DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 05/24/2022.Claims 1, 4,6, 8,and 17-18 are amended.  Claims 5, 7, 14, and 16 are canceled Claims 1-4, 6, 8-13, 15, and 17-18 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/361,324.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. 
Claim Objections
Claims 1, and 10 objected to because of the following term limitation: “where confidential data attributes having the same value also have the same authentication value “. It is unclear for the examiner the meaning of this limitation, for example for a Social Security Number which has the same value, it would be obvious that it will always have the same authentication hash value.
                                                            Examiner notes

Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Applicant is encouraged to review the relevant references mentioned at the conclusion section of this office action.
Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 05/24/2022 have been fully considered but they are not persuasive:


 claim 1 recites "associating, by the data set preparation engine, the encrypted value with the authentication value in a protected data set" [emphasis added], and independent claim 10 recites a similar feature. By contrast, each of Vasic, Arad, and Ozaki fails to disclose or suggest this recited claim feature. 
 Applicant respectfully  submits on pages 8-9 of remarks that VASIC, that  the disclosure of "the encrypted SEK 154" is different from "encrypted SEKID 112," and further, that "the encrypted SEK 154" would not be understood by a person having ordinary skill n the art as referring to "the encrypted value," because the encrypted value is calculated for the confidential data attribute using an encryption key, whereas encrypted SEK 154 is an encryption of the key itself, not an encrypted version of the confidential data attribute. Therefore, regarding the Examiner's parenthetical indication at page 5 of the Office Action under the heading "Response to Arguments" that "the encrypted SEK 154" could be understood as referring to the recitation of the "encrypted value, Applicant respectfully disagrees.

Examiner respectfully disagrees with applicant argument for claims 1, and 10 filed on 05/24/2022 on pages 8-9 of remarks.
VASIC disclose: associating the encrypted value and the authentication value in a protected data set 

[¶¶79-85, the encryption key manager (EKM) 24, as its name indicates, generally manages encryption keys, which as described below are used to encrypt and decrypt the data entities 30C, 30D…the EKM 24 is also operable to transmit the SEK and corresponding SEKID, in encrypted form, to the GSM 82, which then encrypts the data entities 30C, 30D using the SEK. The system key manager (SKM) 84 generally manages system keys, which as described below are used to encrypt the SEKIDs. Thus, the SKM 84 is operable to encrypt the SEKIDs. In one embodiment, a number of protection keys are used to encrypt SEKs and SEKIDs… In one embodiment, separate encryption keys are used to encrypt the SEK and the SEKID. In this embodiment, an encryption key public key is used to encrypt the encryption keys that are used to encrypt the SEKs. Further, a system key public key is used to encrypt symmetric keys that are used to encrypt the SEKIDs…  A particular SEK is used in connection with a particular data object. Accordingly, in one embodiment, an application can save a data entity with the same SEK by resubmitting a hidden link in connection with a request to store the data entity. A hidden link is a data structure including the encrypted SEKID, a pointer to the protection key used to encrypt the SEKID, and a cryptographic engine identifier].

[¶¶ 99, FIGS.8-9, The SEK object/entity includes as attributes the SEKID 153 in a normal/decrypted form, the encrypted SEK 154, the SEK integrity check 155, which is a hash value of the SEK, and the optional SKCN hash value 156. The SEK data entity 151 preferably does not include the encrypted SEKID. This creates a hidden link between the encrypted data and the SEK used to encrypt it because the SEKID is encrypted, and the SEK is stored in a separate database].


Examiner Note: As indicated in VASIC application, in paragraph 99 of VASIC application it is mentioned that The SEK data entity 151 preferably does not include the encrypted SEKID. The word “preferably” is a optional word and that does not indicate that it’s a definite process/action. However, Examiner refers applicant representative to other embodiments (mentioned above) in VASIC application which indicates that the SEKID is encrypted.



