Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
This action is in response to amendment filed on 8/2/2022. Claims 1-17 are pending. 
Response to Arguments
Examiner’s Remarks  - Specification Objection (Title)
The examiner finds applicant’s remarks persuasive. The examiner withdraws the objection. 
Examiner’s Remarks  - Specification Objection (Abstract)
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. Claim language is not a concise statement of the technical disclosure of the patent. The examiner maintains the objection. 
Examiner’s Remarks  - Double Patenting
Applicant’s argues: 
“Applicant respectfully requests these rejections be held in abeyance until prosecution of the present application has advanced to the point where the double patenting rejections are the sole remaining issues related to allowance or appeal…”.

The double patenting rejection in maintained. 
Examiner’s Remarks  - 35 USC § 103
Applicant argues:
	“The Office appears to argue that the fixed-length initialization vector is equivalent to
Applicant’s claimed first data set. The Office also appears to argue that the fixed-length
output string is the Applicant’s claimed encoded input data. To be sure, the fixed-length
initialization vector is not a first data set used to produce encoded input data as claimed.
Indeed, the fixed-length initialization vector is itself a tweak. The Office admits this much in
the rejection of claim 3 and notes that Shrimpton specifically alleges this fact. What is
disclosed in step 420 of Shrimpton is obscuring this tweak through encoding. This is not a
first data set used to produce encoded input data.”.


Applicant’s claim simply reads: 
“encoding a first data set to produce encoded input data”.

The context of “a first data set” is not limited in claim 1 and therefore the “first data set” can be reasonably realized in a variety of implementations. The examiner respectfully draws attention to 
Figure 3a reproduced below.


    PNG
    media_image1.png
    813
    1455
    media_image1.png
    Greyscale


In figure 3a, Shrimpton illustrates/discloses encoding (i.e., combining with other data structures) a input data string.

Applicant argues: 
“Shrimpton does not disclose hashing an encoded tweak input along with a unique hashing key to generate a secure tweak.”.

The examiner respectfully disagrees. 

The context of “unique hashing key” is not limited in claim 1 and therefore the “unique hashing key” can be reasonably realized in a variety of implementations. 

The examiner draws attention to par. 0074 of Shrimpton where the following is disclosed:
“[0074] In the construction (300) of FIG. 3a, a first FIL TBC (320a) and second FIL TBC (340a) protect the fixed-length initialization vector (328a) from exposure outside the system. A buffer (310) stores a fixed-length input string (311a) and a variable-length input string (312). A first FIL TBC (320a) is adapted to produce the fixed-length initialization vector (328a). For example, the first FIL TBC (320a) is adapted to produce the fixed-length initialization vector (328a) using the fixed-length input string (311a), as its input, and a combination (e.g., concatenation or other adjustment) of a tweak (318) for the system and the variable-length input string (312), as its tweak. In FIG. 3a, the filled-in portion of the first FIL TBC (320a) (and the second FIL TBC (340a)) represents the tweak input. The value of the tweak (318) can be based on an environmental feature of the system (e.g., logical hard disk sector ID for FDE, memory address, last four digits of a credit card number for FPE).”.

Shrimpton states in par. 0074 that the tweak can be based on the unique data of, “The value of the tweak (318) can be based on an environmental feature of the system (e.g., logical hard disk sector ID for FDE, memory address, last four digits of a credit card number for FPE).”.

Shrimpton further states that the input data and tweak will be concatenated together (‘fixed-length input string (311a), as its input, and a combination (e.g., concatenation or other adjustment) of a tweak (318) for the system”). 
Alternatively, Shrimpton discloses in par. 0088 the following: “to produce an n-bit LRW2 output string by computing an XOR between (1) an encrypted version of an XOR between (a) an n-bit LRW2 input string and (b) an n-bit hash of a tweak input, and (2) the n-bit hash of the tweak input.”. The examiner notes that par. 0090 notes that following: “[0090] In general, N can be any positive integer. The numbers N=128 and N=256 are suitable when the FIL and VIL components of the protected IV construction are constructed from an underlying 128-bit block cipher (e.g., AES). If the PIV construction is implemented using block ciphers of another size (such as DES, with block size of 64 bits), another value for N may be suitable (e.g., 64 or 128 bits).”. The n-bit hash of a tweak is reasonably considered equivalent with hashing of a tweak with a hash key (i.e., n). 

