DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

This action is in response to remarks and claim amendments filed by Applicant’s representative on June 15, 2022.   


Response to Amendments and Remarks

Applicant’s latest filed claim amendments and corresponding remarks dated June 15, 2022 have been fully considered.  Applicant’s remarks and/or comments are generally directed to the current claim amendment(s), and accordingly deemed moot in light of the new grounds of rejection provided with this action.  
With regards to Applicant’s latest amendments and remarks, Applicant firstly notes and remarks that the independent claim(s), and claim 1 in particular, has been further amended to now expressly recite in part  
“determining, in response to receiving data as a tuple in a stream of tuples by a stream operator of a processing element, whether a characteristic of the data indicates that an attribute of the data includes sensitive information, wherein the processing element is one of a plurality of processing elements forming an operator graph that defines an execution path for processing and routing of the stream of tuples…”.



With respect to the above, Applicant notes and remarks that none of the prior art reference(s) applied in rejecting independent claim 1 [Yu et al, Conte et al] expressly discloses or suggests the above recited claim feature(s) or limitation(s) as currently set forth in amended independent claim 1 (and similarly in independent claims 8 and 17) [Applicant Remarks: par 5, pg. 8 – par 4, pg. 13]
However, in response to Applicant’s amended feature and associated remarks, the Office asserts and notes that the above amended feature(s) is/are now expressly disclosed in further view of teachings and/or disclosures by Cook et al, as discussed / cited below with this action.  

With respect to the claim, Applicant also argues or remarks that the combination of Yu and Conte is improper as there is a lack of motivation to combine the references.  In this regard, Applicant notes that the combination is improper because Yu already discloses a method of detecting encrypted / unencrypted data, and there is no suggestion that the encryption detection disclosed by Conte would improve the efficiency of the method disclosed by Yu.  In support of this point, Applicant remarks that the use of the disclosed key in Yu, which allows a receiver to determine which encryption algorithm has been used on portions of the data, already discloses a method for efficiently detecting encrypted and unencrypted data; thus, one skilled in the art would not be motivated to modify Yu with Conte as proposed in the Office action.  The Office respectfully disagrees.
In this regard, the Office notes that in response to applicant’s argument that there is no proper teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the Office notes and asserts that Yu and Conte are combinable, at the very least, because they are related art in the same environment or field of endeavor --namely, both inventions are significantly directed to efficiently detecting encrypted and/or unencrypted data or portions of data.  Yu and Conte are thus combinable for at least this reason.
In addition, the Office notes that Conte additionally makes it clear that ‘there are a multitude of different encryption methods, usually involving transforming data files or data streams using an encryption algorithm. The encrypted data can be decrypted only by the appropriate ‘decryption key’ and/or algorithm, generally available only to authorized users (as in Yu et al).  Conte further teaches that, typically, encryption methods usually recognize encrypted data files or data streams that they have themselves encrypted through a simple ‘tag’ (such as a file extension) or code embedded within the data. But while many encryption methods are capable of detecting data the method itself has encrypted, it is useful to be able to detect encrypted data encrypted ‘by any method’ (i.e., detecting encryption generally), and to make it more ‘efficient’ [Conte: col 1, L13-32 & col 2, L17-21].  
The Office also significantly notes that Conte discloses as an additional improvement or efficiency determining whether the data file or stream is ‘compressed’ in addition to determining whether the file is encrypted (or not), and may thus avoid ‘double-encryption’ of the data file / stream [Conte: col 5, L9-11, Figure 3 & col 7, L22-29]. And as stated by Conte, since ‘compressed’ data, i.e., data transformed to take up less space in computer memory or data storage, has a similarly uniform distribution of data values, a method of distinguishing between compressed and encrypted data is also useful [Conte: col 2, L53-58].  Conte, thus expressly provides an additional benefit or improvement to Yu beyond efficiently detecting encrypted / unencrypted data files / streams or portions of the data.  Accordingly, one skilled in the art would be motivated to modify / combine Yu with Conte for this added benefit, and the Office accordingly maintains the combination of Yu and Conte for the reasoning and justifications stated above.

Claim Objections

Claim(s) 15, 16 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 6, 8, 13, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yu (hereinafter Yu), US Patent 7,167,560 A1 (Patent Date January 2007) in view of Conte et al (hereinafter Conte), US Patent 8,799,671 B2 (Patent date August 2014) and in further view of Cook et al (hereinafter Cook), US Patent Pub 2019/0124007 A1 (publication date April 2019). 

