DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	The amendment filed June 30 2022 has been entered. Applicant amended claims 13, 24, and 25. Accordingly, claims 13-25 remain pending. 

Response to Arguments
Applicant's arguments filed June 30 2022 have been fully considered but they are not persuasive.
On page 10, Applicant states “[a]pplicant respectfully disagrees with the Examiner’s assertion. Nothing in paragraph 61 or 71 of Yokota teaches or suggest embedding attribution information (e.g. occupation) of the user of the searching device in the search query, along with the anonymous ID to be searched”. This is not persuasive. In the office action of April 08 2022, the examiner also cited paragraphs 207 and 211 of Yokota. Paragraphs 207 and 211 of Yokota provide further evidence that the search request/query includes attribution information of the user and the anonymous ID. Paragraph 211 of Yokota reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user which is the data of birth. This attribution information is included in the search request. Therefore, Yokota teaches embedding attribution information of the user of the searching device in the search query along with the anonymous ID that is searched.   
On page 12, Applicant alleges, “[t]here is no teaching or suggestion in the cited passages of Matsuda of embedding the attribute or predicate in a search query used to search the encrypted data”. This is not persuasive, because the examiner relies upon the Yokota reference to teach embedding the attribute information of the user in a search query used to search encrypted data, please see paragraph above. Paragraphs 140,143-144(and again in paragraphs 484-486) of Yokota provide further details that an encoder encrypts the personal information ( which the user searches). Paragraph 182 of Matsuda discloses that the keyword  is added at the end of the predicate vector, and the keyword is the search query used to search the encrypted data.
On page 12, Applicant also alleges, “…Kyung is silent as to embedding the searcher’s range of authority in a search query. In fact, there is no specific teaching in Kyung of encrypting either the search keyword or the searcher’s range of authority in order to generate the search query”. This is not persuasive.  Yokota teaches the limitation of generating a search query obtained by encrypting the search anonymous ID and the attribute information of the user embedded as mention in the paragraphs above in view of Matsuda, as presented in this office action. 
Kyung teaches in page 2, last paragraph and page 3, first two lines, that a step is executed that determines a range of access authority for the obtained data and the searched data is obtained based on the keyword search provided within the determined access user authority range. Page 5, last paragraph provides further details that validity test on the keyword is performed, and page 6, fifth and sixth paragraph describes that the authority determining unit and information input unit are part of the validity test on the key word. This check determines a range of access authority to the obtained medical data of the searcher based on the searcher’s information
In addition, as a result of the Applicant’s remarks, and upon further consideration of the Matsuda reference, the examiner has updated the office action and has replaced the Kyung reference with the Matsuda reference. Matsuda discloses embedding the searcher’s range of authority in the search query in paragraphs 102- 104 and 438. Paragraphs 102- 104 and 438 disclose encrypting with a disclosure range, wherein this disclosure range is the searchable range/decryptable range which is controlled based on the role or authority of the user. Paragraph 131 of Matsuda also describes the data including the decryptable range or searchable range of user authority is encrypted (this data includes the personal information embedded. Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information) . The decryptable range or searchable range of the encrypted data is accessed and searched based on the user’s access authority. Figure 4  and paragraph 172 of Matsuda also reveal that the encrypted data accumulation device receives/encrypts the search request for the encrypted data.
On page 12, Applicant also alleges, “…Applicant submits that the resultant combination would not include a search query obtained by encrypting an anonymous ID (to be searched) with attribution information of the user (i.e., searcher) embedded, as required in the independent claims”. The examiner respectfully disagrees. Paragraphs 204-211 of Yokota provide further evidence that the search request/query includes attribution information of the user and along with the anonymous ID. Specifically, paragraph 210 of Yokota reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth, which is also part of the search request. Paragraph 194 of Yokota reveals a converting unit performs anonymity processing/encryption that generates the anonymous identifier and paragraphs 140,143-144 ( and again in paragraphs 484-486) of Yokota provide details that an encoder encrypts the personal information ( which the user searches).
On page 13, Applicant alleges “…that the [amended limitation] clearly distinguishes the manner in which the search query is used by the present invention to execute confidential searching over the disclosures Yokota, Matsuda, and Kyung…Applicant respectfully submits that the combination of features presently set forth in each of independent claims 13, 24, and 25 is not disclosed or made obvious by the applied references”. In regards to the amended limitation,  Yokota teaches the executed confidential searching and at least part of the personal information is in the searching result (see Figure 15, reference characters S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device. S203 pertains to “Extract[ing] anonymous information that satisfies search request information” and the anonymous information includes the personal information as shown in Figure 8 of Yokota). Yokota further teaches that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the personal searching-purpose ID, and the attribution information embedded in the search query (Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5 reveals that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier). 