Applicant submits on page 10 of remarks that Claim 4 recites, among other things, that "the encryption key is used in an Advanced Encryption Standard / Galois Counter Mode (AES/GCM) algorithm" [emphasis added], and claim 13 recites a similar feature. By contrast, the cited references fail to disclose this feature.

Examiner respectfully disagrees with applicant argument for claims 4, and 13 filed on 05/24/2022 on page 10 of remarks.

VASIC discloses this limitation as: [¶77, other strong cryptographic algorithms can be employed, such as 128-bit IDEA or AES].

Examiner Note: AES with Galois/Counter Mode (AES-GCM) or with AES/CBC are optional design mode used with AES and the algorithm invention is not new and has been invented by other entities long time ago and in Applicant specification, it is only mentioned that the strong encryption algorithm may be an AES/CBC algorithm or an AES/GCM algorithm, but does not indicate in detail the process of how this algorithm is used for confidentiality and authentication. Examiner suggest applicant to check the relevant art section in the conclusion section of this office action for few references that uses AES/GCM algorithm and was mentioned in 892 submitted on 03/02/2021.



Claim Rejections - 35 USC § 103
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4. 6, 8-13, 15, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 2008/0301445 issued to VASIC et al (“VASIC”) (filed in IDS 08/14/2020) and in view of US Patent No. 2018/0373885 issued to Arad et al (“Arad”) and further in view of US Patent No. US2001/0012114 issued to Ozaki.
Regarding claim 1, VISIC discloses A method for manipulation of private information in untrusted environments comprising: in a trusted computing environment comprising at least one computer processor [¶¶66-67, 133-139, “computer system 20 broadly includes a security domain 22 having an encryption key manager (EKM) 24, system key manager (S KM) 84, key lifetime manager (KLM) 88, key auditing manager (KAM) 90 and database adapter (DBAD) 86. In an alternative embodiment, other enterprise security components are included in security domain 22"; "trusted software components are executed in connection with cryptographic systems consistent with the present invention")]; and
	for a plurality of data records [¶67, the computer system 20 also includes a plurality of client business domains 26 having an information database 28… encryption, decryption and storage of data entities (see FIG. 3]; and
 separating each data record into a confidential data attribute and a non-confidential data attribute [Paragraphs 26, 28, 93-95 and FIGS 3-7 discloses that the protection of confidential information( such as: credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees, credit card numbers, bank account numbers, social security numbers, birth dates, and highly personal and private medical records) requires a greater assurance that the customer's or patient's confidential information is secure. For example, the doctor may grant permission to view private data (confidential data) to other doctors but not permit nurses to view private data.  The roles can include any security level: secretary, shareholder, custodian, and administrative, for example.  In this fashion, the doctor controls who can view what information and who can edit what information.  The same holds true for patient records; where nurses and doctors may have full access, clerical staff may have limited access to name, address, payment, and appointment information (non-confidential data).  This privacy can be applied to any vertical market such as banking, intellectual property systems, e-Commerce, law firms, and all applications that deal with highly sensitive or classified information. When an authenticated client user requests information… After the information is retrieved, the system checks the security privacy attribute 118 at step 128.  If the information is not marked private, it is fully displayed on the monitor 130 as illustrated in FIG.6. If the information is marked private, the system checks the security level of the client user at step 132.  In checking the user's security level, the system looks at both the user identification and the role identification to see if either are in the special access list, and determine what rights, such as view only or edit, the user has to the information.  If the client user has full view rights, then the display of FIG. 6 is again shown.  If the client user is not entitled to view the private information, the display parameters are adapted in step 134.  In step 134, the display fields of the private information, which will not be displayed, are eliminated from the display parameters with their related labels, so that when the permitted information is displayed in step 135 on monitor 136 of FIG. 5, the fields for the private information are not displayed].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that the information’s/records are separated from each other and will be displayed if the person have proper permission to view them. 
forwarding the confidential data attribute to data encryption engine [¶77 The GSM (general security manager) 82 is also operable to encrypt the data entities 30 (FIG. 3) using, for example, a three-key, triple data encryption standard (3DES), RC4, or any strong cryptographic algorithm on selected attributes of the data entities 30C, 30D as directed and requested by the BLC's and other components of the computer system 20]; and