As per claims 1, 8, 17, Yu discloses substantial features of the invention, such as the computer-implemented method comprising:
	determining, in response to receiving data (Yu: ‘Receive Media Stream’_202) [Fig. 2] whether a characteristic of the data (Yu: expressly teaches that a data stream {i.e., video stream} can comprise an ‘encryption field’ which is used to indicate whether ‘select data’ is to be encrypted {i.e., an ‘I-frame’ and/or ‘B-frame’ of the data stream is to be encrypted}) or used to indicate / ‘determine the ‘data payload’ that is to be encrypted’ ) [col 2, L28-33] indicates that an attribute of the data (Yu: data stream ‘segment{s}’ / ‘partition{s}’) [col 5, L18-26, Fig. 1] includes sensitive information (Yu: ‘most sensitive information part’ {i.e., ‘military’ video / audio data} / ‘less sensitive information part’ of the data stream) [col 11, L10-20]; as well as
	   generating a parameter value for a cryptographic parameter for the attribute (Yu: a ‘key K’ can be provided / generated and used to indicate the ‘value of the variables’, such as the ‘encryption/scrambling algorithms’ used, the ‘partition dimensions’ and domains, and the ‘level of encryptions’) [col 10, L65 – col 131, L2]. 

   	But while Yu discloses the recited features of the invention as above, he does not expressly disclose the additional recited feature(s) of the method further comprising  
calculating, responsive to determining that the attribute includes sensitive information, an entropy value for the attribute and determining, responsive to the calculating of the entropy value, a likelihood that the attribute is encrypted by comparing the entropy value to a threshold value and determining, responsive to the calculating of the entropy value, a likelihood that the attribute is encrypted by comparing the entropy value to a threshold value.
However, in a related endeavor, Conte particularly discloses the additional recited feature(s) of the method further comprising calculating, responsive to determining that the attribute includes sensitive information, an entropy value for the attribute (Conte: calculating a ‘Shannon Entropy’ of the data {block 208}, which is a measure of the amount of order in data / ‘Entropy value’) [col 4, L27-31, Fig. 2] (e.g., ‘Calculating a Value of a Property of the Data File read from the Data Source’_606 ) [Fig. 6]; and
determining, responsive to the calculating of the entropy value, a likelihood that the attribute is encrypted by comparing the entropy value to a threshold value (Conte: the Shannon entropy value may be compared to a predetermined ‘threshold value’ (block 210), and if the Shannon entropy value is ‘above’ (or exceeds) the predetermined threshold, then the routine will output that the data file is ‘encrypted’ (block 212). However, when the entropy value is below the threshold value, the file is determined to be ‘unencrypted’ and thus selectively encrypted. The Office further notes that Conte expressly discloses that “stored and transmitted electronic data is often) [col 4, L58-63, Fig. 2].
 It would thus be obvious to one of ordinary skill in the art before the effective date of the invention to modify and/or combine Yu’s invention with the above said additional feature, as expressly disclosed by Conte, for the motivation of providing a method and system for efficiently detecting ‘encrypted’ and ’unencrypted’ data and which is advantageously capable of detecting encrypted data encrypted by any method {i.e., detecting encryption generally} [Conte: Abstract] [col 1, L25-32 & col 2, L17-21].

Further, while Yu and Conte discloses the recited features of the invention as above, they does not expressly disclose the additional recited feature(s) of the method further comprising  receiving data as a tuple in a stream of tuples by a stream operator of a processing element, as well as the feature of wherein the processing element is one of a plurality of processing elements forming an operator graph that defines an execution path for processing and routing of the stream of tuples.
However, in a related endeavor, Cook particularly discloses the additional recited feature(s) of the method further comprising receiving data as a tuple in a stream of tuples by a stream operator of a processing element (Cook: e.g., A stream computing application can include one or more Stream operators 240 that can be compiled into a “processing element” container 235…Each Stream operator 240 can include a portion of code that processes “tuples” flowing into a processing element and outputs tuples to other stream operators 240 in the same processing element, in other processing elements, or in both the same and other processing elements in a stream computing application. in an embodiment, each stream operator can include a data. encryption component 242 for communicating with the cryptosystem 340 to implement encryption per the encryption policy (discussed below) and a windowing component 244 for grouping ‘at least one tuple of a tuple stream’ associated with at least one {Stream} operator for a particular purpose, such as ‘encryption’) [0040, Fig.  2] (e.g., determining what particular portions of a tuple a transmitting / receiving stream operator can encrypt or decryp, respectively) [0046] [0073], as well as the feature of wherein the processing element is one of a plurality of processing elements forming an operator graph that defines an execution path for processing and routing of the stream of tuples (Cook: e.g., ‘Operator Graph’) [0010-0013, Figs. 4a-d] (e.g., Processing elements can be inserted or removed dynamically from an ‘operator graph’ representing the flow of data through the stream computing application) [0022] (e.g., an operator graph can be an execution path for a plurality of stream operators to process a stream of tuples) [0028] [0051-0052, Fig. 4a] [0073].
 It would thus be obvious to one of ordinary skill in the art before the effective date of the invention to modify and/or combine Yu’s invention with the above said additional feature, as expressly disclosed by Cook, for the motivation of providing a method and system for implementation of encryption policy in a stream computing environment, and which is better suited for performing efficient real-time processing / analyzing of streaming data, and which may contain ‘sensitive information’ [Cook: Abstract] [0001-0003, 0055, 0058, 0073]. 
 Claim(s) 8, 17 recite(s) substantially the same limitations as claim 1, is/are distinguishable only by its/their statutory category (computer program product, computer system), and accordingly rejected on the same basis.