Yokota also teaches at least part of the received data is included in the searching result (Figure 15, S205, wherein the extracted/received anonymous information is displayed as search result on the information searching device)  in response to determining, based on the search query and the received searching-purpose ID, that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the received searching-purpose ID, and the attribution information embedded in the search query (Paragraph 211 teaches that the search unit searches for a piece of anonymous information that meets the condition included in the received search request information and output/extract the information when there is a match. The search query according to paragraph 208 includes the searched anonymous ID, which is the anonymous identifier. Therefore, the search result is based on the search query and the encrypted anonymous ID). 
Yokota does not disclose a decryption device that decrypts the search query and the personal searching purpose ID/received searching-purpose ID. 
Nonetheless, Matsuda teaches that a confidential search system decrypts the search query data based on the personal searching purpose ID/received searching-purpose ID (Figure 9 reveals the search query coded sequence which has the individual ID which is the searching purpose ID/received searching-purpose ID). Paragraphs 131, 703-704 of Matsuda reveal that the confidential search system decrypts the encrypted search data based on the searchable range/decryptable range.  Paragraphs 703-704 reveal that the attribute coded sequence which is includes the search query coded sequence, shown in Figure 9, is decrypted. Paragraph 194 of Matsuda also reveals that the attribute coded sequence, which includes the search query coded sequence, is used to generate the encrypted searched result. The searchable range/decryptable range is based upon the received credential of the authorized user, and thus Masuda teaches in paragraphs 208 and 211  that the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID. Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is the personal searching purpose ID/received searching-purpose ID. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID is also set in the encrypted data. (This data, that has the individual ID is decrypted). When the value of the user secret key and the value of the searched encrypted data match,  decryption is made using the user secret key. Paragraphs 104-105, and 211 of Matsuda reveal that the searchable range and decryptable range is control depending on the role/authority of the user and the user’s secret key and the user’s data  are in the search query. The user’s secret key and the user data are part of the personal searching purpose ID/anonymous ID. Paragraphs 208 and 211 of Matsuda also reveal that at least part of the received data is included in the searching result in response to determining, based on decryption of the search query result  and the received searching-purpose ID (Matsuda’s teachings of the user secret key and the individual ID), that the search anonymous ID (Matsuda’s teachings of the user secret key and the individual ID) embedded in the search query matches the anonymous ID (Matsuda’s teachings of the individual ID) embedded in the received searching-purpose ID(Matsuda’s teachings of the user secret key and the individual ID), and the attribution information (Matsuda’s teachings of the value representing the user name) embedded in the search query is within the disclosure range of the received data embedded in the received searching-purpose ID. 
Yokota in view of Matsuda does not teach the amended limitation of decrypting the search query as recited in the amended claims. Therefore, the examiner has updated the office action to include the Yoshino reference, which teaches decrypting the encoded search query (paragraph 26).

Claim Objections
Claims 13-23 and 25 are objected to because of the following informalities:  
Claim 13 is objected to because of the underscores present in the claim: such as “______to store a personal searching-purpose ID…”, “_______to store a received searching-purpose ID…”, “_____to acquire the anonymous ID…”, and “_____to execute confidential searching…”.  Please remove the underscores.  
Claims 14-23 are objected to because said claims depend on claim 13.
Claim 25 is objected to because of the underscores present in the claim: such as “______a search query generation…”, and  “_______a confidential searching process…”.  Please remove the underscores.  
 Appropriate correction is required.


 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13-25 are rejected under 35 U.S.C. 103 as being unpatentable over Yokota et al US 20060136253 (hereinafter Yokota) in view of Matsuda et al US 20120297201 (hereinafter Matsuda) in further view of Yoshino et al US 20130262863 (hereinafter Yoshino).

