DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-3, 5-6, 8-10, 13, 16-20, 26, 28-32 are pending.  Claims 4, 7, 11-12, 14-15, 21-25, 27, 33-34 are cancelled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/20/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 5, 10, 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton et al (PGPUB 2015/0168144), and further in view of Foster et al (PGPUB 2017/0235018).

Regarding Claim 1:
Barton teaches a method of partitioning data received from one or more unmanned aerial vehicles, comprising (paragraph 45, system receives variety of inputs, including those from UAV): 
receiving vehicle raw data from an unmanned aerial vehicle of the one or more unmanned aerial vehicles, the vehicle raw data comprising both sensitive and non-sensitive data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312 and in turn outputs video and sensor data 320 to a video encoder broadcaster device having storage capacity 330; in operation the encoder/broadcaster receives the video feed 322 from the UAS ground station 320 with either synchronous or asynchronous sensor data/telemetry and video 322; paragraph 74, present cloud-based manager 350 allows nuggets of data to be accessible and includes private data which is protected appropriately; dynamic monitoring could occur with an appropriate set of laws applied to the data; various territorially specific privacy laws could be applied to a geo-spatially mapped UAV input stream, so that access privileges can be dynamically shifted, such as when the UAV camera feed goes across a state or international border); 
converting the vehicle raw data into a plurality of universal data elements (paragraph 45, encoder/broadcaster receives the video feed 322 from the UAS ground station 320 with either synchronous or asynchronous sensor data/telemetry and video 322; unit 330 then encodes the analog video signal and/or transcodes the digital video signal to a motion imagery standards profile (MISP) compliant stream; the MISP compliant stream is also embedded by the encoder with KLV metadata); 
determining, from a data privacy map established by an owner of the unmanned aerial vehicle, which of the universal data elements are sensitive data elements and which of the universal data elements are non-sensitive data elements to partition the vehicle raw data (paragraph 74, present cloud-based manager 350 allows nuggets of data to be accessible and includes private data which is protected appropriately; dynamic monitoring could occur with an appropriate set of laws applied to the data; various territorially specific privacy laws could be applied to a geo-spatially mapped UAV input stream, so that access privileges can be dynamically shifted, such as when the UAV camera feed goes across a state or international border; the system creates a user friendly way to define the various rules and laws due to its geo-mapping and data coordination capabilities; paragraph 75, manager provides an applications programming interface for privacy, chain of custody and auditing rules to be set by users, such as police, national security agencies or commercial customers with special privacy needs (e.g., ambulance systems that are concerned about patient privacy under HIPAA)); 
transmitting the non-sensitive data elements to an external device (paragraph 47, encoder/broadcaster delivers live videos to the cloud or other appliances through cellular data link (including private and non-private data)); and 
storing the sensitive data elements on a local storage device (paragraph 46, encoder delivers live video to local data cache (including private and non-private data)).
Barton does not explicitly teach each data element indicating the unmanned aerial vehicle from which the raw data was received, a sensor reading of the unmanned aerial vehicle, and a time that the sensor reading occurred.
However, Foster teaches the concept of receiving vehicle raw data from an unmanned aerial vehicle of one or more unmanned aerial vehicles (abstract, method comprising receiving aerial images captured by one or more unmanned aerial vehicle; receiving metadata associated with the aerial images captured by the one or more unmanned aerial vehicle); and
converting the vehicle raw data into a plurality of universal data elements, each data element indicating the unmanned aerial vehicle from which the raw data was received, a sensor reading of the unmanned aerial vehicle, and a time that the sensor reading occurred (paragraph 60, method comprises receiving non-standardized metadata captured by an unmanned aerial vehicle and associated with one or more image captured by the unmanned aerial vehicle; transforming the non-standardized metadata into a standardized format; and storing the transformed metadata in a first database associated with the one or more image stored in a second database; paragraph 198, metadata may include information from the avionics system 30 and/or the navigation system 32 such as orientation and/or position of the UAV 12 based on data obtained from the sensors 140, such as the visual sensors (e.g., cameras), IMU, GPS receiver and/or other sensors 140; paragraph 201, metadata may include: whether the image 44 or associated image 44 was captured from the UAV 12, the particular type of the UAV 12 (such as, but not limited to, make, model, and/or an identification number of the UAV 12); paragraph 211, metadata contains time data and the images 44 contain time data, and the metadata may be matched to the images 44 by matching the metadata time data to the image time data; paragraph 58, time data indicative of time aerial images were captured).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the universal data element metadata teachings of Foster with the partitioning UAV data teachings of Barton, in order to facilitate improved data access and sharing by incorporating additional identifying parameters into a dataset, which provides the ability to search and sort the resulting data according to the additional parameters, thereby increasing efficiency and usability of any subsequent data operations.

Regarding Claim 5:
Barton in view of Foster teaches the method of claim 1.  In addition, Barton teaches the method, further comprising storing the non-sensitive data elements locally (paragraph 46, encoder delivers live video to local data cache (including private and non-private data)).