As per claims 6, 13, Yu discloses the method further comprising determining that a characteristic of the data indicates that a second attribute of the data is free of sensitive information; and speeding up encryption processing, responsive to determining that the characteristic of the data indicates that the second attribute of the data is free of sensitive information, by omitting calculating a second entropy value for the second attribute (Yu: e.g., partial encryptor unit 111 receives a data bitstream, partitions the data stream into at least two segments {i.e., ‘cloak’ data [Wingdings font/0xE0] sensitive data and non-cloak’ data [Wingdings font/0xE0] non-sensitive data}, and encrypts at least one segment (cloak data) of the bitstream with the effect being that of ‘partial encryption’, while leaving the non-cloak data {non-sensitive} unencrypted) [col 5, L18-26; Figs.1 & 2]  (e.g., expressly discloses in one aspect that ‘image’ data {data characteristic} can be split into three ‘sections’ {‘partitions’ / data attribute}, with a center section representing approximately 1/2 of the image and each of the outer sections representing approximately 1/4 of the image. The center section can be ‘encrypted’ while the outer sections can be left ‘unencrypted’. Typically, the more important content information in an image is found in the center of the image due to the human preference for centering subjects within an image. In this regard, the Office notes that implementing ‘partial encryption’ and leaving select data portions unencrypted ‘speeds’ up the encryption process) [col 6, L7-20; Fig. 3].





Claim(s) 2, 3, 7, 9, 10, 14, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yu in view of Conte in view Cook and in further view of Davis et al (hereinafter Davis), US Patent 10,887,291 B2 (patent date January 2021). 

As per claims 2, 9, 18, Yu, Conte and Cook disclose substantial features of the invention as above in claim 1, but fail to expressly teach the additional recited feature(s) of the method wherein the characteristic of the data comprises a flag indicative of whether the data includes sensitive information.
	However, Davis, in a related endeavor, expressly teaches the additional recited feature(s) of the method wherein the characteristic of the data comprises a flag indicative of whether the data includes sensitive information (Davis: a ‘flag’ or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag/marker 604 prior to the encrypted payload 606 indicates that data following the flag/marker 604 is ‘sensitive data’ comprising the encrypted payload 606) [col 13, L44-49, Fig. 6].
It would thus be obvious to one of ordinary skill in the art before the effective date of the invention to modify the combination with the above said additional feature, as expressly disclosed by Davis, for the motivation of providing a method and technique for secure data distribution of sensitive data across content delivery networks, and which also protects against unauthorized access to data[Davis: Abstract; col 2, L13-31] 
Claim(s) 9, 18 recite(s) substantially the same limitations as claim 2, is/are distinguishable only by its/their statutory category, and accordingly rejected on the same basis.


As per claims 3, 10, 19, Yu in view of Conte in view of Cook and in further view of Davis discloses the method, wherein the stream operator is at a source node (Cook: e.g.,  expressly discloses / illustrates Stream Operator_OP1 directly and communicatively coupled to Source_402) [0053, Fig. 4a], and wherein the method further comprises 
accessing the characteristic of the data while the data is at the source node (Davis: e.g., ‘flag/marker’_ 604 in the data stream) [col 13, L44-49, Fig. 6]; and transmitting the parameter value to the source node while the data is at the source node (Davis: e.g., ‘data stream’_602 may be received at a secure proxy fleet for processing from a customer device or backend service, and the received data stream_602 may include an ‘encrypted payload_606’ comprising ‘encrypted sensitive data’ as well as ‘other information’.  A ‘flag’ or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag/marker 604 prior to the encrypted payload 606 indicates that data following the flag/marker 604 is ‘sensitive data’ comprising the encrypted payload 606.  ‘Other information’ included in the encrypted payload 606 include a service type, a website type, a timestamp, a signature, ‘key’ material, routing information, an access policy, authentication information, authorization information, or any other information suitable for inclusion in the encrypted payload 606.) [col 13, L19-32 & 44-64, Fig. 6].
Claim(s) 10, 19 recite(s) substantially the same limitations as claim 3, is/are distinguishable only by its/their statutory category, and accordingly rejected on the same basis.

