Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in reply to papers filed on 03/25/2021. Claims 1-20 are pending, following Applicant’s Preliminary Amendment to amend 15. Claims 1, 8, and 15 are independent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/25/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the Examiner.

Claim Objections
Claims 1, 8, and 15 are objected to because of the following informalities: 
Claim 1 should amended to recite: “A computer implemented method for protecting individual data elements within an unstructured dataset, the method comprising: …”
Claim 8 should be amended to recite: “A computer program product for protecting individual data elements within an unstructured dataset, the computer program product comprising: …”
Claim 15 should be amended to recite: “A computer system for protecting individual data elements within an unstructured dataset, the computer system comprising: …”
Appropriate correction is required. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Feng et al., US 2017/0104762 A1, (hereinafter, Feng ‘762) in view of El Defrawy et al., US 10,181,049 B1 (hereinafter, Defrawy ‘049).

As per claim 1: Feng ‘762 discloses:
	A computer implemented for protecting individual data elements within an unstructured dataset (a computer implemented method for protecting portions of a file 402, also referred to as nodes 402A, within a set of data files 120, where the set of data files 120 may be unstructured [Feng ‘762, ¶¶4, 16, 20; Fig. 1, Fig. 4B]), the method comprising: 
identifying a data element (identifying a portion of a file 402, also referred to as a node 402A, by parsing file 402 into a plurality of nodes 402A [Feng ‘762, ¶¶4, 26; Fig. 2, Fig. 4B]) within the unstructured dataset requiring access control (the node 402A of a file 402 is within a set of data files 120, where the set of data files 120 may be unstructured, and where the node 402A requires access control [Feng ‘762, ¶¶15, 19-21; Fig. 1]); 
encrypting the data element within the unstructured dataset (encrypting the portion of the file 402, also referred to as the node 402A, within the set of data files 120, where the set of data files 120 may be unstructured [Feng ‘762, ¶¶19-20, 24-25. Fig. 1, Fig. 2]); 
storing a decryption key (storing a security key 408 within the policies and rules data store 126, where the security key 408 is used to decrypt the corresponding node 402A [Feng ‘762, ¶¶21, 25, 41, 47; Fig. 1, Fig. 4B]) and access control information corresponding to the dataset (storing an encryption policy 404, also referred to as a security policy, within the policies and rules data store 126, where the encryption policy 404 specifies users that are authorized to access a particular node 402A [Feng ‘762, ¶¶21, 25, 47; Fig. 1, Fig. 6]) at an access controller (storing the security key 408 and encryption policy 404 at the policies and rules data store 126, where the and rules data store 126 may be a database server device that facilitates access to portions of a file 402 within the set of data files 120 [Feng ‘762, ¶¶17, 21, 25; Fig. 1, Fig. 2]); and 
(the encrypted node 402A may be associated with metadata and an ID tag, where the ID tag identifies the corresponding policies and rules data store 126 and the encryption policy 404/security key 408 that is stored within the policies and rules data store 126 [Feng ‘762, ¶¶26-27, 31-32, 35; Fig. 2, Fig. 3]).

As stated above, Feng ‘762 does not explicitly disclose: “cryptographically binding the encrypted data element to metadata that identifies the …”.
Defrawy ‘049, however discloses:
cryptographically binding the encrypted data element to metadata that identifies the … (cryptographically binding an encrypted content 100 to metadata 107, where the metadata 107 contains a unique identifier 108, an index to locate the content, and other relevant tags that facilitates access to the requested encrypted content 100 within the system [Defrawy ‘049, Col. 6 lines 21-43, Col. 9 line 60-Col. 10 line 17; Fig. 1])

Feng ‘762 and Defrawy ‘049 are analogous art because they are from the same field of endeavor, namely that of access control and secure storage of data. Prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Feng ‘762 and Defrawy ‘049 before them, to modify the method in Feng ‘762 to include the teachings of Defrawy ‘049, namely to cryptographically bind metadata to encrypted data, as disclosed in Defrawy ‘049, where the metadata is the tag ID that may be cryptographically bound to the encrypted node 402A, as disclosed in Feng ‘762. The motivation for doing so would be to prevent the exfiltration of sensitive information, such as content and its metadata, by encrypting the content and cryptographically binding the metadata to the encrypted content (see Defrawy ‘049, Col. 1 lines 61-67, Col. 6 lines 21-43).