Regarding Claim 10:
Barton in view of Foster teaches the method of claim 1.  In addition, Barton teaches wherein storing the sensitive data elements locally comprises encrypting the sensitive data elements (paragraph 52, encoder archives AES 256 bit encryption transport stream to local SD card 422; paragraph 46, encoder delivers live video to local data cache (including private data)).

Regarding Claim 26:
Barton teaches a system for partitioning data received from one or more unmanned aerial vehicles and responding to a query requesting vehicle data (paragraph 45, system receives variety of inputs, including those from UAV), comprising: 
a first server hosting a customer network (paragraph 45, video encoder broadcaster device having storage capacity 330); and 
a second server hosting a cloud-based data platform operably coupled with the first server through a data network (paragraph 49, encoder broadcasted live feeds 332 or archived encoded feeds 334 can be provided to any video processing application or tools on the origin CDN 354 or any other local or remote CDN's 340 or 360; the video data is provided to the video and sensor data manager 350 that operates on an integrated server located in the cloud 355 origin CDN 354 and that includes analytic functions, and single-click uploads for an operator through a web-based interface); 
wherein the first server is configured to: 
receive vehicle raw data from an unmanned aerial vehicle of the one or more unmanned aerial vehicles that is operably coupled with the customer network, the vehicle raw data comprising both sensitive and non-sensitive data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312 and in turn outputs video and sensor data 320 to a video encoder broadcaster device having storage capacity 330; in operation the encoder/broadcaster receives the video feed 322 from the UAS ground station 320 with either synchronous or asynchronous sensor data/telemetry and video 322; paragraph 74, present cloud-based manager 350 allows nuggets of data to be accessible and includes private data which is protected appropriately; dynamic monitoring could occur with an appropriate set of laws applied to the data; various territorially specific privacy laws could be applied to a geo-spatially mapped UAV input stream, so that access privileges can be dynamically shifted, such as when the UAV camera feed goes across a state or international border); 
convert the vehicle raw data into a plurality of universal data elements (paragraph 45, encoder/broadcaster receives the video feed 322 from the UAS ground station 320 with either synchronous or asynchronous sensor data/telemetry and video 322; unit 330 then encodes the analog video signal and/or transcodes the digital video signal to a motion imagery standards profile (MISP) compliant stream; the MISP compliant stream is also embedded by the encoder with KLV metadata);
determine, from a data privacy map established by an owner of the unmanned aerial vehicle, which of the universal data elements are sensitive data elements and which of the universal data elements are non-sensitive data elements (paragraph 74, present cloud-based manager 350 allows nuggets of data to be accessible and includes private data which is protected appropriately; dynamic monitoring could occur with an appropriate set of laws applied to the data; various territorially specific privacy laws could be applied to a geo-spatially mapped UAV input stream, so that access privileges can be dynamically shifted, such as when the UAV camera feed goes across a state or international border; the system creates a user friendly way to define the various rules and laws due to its geo-mapping and data coordination capabilities; paragraph 75, manager provides an applications programming interface for privacy, chain of custody and auditing rules to be set by users, such as police, national security agencies or commercial customers with special privacy needs (e.g., ambulance systems that are concerned about patient privacy under HIPAA)); 
transmit the non-sensitive data elements to the second server through the data network (paragraph 47, encoder/broadcaster delivers live videos to the cloud or other appliances through cellular data link (including private and non-private data)); and 
store the sensitive data elements locally (paragraph 46, encoder delivers live video to local data cache (including private and non-private data)).
Barton does not explicitly teach each data element indicating the unmanned aerial vehicle from which the raw data was received, a sensor reading of the unmanned aerial vehicle, and a time that the sensor reading occurred.
However, Foster teaches the concept of receiving vehicle raw data from an unmanned aerial vehicle of one or more unmanned aerial vehicles (abstract, method comprising receiving aerial images captured by one or more unmanned aerial vehicle; receiving metadata associated with the aerial images captured by the one or more unmanned aerial vehicle); and
converting the vehicle raw data into a plurality of universal data elements, each data element indicating the unmanned aerial vehicle from which the raw data was received, a sensor reading of the unmanned aerial vehicle, and a time that the sensor reading occurred (paragraph 60, method comprises receiving non-standardized metadata captured by an unmanned aerial vehicle and associated with one or more image captured by the unmanned aerial vehicle; transforming the non-standardized metadata into a standardized format; and storing the transformed metadata in a first database associated with the one or more image stored in a second database; paragraph 198, metadata may include information from the avionics system 30 and/or the navigation system 32 such as orientation and/or position of the UAV 12 based on data obtained from the sensors 140, such as the visual sensors (e.g., cameras), IMU, GPS receiver and/or other sensors 140; paragraph 201, metadata may include: whether the image 44 or associated image 44 was captured from the UAV 12, the particular type of the UAV 12 (such as, but not limited to, make, model, and/or an identification number of the UAV 12); paragraph 211, metadata contains time data and the images 44 contain time data, and the metadata may be matched to the images 44 by matching the metadata time data to the image time data; paragraph 58, time data indicative of time aerial images were captured).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the universal data element metadata teachings of Foster with the partitioning UAV data teachings of Barton, in order to facilitate improved data access and sharing by incorporating additional identifying parameters into a dataset, which provides the ability to search and sort the resulting data according to the additional parameters, thereby increasing efficiency and usability of any subsequent data operations.