As per claims 7, 14, Yu in view of Conte in view of Cook in view of Davis, and in particular Davis, discloses the method further comprising transmitting the attribute and the second attribute are transmitted from the source to a sink node along respective network paths (Davis: e.g., when providing sensitive data to remote devices {i.e., ‘customers’ / sink nodes} and systems, the secure proxy fleet 506 may establish a cryptographically protected communications ‘channel’ {i.e., ‘TLS’ channel / network path}. In some embodiments, the secure proxy fleet 506 may re-establish or re-use a TLS connection generated in response to the customer 502 submitting a request, and the data to be transmitted to the customer, including the decrypted sensitive data, may be encrypted with the customer's ‘key’) [col 13, L7-18; Fig. 5]. 


Claim(s) 4, 5, 11, 12, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yu in view of Conte in view Cook and in further view of Levy et al (hereinafter Levy), US Patent 10,129,370 B2 (patent date November 2019). 

As per claims 4, 11, 20, Yu, Conte and Cook disclose substantial features of the invention as above in claim 1, but fail to expressly teach the additional recited feature(s) of the method wherein the determining of whether the characteristic of the data indicates that the attribute of the data includes sensitive information comprises generating a data pattern corresponding to the characteristic of the data; and detecting a match between the generated data pattern and a pattern from a pattern collection.
	However, Levy, in a related endeavor, expressly teaches the additional recited feature(s) of the method wherein the determining of whether the characteristic of the data indicates that the attribute of the data includes sensitive information comprises generating a data pattern corresponding to the characteristic of the data; and detecting a match between the generated data pattern and a pattern from a pattern collection (Levy: Gateway 104 can implement ‘data loss / leak prevention’ {DLP}, which is a mechanism for detecting potential data breaches or loss {i.e., data leak incidents are characterized by ‘sensitive data’ being provided to / accessed by unauthorized parties either inadvertently or by malicious intent.  A DLP policy may define methods of detecting leaked or lost data, for instance using digital signatures, ‘pattern matching’, meta data mapping, or any other suitable technique. Accordingly, the gateway 104 can implement data inspection, ‘scanning, and pattern recognition mechanisms’ to perform cryptographic or other kinds of data transformations according to DLP protocols. Scanning analyzes the data to identify portions of the data, for instance, using pattern matching / keyword matching, data type/format matching, and the like. For example, if the string “SSN” is found in received data, the portion of the data associated with the string “SSN” can be flagged as a ‘social security number’) [col 13  L56 – col 14, L7; Fig.6 & 10a-b]
It would thus be obvious to one of ordinary skill in the art before the effective date of the invention to modify the combination with the above said additional feature, as expressly disclosed by Levy, for the motivation of providing a gateway device that implements data security by accessing a generated mapping to identify portions of data corresponding to particular user interface fields or data elements of a client device using the mapping, and which provides data protection by encoding the identified portions of data based on data protection techniques defined by a security policy [Levy: Abstract; col 1, L12-15]. 
Claim(s) 11, 20 recite(s) substantially the same limitations as claim 4, is/are distinguishable only by its/their statutory category, and accordingly rejected on the same basis.

As per claims 5, 12, Yu in view of Conte in view of Cook in view of Levy, and in particular Levy, discloses the method wherein the determining of whether the characteristic of the data indicates that the attribute of the data includes sensitive information further comprises associating, responsive to detecting the match, the attribute with a type of sensitive data that is associated with the pattern from the pattern collection (Levy: ‘data type matching’ ) [col 14, L4] (e.g., the server 102 provides the sensitive data 902 to the gateway 104, which applies 904 the DLP policy, for instance by scanning the sensitive data 902 to determine if the sensitive data includes ‘one or more types of data or data portions’ identified by the DLP policy as ‘restricted’  ) [col 14, L24-36 ; Fig. 9].


Conclusion


Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office Action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 706.06(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GLENFORD J MADAMBA whose telephone number is (571)272-7989.  The examiner can normally be reached on Mondays – Fridays, 9am-5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/GLENFORD J MADAMBA/Primary Examiner, Art Unit 2451