As to claim 13, Yokota teaches a data searching system (Figure 1 and paragraph 3)  comprising: a management device (Figure 1, reference number 30 “Anonymity Server Device”) including a memory (Paragraph 160 discloses the anonymity server device is a computer system constructed from a microprocessor, ROM, RAM; paragraph 162 discloses the system has a Characteristic Parameter List Storing Unit; and paragraph 170 discloses the system has an Information Storing Unit) : 
to store a personal searching-purpose ID (Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information/individual identifier that is also stored, and each piece of anonymous information includes an anonymous information/individual identifier. The anonymous information  identifier uniquely identifies the anonymous information), a personal encryption ID (paragraph 282 discloses a semi-anonymous individual identifier is stored and paragraph 283 also discloses an anonymous individual identifier is stored) and encrypted personal information (Paragraph 484 discloses the encryption algorithm is performed on the personal information received from the encoder to generate first encrypted individual information. Paragraph 485 discloses the encryption algorithm is performed on the first encrypted individual information to generate second encrypted individual information, and the personal information is stored), the personal searching-purpose ID being a personal searching-purpose ID used for confidential searching and obtained by encrypting an anonymous ID (IDentifier) for identifying personal information (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the personal encryption ID and the encrypted personal information being obtained by encrypting the anonymous ID and the personal information (Paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information. Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information); and 
to store a received searching-purpose ID (Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information identifier is received and stored), a received encryption ID (Paragraph 66 discloses the semi-anonymous individual identifier is received and stored in the database, see also paragraphs 67-68 ) and received data (Paragraph 552 discloses the individual related information is received and stored; paragraph 60 discloses the individual related information is stored in a database), the received searching-purpose ID being a received searching-purpose ID used for confidential searching and obtained by encrypting the anonymous ID (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the received encryption ID being obtained by encrypting the anonymous ID (Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information); and 
a searching device (Figure 1, reference numbers 41 and 42 “Information Searching Device”) including processing circuitry (Paragraph 217 discloses the information searching device is a computer system constructed from a microprocessor): 
to acquire the anonymous ID subject to searching from a user as a search anonymous ID (Paragraph 71 discloses in receiving the search request information, the anonymity server device regards the individual related information associated with the anonymous individual identifiers and transmit the related information to the information searching device. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID), and generate a search query obtained by encrypting the search anonymous ID with attribution information of the user embedded (Paragraph 61 discloses the information searching device transmit the search request information to the anonymity server device and thereby perform search request. The anonymity server searches it internally stored database based on the search request information transmitted from the information searching device extracts the necessary individual related information and transmit the extracted related information to the searching devices. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.); and 
to execute confidential searching on the personal searching-purpose ID and the received searching-purpose ID, using the search query(Paragraph 71 discloses searching is executing based on the individual related information and the anonymous individual identifiers. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.), and output a searching result acquired based on the attribution information of the user (Paragraph 187 discloses the communication unit output the search results to the information searching device based on the search request; see also paragraph 221 which disclose the display unit displays the search results. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information, which is embedded in the search request, this attribution information can be the individual’s data of birth.), 
wherein in the executed confidential searching, at least part of the personal information is included in the searching result( Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device. S203 recites “Extract anonymous information that satisfies search request information”, wherein the anonymous information includes the personal information as mapped out in Figure 8) in response to determining, based on the search query (Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device) and the personal searching- purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the personal searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier) is within the personal information embedded in the personal searching-purpose ID (Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier), and wherein
in the executed confidential searching, at least part of the received data is included in the searching result (Figure 15, S205, wherein the extracted/received anonymous information is displayed as search result on the information searching device) in response to determining, based on the search query (Paragraph 211 teaches that the search unit searches for a piece of anonymous information that meets the condition included in the received search request information and output/extract the information when there is a match. The search query according to paragraph 208 includes the searched anonymous ID, depicted as the anonymous identifier. Therefore, the search result is based on the search query and the encrypted anonymous ID) and the received searching-purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the received searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier)  is within the  received data embedded in the received searching-purpose ID(Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier).
Yokota does not teach  encrypting an anonymous ID with a disclosure range of the personal information embedded; encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded; and output a searching result acquired based on the disclosure range of the personal information and the disclosure range of the received data; at least part of the personal information included in the searching result is based on decryption of the search query; and the attribution information embedded in the search query is  within the disclosure range of the personal information embedded in the personal searching-purpose ID; and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID.
Matsuda teaches encrypting an anonymous ID with a disclosure range of the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The received encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the received attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); and output a searching result acquired based on the attribution information of the user, the disclosure range of the personal information and the disclosure range of the received data (Paragraph 529 discloses the search result transmission part outputs a search result, which is the encrypted data.  Paragraphs 102, 104, and 131 as cited above disclose the encrypted data is based on the attribute information of the user, the disclosure range of the personal information which includes the access level/the authorized level of user who can decrypt or search the encrypted data, and the disclosure range of the received data, which is decryptable range or searchable range of the received data); at least part of the personal information is included in the searching result in response is based on decryption of the search query[result] and the personal searching purpose ID (Paragraph 131 reveals that the confidential search system decrypts the searching results based on the searchable range/decryptable range. This range is within the received credential of the authorized user. Paragraphs 208 and 211 disclose that the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID. Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which can be the personal searching purpose ID/received searching-purpose ID); and the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID (Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID); and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID(Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system with Matsuda’s encryption and confidential searching units to provide keyword search of the encrypted data without decrypting the entire encrypted data and thus provide improve management of secret information (paragraphs 4-5 of Matsuda).
                The combination of Yokota in view of Matsuda do not teach decryption of the search query. 
                Yoshino teaches decryption of the search query (Paragraph 26 discloses decrypting the secure encoded search query).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Matsuda’s encryption and confidential searching unit with Yoshino’s teachings decrypting the search query to prevent information leakage and maintain data confidentially (paragraph 2 of Yoshino).