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Matusek et al (PGPUB 2017/0220816).

Regarding Claim 2:
Barton in view of Foster teaches the method of claim 1.
Neither Barton nor Foster explicitly teaches wherein the data privacy map further indicates which of the universal data elements are to be obfuscated, the method further comprising: 
storing the universal data elements that are indicated to be obfuscated locally; 
obfuscating the universal data elements that are indicated to be obfuscated; and 
transmitting the obfuscated data elements to the external device.
However, Matusek teaches the concept wherein a data privacy map further indicates which of universal data elements are to be obfuscated (paragraph 18, moving camera comprising unmanned aerial vehicle; paragraph 39, based on machine learning model and set of parameters, privacy-protective data management controller automatically detects e.g. person, face, or object for privacy protection; paragraph 26, when the geometric class of a region of interest (ROI) is associated with an identity of a person, the privacy-protective data management controller 100 can then alter (or blur, scramble, pixelate, blank) the ROI (or only a portion of the ROI, such as the face of the person) to remove any privacy-related information in the ROI and generate an altered image), the method comprising: 
storing the universal data elements that are indicated to be obfuscated locally (paragraph 26, privacy-protective data management controller 100 can then store the image (or video associated with the image) in the standardized format); 
obfuscating the universal data elements that are indicated to be obfuscated (paragraph 26, when the geometric class of a region of interest (ROI) is associated with an identity of a person, the privacy-protective data management controller 100 can then alter (or blur, scramble, pixelate, blank) the ROI (or only a portion of the ROI, such as the face of the person) to remove any privacy-related information in the ROI and generate an altered image); and 
transmitting the obfuscated data elements to an external device (paragraph 105, some embodiments described herein can include compressor/encoder 640, which provides effective data compression and encodes output data in a consistent format; for example, the compressor/encoder 640 can receive protected data from the privacy protector 600 and can compress and/or encode the data; the compressor/encoder 640 can then send the data (e.g., output data) to a destination device (e.g., database, server, user interface, etc.), for example, over a network).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the obfuscation of private data elements teachings of Matusek with the partitioning UAV data teachings of Barton in view of Foster, in order to provide access to non-private data elements while protecting private or sensitive information in images containing both kinds of information, by automatically detecting private regions and performing a redaction or blurring operation, thereby providing an effective compromise between security and information access.

Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Ju et al (PGPUB 2015/0234382).

Regarding Claim 3:
Barton in view of Foster teaches the method of claim 1.
Neither Barton nor Foster explicitly teaches wherein converting the vehicle raw data into a plurality of universal data elements comprises: 
identifying a model of the unmanned aerial vehicle from which the vehicle raw data was received; 
accessing a pre-determined mapping particular to the model of the unmanned aerial vehicle, the mapping indicating how to convert the vehicle raw data for the model of the unmanned aerial vehicle to the plurality of universal data elements.
However, Ju teaches the concept wherein converting vehicle raw data into a plurality of universal data elements comprises (abstract, vehicle data converting unit): 
identifying a model of the device from which the vehicle raw data was received (paragraph 40, sensor information may include identification information (e.g., a device ID) representing a type or a model name of the sensor 11, a request message, and a size of raw data); 
accessing a pre-determined mapping particular to the model of the device, the mapping indicating how to convert the vehicle raw data for the model of the device to the plurality of universal data elements (paragraph 40, for example, the data converting unit 110 may analyze the sensor data for each piece of the sensor information using the format information and convert a format of each piece of the sensor information of the sensor data into the standard format to create the integrated standard data); and
Barton teaches wherein the device is an unmanned aerial vehicle (abstract, UAV data processing system).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the model-based data conversion teachings of Ju with the partitioning UAV data teachings of Barton in view of Foster, in order to improve system compatibility by providing a means of automatically identifying the device type of a data stream arriving at a destination system, and converting said data stream according to said device type into a format which conforms to a more widely used or accessible standard.

Claim(s) 6, 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Proctor (PGPUB 2019/0082305).

Regarding Claim 6:
Barton in view of Foster teaches the method of claim 5.
Neither Barton nor Foster explicitly teaches wherein the non-sensitive data elements are transmitted to the external device in response to a query from the external device.
However, Proctor teaches the concept wherein non-sensitive data elements are transmitted to an external device in response to a query from the external device (paragraph 78, electronic computing device determines a response to query; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel; response includes sensitive and non-sensitive data elements).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the non-sensitive data query teachings of Proctor with the partitioning UAV data teachings of Barton in view of Foster, in order to provide data access to users and third-parties remotely upon request, thereby allowing broad distribution of non-sensitive data for a wide variety of potential purposes, such as surveying and data-mining.

