Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s Claims filed on 11/11/2020 for Application #17/095,324 filed on 11/11/2020 in which Claims 1-25 are presented for examination.

Status of Claims
Claims 1-25 are presented for examination, of which Claims 1, 4-14, 16-17, 19-20, 22-23, 25 are allowable via Examiner’s Amendment.  Claims 2, 3, 15, 18, 21, 24 are canceled.

Applicant’s Most Recent Claim Set of 11/11/2020
Applicant’s most recent claim set of 11/11/2020 is considered to be the latest claim set under consideration by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with Leonard Linardakis on July 12, 2022.

The application has been amended as follows:

In the Claims:

Claim 1: (Currently Amended)
A method for generating encryption and decryption keys to selectively encrypt and decrypt portions of a collection of data in an unstructured data container based on one or more security attributes, the method comprising:
obtaining or creating one or more encryption keys, using a selected cryptographic security scheme, for the one or more security attributes; 
generating one or more decryption keys, using a selected cryptographic security scheme, based on the one or more encryption keys and one or more security attributes to be applied to one or more data subgroups within the collection of data in the unstructured data container; 
distributing the one or more encryption keys for use by at least one of another device or an encryption service to selectively encrypt the one or more data subgroups within the collection of data using the one or more encryption keys based on the one or more security attributes assigned to the one or more data subgroups to generate a ciphertext of the collection of data; and 
distributing the one or more decryption keys that will be used to decrypt the one or more data subgroups within the collection of data encrypted using the one or more encryption keys, 
wherein a separate encryption key is generated and distributed for each attribute to be applied to the one or more data subgroups within the unstructured data container, and 
wherein each separate encryption key is at least one of sequentially applied to encrypt the one or more data subgroups within the unstructured data container, or applied in parallel to encrypt the one or more data subgroups within the unstructured data container.


Claims 2-3: (Currently Canceled)


Claim 4: (Currently Amended)
The method of claim [[3]] 1, wherein a separate decryption key is generated and distributed for each attribute applied to the unstructured data container.


Claim 13: (Currently Amended)
A method for selectively encrypting portions of data based on one or more security attributes, the method comprising:
accessing a collection of data in an unstructured data container having a plurality of data subgroups; 
assigning a plurality of security attributes to one or more data subgroups of the plurality of data subgroups in the unstructured data container to control access to the unstructured data container; 
and
selectively encrypting, using a selected cryptographic security scheme and a separate encryption key for each of the plurality of security attributes assigned to the one or more data subgroups, the one or more data subgroups based on the one or more security attributes assigned to each of the one or more data subgroups within the unstructured data container to obtain an encrypted ciphertext of the collection of data subgroups in the unstructured data container,
wherein different subgroups of data within the one or more data subgroups within the unstructured data container are assigned different security attributes, and
wherein the plurality of security attributes is a security policy that includes a combination of security attributes combined in a logical relation.


Claim 15: (Currently Canceled)


Claim 18: (Currently Canceled)


Claim 19: (Currently Amended)
A method for selectively decrypting portions of data based on one or more security attributes, the method comprising:
accessing a collection of data in an unstructured data container having selectively encrypted one or more data subgroups within the collection of data; and
responsive to a request by a first user, selectively decrypting, using a selected cryptographic security scheme and a separate decryption key for each of a plurality of security attributes assigned to the one or more data subgroups, the one or more data subgroups within the unstructured data container using one or more decryption keys associated with the first user and associated with the plurality of security attributes assigned to the one or more data subgroups,
wherein different subgroups of data within the one or more data subgroups within the unstructured data container are assigned different security attributes, and
wherein the one or more security attributes is a security policy that includes a combination of security attributes combined in a logical relation.


Claim 21: (Currently Canceled)


Claim 24: (Currently Canceled)


Claim 25: (Currently Amended)
A system for selectively encrypting and decrypting portions of a collection of data in an unstructured data container based on one or more security attributes or security policies, the system comprising:
a key generation authority, executing on one or more hardware processors, configured to generate one or more 
	an encryption service, executing on one or more hardware processors, configured to selectively encrypt the one or more data subgroups within the collection of data using the one or more encryption keys and based on the one or more security attributes assigned to the one or more data subgroups to generate a ciphertext of the collection of data subgroups in the unstructured data container; and 
a decryption service, executing on one or more hardware processors, configured to decrypt the ciphertext of the data subgroups in the unstructured data container using the one or more decryption keys, 
wherein a separate encryption key is generated and distributed for each attribute to be applied to the one or more data subgroups within the unstructured data container, and 
wherein each separate encryption key is at least one of sequentially applied to encrypt the one or more data subgroups within the unstructured data container, or applied in parallel to encrypt the one or more data subgroups within the unstructured data container.


Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Claims 1, 4-14, 16-17, 19-20, 22-23, 25 are considered allowable.

The instant invention is directed to methods and a system for selectively encrypting and decrypting portions of data based on one or more security attributes or security policies.

The closest prior art, as recited, Lewis et al. US Patent Application Publication 2019/0258813 and Lewis et al. US Patent Application Publication 2019/0260753, are also generally directed to various aspects of selectively encrypting and decrypting portions of data based on one or more security attributes or security policies.  However, Lewis et al. or Lewis et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claim(s) 1, 13, 19, 25.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
Although the combination of Lewis et al. or Lewis et al. teaches selectively encrypting and decrypting portions of data based on one or more security attributes or security policies, Lewis et al. or Lewis et al. fails to teach generating or obtaining encryption keys utilizing a selected cryptographic security scheme for one or more security attributes, generating decryption keys utilizing a selected cryptographic security scheme based on the encryption keys and the one or more security attributes applied to data subgroups within the data stored in an unstructured data container, distributing the encryption keys to another device or encryption service so that it can encrypt the data subgroups with the stored data to generate a ciphertext of the stored data, distributing the decryption keys utilized to decrypt the data subgroups within the stored data that has been encrypted using the encryption keys, with a separate encryption key generated and distributed for each attribute applied to the data subgroups within the stored data in the unstructured data container, with each separate encryption key applied either sequentially or in parallel in encrypting the data subgroups stored within the unstructured data container.
When combined with the additional limitations found in Claim 1.

Regarding Claim 13:
Although the combination of Lewis et al. or Lewis et al. teaches selectively encrypting and decrypting portions of data based on one or more security attributes or security policies, Lewis et al. or Lewis et al. fails to teach accessing a data in an unstructured data container having multiple data subgroups, assigning multiple security attributes to one or more data subgroups of the multiple data subgroups in the unstructured data container to control access to the unstructured data container, selectively encrypting, using a selected cryptographic security scheme and a separate encryption key for each of the multiple security attributes assigned to the one or more data subgroups, the one or more data subgroups based on the one or more security attributes assigned to each of the one or more data subgroups within the unstructured data container to obtain an encrypted ciphertext of the data subgroups in the unstructured data container, with different subgroups of data within the one or more data subgroups within the unstructured data container assigned different security attributes, with the plurality of security attributes becoming a security policy that includes a combination of security attributes combined in a logical relation.
When combined with the additional limitations found in Claim 13.

Regarding Claim 19:
Although the combination of Lewis et al. or Lewis et al. teaches selectively encrypting and decrypting portions of data based on one or more security attributes or security policies, Lewis et al. or Lewis et al. fails to teach accessing data stored in an unstructured data container after one or more data subgroups of the stored data has been selectively encrypted, then selectively decrypting, at the request of a user, utilizing a selected cryptographic security scheme and a separate decryption key for each of multiple security attributes assigned to the one or more data subgroups, the one or more data subgroups within the unstructured data container using one or more decryption keys associated with the user and associated with the plurality of security attributes assigned to the one or more data subgroups, with different subgroups of data within the one or more data subgroups within the unstructured data container assigned different security attributes, with the plurality of security attributes becoming a security policy that includes a combination of security attributes combined in a logical relation.
When combined with the additional limitations found in Claim 19.

Regarding Claim 25:
Although the combination of Lewis et al. or Lewis et al. teaches selectively encrypting and decrypting portions of data based on one or more security attributes or security policies, Lewis et al. or Lewis et al. fails to teach generating encryption keys and decryption keys utilizing a selected cryptographic security scheme based on one or more security attributes applied to data subgroups within the data stored in an unstructured data container, encrypting the data subgroups within the data stored in the unstructured data container by utilizing the generated encryption keys and based on the assigned security attributes assigned to the data subgroups to generate a ciphertext, decrypting the ciphertext of the data subgroups utilizing the generated decryption keys, with a separate encryption key generated and distributed for each attribute applied to the data subgroups within the stored data in the unstructured data container, with each separate encryption key applied either sequentially or in parallel in encrypting the data subgroups stored within the unstructured data container.
When combined with the additional limitations found in Claim 25.

Therefore Claims 1, 4-14, 16-17, 19-20, 22-23, 25 of the instant application are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Waters - US_8559631_B1_I: Waters teaches decryption of attribute based encryption.
Waller et al - US_8683602_B2_I: Waller et al teaches multilevel secure object management.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw, can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498