	
	As to claim 14, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the received data is medical data received by the person (Yokota: paragraph 535 discloses a system for providing information such as medical information, wherein the received search result is the medical data), BIRCH. STEWART, KOLASCH & BIRCH. LLPDRA/DRA/avdApplication No.: NEWDocket No.: 2565-0596PUSIPae 4 of 8wherein the received searching-purpose ID is a medical searching-purpose ID used for confidential searching and obtained by encrypting the anonymous ID (Yokota: paragraph 71 discloses in receiving the search request, the anonymity server device regards the first individual related information and the second individual related information associated with the first and second anonymous individual identifier) with a disclosure range of the medical data embedded (Matsuda: paragraphs 102- 104 and 438 disclose and attribute ID is obtained by encrypting with disclosure range, wherein the disclosure range is the searchable range and decryptable range can be controlled depending on the role or authority of the user and paragraphs 392-393, 462, 566-568 disclose confidential searching) and wherein the received encryption ID is a medical encryption ID obtained by encrypting the anonymous ID (Yokota: paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information; paragraph 283 discloses the anonymous individual identifier is calculated from the semi-anonymous individual identifier C; and paragraph 282 discloses the semi-anonymous individual identifier is calculated from the encoded individual information) with the disclosure range of the medical data embedded (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 15, the combination of Yokota in view of Matsuda and Yoshino teaches comprising a key management device (Matsuda: Figure 2 Key Management Server) including a memory (Matsuda: paragraph 726 discloses the Key Management Server includes a CPU with a memory) to store a confidential searching-purpose public key (Matsuda: paragraphs 7-8 disclose a public key for confidential search purposes, reference number 208 Various Key Keeping Part of Figure 2 is where the key is stored) and a confidential searching-purpose secret key with the attribution information of the user embedded (Matsuda: paragraph 7 discloses a secret key, wherein reference number 208 Various Key Keeping Part of Figure 2 is where the key is stored) , to store an encryption-purpose public key and an encryption-purpose secret key with the attribution information of the user embedded (Matsuda: paragraphs 155, 181-182 disclose a data encryption key decryption key which stores an encryption public key and encryption secret key), and to store authority setting information including the disclosure range of the personal information and the disclosure range of the medical data (Matsuda: paragraphs 104 and 349 disclose the authority setting information of the user and the search range of data is saved as an attribute vector); and processing circuitry to transmit public key information including the confidential searching-purpose public key, the encryption-purpose public key and the authority setting information (Matsuda: paragraph 149 teaches PKG-side data transmission/reception part of Figure 2 transmit the keys; paragraphs 158-160,181, and 183 disclose the public key and the attribute vector are was received by a device and thus have been transmitted).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 16,  the combination of Yokota in view of Matsuda and Yoshino teaches a personal information registration device including processing circuitry (Yokota: paragraph 536 discloses an information registration device having a processing unit): to encrypt (Yokota: paragraph 536 discloses the registration device perform a first conversion/encryption on the information) the anonymous ID as the personal searching-purpose ID ( Yokota: paragraph 71 discloses on receiving the search request, the anonymity server device regards the first individual related information and the second individual related information associated with the first and second anonymous individual identifier, wherein anonymizing from the anonymity server device involves encryption) with the disclosure range of the personal information embedded (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user), using the confidential searching-purpose public key and the authority setting information included in the public key information (Matsuda: paragraph 186 disclose using the public key and the authority setting information for searching); and to encrypt the personal information and the anonymous ID as the encrypted personal information and the personal encryption ID (Yokota: paragraph 71 discloses the anonymity server device regards the first individual related information and the second individual related information associated with the first and second anonymous individual identifiers, wherein anonymizing from the anonymity server device involves encryption) with the disclosure range of the personal information embedded (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user), using the encryption-purpose public key and the authority setting information included in the public key information (Matsuda: paragraphs 181 discloses the use of the data encryption part using the public key and the authority setting information which is the attribute vector in the encryption).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 17, the combination of Yokota in view of Matsuda and Yoshino teaches comprising: a medical information registration device including processing circuitry (Yokota: paragraph 536 discloses an information registration device having a processing unit and paragraph 535 discloses the system involves using medical information): BIRCH. S1ENWARl, KOI ASCII & BIRCH, LLPDRA/DRA/avdApplication No.: NEWDocket No.: 2565-05961PUSIPage 5 of 8to encrypt the anonymous ID as the medical searching-purpose ID(Yokota: paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information; paragraph 283 discloses the anonymous individual identifier is calculated from the semi-anonymous individual identifier C; and paragraph 282 discloses the semi-anonymous individual identifier is calculated from the encoded individual information) with the disclosure range of the medical data embedded (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user), using the confidential searching-purpose public key and the authority setting information included in the public key information (Matsuda: paragraphs 181 and 189 discloses the use of public key and the authority setting information is used in the search and encryption); and to encrypt the anonymous ID as the medical encryption ID(Yokota: paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information is used to generate the semi-anonymous information; paragraph 283 discloses the anonymous individual identifier is calculated from the semi-anonymous individual identifier C; and paragraph 282 discloses the semi-anonymous individual identifier is calculated from the encoded individual information)  with the disclosure range of the medical data embedded (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user), using the encryption-purpose public key and the authority setting information included in the public key information (Matsuda: paragraphs 181 discloses the use of the data encryption part using the public key and the authority setting information which is the attribute vector in the encryption).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 18, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the processing circuitry of the searching device generates the search query with the attribution information of the user embedded (Yokota: paragraphs 70-71 disclose the information search device uses the search request information including the certain search conditions) using the confidential searching-purpose secret key (Matsuda: paragraph 331 discloses that the secret key is used in the search query).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