Regarding Claim 8:
Barton in view of Foster teaches the method of claim 1.
Neither Barton nor Foster explicitly teaches wherein the data privacy map further indicates a security level required to access the sensitive data.
However, Proctor teaches the concept wherein a data privacy map indicates a security level required to access sensitive data (paragraph 84, electronic computing device may generate a response based on data stored at a remote network device; paragraph 87, the electronic computing device determines whether a response (also referred to as a group response or unmodified group response) generated in response to the query includes any restricted data; if the response includes restricted data, the electronic computing device (or another dedicated electronic computing device in the system 100 acting as a security manager and configured to check security privileges of users) accesses the permission level of each communication device (including the communication device at which the user query has originated or is received) and compares a security level of the restricted data with a respective permission level of each of the communication devices in the group).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the required security level for sensitive data access teachings of Proctor with the partitioning UAV data teachings of Barton in view of Foster, in order to improve the security of a data access system by ensuring that individuals meet a certain level of access privileges before being granted access to sensitive data, thereby limiting access to trusted parties and preventing data leaks and information theft.

Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Kablaoui (PGPUB 2017/0045884).

Regarding Claim 9:
Barton in view of Foster teaches the method of claim 1.
Neither Barton nor Foster explicitly teaches wherein the vehicle raw data received from the unmanned aerial vehicle is encrypted, and the method further comprises decrypting the vehicle raw data.
However, Kablaoui teaches the concept wherein vehicle raw data received from an unmanned aerial vehicle is encrypted, and the method comprises decrypting the vehicle raw data (abstract, system for drone connectivity; paragraph 38, messages between the drones and remotes consist of a header message and a payload message; the header message contains the drone id and checksums of both the header and payload; the drone id is sent in the clear, i.e., not encrypted; when a header and message is received by ether the drone or remote, the following steps occur: the drone id is verified to be correct; the header is decrypted; the checksum for the header and payload are verified; and the payload is decrypted and processed).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted UAV message teachings of Kablaoui with the partitioning UAV data teachings of Barton in view of Foster, in order to improve the security environment by utilizing message encryption, thereby preventing attackers and eavesdroppers from intercepting communications and gaining access to transmitted information, whether sensitive or non-sensitive, without access to the appropriate decryption key.

Claim(s) 13, 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proctor, and further in view of Hopkins et al (PGPUB 2016/0026718) and Barton.

Regarding Claim 13:
Proctor teaches a method of responding to a query requesting partitioned data (abstract, process and device for responding to a query; paragraph 87, electronic computing device determines whether response generated in response to query includes restricted data), comprising: 
receiving, from a user, the query requesting partitioned data (paragraph 82, electronic computing device receives user query from user for providing response at first communication device), the query having a security level associated therewith (paragraph 87, electronic computing device determines whether response generated in response to query includes restricted data; electronic computing device accesses the permission level of each communication device and compares security level of restricted data with respective permission level of communication device), and the query associated with sensitive and non-sensitive data elements (paragraph 92, electronic computing device modifies response to obscure or remove restricted data and transmit unrestricted data); 
determining, based on the security level associated with the query and the partitioned data requested by the query, data elements that provide the partitioned data requested and that correspond to the security level associated with the query associated with sensitive data elements (paragraph 84, electronic computing device may generate a response based on data stored at a remote network device; paragraph 87, the electronic computing device determines whether a response (also referred to as a group response or unmodified group response) generated in response to the query includes any restricted data; if the response includes restricted data, the electronic computing device (or another dedicated electronic computing device in the system 100 acting as a security manager and configured to check security privileges of users) accesses the permission level of each communication device (including the communication device at which the user query has originated or is received) and compares a security level of the restricted data with a respective permission level of each of the communication devices in the group; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel; paragraph 92, when the electronic computing device determines (at block 435) to modify the group response, the electronic computing device modifies the group response to generate a second response; the group response is modified to generate a second response based on at least one of a) replacing the restricted data in the group response with unrestricted data, for example by replacing name of a witness with an alias; b) replacing the restricted data with another restricted data having security level matching the respective permission level of each of the plurality of communication devices in the communication group, for example by replacing name of a witness with witness type; c) removing the restricted data, for example, by completely removing the identity of the witness); 
determining one or more nodes storing the data elements (paragraph 78, the electronic computing device may also be configured to determine a response to the query (for example, by retrieving stored data or by requesting data from a database such as one of the databases 164); 
receiving the requested data elements from the one or more nodes (paragraph 78, stored data is retrieved from database); and 
aggregating the data elements to provide a report (paragraph 78, electronic computing device determines a response to query; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel).
Proctor does not explicitly teach generating a sub-query request for each of the one or more nodes, the sub-query request indicating the data elements to be retrieved at the respective node, and an indication of an output node to which the data elements should be sent to; and
sending the sub-query requests to each of the one or more nodes. 
However, Hopkins teaches the concept of generating a sub-query request for each of one or more nodes (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters; paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets), the sub-query request indicating data elements to be retrieved at the respective node (paragraph 69, upon receiving the input query at block 440, the front end server 410 sends the query to the query optimization engine 430, as indicated in block 442; the query optimization engine 430 analyzes the parameters (e.g., P1-P4) to determine (a) one or more mappings of parameter values associated with the parameters and (b) one or more users for which to retrieve corresponding sets of data based on the mappings), and an indication of an output node to which the data elements should be sent to (paragraph 77, based on parameters, query optimization engine determines whether to execute constraint type parameters at frontend server or backend server depending on which server is better suited for handling a particular operation); and
sending the sub-query requests to each of the one or more nodes (paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the sub-query teachings of Hopkins with the sensitive data query teachings of Proctor, in order to optimize the execution of a query by analyzing an initial query to determine a mapping of values associated with the query parameters to determine a set of sub-queries which return a reduced set of data for further evaluation, thereby requiring only a single privacy check and reducing the number of hops between servers to achieve the results of the initial query (Hopkins, paragraph 11-12).
Neither Proctor nor Hopkins explicitly teaches wherein the partitioned data is partitioned unmanned aerial vehicle data; and
wherein the data elements are vehicle data elements.
However, Barton teaches the concept wherein partitioned data is partitioned unmanned aerial vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312 and in turn outputs video and sensor data 320 to a video encoder broadcaster device having storage capacity 330; in operation the encoder/broadcaster receives the video feed 322 from the UAS ground station 320 with either synchronous or asynchronous sensor data/telemetry and video 322; paragraph 74, present cloud-based manager 350 allows nuggets of data to be accessible and includes private data which is protected appropriately; dynamic monitoring could occur with an appropriate set of laws applied to the data; various territorially specific privacy laws could be applied to a geo-spatially mapped UAV input stream, so that access privileges can be dynamically shifted, such as when the UAV camera feed goes across a state or international border); and
wherein data elements are vehicle data elements (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unmanned aerial vehicle data teachings of Barton with the sensitive data query teachings of Proctor in view of Hopkins.  Unmanned aerial vehicles are increasingly finding use in information gathering applications such as military surveillance, surveying, and property management.  As such, a person of ordinary skill in the art would consider UAVs as a source of sensitive and non-sensitive data for use with a database query system, thereby providing additional applications such as securely retrieving UAV data through a system of queries and sub-queries according to security level.