Applicant argues:
	“Davis does not disclose encoding a tweak input to produce an encoded tweak input T”. 

The examiner notes that Davis discloses a cryptographic tweak throughout his specification. The examiner notes that a cryptographic tweak is an encoded tweak. 


Applicant argues: 
	“The Office cannot simultaneously argue that the fixed-length initialization vector
is equivalent to Applicant’s claimed first data set when rejecting claim 1, and then
alternatively argue that the tweak input of claim 3 is also the fixed-length initialization
vector.”

The examiner notes that applicant’s above remarks are a miss-characterization of the examiner’s position and further notes that applicant’s claim 1, does not limit the context of input data and does not limit how a tweak it encoded. 

Figure 3a of Shrimpton reproduced below, illustrate the flow of input data in Shrimpton’s system in conjunction with a tweak value. 


    PNG
    media_image1.png
    813
    1455
    media_image1.png
    Greyscale


Applicant argues: 
	“The stated motivation to combine Shrimpton and Davis lacks merit”.

The examiner respectfully disagrees. 
Shrimpton discloses the use of an input data structure in conjunction with a tweak. Likewise, Davis discloses the use of input data structure with a tweak. Davis’ system enhances the system security of Shrimpton by tokenizing data through the use a cryptographic tweak (i.e., stronger encoded tweak).

Applicant argues: 
“With respect to claim 2, Applicant is unclear how the variable-length input string can be a cleartext input for the first data set. Noted above, the Office argues that the fixed-length initialization vector is equivalent to Applicant’s claimed first data set. The rejection of claim 2 is confusing in view of this allegation. Shrimpton does not disclose that variable-length input string is part of the fixed- length initialization vector, which would be required when considering the rejection of claim 1.”.

Again, a first data set is broad and encompassing and therefore and be reasonably realized in a variety of implementations. 

Figure 3a visually represents the various input data stages disclosed in Shrimpton. 


    PNG
    media_image2.png
    610
    1092
    media_image2.png
    Greyscale


Applicant argues: 
“With respect to claim 3, As noted above, the Office rejects claim 3 in view of Shrimpton. The Office cannot simultaneously argue that the fixed-length initialization vector is equivalent to Applicant’s claimed first data set when rejecting claim 1, and then alternatively argue that the tweak input of claim 3 is also the fixed-length initialization vector.”.

Again, the examiner notes claim 3, simply states the data is cleartext.  Figure 3a illustrates the various data inputs.  Again, a data set is broad and encompassing and therefore and be reasonably realized in a variety of implementations. 


    PNG
    media_image3.png
    514
    920
    media_image3.png
    Greyscale

	


Applicant argues: 
“With respect to claim 6, The cited portions of Shrimpton do not disclose what is alleged by the Office. The permutation lookup-tables disclosed in Shrimpton are used to create TBCs. Again, the Office alleges that the fixed-length initialization vector of Shrimpton is equivalent to Applicant’s claimed first data set and that the fixed-length output string is the Applicant’s claimed encoded input data. There is no disclosure in Shrimpton that the fixed-length initialization vector is encoded into the fixed-length output string using a lookup table. Shrimpton teaches that the TBC is used to convert a fixed-length input string into the fixed-length output string using the fixed-length initialization vector.”. 

A lookup table is simply a data structure stored in memory. Figure 3c illustrates the vector being combined (i.e., encoded) with an input string.


    PNG
    media_image4.png
    816
    1224
    media_image4.png
    Greyscale



Applicant argues: 
“With respect to claim 7, The Office again switches arguments mid-stream and now alleges that the tweak selection process mentioned in paragraph 0081 of Shrimpton is equivalent to the claimed encoding of the tweak input using a second lookup table. Again, the Office has already admitted that Shrimpton does not disclose the claimed tweak input, but that the encoding step is allegedly taught in Davis. Applicant is unclear how Shrimpton fails to teach the underlying step of encoding the tweak input, but somehow teaches the more specific step of encoding the tweak input using a second lookup table.”.

Applicant’s states in their claim 1 a tweak encoding for which is narrower in scope. Claim 1 reads the following: 
“generating a secure tweak for the encoded input data based on a token format schema by  encoding a tweak input to produce an encoded tweak input”.

The examiner notes that Davis was noted to teach this narrower limitation(s) in office action 2/2/2002, in view of the token format schema requirement.