	As to claim 19, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the processing circuitry of the searching device outputs the personal encryption ID (Yokota: paragraph 59 discloses the semi-anonymous individual identifier is output from the information searching device to the anonymity server) and the encrypted personal information (Yokota: paragraph 59 disclose semi-anonymity is performed on the received information) corresponding to the personal searching-purpose ID (Yokota: paragraph 102 disclose the client identifier is also sent to the anonymity server) in which the attribution information of the user embedded in the search query satisfies the disclosure range of the personal information, as the searching result (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 20, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the processing circuitry of the searching device outputs the medical encryption ID (Yokota: paragraph 59 discloses the semi-anonymous individual identifier is output from the information searching device to the anonymity server) and the medical data (Yokota: paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information, wherein the individual related information is the medical data, is used to generate the semi-anonymous information; paragraph 283 discloses the anonymous individual identifier is calculated from the semi-anonymous individual identifier C; and paragraph 282 discloses the semi-anonymous individual identifier is calculated from the encoded individual information) corresponding to the medical searching-purpose ID (Yokota: paragraph 71 discloses in receiving the search request, the anonymity server device regards the first individual related information and the second individual related information associated with the first and second anonymous individual identifier) in which the attribution information of the user embedded in the search query satisfies the disclosure range of the medical data, as the searching result (Matsuda: paragraphs 102- 104 and 438 disclose encrypting with the disclosure range, wherein the disclosure range is the searchable range that can be controlled depending on the role or authority of the user).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 21, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the memory of the management device stores the medical searching-purpose ID( Yokota: paragraph 166 and Figure 7 disclose a Client Identifier is stored, paragraph 125 disclose the client identifier is identifying information for uniquely identifying the information), the medical encryption ID(Yokota: paragraph 282 discloses a semi-anonymous individual identifier C is stored and paragraph 283 discloses an anonymous individual identifier is stored) and the medical data(Yokota: paragraph 484 discloses the encryption algorithm is performed on the personal information received from the encoder to generate first encrypted individual information and paragraph 485 discloses the encryption algorithm is performed on the first encrypted individual information to generate second encrypted individual information, the personal information is stored), the medical searching-purpose ID being the medical searching-purpose ID obtained by encrypting the anonymous ID(Yokota: paragraph 71 discloses in receiving the search request, the anonymity server device regards the first individual related information and the second individual related information associated with the first and second anonymous individual identifier), and indicating if the medical data may be used for a research-purpose or not (Yokota: paragraph 62 discloses the anonymous information is applied in a medical information providing system which run with research institutes and paragraph 10 disclose the information is  in a database disclose to researchers) the medical encryption ID being the medical encryption ID obtained by encrypting the anonymous ID (Yokota: paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information; paragraph 283 discloses the anonymous individual identifier is calculated from the semi-anonymous individual identifier C; and paragraph 282 discloses the semi-anonymous individual identifier is calculated from the encoded individual information), and indicating if the medical data may be used for a research-purpose or not (Yokota: paragraph 62 discloses the anonymous information is applied in a medical information providing system which run with research institutes and paragraph 10 disclose the information is  in a database disclose to researchers).

As to claim 22, the combination of Yokota in view of Matsuda and Yoshino teaches comprising: the processing circuitry of the searching device to decrypt the personal encryption ID and the medical encryption ID output as the searching result (Matsuda: paragraph 102 discloses the encrypted data with the attribute ID is decrypted), and combine as result information, the personal encryption ID and the medical encryption ID output as the searching result (Matsuda: paragraph 102 discloses the result information includes the attribute ID which is the encryption/medical ID), when decrypting results of the personal encryption ID and the medical encryption ID are equal (Matsuda: paragraphs 209-212 disclose that concerning the ID, the user secret key, the encryption ID, and the encrypted data that has the attribute vector, including the medical ID, are compared, and when the data coincide, the search  and decryption is made, see also paragraphs 189-190).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).

As to claim 23, the combination of Yokota in view of Matsuda and Yoshino teaches wherein the processing circuitry of the searching device decrypts the result information to reference information, using the encryption-purpose secret key (Matsuda: paragraph 204 discloses a user secret key is used to decrypt the search result, when the user secret key matches the coded information, which includes the encrypted data encryption key).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Yoshino’s teachings decrypting the search query with Matsuda’s encryption and confidential searching unit to enable keyword search of data in an encrypted state without decrypting the encrypted data (paragraph 5 of Matsuda).