Regarding Claim 16:
Proctor in view of Hopkins and Barton teaches the method of claim 13.  In addition, Hopkins teaches wherein a sub-query for the non-sensitive data is sent to one or both of a node on a local network and a node on an external network (paragraph 25, the one or more databases can be local or remote databases; paragraph 75, sub-queries generated and executed in parallel at three databases; frontend server performs privacy check on each individual data set returned); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
The rationale to combine Proctor, Hopkins, and Barton is the same as provided for claim 13 due to the overlapping subject matter between claims 13 and 16.

Regarding Claim 17:
Proctor in view of Hopkins and Barton teaches the method of claim 13.  In addition, Proctor teaches the method, further comprising:
querying a local data storage for the requested data elements comprising one or both of the sensitive data and the non-sensitive data (paragraph 111, the first communication device receiving the query (for example, an oral query) may determine that the electronic computing device (for example, when implemented in a cloud computing cluster to process the query received at the first communication device) itself does not have permission to access a restricted data portion of the query, and therefore further do not have permission to process the query and generate a response; in response to this determination, the first communication device refrains from further transmitting the query to the electronic computing device for processing; in this case, the first communication device may locally process the query and generate a response); and 
outputting the data to the output node (paragraph 110-111, after query is processed and response generated, response is provided for receipt by communication devices in first communication group; first communication device locally processes query and generates response); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
The rationale to combine Proctor and Barton is the same as provided for claim 13 due to the overlapping subject matter between claims 13 and 17.

Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proctor in view of Hopkins and Barton, and further in view of Brisebois et al (US 9,501,744).

Regarding Claim 18:
Proctor in view of Hopkins and Barton teaches the method of claim 13.
Neither Proctor nor Hopkins nor Barton explicitly teaches wherein the security level is based on log-in credentials of the user.
However, Brisebois teaches the concept wherein a security level is based on log-in credentials of a user (col 20 line 45-53, the query manager 242 formats a query based on the search parameters received at block 502; formatting the query may include transforming the search parameters and query options provided by the user into a form that can be processed by the data repository engine 222; col 20 line 54-col 21 line 13, the user interface 240 receives one or more user credentials from the user; in some cases, the user credentials may be received from an application; the user credentials can include any type of credential or identifier that can be used to identify a user and/or determine a set of permissions or a level of authorization associated with the user; the query security manager 244 can validate the user, or application, based at least in part on the user credentials received at the user interface 240; validating the user can include identifying the user, identifying permissions associated with the user, the user's role, and/or an authorization level associated with the user; col 21 line 27-37, the query security manager 244 can determine whether the user has permission, or is authorized, to access the data that satisfies the query; the determination may be based, at least in part, on the user's credentials, the user's permissions, a security level associated with the data, etc.).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the credential based security level teachings of Brisebois with the sensitive data query teachings of Proctor in view of Hopkins and Barton, in order to utilize registered and authenticated security credentials to provide proof that a user has the required authorization to obtain access to secure information, thereby improving the security environment.

