Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/24/2022 has been entered.


Response to Arguments
In response to communication filed on 08/24/2022, applicant amends claims 21, 32, and 43.  The following claims, 21-43 are presented for examination.   

Applicant’s arguments, see Pages 8-10, filed August 24, 2022, with respect to the rejection(s) of claim(s) 21-24, 28-35, 39-43 under 35 USC 103 have been fully considered and are not persuasive. Applicant argues (1) that Roeder fails to disclose any decoy tokens or any false positives matches resulting from the decoy tokens,” as claimed.
In response to applicant’s argument, Examiner respectfully disagrees.  Roeder et al. teaches “The user then generates and submits a search token which is deterministically derived from a search term, but which conceals the search term” (0003), “the client generates the token by incorporating the term into the token in an encrypted or otherwise obfuscated form, such that processes on the server may not view the term in plaintext, 0040”, “The client sends the one or more generated second tokens 318 to the server, which at 320 performs a search (or multiple searches based on multiple second tokens 318) to determine those encrypted documents corresponding to the bucketized word included in each received second token, the client may then use this information to filter out any false positives in the search results. False positives include those cases where the client searches on a particular range for a term, and receives in the search results documents which include the term outside that range. Such false positives may occur because the overlap between the client's search range and the bucket ranges for a term may not be exact., 0044-0045) (Figure 3).  Therefore examiner holds that Roeder et al. discloses decoy tokens and false positives matches resulting from the decoy tokens,” as claimed.

Applicant’s arguments, see Pages 8-10, filed August 24, 2022, with respect to the rejection(s) of claim(s) 21-24, 28-35, 39-43 under 35 USC 103 have been fully considered and are persuasive. Applicant argues (2) that neither Chen et al., Matzkel et al., and Roeder et al. discloses “wherein the degree of matches comprises a percentage of the search terns that are present in the at least one false positive match” as claimed. 
In response to applicant’s argument, Examiner respectfully agrees however, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art reference, Broman et al. (US2010/0223252 A1, publish date 09/02/2010).




Upon further consideration and based on claim amendments, a new ground of rejection of claims 21-43 is set forth below.  




Allowable Subject Matter
Claims 25, 36 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 21-24, 28-35, 39-43 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 2017/0262546 A1, file date 07/30/2014) in view of Matzkel et al. (US 2011/0167102 A1, publish date 07/07/2011) further in view of Roeder et al. (US2013/0262852 A1, file date 03/30/2012) further in view of Broman et al. (US2010/0223252 A1, publish date 09/02/2010).

Claims 21, 32, 43:
With respect to claims 21, 32, 43, Chen et al. discloses a computer-implemented method performed by a client device/A System/A non-transitory computer-readable storage medium storing instructions executable by a processor of a client device (data storage system 100, client 50, Figures 2, 3, and 4), the method/the instructions when executed by the processor performing actions comprising:
receiving search terms from a user (client 50 to perform a search for encrypted data stored on the data storage system using any of a plurality of search tokens, a plaintext keyword, 0014-0015) (any string of alphanumeric characters desired by a user to be associated with a particular encrypted data record, 0018);
tokenizing the search terms into a first set of tokens (key search token is a string of symbols (e.g., bits) having high entropy which means that its prediction is computationally infeasible, 0020) (Each entry 128 in table 126 includes a token usable to perform a search of the encrypted data records, The tokens may include any or all of: encrypted keywords, plaintext keywords and key search tokens, 0021) (Figure 3);
transforming each token in the second set of tokens to generate at least one set of transformed tokens (such information may include the parent encryption key along with the salt values.  The client 50 may re-compute the child keys based on the parent key and the salt values using the same key derivation functions used previously to encrypt the data records and keywords themselves (first and second child keys, respectively) as well as to generate the key search tokens (third child key), 0033);
sending the at least one set of transformed tokens to a communication server for identification of matching messages from a plurality of messages stored by the communication server (when a client 50 submits this encrypted keyword token 130, the management unit 130 of the data storage system consults the tables 122 and 126 and determines that the encrypted data records to be provided back to the client, 0021, tokens 126, Figure 3),
wherein the communication server comprises a search index comprising one or more transformed tokens corresponding to each message from the plurality of messages (data structure: token, ID, encrypted Data record, 0021, Figure 3);
receiving from the communication server a set of messages matching the at least one set of transformed tokens (when a client 50 submits this encrypted keyword token 130, the management unit 130 of the data storage system consults the tables 122 and 126 and determines that the encrypted data records to be provided back to the client, 0021, tokens 126, Figure 3).

Chen et al. does not disclose adding one or more decoy tokens to the first set of tokens to obtain a second set of tokens as claimed. 