Applicant’ s claim 7 claim simply read:
	“tweak input in encoded using a second lookup table”.

Claim 7 conversely is a broader limitation. Figure 5b of Shrimpton illustrates a tweak encoding with a data structure. 


    PNG
    media_image5.png
    812
    1293
    media_image5.png
    Greyscale


Moreover, Shrimpton states in par. 0081 the following: 
“The generalized construction (301) can be implemented in various ways. For example, the first N-character TBC (320b), the VILTC (330) and the second N-character TBC (340b) can be constructed from randomly generated permutation look-up tables. Recall that, in general, each permutation in a TBC is associated with a tweak and a key. The tweak and the key, as inputs to the TBC, specify a particular permutation for the TBC.”.

Applicant argues:
“Also, Applicant is unclear a tweak being used select among a family of randomly generated permutation lookup-tables teaches encoding a tweak using a lookup table. The mere mention of using a tweak to select a lookup table has nothing to do with how that selected lookup table is used, which is what is claimed in claim 7. Conversely, claim 7 does not recite using a tweak to select a lookup table, which is what is disclosed in Shrimpton.”. 

Applicant’ s claim 7 claim simply read:
	“tweak input in encoded using a second lookup table”.

Shrimpton’s 5b illustrates a tweak encoding with a data structure. 



    PNG
    media_image5.png
    812
    1293
    media_image5.png
    Greyscale



Moreover, Shrimpton states in par. 0081 the following: 
“The generalized construction (301) can be implemented in various ways. For example, the first N-character TBC (320b), the VILTC (330) and the second N-character TBC (340b) can be constructed from randomly generated permutation look-up tables. Recall that, in general, each permutation in a TBC is associated with a tweak and a key. The tweak and the key, as inputs to the TBC, specify a particular permutation for the TBC.”.

Applicant argues: 
“With respect to claim 8, The same arguments set forth above relative to claim 7 are equally applicable to claim 8. There is no disclosure in paragraph 0081 of Shrimpton or anywhere else in Shrimpton where there it is disclosed that a third lookup table is used to convert ciperhtext output into a token. The mere mention of using a tweak to select a lookup table has nothing to do with how that selected lookup table is used, which is what is claimed in claim 8.”. 

Applicant’s claim 8 simply reads: 
	“8. (Original) The method according to claim 7, wherein generating the token from the
ciphertext output includes using a third lookup table to convert the ciphertext output
into the token.”.

The examiner notes that tokens, ciphertext and tables, under broadest reasonable interpretation, are simply data structures. The data simple data structures can be reasonably realized in a variety of implementation. 

Figure 6c of Shrimpton provides an illustration of a token generation process by way of a converting ciphertext output. 

    PNG
    media_image6.png
    714
    688
    media_image6.png
    Greyscale

Applicant argues:
“With respect to claim 9, Shrimpton does not disclose concatenating clear text input that is not tokenized with a token. Again, Applicant note that Office conceded that Shrimpton did not disclose encoding ciphertext output as a token, but instead relied on Davis. The relevant, cited sections of Shrimpton mention nothing of using either the fixed-length input string or the variable-length input string in combination with the output string(s) and/or tweak. While a
combination/concatenation may or may not be present, the requisite data that comprises the
concatenation claimed by Applicant is entirely missing in Shrimpton and Davis ”.

Again, the usage of broad terms in limitation(s) affords a reasonable broad interpretation. The examiner notes par. 0134 of Shrimpton where the following is disclosed: “[0134] FIG. 6c shows details of CLRW2[polyH.sup.rn, {tilde over (E)}.sub.K] component, where r can be 6 (as in the components (622) of FIG. 6b) or 2 (as in the components (640) of FIG. 6a). The first polyH.sup.rn function (642) produces an n-bit tweak value from an input r.Math.n-bit tweak value. The first block cipher (643) (with key K1) encrypts the n-bit tweak value XOR'd with an n-bit input value. The output of the first block cipher (643) is then XOR'd with the n-bit tweak value, to produce an n-bit intermediate value. The second polyH.sup.rn function (642) produces an n-bit tweak value from the input r.Math.n-bit tweak value. The second block cipher (643) (with key K2) encrypts the n-bit tweak value XOR'd with the n-bit intermediate value. The output of the second block cipher (643) is then XOR'd with the n-bit tweak value, to produce an n-bit output value.”. The XOR’d operation is a form on combining.  