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proctor in view of Hopkins and Barton, and further in view of Wells et al (PGPUB 2017/0364369).

Regarding Claim 19:
Proctor in view of Hopkins and Barton teaches the method of claim 13.
Neither Proctor nor Hopkins nor Barton explicitly teaches the method, further comprising: receiving an error from a node of the one or more nodes in response to the sub-query when the data requested from the node is not available.
However, Wells teaches the concept of receiving an error from a node of one or more nodes in response to a sub-query when data requested from the node is not available (paragraph 58, subquery to company node via API requires ID be provided in valid query; failure to provide ID results in error and discontinued processing of request, i.e. node is not available).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the sub-query error teachings of Wells with the sensitive data query teachings of Proctor in view of Hopkins and Barton, in order to provide an indication that an attempt to access data had failed, thereby allowing a user or system to determine the reason for the failure and either attempt to remediate the failure or abandon the attempt without wasting a significant amount of time.

Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Proctor in view of Hopkins and Barton, and further in view of Ikarashi (PGPUB 2019/0141051).

Regarding Claim 20:
(Ikarashi 20190141051) Proctor in view of Hopkins and Barton teaches the method of claim 13.
Neither Proctor nor Hopkins nor Barton explicitly teaches the method, further comprising: returning an error when there are no vehicle data elements on any node that provide the vehicle data requested and that correspond to the security level associated with the query.
However, Ikarashi teaches the concept of returning an error when there are no data elements on any node that provide the data requested and that correspond to the security level associated with the query (paragraph 21, if query fails to satisfy predetermined security level, error is output; paragraph 19, if query satisfies predetermined security level, but processing the query fails, an error is output); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the query error teachings of Ikarashi with the sensitive data query teachings of Proctor in view of Hopkins and Barton, in order to provide an indication that an attempt to access data had failed, thereby allowing a user or system to determine the reason for the failure and either attempt to remediate the failure or abandon the attempt without wasting a significant amount of time.

Claim(s) 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Verna et al (PGPUB 2012/0299751).

Regarding Claim 28:
Barton in view of Foster teaches the system of claim 26.  In addition, Foster teaches converting the vehicle raw data into a plurality of universal data elements, each data element indicating the unmanned aerial vehicle from which the raw data was received, a sensor reading of the unmanned aerial vehicle, and a time that the sensor reading occurred (paragraph 60, method comprises receiving non-standardized metadata captured by an unmanned aerial vehicle and associated with one or more image captured by the unmanned aerial vehicle; transforming the non-standardized metadata into a standardized format; and storing the transformed metadata in a first database associated with the one or more image stored in a second database; paragraph 198, metadata may include information from the avionics system 30 and/or the navigation system 32 such as orientation and/or position of the UAV 12 based on data obtained from the sensors 140, such as the visual sensors (e.g., cameras), IMU, GPS receiver and/or other sensors 140; paragraph 201, metadata may include: whether the image 44 or associated image 44 was captured from the UAV 12, the particular type of the UAV 12 (such as, but not limited to, make, model, and/or an identification number of the UAV 12); paragraph 211, metadata contains time data and the images 44 contain time data, and the metadata may be matched to the images 44 by matching the metadata time data to the image time data; paragraph 58, time data indicative of time aerial images were captured); and 
Barton teaches storing the non-sensitive data elements locally (paragraph 46, encoder delivers live video to local data cache (including private and non-private data)).
Neither Barton nor Foster explicitly teaches wherein the second server is configured to: 
receive vehicle raw data from an unmanned aerial vehicle of the one or more unmanned aerial vehicles that is not connected to the customer network, the vehicle raw data comprising only non-sensitive data.
However, Verna teaches the concept wherein a second server is configured to:
receive vehicle raw data from an unmanned aerial vehicle of the one or more unmanned aerial vehicles that is not connected to the customer network, the vehicle raw data comprising only non-sensitive data (abstract, mass notification push application and a civic-communication application combined into one with the primary purpose of allowing up-to-the-minute UAV aerial imagery as selected by drone ground-based commanders to be automatically transmitted to subscribed end-users via the current OS mobile operating systems for smartphones, iPads, laptops, and web-enabled devices; paragraph 26, unmanned vehicle (UV) data organized into restricted data and public data; public data transmitted to mobile devices, i.e. “second servers”).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine non-sensitive data distribution teachings of Verna with the partitioning UAV data teachings of Barton in view of Foster, in order to allow broad dissemination of publicly accessible data to many users at once without concerns about leaking sensitive data by separating the sensitive data from the non-sensitive data on a device prior to distribution of the non-sensitive data, thereby improving security and utility.

Claim(s) 29, 31-32 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Proctor and Hopkins.

