DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. FR1913397, filed on 11/28/2019.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/19/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11, 14-22 are rejected under 35 U.S.C. 103 as being unpatentable over Palgon et al (US 8458487 B1:IDS supplied) in view of BAYAR et al(US 20190081787 A1).

With regards to clam 1, 11, 22 Palgon discloses, A system comprising: 
a processor (FIG 1 108 and associated text; ); and
a computer-readable storage medium comprising instructions that upon execution by the processor cause the system to perform operations (FIG 1 108 and associated text; Col 2 line 5-15;), the operations comprising: 
receiving a tokenization request comprising sensitive data (FIG 4 402 and associated text; col 11 line 15 - 25; When an input string of sensitive data is received from a client, it is tokenized based on the tokenization strategy. It should be understood here that the client might be an individual operating an application, such as the ones described in FIG. 1. At step 402, an input string of sensitive data is received from a client, and a request for tokenization of the input string is made.); 
computing a sensitive data digest based on the sensitive data (Col 3 line 45-55; According to another aspect, as relates to the step of calculating a unique digest of data corresponding to the tokenized data string, the method involves storing the unique digest in the secure database in association with the tokenized data string for use in rapid lookup of entries in the secure database. As will be understood, the unique digest is typically generated using one of the well known hash methodologies such as SHA-1, SHA-2, or MD5. ); 
submitting a query to a database comprising the sensitive data digest (FIG 7 702 and associated text; Col 3 line 45-55; According to another aspect, as relates to the step of calculating a unique digest of data corresponding to the tokenized data string, the method involves storing the unique digest in the secure database in association with the tokenized data string for use in rapid lookup of entries in the secure database.), the database storing a plurality of relational elements (FIG 9 and associated text; ), each relational element being mapped to: (i) a given sensitive data digest stored in the database (FIG 7 702 and associated text; Col 3 line 45-65; According to another aspect, as relates to the step of calculating a unique digest of data corresponding to the tokenized data string, the method involves storing the unique digest in the secure database in association with the tokenized data string for use in rapid lookup of entries in the secure database…. Further, the method involves steps of, in response to subsequent provision of an input data string of sensitive information by a client process, calculating a unique digest of the input data string using the same methodology, using said unique digest of the input data string to access the secure database to determine whether there is an entry corresponding to the input data string that contains a tokenized data string, and returning the tokenized data string to the client process.) and (ii) a given token digest stored in the database; and 
generating a token associated with the sensitive data based on a response of the database to the query received from the database (FIG 11 1104 with “NO”, 1110-1112 and associated text;).
Palgon does not exclusively but BAYAR teaches, 
each relational element being mapped to: (ii) a given token digest stored in the database ([0080] If a match is not found, the method 700 includes checking if this token hash matches any associated hashes for any key in the target hit window (step 714). The method 700 then includes adding the token hash for the current token to the token buffer (step 716).); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Palgon’s system/method with teaching of BAYAR in order to provide systems and methods for identification of related tokens in a byte stream using structured signature data, such as for Data Leakage Prevention, content classification(BAYAR [0001])

With regards to claim 2, Palgon   wherein generating the token comprises: performing an invertible operation on the relational element and the sensitive data to generate the token (FIG 2A/2B/2C, 3B and associated text).

With regards to claim 3, examiner taking official notice that wherein the invertible operation is an exclusive OR operation is not an inventive step and well known in the art.

With regards to claim 4, 17,  18 Palgon further discloses, wherein the operations further comprise: receiving a detokenization request comprising the token (Col 4 line 44-56; In another such aspect, steps of the method are carried out in response to provision of a detokenize or "Reveal" function call from a calling client process in association with the tokenized data string.);  computing a token digest based on the token of the detokenization request ; retrieving from the database a relational element mapped to the token digest; (Col 3 line 45-65; According to another aspect, as relates to the step of calculating a unique digest of data corresponding to the tokenized data string, the method involves storing the unique digest in the secure database in association with the tokenized data string for use in rapid lookup of entries in the secure database);  performing an invertible operation on the relational element and the token of the detokenization request to compute the sensitive data; and answering the detokenization request by sending the computed sensitive data; detokenizing the token using a relational element received from the database. (Col 4 line 44-56; In another such aspect, steps of the method are carried out in response to provision of a detokenize or "Reveal" function call from a calling client process in association with the tokenized data string. …the method further involves accessing the secure database using the token of the tokenized data string to determine whether there is an entry in the secure database corresponding to the input data string, and in response to a determination that the secure database contains such an entry, retrieving the sensitive data. Such a function call result in the return of the sensitive data to the calling client process.).

With regards to claim 5, Palgon in view of BAYAR disclose, wherein the token digest is a keyed digest, and wherein computing the token digest comprises: performing a keyed hash operation on the token (BAYAR [79-0081] If a match is not found, the method 700 includes checking if this token hash matches any associated hashes for any key in the target hit window (step 714). The method 700 then includes adding the token hash for the current token to the token buffer (step 716). ). Motivation would be same as stated in claim1.

With regards to claim 6 Palgon further discloses, wherein generating the sensitive data digest comprises: performing a hash operation on the sensitive data to generate the sensitive data digest (FIG 9, 904 and associated text;).

With regards to claim 7, 15 Palgon in view of BAYAR further discloses,  wherein after the database has determined that the sensitive data digest is not stored in the database (FIG 11 1104 with “NO” and associated text; ), generating the token comprises: identifying an unassigned token to associate with the sensitive data (FIG 11 1110 and associated text;  col 3 line 45-55); and mapping the sensitive data digest to a token digest based on the unassigned token in the database (BAYAR FIG 11 and associated text; [0078-81]). Motivation would be same as stated in claim1.