As per claim 2: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 1, as stated above, from which claim 2 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising detecting an access attempt to the dataset (detecting a request to access data within the set of data files 120 [Feng ‘762, ¶¶20-21, 30-31, 44; Fig. 1, Fig. 3]); and 
determining whether the access attempt is acceptable according to the access control information (determining whether the request to access the data is authorized based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶25, 32, 35, 38, 45; Fig. 1, Fig. 3]).

As per claim 3: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 1-2, as stated above, from which claim 3 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising denying the access attempt responsive to determining the access attempt is not acceptable according to the access control information (denying an unauthorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 38, 45; Fig. 3, Fig. 6]).

As per claim 4: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 1-2, as stated above, from which claim 4 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising allowing the access attempt responsive to determining the access attempt is acceptable according to the access control information (allowing an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 39, 46-47; Fig. 3, Fig. 6]).

As per claim 5: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 1, as stated above, from which claim 5 is dependent upon. Furthermore, Feng ‘762 discloses:
wherein the identified data element corresponds to a data element containing confidential information (the identified a portion of the file 402, also referred to as a node 402A, may correspond to sensitive or secret data that is only allowed to be accessed by specific users [Feng ‘762, ¶¶15, 24]).

As per claim 6: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 1-2, as stated above, from which claim 6 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising notifying an external system to allow access to the data element responsive to determining the access attempt is acceptable according to the access control information (under the broadest reasonable interpretation, the ‘external system’ is interpreted to be the server computing device 112 which is external to the client computing device 102; providing relevant information to a server computing device 112, also referred to as computing device, to allow an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶19, 35, 39, 46-47; Fig. 1, Fig. 3]).

As per claim 7: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 1-2, as stated above, from which claim 7 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising notifying an external system to deny access to the data element responsive to determining the access attempt is not acceptable according to the access control information (under the broadest reasonable interpretation, the ‘external system’ is interpreted to be the server computing device 112 which is external to the client computing device 102; providing relevant information to a server computing device 112, also referred to as computing device, to deny an unauthorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶19, 35, 38, 45; Fig. 1, Fig. 3]).

As per claim 8: Feng ‘762 discloses:
A computer program product for, the computer program product comprising: one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising instructions to (A computer program product may include a non-transitory computer readable storage medium having computer readable program instructions thereon for causing a processor to perform operations [Feng ‘762, ¶¶61-62; Fig. 7]): 
identify a data element (identifying a portion of a file 402, also referred to as a node 402A, by parsing file 402 into a plurality of nodes 402A [Feng ‘762, ¶¶4, 26; Fig. 2, Fig. 4B]) within the unstructured dataset requiring access control the node 402A of a file 402 is within a set of data files 120, where the set of data files 120 may be unstructured, and where the node 402A requires access control [Feng ‘762, ¶¶15, 19-21; Fig. 1]); 
encrypt the data element within the unstructured dataset (encrypting the portion of the file 402, also referred to as the node 402A, within the set of data files 120, where the set of data files 120 may be unstructured [Feng ‘762, ¶¶19-20, 24-25. Fig. 1, Fig. 2]); 
store a decryption key (storing a security key 408 within the policies and rules data store 126, where the security key 408 is used to decrypt the corresponding node 402A [Feng ‘762, ¶¶21, 25, 41, 47; Fig. 1, Fig. 4B]) and access control information corresponding to the dataset (storing an encryption policy 404, also referred to as a security policy, within the policies and rules data store 126, where the encryption policy 404 specifies users that are authorized to access a particular node 402A [Feng ‘762, ¶¶21, 25, 47; Fig. 1, Fig. 6]) at an access controller (storing the security key 408 and encryption policy 404 at the policies and rules data store 126, where the and rules data store 126 may be a database server device that facilitates access to portions of a file 402 within the set of data files 120 [Feng ‘762, ¶¶17, 21, 25; Fig. 1, Fig. 2]); and 
(the encrypted node 402A may be associated with metadata and an ID tag, where the ID tag identifies the corresponding policies and rules data store 126 and the encryption policy 404/security key 408 that is stored within the policies and rules data store 126 [Feng ‘762, ¶¶26-27, 31-32, 35; Fig. 2, Fig. 3]).