Regarding Claim 29:
Barton in view of Foster teaches the system of claim 26.
Neither Barton nor Foster explicitly teaches wherein the first server is further configured to: 
receive a query from a user of a device on a customer network requesting vehicle data, the query having a security level associated therewith; 
determine, based on the security level associated with the query and the vehicle data requested by the query, vehicle data elements that provide the vehicle data requested and that correspond to the security level associated with the query; 
receive the requested vehicle data elements from the one or more nodes; and 
aggregate the vehicle data elements to provide a report.
However, Proctor teaches the concept wherein a first server is configured to: 
receive a query from a user of a device on a customer network requesting data (paragraph 82, electronic computing device receives user query from user for providing response at first communication device), the query having a security level associated therewith (paragraph 87, electronic computing device determines whether response generated in response to query includes restricted data; electronic computing device accesses the permission level of each communication device and compares security level of restricted data with respective permission level of communication device); 
determine, based on the security level associated with the query and the data requested by the query, data elements that provide the data requested and that correspond to the security level associated with the query (paragraph 84, electronic computing device may generate a response based on data stored at a remote network device; paragraph 87, the electronic computing device determines whether a response (also referred to as a group response or unmodified group response) generated in response to the query includes any restricted data; if the response includes restricted data, the electronic computing device (or another dedicated electronic computing device in the system 100 acting as a security manager and configured to check security privileges of users) accesses the permission level of each communication device (including the communication device at which the user query has originated or is received) and compares a security level of the restricted data with a respective permission level of each of the communication devices in the group; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel; paragraph 92, when the electronic computing device determines (at block 435) to modify the group response, the electronic computing device modifies the group response to generate a second response; the group response is modified to generate a second response based on at least one of a) replacing the restricted data in the group response with unrestricted data, for example by replacing name of a witness with an alias; b) replacing the restricted data with another restricted data having security level matching the respective permission level of each of the plurality of communication devices in the communication group, for example by replacing name of a witness with witness type; c) removing the restricted data, for example, by completely removing the identity of the witness); 
receive the requested data elements from one or more nodes (paragraph 78, stored data is retrieved from database); and 
aggregate the data elements to provide a report (paragraph 78, electronic computing device determines a response to query; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the required security level for sensitive data access teachings of Proctor with the partitioning UAV data teachings of Barton in view of Foster, in order to improve the security of a data access system by ensuring that individuals meet a certain level of access privileges before being granted access to sensitive data, thereby limiting access to trusted parties and preventing data leaks and information theft.
Neither Barton nor Foster nor Proctor explicitly teaches the first server to generate a sub-query request for each of one or more nodes, the sub-query request indicating the vehicle data elements to be retrieved at the respective node, and an indication of an output node to which the vehicle data elements should be sent to; and
send the sub-query requests to each of the one or more nodes.
However, Hopkins teaches the concept of a first server to generate a sub-query request for each of one or more nodes (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters; paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets), the sub-query request indicating data elements to be retrieved at the respective node (paragraph 69, upon receiving the input query at block 440, the front end server 410 sends the query to the query optimization engine 430, as indicated in block 442; the query optimization engine 430 analyzes the parameters (e.g., P1-P4) to determine (a) one or more mappings of parameter values associated with the parameters and (b) one or more users for which to retrieve corresponding sets of data based on the mappings), and an indication of an output node to which the data elements should be sent to (paragraph 77, based on parameters, query optimization engine determines whether to execute constraint type parameters at frontend server or backend server depending on which server is better suited for handling a particular operation); and
send the sub-query requests to each of the one or more nodes (paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets); and
Barton teaches wherein the data elements are vehicle data elements (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the sub-query teachings of Hopkins with the partitioning UAV data teachings of Barton in view of Foster and Proctor, in order to optimize the execution of a query by analyzing an initial query to determine a mapping of values associated with the query parameters to determine a set of sub-queries which return a reduced set of data for further evaluation, thereby requiring only a single privacy check and reducing the number of hops between servers to achieve the results of the initial query (Hopkins, paragraph 11-12).