    PNG
    media_image6.png
    714
    688
    media_image6.png
    Greyscale


Specification (Abstract)
Applicant is reminded of the proper content of an abstract of the disclosure. The examiner contends that applicant’s Abstract appears to be a recital of applicant’s independent claims.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 12 and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6 and 8 of U.S. Patent No. 10,904,001 and 001’ hereinafter. Although the claims at issue are not identical, they are not patentably distinct from each other because both sets of claims are drawn to the following: ”encoding a first data set to produce encoded input data…generating a secure tweak for the encoded input data based on a token format schema by…encoding a tweak input to produce an encoded tweak input…and hashing the encoded tweak input along with a unique hashing key to generate the secure tweak…applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output”. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-17 are rejected under 35 U.S.C. 103 as being unpatentable over Shrimpton et al. (US Patent Publication No. 2015/0349950 and Shrimpton hereinafter) in view of Davis et al. (US Patent Publication No. 2016/0019396 and Davis hereinafter).

As to claim 1, Shrimpton teaches a method, comprising: 
encoding a first data set to produce encoded input data (i.e., …teaches in paragraph 0102 the following: “system obscures (440) the fixed-length initialization vector. For example, the fixed-length initialization vector is obscured by a FIL TBC, which produces a fixed-length output string (e.g., N-bit output string, N-character output string) based on the fixed-length initialization vector,”); 
and hashing the encoded tweak input along with a unique hashing key to generate the secure tweak (i.e., …teaches in paragraph 0112 the following: “NH[r, s].sub.L takes r-bit keys (|L|=r), maps r-bit strings to s-bit strings, and is 2.sup.s/2-AU. Given a TBC [tilde over (E)], [tilde over (E)].sup.NH denotes the resulting TBC whose tweak space is now the domain of NH, rather than its range.”).

Shrimpton does not expressly teach:
generating a secure tweak for the encoded input data based on a token format schema by; 
encoding a tweak input to produce an encoded tweak input; 
applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output; 
and encoding the ciphertext output into token.
In this instance the examiner notes the teachings Davis.
With regards to applicant’s claim limitation of, “generating a secure tweak for the encoded input data based on a token format schema by”, Davis first teaches in paragraph 0014 the following: “the computing device 100 applies an initial FPE-based transformation that ensures that the plaintext (e.g., clear-text) input to be tokenized is a pseudo-random value for which all positional dependence has been obfuscated.”. Davis further teaches in paragraph 0014 the following: “tweaks in the first and/or third stage FPE-based transformations may be utilized to uniquely multiplex the generated tokens to be unique for individual merchants, merchant groups, services, and/or other suitable entities.”.
With regards to applicant’s claim limitation of, “encoding a tweak input to produce an encoded tweak input”, Davis teaches in paragraph 0047 the following: “in block 516, include the preserved character(s) in the third stage cryptographic tweak (e.g., by appending the preserved character(s) to the cryptographic tweak) as described above.”. 
With regards to applicant’s claim limitation element of, “applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output”, Davis teaches in paragraph 0047 the following: “the computing device 100 may utilize data domain-specific FPE encryption with the pre-computed application third stage symmetric key and tweak described above. As discussed above, in some embodiments, the computing device 100 may identify one or more character(s) of the input data to preserve. As such, in block 514, the computing device 100 may preserve the identified character(s), for example, by storing those characters in the memory 114, the data storage 116, and/or the database 124. Further, in some embodiments, the computing device 100 may, in block 516, include the preserved character(s) in the third stage cryptographic tweak (e.g., by appending the preserved character(s) to the cryptographic tweak) as described above.”.
With regards to applicant’s claim limitation element of, “and encoding the ciphertext output into token”, Davis teaches in paragraph 0044 the following: “The computing device 100 may merge the generated token with the original preserved input (e.g., "23456") if any to generate a merged token (e.g., "6745911474123456"). That is, the generated token is merged with the characters preserved from the original input. As discussed above, the computing device 100 may further repackage the token (or merged token) in the file at the appropriate location.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shrimpton with the teachings of Davis by including the feature of data tokenization. Utilizing data tokenization as taught by Davis above allows a system to provide comprehensive data integrity and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Shrimpton's system will obtain the capability to provide enhanced system security. 
 