 Calculating, by the data encryption engine,  an encrypted value for the confidential data attribute using an encryption key [¶79-81, the encryption key manager (EKM) 24, as its name indicates, generally manages encryption keys, which as described below are used to encrypt and decrypt the data entities 30C, 30D…], and [¶91”FIG.4, a security key identification attribute 32 is also an attribute of the data entity 30A and contains security key information. The security key information includes the encrypted SEKID 112 and the SKCN hash value 114, which are used, as described below, to find the SEK used to encrypt associated data entities”], and [¶92], and [ see FIGS. 8-9, ¶¶98-99,The SEK object/entity includes as attributes the SEKID 153 in a normal/decrypted form, the encrypted SEK 154, the SEK integrity check 155, which is a hash value of the SEK, and the optional SKCN hash value 156…, and [ see FIG.15 and ¶¶106, When a user causes the business application to store information at the database server, the cryptographic agent facilitates encryption of the information before the business application provides the information to the database server… ]; and
 calculating, by the data encryption engine, an authentication value for the confidential data attribute, wherein the authentication value is one from among an unsigned hash and a signed hash [¶92, FIG.3, the data entity 30A also includes a security integrity attribute (Seclntegrity) 116, which contains the data entity hash value. The data entity hash value is obtained by hashing all or selective attributes within the data entity. This is controlled by business needs and policies, which are preferably determined by the client and recorded in the BLC's. When a data entity is retrieved, it is hashed using, for example, SHA-1 and that data entity hash value is compared with the stored hash value in the security integrity attribute 116. If the hash values are the same, then the integrity of the retrieved data entity is confirmed to be correct and not altered"]; and 
associating the encrypted value and the authentication value in a protected data set [¶¶79-85, the encryption key manager (EKM) 24, as its name indicates, generally manages encryption keys, which as described below are used to encrypt and decrypt the data entities 30C, 30D…the EKM 24 is also operable to transmit the SEK and corresponding SEKID, in encrypted form, to the GSM 82, which then encrypts the data entities 30C, 30D using the SEK. The system key manager (SKM) 84 generally manages system keys, which as described below are used to encrypt the SEKIDs. Thus, the SKM 84 is operable to encrypt the SEKIDs. In one embodiment, a number of protection keys are used to encrypt SEKs and SEKIDs… In one embodiment, separate encryption keys are used to encrypt the SEK and the SEKID. In this embodiment, an encryption key public key is used to encrypt the encryption keys that are used to encrypt the SEKs. Further, a system key public key is used to encrypt symmetric keys that are used to encrypt the SEKIDs…  A particular SEK is used in connection with a particular data object. Accordingly, in one embodiment, an application can save a data entity with the same SEK by resubmitting a hidden link in connection with a request to store the data entity. A hidden link is a data structure including the encrypted SEKID, a pointer to the protection key used to encrypt the SEKID, and a cryptographic engine identifier], and
[¶¶ 99, FIGS.8-9, The SEK object/entity includes as attributes the SEKID 153 in a normal/decrypted form, the encrypted SEK 154, the SEK integrity check 155, which is a hash value of the SEK, and the optional SKCN hash value 156. The SEK data entity 151 preferably does not include the encrypted SEKID. This creates a hidden link between the encrypted data and the SEK used to encrypt it because the SEKID is encrypted, and the SEK is stored in a separate database].
Examiner Note: As indicated in VASIC application, in paragraph 99 of VASIC application it is mentioned that The SEK data entity 151 preferably does not include the encrypted SEKID. The word “preferably” is an optional word and that does not indicate that it’s a definite process/action. However, Examiner refers applicant representative to other embodiments (mentioned above) in VASIC application which indicates that the SEKID is encrypted.
aggregating data in the protected data set based on the authentication values [¶78, The GSM 82 also performs the decryption of the data entities 30(encrypted and protected) when other components of the computer system 20 request decryption.  Further, the GSM 82 is operable to perform hashing operations using message digest 5 (MD5), SHA-1, or other strong hashing algorithms as instructed by other components.  The hash values or integrity values generated in the one-way hashing process are typically stored as attributes in data entities for integrity check purposes.  Preferably, the GSM 82 hashes all of the data attributes of the data entities and stores that data hash value as an attribute.  After the data has been decrypted, it is again hashed and the before and after hash values are compared.  If the two hash values are identical, the integrity of the data in the data entity has been confirmed], and [see FIGS. 3-5, and corresponding text for more detail, ¶¶90-96, 99, 121-124]; and
