data of the at least one data source to obtain an encrypted result” (Change Device" trustlet 21-encrypts the aggregated data using the public key corresponding to HUKD Ahmad[par.0049]); “encrypt, in the TEE and based on the encryption scheme, the encrypted result to obtain doubly-encrypted result; and send the doubly-encrypted result to the client” (OS 20 is configured to allow the query to take place in the present instance on behalf of this specific ’Change Device’ trustlet Ahmad[par.0048), “wherein the client is configured to decrypt the doubly-encrypted result to obtain the result of the subquery” (decrypting the received encrypted information using said key unique to the destination device Ahmad[par.0023]).
Therefore, it would have been obvious to one of ordinary skill at the time the invention was filed to modify Perng’s integrity assurance querying of a database service and Balakrishnan apparatus for securing a database which comprises transforming the input query to an encrypted query using the selected encryption scheme with Ahmad’s  TEE system which utilizes a querying system in order to provide additional security as suggested by Ahmad. One of ordinary skill would have been motivated to combine because Perng discloses a query subsystem system for validation, Balakrishnan teaches transforming the input query to an encrypted query using the selected encryption scheme, Ahmad teaches a TEE system which utilizes a querying system and all are from the same field of endeavor.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL D ANDERSON/Examiner, Art Unit 2433          

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433