As to claim 24, Yokota teaches a data searching method (Figure 12)  comprising: storing a personal searching-purpose ID (Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information/individual identifier that is also stored, and each piece of anonymous information includes an anonymous information/individual identifier. The anonymous information  identifier uniquely identifies the anonymous information), a personal encryption ID (paragraph 282 discloses a semi-anonymous individual identifier is stored and paragraph 283 also discloses an anonymous individual identifier is stored) and encrypted personal information(Paragraph 484 discloses the encryption algorithm is performed on the personal information received from the encoder to generate first encrypted individual information. Paragraph 485 discloses the encryption algorithm is performed on the first encrypted individual information to generate second encrypted individual information, and the personal information is stored), the personal searching-purpose ID being a personal searching-purpose ID used for confidential searching and obtained by encrypting an anonymous ID (IDentifier) for identifying personal information (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the personal encryption ID and the encrypted personal information being obtained by encrypting the anonymous ID and the personal information(Paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information. Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information); 
storing a received searching-purpose ID(Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information identifier is received and stored), a received encryption (Paragraph 66 discloses the semi-anonymous individual identifier is received and stored in the database, see also paragraphs 67-68 ) and received data(Paragraph 552 discloses the individual related information is received and stored; paragraph 60 discloses the individual related information is stored in a database), the received searching-purpose ID being a received searching-purpose ID used for confidential searching and obtained by encrypting the anonymous ID (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the received encryption ID being obtained by encrypting the anonymous ID (Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information); and a searching device (Figure 1, reference numbers 41 and 42 “Information Searching Device”)  including processing circuitry (Paragraph 217 discloses the information searching device is a computer system constructed from a microprocessor); 
acquiring the anonymous ID subject to searching from a user as a search anonymous ID(Paragraph 71 discloses in receiving the search request information, the anonymity server device regards the individual related information associated with the anonymous individual identifiers and transmit the related information to the information searching device. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID), and generating a search query obtained by encrypting the search anonymous ID with attribution information of the user embedded(Paragraph 61 discloses the information searching device transmit the search request information to the anonymity server device and thereby perform search request. The anonymity server searches it internally stored database based on the search request information transmitted from the information searching device extracts the necessary individual related information and transmit the extracted related information to the searching devices. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.); and 
executing confidential searching on the personal searching-purpose ID and the received searching-purpose ID, using the search query (Paragraph 71 discloses searching is executing based on the individual related information and the anonymous individual identifiers. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.), and outputting a searching result acquired based on the attribution information of the user (Paragraph 187 discloses the communication unit output the search results to the information searching device based on the search request; see also paragraph 221 which disclose the display unit displays the search results. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information, which is embedded in the search request, this attribution information can be the individual’s data of birth.), wherein 
in the executed confidential searching, at least part of the personal information is included in the searching result( Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device. S203 recites “Extract anonymous information that satisfies search request information”, wherein the anonymous information includes the personal information as mapped out in Figure 8) in response to determining, based on the search query (Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device) and the personal searching- BIRCH, STEWART, KOLASCH & BIRCH, LLPDRA/JWR/labApplication No.: 16/647,857Docket No.: 2565-0596PUS1purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the personal searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier) is within the personal information embedded in the personal searching-purpose ID (Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier), and 
wherein in the executed confidential searching, at least part of the received data is included in the searching result (Figure 15, S205, wherein the extracted/received anonymous information is displayed as search result on the information searching device)  in response to determining, based on the search query (Paragraph 211 teaches that the search unit searches for a piece of anonymous information that meets the condition included in the received search request information and output/extract the information when there is a match. The search query according to paragraph 208 includes the searched anonymous ID, depicted as the anonymous identifier. Therefore, the search result is based on the search query and the encrypted anonymous ID)  and the received searching-purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the received searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier)  is within the  received data embedded in the received searching-purpose ID(Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier).
Yokota does not teach  encrypting an anonymous ID with a disclosure range of the personal information embedded; encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded; and output a searching result acquired based on the disclosure range of the personal information and the disclosure range of the received data; at least part of the personal information included in the searching result is based on decryption of the search query; and the attribution information embedded in the search query is  within the disclosure range of the personal information embedded in the personal searching-purpose ID; and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID.
Matsuda teaches encrypting an anonymous ID with a disclosure range of the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The received encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the received attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); and output a searching result acquired based on the attribution information of the user, the disclosure range of the personal information and the disclosure range of the received data (Paragraph 529 discloses the search result transmission part outputs a search result, which is the encrypted data.  Paragraphs 102, 104, and 131 as cited above disclose the encrypted data is based on the attribute information of the user, the disclosure range of the personal information which includes the access level/the authorized level of user who can decrypt or search the encrypted data, and the disclosure range of the received data, which is decryptable range or searchable range of the received data); at least part of the personal information is included in the searching result in response is based on decryption of the search query[result] and the personal searching purpose ID (Paragraph 131 reveals that the confidential search system decrypts the searching results based on the searchable range/decryptable range. This range is within the received credential of the authorized user. Paragraphs 208 and 211 disclose that the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID. Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which can be the personal searching purpose ID/received searching-purpose ID); and the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID (Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID); and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID(Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system with Matsuda’s encryption and confidential searching units to provide keyword search of the encrypted data without decrypting the entire encrypted data and thus provide improve management of secret information (paragraphs 4-5 of Matsuda).