As stated above, Feng ‘762 does not explicitly disclose: “cryptographically bind the encrypted data element to metadata that identifies the …”.
Defrawy ‘049, however discloses:
cryptographically bind the encrypted data element to metadata that identifies the … (cryptographically binding an encrypted content 100 to metadata 107, where the metadata 107 contains a unique identifier 108, an index to locate the content, and other relevant tags that facilitates access to the requested encrypted content 100 within the system [Defrawy ‘049, Col. 6 lines 21-43, Col. 9 line 60-Col. 10 line 17; Fig. 1])

Feng ‘762 and Defrawy ‘049 are analogous art because they are from the same field of endeavor, namely that of access control and secure storage of data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Feng ‘762 and Defrawy ‘049 before them, to modify the method in Feng ‘762 to include the teachings of Defrawy ‘049.

As per claim 9: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 8, as stated above, from which claim 9 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to detect an access attempt to the dataset (detecting a request to access data within the set of data files 120 [Feng ‘762, ¶¶20-21, 30-31, 44; Fig. 1, Fig. 3]); and 
determine whether the access attempt is acceptable according to the access control information (determining whether the request to access the data is authorized based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶25, 32, 35, 38, 45; Fig. 1, Fig. 3]).

As per claim 10: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 8-9, as stated above, from which claim 10 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to deny the access attempt responsive to determining the access attempt is not acceptable according to the access control information (denying an unauthorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 38, 45; Fig. 3, Fig. 6]).

As per claim 11: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 8-9, as stated above, from which claim 11 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to allow the access attempt responsive to determining the access attempt is acceptable according to the access control information (allowing an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 39, 46-47; Fig. 3, Fig. 6]).

As per claim 12: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 8, as stated above, from which claim 12 is dependent upon. Furthermore, Feng ‘762 discloses:
wherein the identified data element corresponds to a data element containing confidential information (the identified a portion of the file 402, also referred to as a node 402A, may correspond to sensitive or secret data that is only allowed to be accessed by specific users [Feng ‘762, ¶¶15, 24]).

As per claim 13: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 8-9, as stated above, from which claim 13 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to notify an external system to allow access to the data element responsive to determining the access attempt is acceptable according to the access control information (under the broadest reasonable interpretation, the ‘external system’ is interpreted to be the server computing device 112 which is external to the client computing device 102; providing relevant information to a server computing device 112, also referred to as computing device, to allow an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶19, 35, 39, 46-47; Fig. 1, Fig. 3]).

As per claim 14: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 8-9, as stated above, from which claim 14 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to notify an external system to deny access to the data element responsive to determining the access attempt is not acceptable according to the access control information (under the broadest reasonable interpretation, the ‘external system’ is interpreted to be the server computing device 112 which is external to the client computing device 102; providing relevant information to a server computing device 112, also referred to as computing device, to deny an unauthorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶19, 35, 38, 45; Fig. 1, Fig. 3]).

As per claim 15: Feng ‘762 discloses:
A computer system for, the computer system comprising: one or more computer processors; 
one or more computer-readable storage media; program instructions stored on the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising instructions to (A computer system may include a non-transitory computer readable storage medium having computer readable program instructions thereon for causing a processor to perform operations [Feng ‘762, ¶¶61-62; Fig. 7]): 
identify a data element (identifying a portion of a file 402, also referred to as a node 402A, by parsing file 402 into a plurality of nodes 402A [Feng ‘762, ¶¶4, 26; Fig. 2, Fig. 4B]) within the unstructured dataset requiring access control (the node 402A of a file 402 is within a set of data files 120, where the set of data files 120 may be unstructured, and where the node 402A requires access control [Feng ‘762, ¶¶15, 19-21; Fig. 1]); 
encrypt the data element within the unstructured dataset (encrypting the portion of the file 402, also referred to as the node 402A, within the set of data files 120, where the set of data files 120 may be unstructured [Feng ‘762, ¶¶19-20, 24-25. Fig. 1, Fig. 2]); 
store a decryption key (storing a security key 408 within the policies and rules data store 126, where the security key 408 is used to decrypt the corresponding node 402A [Feng ‘762, ¶¶21, 25, 41, 47; Fig. 1, Fig. 4B]) and access control information corresponding to the dataset (storing an encryption policy 404, also referred to as a security policy, within the policies and rules data store 126, where the encryption policy 404 specifies users that are authorized to access a particular node 402A [Feng ‘762, ¶¶21, 25, 47; Fig. 1, Fig. 6]) at an access controller (storing the security key 408 and encryption policy 404 at the policies and rules data store 126, where the and rules data store 126 may be a database server device that facilitates access to portions of a file 402 within the set of data files 120 [Feng ‘762, ¶¶17, 21, 25; Fig. 1, Fig. 2]); and 
(the encrypted node 402A may be associated with metadata and an ID tag, where the ID tag identifies the corresponding policies and rules data store 126 and the encryption policy 404/security key 408 that is stored within the policies and rules data store 126 [Feng ‘762, ¶¶26-27, 31-32, 35; Fig. 2, Fig. 3]).