As to claim 2, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 1, further comprising receiving a cleartext input, wherein the first data set is a part of the cleartext input (i.e., …teaches in paragraph 0074 the following: “variable-length input string”).

As to claim 3, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 2, wherein the tweak input comprises another part of the cleartext input (i.e., …teaches in his abstract the following: “the fixed-length initialization vector as a tweak”).

As to claim 4, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 3, wherein the secure tweak is created from one or more portions of the cleartext input that are not tokenized (i.e., …teaches in paragraph 0006 the following: “A tweakable block cipher ("TBC") is a generalization of a block cipher. An n-character TBC [tilde over (E)] is a family of permutations over .SIGMA..sup.n, where each permutation in the TBC is associated with a key and a tweak. Often, .SIGMA.=[0,1], in which case the TBC can be termed an n-bit TBC [tilde over (E)].) For an input string, the key and tweak together specify the permutation of the input string that is produced by the TBC.”).

As to claim 5, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 4, wherein the secure tweak is created from an entity-provided value (i.e., …teaches in paragraph 0010 the following: “system tweak”).

As to claim 6, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 5, wherein the first data set is encoded into the encoded input data using a first lookup table (i.e., …teaches in paragraph 0012 the following: “permutation look-up tables”), 
wherein the first lookup table is unique to an entity that provided the cleartext input (i.e., …teaches in paragraph 0012 the following: “permutation look-up tables”).

As to claim 7, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 6, wherein the tweak input is encoded using a second lookup table (i.e., …teaches in paragraph 0081 the following: “tweak is used to select among a family of randomly generated permutation look-up tables”).

As to claim 8, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 7, wherein generating the token from the ciphertext output includes using a third lookup table to convert the ciphertext output into the token (i.e., …teaches in paragraph 0081 the following: “tweak is used to select among a family of randomly generated permutation look-up tables”).

As to claim 9, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 8, wherein generating the token from the ciphertext output further comprises assembling an assembled token as a concatenation of the one or more portions of the cleartext input that are not tokenized and the token, as specified in the token format schema (i.e., …teaches in paragraph 0079 the following: “the second N-character TBC (340b) is adapted to produce the N-character output string (351b) using the N-character initialization vector (328b), as its input, and a combination (e.g., concatenation or other adjustment) of the tweak (318) and the variable-length output string (352), as its tweak”).

As to claim 10, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 8, wherein the third lookup table comprises alphabetic characters (i.e., …teaches in paragraph 0081 the following: “a family of randomly generated permutation look-up tables”), 
whereas the first lookup table and the second lookup table comprise numeric characters (i.e., …teaches in paragraph 0081 the following: “a family of randomly generated permutation look-up tables”).

As to claim 11, the system of Shrimpton and Davis as applied to claim 1 above teaches tweak value, specifically Shrimpton teaches a method according to claim 1, further comprising: 
decoding the ciphertext output from the token (i.e., …teaches in paragraph 004 the following: “decode the ciphertext’); 
regenerating the encoded tweak input (i.e., …teaches in paragraph 0158 the following: “the header H is typically transmitted in the clear along with the ciphertext (e.g., when the header is needed for routing), but AEAD schemes with VILTCs may also encode H into some related H for internal use. If this encoding is non-deterministic, the reconstruction information R delivers whatever is used by decryption to properly reconstruct this H from H.” …The examiner notes that Shrimpton tells us that tweak is in the Header. (e.g., par.0177 “header providing the tweak”); 
recovering the secret tweak by hashing the encoded tweak input along with the unique hashing key (i.e., …teaches in paragraph 0006 the following; “A tweakable block cipher ("TBC") is a generalization of a block cipher. An n-character TBC [tilde over (E)] is a family of permutations over .SIGMA..sup.n, where each permutation in the TBC is associated with a key and a tweak.)”; 
decrypting the encoded input data by applying the format preserving encryption algorithm that utilizes the ciphertext output, the secure tweak, and the unique encryption key (i.e., …teaches in paragraph 0020 the following: “format-preserving decryption”); 
decoding the first data set from the encoded input data (i.e., …teaches in paragraph 0166 the following: “Decode.sub.M( H, M)=M.di-elect cons. if and only if Pr[Encode.sub.M( H, M)= M]>0 for some state of Encode.sub.M; otherwise. Decode.sub.M ( H, M) .di-elect cons.”);
 and reassembling the cleartext input using the first data set (i.e., …teaches in paragraph 0073 the following: “the generalized constructions (300, 301, 302) can be used for decryption, in which a fixed-length input string Y.sub.L and variable-length input string Y.sub.R of ciphertext are converted to a fixed-length output string X.sub.L and variable-length output string X.sub.R of plaintext..” …teaches in paragraph 0027 the following: “A corresponding decryption system receives a header and an encrypted message (along with any reconstruction information).”).