However, Matzkel et al. teaches data protection module 220 may process the input text into one or more individual text units referred to as tokens (0052), For input text to be processed, the method proceeds to stage 116, in which the input text is broken down into individual text units called tokens (the process of determining tokens from the input text is referred to herein as tokenization) (0064), adding one or more decoy tokens to the first set of tokens to obtain a second set of tokens (Processing the input text may include generating at least one fake or decoy excess tokens to be included in the output text, Such decoy tokens can make the encrypted text more robust to statistical analysis.  The excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult, 0088). 

Chen et al. and Matzkel et al. are analogous art because they are from the same field of endeavor of text tokens.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Matzkel et al. in Chen et al. for adding one or more decoy tokens to the first set of tokens to obtain a second set of tokens as claimed for purposes of enhancing the system of Chen et al. by making the encrypted text more robust to statistical analysis with using such decoy tokens.  The excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult and therefore maximizing the protection of the secure messages. (see Matzkel et al. 0088)

Neither Chen et al. nor Matzkel et al. discloses wherein the set of messages comprises at least one false positive match resulting from the decoy tokens; and filtering out the at least one false positive match from the set of messages, wherein filtering out the at least one false positive match comprises comparing terms present in the set of messages with the search terms and identifying the at least one false positive match based on a degree of matches between terms present in the at least one false positive match and the search terms as claimed. 

Roeder et al. teaches sending a search token to server computing device 108 (0038), 
the client generates one or more second search tokens 318 that each include a bucketized word, i.e., the search term and a bucket to search over, the keyword for such a search may be "OHDL30.sub.--50" to indicate a regular search for the term "HDL" in the range 30-50 (0043), wherein the set of messages comprises at least one false positive match resulting from the decoy tokens (generates and submits a search token which is deterministically derived from a search term, but which conceals the search term, 0003) (the client generates the token by incorporating the term into the token in an encrypted or otherwise obfuscated form, such that processes on the server may not view the term in plaintext, 0040); and filtering out the at least one false positive match from the set of messages, wherein filtering out the at least one false positive match comprises comparing terms present in the set of messages with the search terms and identifying the at least one false positive match based on a degree of matches between terms present in the at least one false positive match and the search terms (The client sends the one or more generated second tokens 318 to the server, which at 320 performs a search (or multiple searches based on multiple second tokens 318) to determine those encrypted documents corresponding to the bucketized word included in each received second token, the client may then use this information to filter out any false positives in the search results. False positives include those cases where the client searches on a particular range for a term, and receives in the search results documents which include the term outside that range. Such false positives may occur because the overlap between the client's search range and the bucket ranges for a term may not be exact., 0044-0045) (Figure 3)

Chen et al., Matzkel et al., and Roeder et al. are analogous art because they are from the same field of endeavor of text tokens.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Roeder et al. in Chen et al. and Matzkel et al. for wherein the set of messages comprises at least one false positive match resulting from the decoy tokens; and filtering out the at least one false positive match from the set of messages, wherein filtering out the at least one false positive match comprises comparing terms present in the set of messages with the search terms and identifying the at least one false positive match based on a degree of matches between terms present in the at least one false positive match and the search terms as claimed for purposes of enhancing the system of Chen et al. and Matzkel et al. by supporting more complex queries, and are therefore not limited in their utility and therefore maximizing the protection of the secure messages. (see Roeder et al.)

Neither Chen et al., Matzkel et al., and Roeder et al. discloses wherein the degree of matches comprises a percentage of the search terns that are present in the at least one false positive match as claimed.

However, Broman et al. teaches terms that are tokenized, wherein the degree of matches comprises a percentage of the search terns that are present in the at least one false positive match (matching is restricted in the following additional ways in order to increase the relevancy of results shown by the personalized navigation module 105: Minimum trigger character threshold in search box, if on letter typed it can match to any token that starts with that letter, resulting in many false positives (e.g. typing `t` could match to `train`, `terminal`, or `table`), a three-character threshold is established, such that at least three characters must be typed to result in a match (0074-0075).

Chen et al., Matzkel et al., Roeder et al., and Broman et al. are analogous art because they are from the same field of endeavor of text tokens.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Broman et al. in Chen et al., Matzkel et al., and Roeder et al. for wherein the degree of matches comprises a percentage of the search terns that are present in the at least one false positive match as claimed for purposes of enhancing the system of Chen et al, Matzkel et al., and Roeder et al. by in order to personalize search results and increase the relevancy of results for the user (see Broman et al. 0004, 0075).