As stated above, Feng ‘762 does not explicitly disclose: “cryptographically bind the encrypted data element to metadata that identifies the …”.
Defrawy ‘049, however discloses:
cryptographically bind the encrypted data element to metadata that identifies the … (cryptographically binding an encrypted content 100 to metadata 107, where the metadata 107 contains a unique identifier 108, an index to locate the content, and other relevant tags that facilitates access to the requested encrypted content 100 within the system [Defrawy ‘049, Col. 6 lines 21-43, Col. 9 line 60-Col. 10 line 17; Fig. 1])

Feng ‘762 and Defrawy ‘049 are analogous art because they are from the same field of endeavor, namely that of access control and secure storage of data. For the reasons stated in claim 1, prior to the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Feng ‘762 and Defrawy ‘049 before them, to modify the method in Feng ‘762 to include the teachings of Defrawy ‘049.

As per claim 16: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 15, as stated above, from which claim 16 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to detect an access attempt to the dataset (detecting a request to access data within the set of data files 120 [Feng ‘762, ¶¶20-21, 30-31, 44; Fig. 1, Fig. 3]); and 
determine whether the access attempt is acceptable according to the access control information (determining whether the request to access the data is authorized based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶25, 32, 35, 38, 45; Fig. 1, Fig. 3]).

As per claim 17: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 15-16, as stated above, from which claim 17 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to deny the access attempt responsive to determining the access attempt is not acceptable according to the access control information (denying an unauthorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 38, 45; Fig. 3, Fig. 6]).

As per claim 18: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 15-16, as stated above, from which claim 18 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to allow the access attempt responsive to determining the access attempt is acceptable according to the access control information (allowing an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶21, 35, 39, 46-47; Fig. 3, Fig. 6]).

As per claim 19: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claim 15, as stated above, from which claim 19 is dependent upon. Furthermore, Feng ‘762 discloses:
wherein the identified data element corresponds to a data element containing confidential information (the identified a portion of the file 402, also referred to as a node 402A, may correspond to sensitive or secret data that is only allowed to be accessed by specific users [Feng ‘762, ¶¶15, 24]).

As per claim 20: Feng ‘762 in view of Defrawy ‘049 discloses all limitations of claims 15-16, as stated above, from which claim 20 is dependent upon. Furthermore, Feng ‘762 discloses:
further comprising instructions to notify an external system to allow access to the data element responsive to determining the access attempt is acceptable according to the access control information (under the broadest reasonable interpretation, the ‘external system’ is interpreted to be the server computing device 112 which is external to the client computing device 102; providing relevant information to a server computing device 112, also referred to as computing device, to allow an authorized request to access data based on the encryption policy 404, also referred to as a security policy [Feng ‘762, ¶¶19, 35, 39, 46-47; Fig. 1, Fig. 3]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to the Applicant’s disclosure:
Eldefrawy et al., US 2022/0052835 A1: Method for selectively sharing of portion of unstructured data based on security attributes and policies used to encrypt/decrypt data within the unstructured data containers.
Liao et al., US 10,803,197 B1: Unstructured data items are stored at an object storage service, where a filtering requirement to be used to generate a result set for an access request to the object storage service is determined.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN LINGQIAN KONG whose telephone number is (571)272-2646. The examiner can normally be reached Monday-Thursday 8:30am-6:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG (JAY) KIM can be reached on (571)272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN LINGQIAN KONG/Examiner, Art Unit 2494

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494