As to claim 12, Shrimpton teaches a system, comprising:
a processor (i.e., …teaches in par. 0046 the following: “the computing system (100) includes one or more processing units (110, 115) and memory (120, 125). The processing units (110, 115) execute computer-executable instructions. A processing unit can be a general-purpose central processing unit ("CPU"), processor in an application-specific integrated circuit ("ASIC") or any other type of processor. In a multi-processing system, multiple processing units execute computer-executable instructions to increase processing power”), 
memory for storing executable instructions, the processor being configured to execute the instruction to (i.e., …teaches in par. 0046 the following: “the computing system (100) includes one or more processing units (110, 115) and memory (120, 125). The processing units (110, 115) execute computer-executable instructions. A processing unit can be a general-purpose central processing unit ("CPU"), processor in an application-specific integrated circuit ("ASIC") or any other type of processor. In a multi-processing system, multiple processing units execute computer-executable instructions to increase processing power”);
encode a first data set of a cleartext input to produce encoded input data (i.e., …teaches in paragraph 0102 the following: “system obscures (440) the fixed-length initialization vector. For example, the fixed-length initialization vector is obscured by a FIL TBC, which produces a fixed-length output string (e.g., N-bit output string, N-character output string) based on the fixed-length initialization vector”); 
hash the encoded tweak input along with a unique hashing key to generate a secure tweak (i.e., …teaches in paragraph 0112 the following: “NH[r, s].sub.L takes r-bit keys (|L|=r), maps r-bit strings to s-bit strings, and is 2.sup.s/2-AU. Given a TBC [tilde over (E)], [tilde over (E)].sup.NH denotes the resulting TBC whose tweak space is now the domain of NH, rather than its range.”); 
generate a token from the ciphertext output (i.e., …teaches in paragraph 0012 the following: “The first N-character TBC, the VILTC and the second N-character TBC can be constructed from randomly generated permutation look-up tables”.  …The examiner notes paragraph 0014 states the following: “N-bit tweakable block ciphers ("TBCs")”). 

Shrimpton does not expressly teach:
encode a tweak input to produce an encoded tweak input; 
apply a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output,
discard the first data set or a cleartext input that comprises the first data set. 
In this instance the examiner notes the teachings Davis.
With regards to applicant’s claim limitation element of, “encoding a tweak input to produce an encoded tweak input”, Davis teaches in paragraph 0044 the following: “The computing device 100 may merge the generated token with the original preserved input (e.g., "23456") if any to generate a merged token (e.g., "6745911474123456"). That is, the generated token is merged with the characters preserved from the original input. As discussed above, the computing device 100 may further repackage the token (or merged token) in the file at the appropriate location. ”.
With regards to applicant’s claim limitation element of, “applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output”, Davis teaches in paragraph 0047 the following: “the computing device 100 may utilize data domain-specific FPE encryption with the pre-computed application third stage symmetric key and tweak described above. As discussed above, in some embodiments, the computing device 100 may identify one or more character(s) of the input data to preserve. As such, in block 514, the computing device 100 may preserve the identified character(s), for example, by storing those characters in the memory 114, the data storage 116, and/or the database 124. Further, in some embodiments, the computing device 100 may, in block 516, include the preserved character(s) in the third stage cryptographic tweak (e.g., by appending the preserved character(s) to the cryptographic tweak) as described above.”.
With regards to applicant’s claim limitation element of, “discard the first data set or a cleartext input that comprises the first data set”, Davis teaches in par. 0036 the following: “the computing device 100 looks up each chunk or portion of the encrypted data from the first stage in the appropriate static mapping data and replaces it with the alternative data”. The examiner notes that the process of replacing discards the initial values. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shrimpton with the teachings of Davis by including the feature of data tokenization. Utilizing data tokenization as taught by Davis above allows a system to provide comprehensive data integrity and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Shrimpton's system will obtain the capability to provide enhanced system security. 