                The combination of Yokota in view of Matsuda do not teach decryption of the search query. 
                Yoshino teaches decryption of the search query (Paragraph 26 discloses decrypting the secure encoded search query).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Matsuda’s encryption and confidential searching unit with Yoshino’s teachings decrypting the search query to prevent information leakage and maintain data confidentially (paragraph 2 of Yoshino).

As to claim 25, Yokota teaches a non-transitory computer readable medium storing a data searching program for a searching device (Paragraphs 552 and 558-563 disclose memory that is used to store the searching program for the information search device), 
the searching device, that is a computer (Paragraph 558 disclose the information search device is constructed from a microprocessor), searching in a memory of a management device (Paragraphs 59-60 and 552 and 558-563 disclose the method searching is carried out by the information search device and the anonymity server device) storing a personal searching-purpose ID (Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information/individual identifier that is also stored, and each piece of anonymous information includes an anonymous information/individual identifier. The anonymous information  identifier uniquely identifies the anonymous information), a personal encryption ID (paragraph 282 discloses a semi-anonymous individual identifier is stored and paragraph 283 also discloses an anonymous individual identifier is stored) and encrypted personal information (Paragraph 484 discloses the encryption algorithm is performed on the personal information received from the encoder to generate first encrypted individual information. Paragraph 485 discloses the encryption algorithm is performed on the first encrypted individual information to generate second encrypted individual information, and the personal information is stored), the personal searching-purpose ID being a personal searching-purpose ID used for confidential searching and obtained by encrypting an anonymous ID (IDentifier) for identifying personal information (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the personal encryption ID and the encrypted personal information being obtained by encrypting the anonymous ID and the personal information (Paragraph 496 discloses the received semi-anonymous individual identifier and the received individual related information are used to generate the semi-anonymous information. Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information); and storing a received searching-purpose ID(Paragraphs 172-173 disclose personal search purpose ID which is the anonymous information identifier is received and stored), a received encryption ID (Paragraph 66 discloses the semi-anonymous individual identifier is received and stored in the database, see also paragraphs 67-38 ) and received data (Paragraph 552 discloses the individual related information is received and stored; paragraph 60 discloses the individual related information is stored in a database), the received searching-purpose ID being a received searching-purpose ID used for confidential searching and obtained by encrypting the anonymous ID (Figure 17 reveals that the anonymous individual identifier (anonymous ID) is input to semi-anonymity processing/encryption, reference number 962,  to produce the semi-anonymous identifier 963, which is further processed/encrypted 964,  to produce new anonymous individual identifiers; see paragraphs 348-349 ), the received encryption ID being obtained by encrypting the anonymous ID (Figure 17, and paragraphs 283, 348-349 reveal the semi-anonymous individual identifier is obtained from encryption/anonymity processing of the anonymous individual identifier, and paragraph 282 also  discloses the semi-anonymous individual identifier is calculated from the encoded individual information);
the data searching program causing the searching device to execute: a search query generation process of acquiring the anonymous ID subject to searching from a user as a search anonymous ID(Paragraph 71 discloses in receiving the search request information, the anonymity server device regards the individual related information associated with the anonymous individual identifiers and transmit the related information to the information searching device. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID), and generating a search query obtained by encrypting the search anonymous ID with attribution information of the user embedded(Paragraph 61 discloses the information searching device transmit the search request information to the anonymity server device and thereby perform search request. The anonymity server searches it internally stored database based on the search request information transmitted from the information searching device extracts the necessary individual related information and transmit the extracted related information to the searching devices. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.); and 
a confidential searching process of executing confidential searching on the personal searching-purpose ID and the received searching-purpose ID, using the search query(Paragraph 71 discloses searching is executing based on the individual related information and the anonymous individual identifiers. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information of the user includes the data of birth.) and outputting a searching result acquired based on the attribution information of the user (Paragraph 187 discloses the communication unit output the search results to the information searching device based on the search request; see also paragraph 221 which disclose the display unit displays the search results. Paragraph 210 reveals that the search request includes the anonymous identifier and this anonymous identifier is the anonymous ID. Paragraph 207 of Yokota describes the attribution information, which is embedded in the search request, this attribution information can be the individual’s data of birth.), wherein 
in the executed confidential searching, at least part of the personal information is included in the searching result( Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device. S203 recites “Extract anonymous information that satisfies search request information”, wherein the anonymous information includes the personal information as mapped out in Figure 8) in response to determining, based on the search query (Figure 15, reference numbers S201- S203, where S201 and S202 involve the information searching device receiving the search request information from the anonymity server device) and the personal searching- purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the personal searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier) is within the personal information embedded in the personal searching-purpose ID (Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier), and wherein
in the executed confidential searching, at least part of the received data is included in the searching result (Figure 15, S205, wherein the extracted/received anonymous information is displayed as search result on the information searching device) in response to determining, based on the search query (Paragraph 211 teaches that the search unit searches for a piece of anonymous information that meets the condition included in the received search request information and output/extract the information when there is a match. The search query according to paragraph 208 includes the searched anonymous ID, depicted as the anonymous identifier. Therefore, the search result is based on the search query and the encrypted anonymous ID) and the received searching-purpose ID(Paragraphs 207 and 211 reveal that the searching-purpose ID, which is the anonymous identifier is in the search query/request), that the search anonymous ID embedded in the search query matches the anonymous ID embedded in the received searching-purpose ID, and the attribution information embedded in the search query(Paragraphs 207 and 211 reveal that the anonymous identifier is in the search query/request. Paragraph 211 reveals that search unit searches for the anonymous information that meets the condition of the received search request, which include the anonymous identifier and the attribution information of the user. The anonymous identifier includes the anonymous ID and the attribution information. If there is a match, the information is extracted to the communication unit. Figure 5, also reveal that the anonymous identifier is embedded in the personal searching purpose ID of the client identifier)  is within the  received data embedded in the received searching-purpose ID(Figure 5, also reveal that the anonymous identifier and the individual information are embedded in the personal searching purpose ID of the client identifier).