Examiner Note: As indicated in VASIC application, data entities are encrypted(protected) and it contains hashed value (authentication value) of all the data attributes. Examiner maintains his rejection.
where confidential data attributes having the same value also have the same authentication value [¶78, The GSM 82 also performs the decryption of the data entities 30 when other components of the computer system 20 request decryption.  Further, the GSM 82 is operable to perform hashing operations using message digest 5 (MD5), SHA-1, or other strong hashing algorithms as instructed by other components.  The hash values or integrity values generated in the one-way hashing process are typically stored as attributes in data entities for integrity check purposes.  Preferably, the GSM 82 hashes all of the data attributes of the data entities and stores that data hash value as an attribute.  After the data has been decrypted, it is again hashed and the before and after hash values are compared.  If the two hash values are identical, the integrity of the data in the data entity has been confirmed.  If two hash values are different, an alarm is issued], and [see FIG. 3 and corresponding text for more detail, ¶96, ¶99]; and
and associating the non-confidential data record with the associated encrypted value and the authentication value [¶93, a security privacy attribute 118 controls access to the information in the associated data entities 30C, 30D. When a client user, a doctor for example, marks his information private, a special access list (SAL), data entity/class 30B is automatically created and the doctor is automatically added to the special access list. The doctor can thereafter add and delete user identifications attributes 120 and/or role identifications 122 from the special access list. The user attributes 120 are based on specific user identifications from the smart cards or any other authentication method. The role attributes 122 are based on different security levels of users. For example, the doctor may grant permission to view private data to other doctors but not permit nurses to view private data. The roles can include any security level: secretary, shareholder, custodian, and administrative, for example], and [¶¶98-99], [ ¶96, FIG.3, the persistent data entity 30A also includes several association attributes, which are used by the database schema to associate or link related data entities 30B, 30C, 30D to the persistent data entities 30A. To that end, the persistent object 30A includes a class identification attribute 146 and at least two search attributes 148. For faster and secured searching, the searchable attributes 148 are preferably hash values of user information such as the patient name. The database uses these attributes 146, 148 and others to associate related persistent objects 30A and related class objects 30B, 30C, 30D with the persistent objects containing the appropriate security key identification 32 that was used to encrypt data attributes in the class objects”]; and
and exporting the protected data set to an untrusted computing environment.  
Even though VASIC discloses this limitation as: [¶122, FIG.18C, mobile computer 1816, such as a personal digital assistant, contains a version of a storeless cryptographic engine that is capable of performing key exchange with repository server 1806. The mobile computer system 1816 can securely retrieve the encrypted data from data store 1802 over the public network", and [¶123, FIG.18E, Secure and granular sharing of information between enterprises over the public network 1810, through optional firewalls 1812, is possible because of the secure key exchange between repository servers 1806 and 1816 that reside in different enterprises. Trust is optionally established between the repository servers 1806 and 1816 by way of signed certificates from certification authority1832")].
VASIC does not explicitly disclose this limitation, however Arad discloses [ Abstract, obtaining, within a trusted computing environment, data comprising confidential values and non-confidential values; replacing, within the trusted computing environment, the confidential values with obfuscated identifiers; sending, from the trusted computing environment, into an untrusted computing environment, an obfuscated representation of the data; transforming, in the untrusted computing environment, the obfuscated representation of the data …].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of VASIC, with the teaching Arad in order overcome the security concerns and elevate confidence that sensitive information in not being exhilarated [ Arad, ¶¶19-20].
Even though examiner still believes that VISC still teaches data set preparation engine as: [Paragraphs 26, 28, 93-95 and FIGS 3-7 discloses that the protection of confidential information( such as: credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees, credit card numbers, bank account numbers, social security numbers, birth dates, and highly personal and private medical records) requires a greater assurance that the customer's or patient's confidential information is secure. For example, the doctor may grant permission to view private data (confidential data) to other doctors but not permit nurses to view private data.  The roles can include any security level: secretary, shareholder, custodian, and administrative, for example.  In this fashion, the doctor controls who can view what information and who can edit what information.  