Claims 22, 33:
With respect to claim 22, 33, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Matzkel et al. teaches data protection module 220 may process the input text into one or more individual text units referred to as tokens (0052), For input text to be processed, the method proceeds to stage 116, in which the input text is broken down into individual text units called tokens (the process of determining tokens from the input text is referred to herein as tokenization) (0064), wherein adding the one or more decoy tokens  (Processing the input text may include generating at least one fake or decoy excess tokens to be included in the output text, Such decoy tokens can make the encrypted text more robust to statistical analysis.  The excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult, 0088) comprises selecting the one or more decoy tokens based on probabilities of occurrence (excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult, 0088). 

Chen et al. and Matzkel et al. are analogous art because they are from the same field of endeavor of text tokens.

The motivation for combining Chen et al. and Matzkel et al. is recited in claims 21 and 32. 

Roeder et al. teaches sending a search token to server computing device 108 (0038), 
the client generates one or more second search tokens 318 that each include a bucketized word, i.e., the search term and a bucket to search over, the keyword for such a search may be "OHDL30.sub.--50" to indicate a regular search for the term "HDL" in the range 30-50 (0043), wherein the set of messages comprises at least one false positive match resulting from the decoy tokens (generates and submits a search token which is deterministically derived from a search term, but which conceals the search term, 0003) (the client generates the token by incorporating the term into the token in an encrypted or otherwise obfuscated form, such that processes on the server may not view the term in plaintext, 0040); and filtering out the at least one false positive match from the set of messages, wherein filtering out the at least one false positive match comprises comparing terms present in the set of messages with the search terms and identifying the at least one false positive match based on a degree of matches between terms present in the at least one false positive match and the search terms (The client sends the one or more generated second tokens 318 to the server, which at 320 performs a search (or multiple searches based on multiple second tokens 318) to determine those encrypted documents corresponding to the bucketized word included in each received second token, the client may then use this information to filter out any false positives in the search results. False positives include those cases where the client searches on a particular range for a term, and receives in the search results documents which include the term outside that range. Such false positives may occur because the overlap between the client's search range and the bucket ranges for a term may not be exact., 0044-0045) (Figure 3)

Chen et al., Matzkel et al., and Roeder et al. are analogous art because they are from the same field of endeavor of text tokens.

The motivation for combining Chen et al., Matzkel et al., and Roeder et al. is recited in claims 21 and 32. 

Claims 23, 34:
With respect to claims 23, 34, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Matzkel et al. teaches data protection module 220 may process the input text into one or more individual text units referred to as tokens (0052), For input text to be processed, the method proceeds to stage 116, in which the input text is broken down into individual text units called tokens (the process of determining tokens from the input text is referred to herein as tokenization) (0064), wherein the one or more decoy tokens are independent of the search terms (Processing the input text may include generating at least one fake or decoy excess tokens to be included in the output text, Such decoy tokens can make the encrypted text more robust to statistical analysis.  The excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult, 0088). 

Chen et al. and Matzkel et al. are analogous art because they are from the same field of endeavor of text tokens.

The motivation for combining Chen et al. and Matzkel et al. is recited in claims 21 and 32. 

Claims 24, 35:
With respect to claims 24, 35, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Matzkel et al. teaches data protection module 220 may process the input text into one or more individual text units referred to as tokens (0052), For input text to be processed, the method proceeds to stage 116, in which the input text is broken down into individual text units called tokens (the process of determining tokens from the input text is referred to herein as tokenization) (0064), wherein adding the one or more decoy tokens comprises reordering the second set of tokens (The order of searchable tokens in the input text may be changed, 0067) (Processing the input text may include generating at least one fake or decoy excess tokens to be included in the output text, Such decoy tokens can make the encrypted text more robust to statistical analysis.  The excess decoy tokens may be added with an intended target statistical distribution in order to disguise decoy tokens and make decryption by statistical analysis yet more difficult, 0088). 

Chen et al. and Matzkel et al. are analogous art because they are from the same field of endeavor of text tokens.

The motivation for combining Chen et al. and Matzkel et al. is recited in claims 21 and 32. 

Claims 28, 39:
With respect to claims 28, 39, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Chen et al. discloses wherein the second set of tokens is not directly derivable from the at least one set of transformed tokens. (data structure: token, ID, encrypted Data record, 0021, Figure 3).

Claims 29, 40:
With respect to claims 29, 40, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Chen et al. discloses wherein the plurality of messages are stored by the communication server in encrypted form, and wherein receiving the set of messages comprises decrypting the set of messages into corresponding plaintext messages (determines that the encrypted data records to be provided back to the client based on that particular encrypted keyword search token are the encrypted data records having IDs 1, 2, 5, and 26, 0021) (client may then decrypt the received encrypted data record, 0032).