Yokota does not teach  encrypting an anonymous ID with a disclosure range of the personal information embedded; encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded; and output a searching result acquired based on the disclosure range of the personal information and the disclosure range of the received data; at least part of the personal information included in the searching result is based on decryption of the search query; and the attribution information embedded in the search query is  within the disclosure range of the personal information embedded in the personal searching-purpose ID; and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID.
Matsuda teaches encrypting an anonymous ID with a disclosure range of the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); encrypting the anonymous ID with a disclosure range of the received data received by a person corresponding to the personal information embedded (Paragraphs 102,104 disclose a user attribute  is encrypted, “the encrypted data encrypted with the attribute x”. This attribute data is the user anonymous ID. The received encrypted data is encrypted with the attribute data.  Paragraph 194 and Figure 9 provide more details of the attribute information of the user which include personal information. The disclosure range is the searchable range and decryptable range that can be controlled depending on the role or authority of the user, which is the received attribute vector of the user. Paragraph 438 discloses the attribute set can include an attribute ID. Paragraph 131 also describes the data is encrypted by setting attribute information, which can be personal information embedded, and by indicating the decryptable range or searchable range so only an authorized user can decrypt or search the encrypted data.); and output a searching result acquired based on the attribution information of the user, the disclosure range of the personal information and the disclosure range of the received data (Paragraph 529 discloses the search result transmission part outputs a search result, which is the encrypted data.  Paragraphs 102, 104, and 131 as cited above disclose the encrypted data is based on the attribute information of the user, the disclosure range of the personal information which includes the access level/the authorized level of user who can decrypt or search the encrypted data, and the disclosure range of the received data, which is decryptable range or searchable range of the received data); at least part of the personal information is included in the searching result in response is based on decryption of the search query[result] and the personal searching purpose ID (Paragraph 131 reveals that the confidential search system decrypts the searching results based on the searchable range/decryptable range. This range is within the received credential of the authorized user. Paragraphs 208 and 211 disclose that the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID. Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which can be the personal searching purpose ID/received searching-purpose ID); and the attribution information embedded in the search query is within the disclosure range of the personal information embedded in the personal searching-purpose ID (Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID); and the attribution embedded in the search query is  within the disclosure range of the received data embedded in the received searching-purpose ID(Paragraphs 208 and 211 reveal that ID representing the user/employee number is set as an individual ID, which is attribution information. The value representing the user is also set in the user secret key, as an individual ID, and this individual ID, representing the user. The encrypted data that is searched/ obtained is decrypted based on individual ID. When the value of the user secret key and the value of the encrypted data match,  search/decryption is made with the user secret key. The attribute information embedded in the search query is within the disclosure range of the personal information and is embedded in the personal searching purpose ID/individual ID. Paragraphs 104-105, and 211 also reveal that the searchable range and decryptable range is control depending on the role/authority of the user, wherein the user secret key and the user’s individual are used in the search query, which are part of the personal searching purpose ID/anonymous ID).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system with Matsuda’s encryption and confidential searching units to provide keyword search of the encrypted data without decrypting the entire encrypted data and thus provide improve management of secret information (paragraphs 4-5 of Matsuda).
                The combination of Yokota in view of Matsuda do not teach decryption of the search query. 
                Yoshino teaches decryption of the search query (Paragraph 26 discloses decrypting the secure encoded search query).
                It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yokota’s data searching system in view of Matsuda’s encryption and confidential searching unit with Yoshino’s teachings decrypting the search query to prevent information leakage and maintain data confidentially (paragraph 2 of Yoshino).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/F.F/Examiner, Art Unit 2437     

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437