The same holds true for patient records; where nurses and doctors may have full access, clerical staff may have limited access to name, address, payment, and appointment information (non-confidential data).  This privacy can be applied to any vertical market such as banking, intellectual property systems, e-Commerce, law firms, and all applications that deal with highly sensitive or classified information. When an authenticated client user requests information at step 124 in FIG. 7, the computer system retrieves the information at step 126, which will be described in greater detail below. After the information is retrieved, the system checks the security privacy attribute 118 at step 128.  If the information is not marked private, it is fully displayed on the monitor 130 as illustrated in FIG.6. If the information is marked private, the system checks the security level of the client user at step 132.  In checking the user's security level, the system looks at both the user identification and the role identification to see if either are in the special access list, and determine what rights, such as view only or edit, the user has to the information.  If the client user has full view rights, then the display of FIG. 6 is again shown.  If the client user is not entitled to view the private information, the display parameters are adapted in step 134.  In step 134, the display fields of the private information, which will not be displayed, are eliminated from the display parameters with their related labels, so that when the permitted information is displayed in step 135 on monitor 136 of FIG. 5, the fields for the private information are not displayed].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that “the data set preparation engine” is very broadly cited in the claims 1, and 10 and the combination of computer system and security privacy attributes in VISC can be interpreted as a data set separation engine.
However, Examiner introducing a new reference which indicates that the data processing apparatus further comprises registering means (data set separation engine) which separates confidential and non-confidential image data.
Ozaki(US20010012114) in his application discloses [¶18, in a preferred form of the invention, the storage means stores the confidential image data and the non-Confidential image data in separate storage areas], and [¶19, also advantageously, the data processing apparatus further comprises registering means for registering the image data in the storage means], and  [ ¶20, security storage area and a non-security storage area in which the confidential image data and the non-confidential image data are separately stored, respectively, and the registering means determines whether the image data are to be registered in the security storage area or in the non-security storage area, depending on whether or not the image data are confidential, and registers the image data in one of the security storage area and the non-security storage area in which the image data are determined to be registered], and [ see FIG 4, ¶52, … , the image data A (PDL) and the additional information therefor are transferred to the data processing section 121 via the I/F 120 (step S402). Subsequently, the data processing section 121 separates the image data A (PDL) from the additional information (step S403)…].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of VASIC, Arad with the teaching Ozaki in order to implement  a data processing apparatus and a data processing method which allow a user to easily obtain image data to be distributed to a third person and are also capable of maintaining the security of image data to be kept secret[Ozaki, Abstract].
Regarding claims 2 and 11, VASIC discloses wherein the confidential data attribute comprises personal identifiable information [¶26, for example, credit card numbers, identifiable medical records, and other sensitive confidential information about the organization's patients, customers, and/or employees], and 
Regarding claims 3 and 12, VASIC discloses, wherein the encryption key is used in a strong encryption algorithm [¶77, The GSM 82 is also operable to encrypt the data entities 30 (FIG. 3) using, for example, a three-key, triple data encryption standard (3DES), RC4, or any strong cryptographic algorithm on selected attributes of the data entities 30C, 30D as directed and requested by the BLC's and other components of the computer system 20… Other strong cryptographic algorithms can be employed, such as 128-bit IDEA or AES].
Regarding claims 4 and 13, VASIC discloses, wherein the encryption key is used in an Advanced Encryption Standard / Galois Counter Mode (AES/GCM) algorithm [¶77, other strong cryptographic algorithms can be employed, such as 128-bit IDEA or AES].
Examiner Note: AES with Galois/Counter Mode (AES-GCM) or with AES/CBC are optional design mode used with AES and the algorithm invention is not new and has been invented by other entities long time ago and in Applicant specification, it is only mentioned that the strong encryption algorithm may be an AES/CBC algorithm or an AES/GCM algorithm, but does not indicate in detail the process of how this algorithm is used for confidentiality and authentication. Examiner suggest applicant to check the relevant art section in the conclusion section of this office action for few references that uses AES/GCM algorithm and was mentioned in 892 submitted on 03/02/2021.