With regards to claim 8,16 Palgon further discloses, wherein identifying the unassigned token comprises (FIG 11 1104 with “NO”): iteratively generating random values for the token (col 3 line 35-40; Another such method involves using a token generation algorithm that generates a random number for use as the token body portion. Yet another such method involves using a token generation algorithm that provides the token as a value that is used as an index to identify an entry in the secure database.); and comparing a respective token digest generated for each random value with token digests stored in the database (Col 15 line 30-40; The table 900 also includes a hash 904 field, including hash values of the credit card numbers. The next time a credit card number is looked up, it is hashed, and this hashed value is compared with the hash 904 field within the table 900, to determine whether a tokenized string is already present for the credit card number.).

With regards to claim 9, Palgon in View of BAYAR discloses, wherein identifying the unassigned token comprises (Palgon FIG 11 1104 with “NO”): accessing an index defining a plurality of tokens designated for use by the system (BAYAR FIG 6 and associated text;). Motivation would be same as stated in claim1.

With regards to claim 10, Palgon in View of BAYAR discloses, wherein mapping the sensitive data digest to the token digest comprises performing an invertible operation on the unassigned token and the sensitive data to generate a relational element (BAYAR 0081] If the token is not a key token type (step 708), the method 700 includes checking if the token hash matches any associated hashes for any keys in the target hit window (step 718). If the token is a number token and the key token type is a word token, this step includes checking if the number token is associated with any record for any of the key tokens in the target hit window. For example, assume the token is H2 (from FIG. 6), this step includes checking the target hit window for H1 (from FIG. 6). The method 700 then includes adding the token hash for the current token to the token buffer (step 716). ). Motivation would be same as stated in claim1.

With regards to claim 14, Palgon in view Bayar teaches, wherein the sensitive data digest is a keyed sensitive data digest(BAYAR [0047] Specifically, the structured data sources 400 are hashed using a one-way hash to transform the sensitive data into a digest, and the associated records are provided as the hash table for look up in the EDM system 500. That is, the data sets 512 from the ADP virtual appliance 510 are look up tables. Also, the ADP virtual appliance 510 can be auto-updated with the latest application software distributed from the cloud feed node), and wherein generating the sensitive data digest comprises: performing a keyed hash operation on the sensitive data to generate the keyed sensitive data digest (Palgon col 3 line60-col4 line 5; Further, the method involves steps of, in response to subsequent provision of an input data string of sensitive information by a client process, calculating a unique digest of the input data string using the same methodology, using said unique digest of the input data string to access the secure database to determine whether there is an entry corresponding to the input data string that contains a tokenized data string, and returning the tokenized data string to the client process.). Motivation would be same as stated in claim1.

With regards to claim 19, Palgon in view of BAYAR teaches, generating a keyed token digest based on the token; and communicating the keyed token digest to the database to receive the relational element (BAYAR [79-0081] If a match is not found, the method 700 includes checking if this token hash matches any associated hashes for any key in the target hit window (step 714). The method 700 then includes adding the token hash for the current token to the token buffer (step 716).).

With regards to claim 20, Palgon further discloses, wherein the tokenization request is received at a first computing device from a second computing device (FIG 1 108 and associated text; ), and wherein the method further comprises: transmitting the token from the first computing device to the second computing device over a communication channel (FIG 1 118 and associated text; col 4 line 65-col5 line 10; Such as system further comprises a data tokenizing component operative to (a) receive an input data string of sensitive data from a particular one of the plurality of user entities in a predetermined data format, (b) apply a selected predetermined tokenization strategy corresponding to the particular one of the plurality of user entities to the input data string to generate a tokenized data string, and (c) provide the tokenized data string for storage in association with the input data string. Such a system also further comprises a centralized secure server in communication with the data tokenizing component and including a secure database operative to store the tokenized data string and the input data string in a corresponding mapped relationship).

With regards to claim 21, Palgon further discloses, wherein the database stores a plurality of encrypted relational elements that map a given keyed sensitive data digest stored in the database and to a given keyed token digest stored in the database (FIG 9 and associated text;).

Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Palgon et al (US 8458487 B1) in view of BAYAR et al(US 20190081787 A1) and further in view of Gheorghe et al(US 20170250859 A1).

With regards to claim 12, Palgon further discloses, wherein the response includes an encrypted relational element (FIG 7B 720 and associated text; ), and  performing an invertible operation on the relational element and the sensitive data to generate the token (FIG 9 906 and associated text; ).
Palgon in view of  BAYAR do not but Gheorghe teaches, 
wherein generating the token comprises: decrypting the encrypted relational element to obtain a relational element (Gheorghe [0150] An apparatus may further comprise the first relay server component operative on the processor circuit to extract a key index from the first-client relay bind request; extract an encrypted token from the first-client relay bind request; retrieve an encryption key from an encryption key table based on the key index; generate an unencrypted token by decrypting the encrypted token using the encryption key;  ); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Palgon in view of BAYAR’s system/method with teaching of Gheorghe in order to secure transaction(Gheorghe [0078])

With regards to claim 13, Palgon further discloses, wherein decrypting the encrypted relational element comprises: accessing a hardware security module to retrieve a cryptographic key (col 3 line 25-45; Various methods of generating tokens are disclosed to provide flexibility in creating tokenization strategies. One such method is to provide different numbers of characters in the first portion and the second portion of the tokenized data string. Another such method is to provide different approaches to generating the token body portion. One such method involves using a token generation algorithm that provides the token body portion as a sequence number generated in the token server. Another such method involves using a token generation algorithm that generates a random number for use as the token body portion. Yet another such method involves using a token generation algorithm that provides the token as a value that is used as an index to identify an entry in the secure database.).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498