DETAILED ACTION
This first non-final action is in response to applicants’ filing on 03/11/2022. Claims 1-15 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Priority
Acknowledgment is made of applicants’ claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.
Drawings
The drawings filed on 05/28/2021 are accepted.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/27/2022 has been placed in the application file, and the information referred therein has been considered as to the merits.
Claim Objections
Claim 14 is objected to because of the following informalities:
Claim 14 is missing a period “.” at the end of the claim;
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 12 and 13 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Independent Claim 12 recites “A system… comprising: the first device, comprising a processor… the second device, comprising a second processor”, but the broadest reasonable interpretation of “processor” includes entirely software embodiments (e.g. software engine, application/code, and/or virtual processor (vCPU)) in light of applicants’ specification which does not expressly define the scope of “processor” to be exclusively limited to hardware embodiments.  Therefore, the system of Claim 12 fails to limit applicants’ invention to only that which is tied to a particular machine or hardware and results in a claim which could constitute entirely software per se which does not fall within any of the statutory classes of invention (i.e. process, machine, article of manufacture, or composition of matter).  Because the full scope of Claim 12 as properly read in light of the specification encompass non-statutory subject matter, Claim 12 is rejected under 35 U.S.C. § 101 for reciting non-patentable subject matter.  
Dependent Claim 13, which depends upon Claim 12, is also rejected under 35 U.S.C. § 101 because it does not recite additional limitations that would bring it in conformance as statutory subject matter.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 7, 9, 12, 13, and 15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Davis et al. (US 20180176187 A1, hereinafter Davis).
As to Claim 1:
Davis discloses a computer-implemented method of receiving data (e.g. Davis process for protecting sensitive data [0088]) by a second device (e.g. Davis FIG. 1, 3, 4, ref. no. 106, 306, 406) from a first device (e.g. Davis FIG. 1, 3, 4, ref. no. 102, 302, 402), the method comprising:
decrypting, by the second device, an encrypted data stream received from the first device, to obtain a decrypted data stream (e.g. Davis “The data may include requests, service calls, formatted and unformatted data (e.g., a data stream), or any other information that may be submitted by a customer to a backend service. The connection terminator may then decrypt the data 1008. For example, if the data includes an HTTPS request, the connection terminator may decrypt the encrypted data and generate an HTTP request. The secure proxy fleet or component thereof, such as a routing component, may then determine, based at least in part on the decrypted data, endpoint and routing information 1010. The endpoint and routing information may indicate a particular backend service and network path to direct the data. In addition, this information may be used to determine a particular data protection module of the secure proxy fleet to process data. As described above, the secure proxy fleet and/or data protection module may be configured for a single tenant (e.g., single backend service or exposed endpoint of a backend service) and as such may only process requests directed to the single tenant” [0089]);
identifying, by the second device, data in the decrypted data stream based on a location provided by the first device, said location being part of the decrypted data stream or based on a predetermined location in the decrypted data stream (e.g. Davis “In addition, both the detection module 412 and the encryption module 414 may have configuration information pushed or otherwise provided. The configuration information may include template information generated by the backend services 408 or administrator or other entity associated with the backend services 408. The configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation of the processes executing the detection module 412 and the encryption module 414. Furthermore, the configuration information may include information suitable for identifying sensitive data, and each backend service, website, application, and/or customer may provide their own configuration information. The configuration information may indicate a data type, field, format, or flag associated with sensitive data which may be used by the detection module 412 to detect sensitive data” [0046]; “includes sensitive data based at least in part on the presence of a flag or other marker included in the data transmitted” [0051]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “Returning to FIG. 10, the system executing the process 1000 may then provide the data to the data protection module 1012. The decrypted data may be streamed over a secure channel or otherwise provided to the data protection module. For example, the secure proxy fleet may provide the decrypted data to the data protection module over a UNIX (RTM) domain socket. The data protection module may receive the data and select configuration options for the data 1014. The configuration options may be selected based at least in part on the configuration information described above. For example, the data protection module may select a format for the data, such as a request format, and an encryption key to use to encrypt sensitive data” [0090]; [0096]); and
encrypting by the second device, the data identified in the decrypted data stream (e.g. Davis “The data protection module may then encrypt data based at least in part on the configuration operations 1016. The data protection module may only encrypt sensitive data indicated by the configuration options” [0091]).