Regarding claims 6 and 15, VASIC discloses, wherein the signed hash is a Keyed-Hashing for Message Authentication (HMAC) value [¶15, other methods of providing verification of data integrity include Keyed Hashing for Message Authentication (HMAC).  HMAC is a mechanism that can authenticate both the source of a message and its integrity…], and [¶¶99, 124, 141].
Regarding claims 8 and 17, VASIC discloses, wherein the untrusted computing environment comprises one from among a public cloud, a private cloud, a hybrid cloud, and a third-party managed infrastructure [¶2, for various reasons, organizations frequently need to exchange confidential information over a network.  Sometimes organizations establish private networks over dedicated leased lines], and [¶3, connect an organization to an Internet Service Provider (ISP).  The ISP connects its customer to a public network, such as the Internet.  With a connection to a public network, a customer may send and receive messages to any other party also connected to the public network], and [¶4, In a public network like the Internet, it is impracticable to ensure that intermediate network operators will not examine or alter an arbitrary message placed on the public network], and [¶¶5-6, 119]. 
Regarding claims 9 and 18  VASIC discloses, further comprising: executing a query against the authentication values in the protected data set; returning a responsive authentication value for the query; returning at least one encrypted value associated with the responsive authentication value to the trusted computing environment; and decrypting the at least one encrypted value resulting in the confidential data attribute for that at least one encrypted value[¶96,  Referring again exclusively to FIG. 3, the persistent data entity 30A also includes several association attributes, which are used by the database schema to associate or link related data entities 30B, 30C, 30D to the persistent data entities 30A.  To that end, the persistent object 30A includes a class identification attribute 146 and at least two search attributes 148.  For faster and secured searching, the searchable attributes 148 are preferably hash values of user information such as the patient name.  The database uses these attributes 146, 148 and others to associate related persistent objects 30A and related class objects 30B, 30C, 30D with the persistent objects containing the appropriate security key identification 32 that was used to encrypt data attributes in the class objects], and [¶77, the GSM 82 is also operable to encrypt the data entities 30 (FIG. 3) using, for example, a three-key, triple data encryption standard (3DES), RC4, or any strong cryptographic algorithm on selected attributes of the data entities 30C, 30D as directed and requested by the BLC's and other components of the computer system 20], and [see FIG.15 and corresponding text for more detail, ¶¶100-105], and [¶¶90-96].
Regarding claim 10, the subject matter of independent claim 7 contains the corresponding features as the method of claim 1 expressed respectively in analogous terms and additionally the features disclosed in 10: VASIC discloses wherein "an untrusted computing environment comprising an analytical engine.": [¶3, connect an organization to an Internet Service Provider (ISP).  The ISP connects its customer to a public network, such as the Internet.  With a connection to a public network, a customer may send and receive messages to any other party also connected to the public network], and [¶9, to prevent unauthorized access, organizations use firewalls and sound system administration techniques.  Firewalls filter or restrict the types of packets allowed to pass between external public networks and internal networks.  However, firewalls must allow the exchange of at least some packets to and from a public network in order for the connection to the public network to be of any value], and [¶10, accordingly, as long as some packets are being exchanged with the public network, there are opportunities for attackers to gain unauthorized access.  The next level of defense is to keep operating system level security layers secure.  System level security layers include the pieces of software that require user names and passwords to allow connections and the like]. 
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that by implementing a firewall (equated to analytical engine) to filter and prevent the unauthorized access (unsecure environment)].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Nadler (US2018/0219841) [ ¶65, In one embodiment, the ICV is the resulting Galois Message Authentication Code (GMAC) for Advanced Encryption Standard Galois Counter Mode (AES-GCM) encryption].
Zatko (US2016/0188909) [ ¶91, AES in GCM mode is recommended by the National Security Agency (NSA) Suite B cipher suite, as are ECDH, ECDSA, and SHA-256].
Gegenheimer (US5180153) [ (11) It is another object of the present invention to provide an apparatus and method for detecting and separating the non-confidential and confidential paper output of an electrographic transmission/reproduction machine, in such a way that the confidential documents will remain confidential].
Thomason (US20140188921) [9. Apparatus, comprising: a processor; computer memory holding computer program instructions that when executed by the processor perform a method of identifying confidential information in a data item, the data item associated with a source, the method comprising: obtaining, from each of a set of alternative sources, a data item of a same type and format as the data item; comparing the data item to the data item(s) obtained from the set of alternative sources to identify occurrences of particular pieces of information in the data item; and based on the occurrences of particular pieces of information in the data item and a given sensitivity criteria, segmenting one or more pieces of information in the data item as representing potential confidential information], and [¶45, as described above, the techniques herein provide an automated technique to identify (and thereby) separate out confidential information from non-confidential information in a particular data item], [Abstract].