Claims 30, 41:
With respect to claims 30, 41, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Roeder et al. teaches sending a search token to server computing device 108 (0038), 
the client generates one or more second search tokens 318 that each include a bucketized word, i.e., the search term and a bucket to search over, the keyword for such a search may be "OHDL30.sub.--50" to indicate a regular search for the term "HDL" in the range 30-50 (0043), wherein filtering out the at least one false positive match comprises comparing the plaintext messages with the search terms (generates and submits a search token which is deterministically derived from a search term, but which conceals the search term, 0003) (the client generates the token by incorporating the term into the token in an encrypted or otherwise obfuscated form, such that processes on the server may not view the term in plaintext, 0040); (The client sends the one or more generated second tokens 318 to the server, which at 320 performs a search (or multiple searches based on multiple second tokens 318) to determine those encrypted documents corresponding to the bucketized word included in each received second token, the client decrypts the document information, the client may then use this information to filter out any false positives in the search results. False positives include those cases where the client searches on a particular range for a term, and receives in the search results documents which include the term outside that range. Such false positives may occur because the overlap between the client's search range and the bucket ranges for a term may not be exact, 0044-0045) (Figure 3)

Chen et al., Matzkel et al., and Roeder et al. are analogous art because they are from the same field of endeavor of text tokens.

The motivation for combining Chen et al., Matzkel et al., and Roeder et al. is recited in claims 21 and 32.

Claims 31, 42:
With respect to claims 31, 42, the combination of Chen et al., Matzkel et al., and Roeder et al. discloses the limitations of claims 21 and 32, as addressed. 

Chen et al. discloses further comprising displaying, to the user, at least one message from the set of messages (determines that the encrypted data records to be provided back to the client based on that particular encrypted keyword search token are the encrypted data records having IDs 1, 2, 5, and 26, 0021) (client may then decrypt the received encrypted data record, 0032).



Claims 26, 27, 37, 38 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 2017/0262546 A1, file date 07/30/2014) in view of Matzkel et al. (US 2011/0167102 A1, publish date 07/07/2011) further in view of Roeder et al. (US2013/0262852 A1, file date 03/30/2012) further in view of Broman et al. (US2010/0223252 A1, publish date 09/02/2010) further in view of Saunders et al. (US 2011/0306320 A1, publish date 12/15/2011).

Claims 26, 37:
With respect to claims 26, 37, the combination of Chen et al., Matzkel et al., Roeder et al., Broman et al. discloses the limitations of claims 21 and 32, as addressed. 

Neither Chen et al., Matzkel et al., Roeder et al., Broman et al. discloses wherein transforming each token comprises using a one-way hash function as claimed. 

However, Saunders et al. teaches time sensitive one-way encryption when utilized in conjunction with SSL may be useful to prevent forged requests and man-in-the-middle attacks (0060), wherein transforming each token comprises using a one-way hash function (the hash function 702 can be any suitable cryptographic algorithm (e.g., SHA-2), the message being hashed may include a randomly generated client specific secret 704 (i.e., salt) and a time-based key 706 using, for example, Coordinated Universal Time (UTC), 0060) (Figure 4).

Chen et al., Matzkel et al., Roeder et al., Broman et al. and Saunders et al. are analogous art because they are from the same field of endeavor of encryption using salt values.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Saunders et al. in Chen et al., Matzkel et al., and Roeder et al. for wherein transforming each token comprises using a one-way hash function as claimed for purposes of enhancing the system of Chen et al. by preventing forged requests and man-in-the-middle attacks by utilizing time sensitive one-way encryption when utilized in conjunction with SSL and therefore maximizing the protection of the secure messages. (see Saunders et al. 0060)
Claims 27, 38:
With respect to claims 27, 38, the combination of Chen et al., Matzkel et al., Roeder et al., Broman et al. and Saunders et al. discloses the limitations of claims 26, 37, as addressed. 

However, Saunders et al. teaches time sensitive one-way encryption when utilized in conjunction with SSL may be useful to prevent forged requests and man-in-the-middle attacks (0060), wherein transforming each token further comprises compressing the at least one set of transformed tokens (the hash function 702 can be any suitable cryptographic algorithm (e.g., SHA-2), the message being hashed may include a randomly generated client specific secret 704 (i.e., salt) and a time-based key 706 using, for example, Coordinated Universal Time (UTC), 0060) (Figure 4).

Chen et al., Matzkel et al., Roeder et al., Broman et al. and Saunders et al. are analogous art because they are from the same field of endeavor of encryption using salt values.

The motivation for combining Chen et al., Matzkel et al., Roeder et al., Broman et al. and Saunders et al. is recited in claims 26 and 37.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO-Form 892)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm., every other Friday off.

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433