As to Claim 2:
Davis discloses the computer-implemented method of claim 1, wherein metadata is received by the second device from the first device and comprises the location of the data in the decrypted data stream (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606, an entity responsible for encrypting the payload, audit information, authentication information, or other such information” [0065]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “configuration information pushed or otherwise provided… configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation” [0046]).
As to Claim 7:
Davis discloses the computer-implemented method of claim 1, the method further comprising: receiving, at the second device, metadata identifying a location of the data in the decrypted data stream (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606, an entity responsible for encrypting the payload, audit information, authentication information, or other such information” [0065]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “configuration information pushed or otherwise provided… configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation” [0046]; [0085]; “the data may be included in an unstructured format or stream of data. A flag or other marker included in the data may be used to indicate sensitive data” [0086]; [0101]).
As to Claim 9:
Davis discloses the computer-implemented method of claim 7, wherein the metadata is received as part of the encrypted data stream from the first device (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606, an entity responsible for encrypting the payload, audit information, authentication information, or other such information” [0065]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data comprising the encrypted payload 606. A flag or marker 604 following the encrypted payload 606 may indicate the end of the encrypted payload 606” [0063]; “configuration information pushed or otherwise provided… configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation” [0046]; [0085]; “the data may be included in an unstructured format or stream of data. A flag or other marker included in the data may be used to indicate sensitive data” [0086]; [0101]).
As to Claim 12:
Davis discloses a system for transmitting data from a first device to a second device (e.g. Davis FIG. 1, 3, 4, ref. no. 102, 302, 402, 106, 306, 406 of environment with customer device(s), secure proxy fleet, and computing resource service provider(s) [0023]), the system comprising:
the first device, comprising a processor (e.g. Davis FIG. 1, 3, 4, client device [0094]; customer device [0058]; one or more processors of computerized devices in system [0116]; [0245]) configured to:
receive a data stream and a location of the data in the data stream (e.g. Davis “customer may provide their own configuration information. The configuration information may indicate a data type, field, format, or flag associated with sensitive data which may be used by the detection module 412 to detect sensitive data” [0046]; “receiving a request for a cryptographically protected transmission 1002. The cryptographically protected transmission may include various methods of encrypting data to transmit the data over an unsecured network such as TLS or SSL. In addition, the request may be generated by an application executed by a client device in response to a customer interaction with the application” [0088]);
encrypt the data stream, to obtain an encrypted data stream (e.g. Davis “The cryptographically protected transmission may include various methods of encrypting data to transmit the data over an unsecured network such as TLS or SSL. In addition, the request may be generated by an application executed by a client device in response to a customer interaction with the application” [0088]); and
transmit the encrypted data stream to the second device (e.g. Davis “The request may be received at a secure proxy fleet or component thereof such as a connection terminator as described above. The secure proxy fleet or connection terminator may then establish the cryptographically protected transmission 1004” [0088]);
the second device, comprising a second processor (e.g. Davis one or more processors [0046]; [0245]) configured to:
receive the encrypted data stream from the first device (e.g. Davis “the secure proxy fleet may receive data over the cryptographically protected transmission 1006. The data may include requests, service calls, formatted and unformatted data (e.g., a data stream), or any other information that may be submitted by a customer to a backend service” [0089]);
receive metadata indicating a location of the data in the encrypted data stream (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606, an entity responsible for encrypting the payload, audit information, authentication information, or other such information” [0065]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “configuration information pushed or otherwise provided… configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation” [0046]; [0085]; “the data may be included in an unstructured format or stream of data. A flag or other marker included in the data may be used to indicate sensitive data” [0086]; [0101]); 
decrypt the encrypted data stream, to obtain a decrypted data stream (e.g. Davis “The connection terminator may then decrypt the data 1008. For example, if the data includes an HTTPS request, the connection terminator may decrypt the encrypted data and generate an HTTP request. The secure proxy fleet or component thereof, such as a routing component, may then determine, based at least in part on the decrypted data, endpoint and routing information 1010. The endpoint and routing information may indicate a particular backend service and network path to direct the data” [0089]; “The decrypted data may be streamed over a secure channel or otherwise provided to the data protection module” [0090]);
identify the data in the decrypted data stream based on the location (e.g. Davis “In addition, both the detection module 412 and the encryption module 414 may have configuration information pushed or otherwise provided. The configuration information may include template information generated by the backend services 408 or administrator or other entity associated with the backend services 408. The configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation of the processes executing the detection module 412 and the encryption module 414. Furthermore, the configuration information may include information suitable for identifying sensitive data, and each backend service, website, application, and/or customer may provide their own configuration information. The configuration information may indicate a data type, field, format, or flag associated with sensitive data which may be used by the detection module 412 to detect sensitive data” [0046]; “includes sensitive data based at least in part on the presence of a flag or other marker included in the data transmitted” [0051]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “Returning to FIG. 10, the system executing the process 1000 may then provide the data to the data protection module 1012. The decrypted data may be streamed over a secure channel or otherwise provided to the data protection module. For example, the secure proxy fleet may provide the decrypted data to the data protection module over a UNIX (RTM) domain socket. The data protection module may receive the data and select configuration options for the data 1014. The configuration options may be selected based at least in part on the configuration information described above. For example, the data protection module may select a format for the data, such as a request format, and an encryption key to use to encrypt sensitive data” [0090]; [0096]); and
encrypt the data identified in the decrypted data stream (e.g. Davis “The data protection module may then encrypt data based at least in part on the configuration operations 1016. The data protection module may only encrypt sensitive data indicated by the configuration options” [0091]).