AKE(US20100077489) [ A method, user equipment, network device, and software product that protects data confidentiality where data transmission is required between distant systems. The invention comprises splitting data into confidential and non-confidential data. The invention further includes an isolating indexation responsible for data transmission, processing and reconciliation. Also, the invention comprises data confidentiality protection where multiple systems are involves], and [ ¶¶30-37, 41-50, Isolation component].
Lynch (US2016/0342812) [ SYSTEM FOR ANONYMIZING AND AGGREGATING PROTECTED INFORMATION, ¶¶36-37, Note that only data elements corresponding to confidential protected health information of each patient health record are generally anonymized by the hashing appliance 150…In this way, data records corresponding to the same confidential protected health information can be aggregated because they should have a common hash value].
BAUM (US2015/0229613) [JSON data, see Tables inside the spec.].
Moore (US2010/0185862[JSON message, see the examples inside the spec.].
Sipcic (US2020/0076777[Schema, see FIGS. 2A-2B].
Chebaro (US210, 079,683) [(53), PIN structure 300 may comprise a mixture of one or more fields, which have non-confidential data (e.g., region field 310, service field 320, user field 330), and one or more fields which have confidential data (e.g., sub-PIN field 340)].
Ledet (US10,521,610) (Delivering secure content in an unsecure environment, see FIG. 8 and corresponding text for more details, (63-66), In order to hide secure content when transmitted from secure environment to unsecured environment]
Krajec (US2014/0019756) FIG. 1, [¶59] where tracing may occur within a secure environment, then trace data may be analyzed in an unsecure environment without compromising the integrity of the sensitive data], and [¶70] Before transmitting the trace data outside of the secure environment 102, an obfuscator 108 may obfuscate the trace data to create obfuscated trace data 110.  Once obfuscated, the data may be analyzed by a remote system].
Fink (US2017/0177890) [¶3, confidential and public information, encryption, hashing].  
Nunes (US2018/0082074) [¶1, 10-11, 29, non-confidential or confidential data].
Roberson (US2007/0033398) [Abstract, PIN encryption].
Robinson (US2015/0261916) [Abstract, non-confidential or confidential data].
Saito (US2009/0022321) [¶20, data is hashed, encrypted, or unprocessed according to the security protection level, and the hashed or encrypted data or the data remaining in a plain text is stored in the search keyword management database].                                                                                                                                                                                 
                                                                                                                                                                                                       Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496