Regarding Claim 31:
Barton in view of Foster, Proctor, and Hopkins teaches the system of claim 29.  In addition, Proctor teaches wherein the second server (paragraph 77, the electronic computing device may be a single electronic processor (for example, the electronic processor 213 of the portable radio 104); in other embodiments, the electronic computing device includes multiple electronic processors distributed remotely from each other; for example, the electronic computing device may be implemented on a combination of at least two of the electronic processor 213 of the portable radio 104, the electronic processor 213 of the infrastructure controller 156, and the electronic processor 213 of a back-end device in the cloud computing cluster 162 accessible via the IP network 160; paragraph 78, the electronic computing device may also be configured to determine a response to the query and provide the response to an output device of the communication device 200; paragraph 111, in the event that the first communication device determines that the electronic computing device does not have permission to access restricted data, the first communication device forwards the query to another electronic computing device (i.e. “second server”)) is further configured to: 
receive a query from a user of a device on a data network requesting data (paragraph 82, electronic computing device receives user query from user for providing response at first communication device); 
determine, based on the data requested by the query, data elements that provide the data requested and that correspond to a security level associated with the query (paragraph 84, electronic computing device may generate a response based on data stored at a remote network device; paragraph 87, the electronic computing device determines whether a response (also referred to as a group response or unmodified group response) generated in response to the query includes any restricted data; if the response includes restricted data, the electronic computing device (or another dedicated electronic computing device in the system 100 acting as a security manager and configured to check security privileges of users) accesses the permission level of each communication device (including the communication device at which the user query has originated or is received) and compares a security level of the restricted data with a respective permission level of each of the communication devices in the group; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel; paragraph 92, when the electronic computing device determines (at block 435) to modify the group response, the electronic computing device modifies the group response to generate a second response; the group response is modified to generate a second response based on at least one of a) replacing the restricted data in the group response with unrestricted data, for example by replacing name of a witness with an alias; b) replacing the restricted data with another restricted data having security level matching the respective permission level of each of the plurality of communication devices in the communication group, for example by replacing name of a witness with witness type; c) removing the restricted data, for example, by completely removing the identity of the witness); 
receive the requested data elements from the one or more nodes (paragraph 78, stored data is retrieved from database); and 
aggregate the data elements to provide a report (paragraph 78, electronic computing device determines a response to query; paragraph 88, when the electronic computing device determines (at block 420) that each device in the communication group has permission to receive the group response, the electronic computing device transmits the group response on a group communication channel); and
Hopkins teaches wherein the second server is configured to:
generate a sub-query request for each of the one or more nodes (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters; paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets), the sub-query request indicating the data elements to be retrieved at a respective node (paragraph 69, upon receiving the input query at block 440, the front end server 410 sends the query to the query optimization engine 430, as indicated in block 442; the query optimization engine 430 analyzes the parameters (e.g., P1-P4) to determine (a) one or more mappings of parameter values associated with the parameters and (b) one or more users for which to retrieve corresponding sets of data based on the mappings), and an indication of an output node to which the data elements should be sent to (paragraph 77, based on parameters, query optimization engine determines whether to execute constraint type parameters at frontend server or backend server depending on which server is better suited for handling a particular operation); and
send the sub-query requests to each of the one or more nodes (paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets); and
Barton teaches wherein the data elements are vehicle data elements (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
The rationale to combine Barton, Proctor, and Hopkins is the same as provided for claim 26 due to the overlapping subject matter between claims 26 and 29.

Regarding Claim 32:
Barton in view of Foster, Proctor, and Hopkins teaches the system of claim 31.  In addition, Hopkins teaches wherein the data requested by the query is non-sensitive and wherein there is no security level associated with the query (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters; therefore, the privacy check determines whether the data requested by the query is “non-sensitive”; the input query has no associated security level), and wherein the second server is further configured to: 
send a sub-query request for non-sensitive data to one or both of a node within the customer network and a node within the data platform (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters; paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets, i.e. “nodes within the data platform”); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
The rationale to combine Barton and Hopkins is the same as provided for claim 31 due to the overlapping subject matter between claims 31 and 32.

Claim(s) 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Foster, and further in view of Hopkins.

Regarding Claim 30:
Barton in view of Foster teaches the system of claim 26.
Neither Barton nor Foster explicitly teaches wherein the vehicle data requested by the query is one or both of sensitive and non-sensitive, and wherein the first server is further configured to: 
send a sub-query request for sensitive vehicle data to a node within the customer network; and 
send a sub-query request for non-sensitive vehicle data to a node external to the customer network, 
wherein the node external to the customer network is either located within the data platform hosted by the second server or is located within a separate customer network.
However, Hopkins teaches the concept wherein data requested by a query is one or both of sensitive and non-sensitive (paragraph 11, various embodiments utilize a declarative language to specify an input query for retrieving data from a large set of data at one or more database servers (“backend servers”); the query parameters specified by the declarative language are first analyzed to identify a mapping of values associated with the query parameters; a database having an index that corresponds to the mapping is then identified; returned set of data undergoes a privacy check at the frontend servers, where the privacy checks are applied subsequent to execution of the query parameters), and wherein a first server is further configured to: 
send a sub-query request for sensitive data to a node within a customer network (paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets; paragraph 1, application system enables each of its users to set a privacy setting for almost every “entity” relating to the application system and to adjust the setting at any time; paragraph 25, the databases can be local databases); and 
send a sub-query request for non-sensitive data to a node external to the customer network (paragraph 75, upon database identification, backend server facilitates the retrieving of individual data sets; three new sub-queries of the input query are generated and executed in parallel at the three databases to retrieve the individual data sets; paragraph 25, the databases can be remote databases), 
wherein the node external to the customer network is either located within a data platform hosted by a second server or is located within a separate customer network (paragraph 25, the databases can be remote databases, i.e. “located within a data platform hosted by a second server”); and
Barton teaches wherein the data is vehicle data (paragraph 45, unmanned aircraft system (UAS) ground station 320 receives the UAV payload 312).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the sub-query teachings of Hopkins with the partitioning UAV data teachings of Barton in view of Foster, in order to optimize the execution of a query by analyzing an initial query to determine a mapping of values associated with the query parameters to determine a set of sub-queries which return a reduced set of data for further evaluation, thereby requiring only a single privacy check and reducing the number of hops between servers to achieve the results of the initial query (Hopkins, paragraph 11-12).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/LINGLAN EDWARDS/Primary Examiner, Art Unit 2491