As to claim 13, the system of Shrimpton and Davis as applied to claim 12 above teaches tweak value, specifically Shrimpton teaches a system according to claim 12, wherein the processor is further configured to encode the first data set using a lookup table (i.e., …teaches in paragraph 0012 the following: “The first N-character TBC, the VILTC and the second N-character TBC can be constructed from randomly generated permutation look-up tables”).

As to claim 14, the system of Shrimpton and Davis as applied to claim 12 above teaches tweak value, specifically Shrimpton teaches a system according to claim 13, wherein the processor is further configured to encode the tweak input using the lookup table (i.e., …teaches in paragraph 0012 the following: “The first N-character TBC, the VILTC and the second N-character TBC can be constructed from randomly generated permutation look-up tables”.  …The examiner notes paragraph 0014 states the following: “N-bit tweakable block ciphers ("TBCs")”).

As to claim 15, the system of Shrimpton and Davis as applied to claim 12 above teaches tweak value, specifically Shrimpton teaches a system according to claim 14, wherein the processor is further configured to generate the token from the ciphertext output using the lookup table (i.e., …teaches in paragraph 0012 the following: “The first N-character TBC, the VILTC and the second N-character TBC can be constructed from randomly generated permutation look-up tables”.  …The examiner notes paragraph 0014 states the following: “N-bit tweakable block ciphers ("TBCs")”).

As to claim 16, the system of Shrimpton and Davis as applied to claim 12 above teaches tweak value, specifically Shrimpton teaches a system according to claim 12, further comprising: 
decoding the ciphertext output from the token (i.e., …teaches in paragraph 004 the following: “decode the ciphertext’); 
regenerating the encoded tweak input (i.e., …teaches in paragraph 0158 the following: “the header H is typically transmitted in the clear along with the ciphertext (e.g., when the header is needed for routing), but AEAD schemes with VILTCs may also encode H into some related H for internal use. If this encoding is non-deterministic, the reconstruction information R delivers whatever is used by decryption to properly reconstruct this H from H.” …The examiner notes that Shrimpton tells us that tweak is in the Header. (e.g., par.0177 “header providing the tweak” ); 
recovering the secret tweak by hashing the encoded tweak input along with the unique hashing key (i.e., …teaches in paragraph 0006 the following; “A tweakable block cipher ("TBC") is a generalization of a block cipher. An n-character TBC [tilde over (E)] is a family of permutations over .SIGMA..sup.n, where each permutation in the TBC is associated with a key and a tweak.)”; 
decrypting the encoded input data by applying the format preserving encryption algorithm that utilizes the ciphertext output, the secure tweak, and the unique encryption key (i.e., …teaches in paragraph 0020 the following: “format-preserving decryption”); 
decoding the first data set from the encoded input data (i.e., …teaches in paragraph 0166 the following: “Decode.sub.M( H, M)=M.di-elect cons. if and only if Pr[Encode.sub.M( H, M)= M]>0 for some state of Encode.sub.M; otherwise. Decode.sub.M ( H, M) .di-elect cons.”);
 and reassembling the cleartext input using the first data set (i.e., …teaches in paragraph 0073 the following: “the generalized constructions (300, 301, 302) can be used for decryption, in which a fixed-length input string Y.sub.L and variable-length input string Y.sub.R of ciphertext are converted to a fixed-length output string X.sub.L and variable-length output string X.sub.R of plaintext..” …teaches in paragraph 0027 the following: “A corresponding decryption system receives a header and an encrypted message (along with any reconstruction information).”).

As to claim 17, Shrimpton teaches a method, comprising:
encoding a first data set of a cleartext input to produce encoded input data (i.e., …teaches in paragraph 0102 the following: “system obscures (440) the fixed-length initialization vector. For example, the fixed-length initialization vector is obscured by a FIL TBC, which produces a fixed-length output string (e.g., N-bit output string, N-character output string) based on the fixed-length initialization vector”); 
hashing the encoded tweak input along with a unique hashing key to generate a secure tweak (i.e., …teaches in paragraph 0112 the following: “NH[r, s].sub.L takes r-bit keys (|L|=r), maps r-bit strings to s-bit strings, and is 2.sup.s/2-AU. Given a TBC [tilde over (E)], [tilde over (E)].sup.NH denotes the resulting TBC whose tweak space is now the domain of NH, rather than its range.”); 
generating a token from the ciphertext output (i.e., …teaches in paragraph 0012 the following: “The first N-character TBC, the VILTC and the second N-character TBC can be constructed from randomly generated permutation look-up tables”.  …The examiner notes paragraph 0014 states the following: “N-bit tweakable block ciphers ("TBCs")”); 
receiving a request to obtain the cleartext input (i.e., …teaches in paragraph 0102 the following: “system obscures (440) the fixed-length initialization vector. For example, the fixed-length initialization vector is obscured by a FIL TBC, which produces a fixed-length output string (e.g., N-bit output string, N-character output string) based on the fixed-length initialization vector”); 
decoding the ciphertext output from the token (i.e., …teaches in paragraph 0166 the following: “Decode.sub.M( H, M)=M.di-elect cons. if and only if Pr[Encode.sub.M( H, M)= M]>0 for some state of Encode.sub.M; otherwise. Decode.sub.M ( H, M) .di-elect cons.”); 
regenerating the encoded tweak input (i.e., …teaches in paragraph 0158 the following: “the header H is typically transmitted in the clear along with the ciphertext (e.g., when the header is needed for routing), but AEAD schemes with VILTCs may also encode H into some related H for internal use. If this encoding is non-deterministic, the reconstruction information R delivers whatever is used by decryption to properly reconstruct this H from H.” …The examiner notes that Shrimpton tells us that tweak is in the Header. (e.g., par.0177 “header providing the tweak” ); 
recovering the secret tweak by hashing the encoded tweak input along with the unique hashing key (i.e., …teaches in paragraph 0006 the following; “A tweakable block cipher ("TBC") is a generalization of a block cipher. An n-character TBC [tilde over (E)] is a family of permutations over .SIGMA..sup.n, where each permutation in the TBC is associated with a key and a tweak.); 
decrypting the encoded input data by applying the format preserving encryption algorithm that utilizes the ciphertext output, the secure tweak, and the unique encryption key (i.e., …teaches in paragraph 0020 the following: “format-preserving decryption”); 
decoding the first data set from the encoded input data (i.e., …teaches in paragraph 0166 the following: “Decode.sub.M( H, M)=M.di-elect cons. if and only if Pr[Encode.sub.M( H, M)= M]>0 for some state of Encode.sub.M; otherwise. Decode.sub.M ( H, M) .di-elect cons.”); 
and reassembling the cleartext input using the first data set (i.e., …teaches in paragraph 0073 the following: “the generalized constructions (300, 301, 302) can be used for decryption, in which a fixed-length input string Y.sub.L and variable-length input string Y.sub.R of ciphertext are converted to a fixed-length output string X.sub.L and variable-length output string X.sub.R of plaintext..” …teaches in paragraph 0027 the following: “A corresponding decryption system receives a header and an encrypted message (along with any reconstruction information).”).

Shrimpton does not expressly teach:
encoding a tweak input to produce an encoded tweak input; 
applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output. 
In this instance the examiner notes the teachings Davis.
With regards to applicant’s claim limitation element of, “encoding a tweak input to produce an encoded tweak input”, Davis teaches in paragraph 0044 the following: “The computing device 100 may merge the generated token with the original preserved input (e.g., "23456") if any to generate a merged token (e.g., "6745911474123456"). That is, the generated token is merged with the characters preserved from the original input. As discussed above, the computing device 100 may further repackage the token (or merged token) in the file at the appropriate location. ”.
With regards to applicant’s claim limitation element of, “applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output”, Davis teaches in paragraph 0047 the following: “the computing device 100 may utilize data domain-specific FPE encryption with the pre-computed application third stage symmetric key and tweak described above. As discussed above, in some embodiments, the computing device 100 may identify one or more character(s) of the input data to preserve. As such, in block 514, the computing device 100 may preserve the identified character(s), for example, by storing those characters in the memory 114, the data storage 116, and/or the database 124. Further, in some embodiments, the computing device 100 may, in block 516, include the preserved character(s) in the third stage cryptographic tweak (e.g., by appending the preserved character(s) to the cryptographic tweak) as described above.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shrimpton with the teachings of Davis by including the feature of data tokenization. Utilizing data tokenization as taught by Davis above allows a system to provide comprehensive data integrity and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Shrimpton's system will obtain the capability to provide enhanced system security. 
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497