As to Claim 13:
Davis discloses the system of claim 12, wherein the first device is arranged to transmit the metadata to the second device (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606, an entity responsible for encrypting the payload, audit information, authentication information, or other such information” [0065]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “configuration information pushed or otherwise provided… configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation” [0046]; [0085]; “the data may be included in an unstructured format or stream of data. A flag or other marker included in the data may be used to indicate sensitive data” [0086]; [0101]).
As to Claim 15:
Davis discloses a non-transitory computer-readable storage medium comprising instructions which (e.g. Davis a computer-readable storage medium storing computer program comprising instructions executable by one or more processors [0245]), when executed by a processor of a second device (e.g. Davis FIG. 1, 3, 4, ref. no. 106, 306, 406), cause the processor to carry out the steps of:
decrypting an encrypted data stream received by the second device from a first device (e.g. Davis FIG. 1, 3, 4, ref. no. 102, 302, 402), to obtain a decrypted data stream (e.g. Davis “The data may include requests, service calls, formatted and unformatted data (e.g., a data stream), or any other information that may be submitted by a customer to a backend service. The connection terminator may then decrypt the data 1008. For example, if the data includes an HTTPS request, the connection terminator may decrypt the encrypted data and generate an HTTP request. The secure proxy fleet or component thereof, such as a routing component, may then determine, based at least in part on the decrypted data, endpoint and routing information 1010. The endpoint and routing information may indicate a particular backend service and network path to direct the data. In addition, this information may be used to determine a particular data protection module of the secure proxy fleet to process data. As described above, the secure proxy fleet and/or data protection module may be configured for a single tenant (e.g., single backend service or exposed endpoint of a backend service) and as such may only process requests directed to the single tenant” [0089]);
identifying data in the decrypted data stream based on a location provided by the first device, said location being part of the decrypted data stream or based on a predetermined location in the decrypted data stream (e.g. Davis “In addition, both the detection module 412 and the encryption module 414 may have configuration information pushed or otherwise provided. The configuration information may include template information generated by the backend services 408 or administrator or other entity associated with the backend services 408. The configuration information may be provided to the detection module 412 and the encryption module 414 at provisioning or instantiation of the processes executing the detection module 412 and the encryption module 414. Furthermore, the configuration information may include information suitable for identifying sensitive data, and each backend service, website, application, and/or customer may provide their own configuration information. The configuration information may indicate a data type, field, format, or flag associated with sensitive data which may be used by the detection module 412 to detect sensitive data” [0046]; “includes sensitive data based at least in part on the presence of a flag or other marker included in the data transmitted” [0051]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data” [0063]; “Returning to FIG. 10, the system executing the process 1000 may then provide the data to the data protection module 1012. The decrypted data may be streamed over a secure channel or otherwise provided to the data protection module. For example, the secure proxy fleet may provide the decrypted data to the data protection module over a UNIX (RTM) domain socket. The data protection module may receive the data and select configuration options for the data 1014. The configuration options may be selected based at least in part on the configuration information described above. For example, the data protection module may select a format for the data, such as a request format, and an encryption key to use to encrypt sensitive data” [0090]; [0096]); and
encrypting the data identified in the decrypted data stream (e.g. Davis “The data protection module may then encrypt data based at least in part on the configuration operations 1016. The data protection module may only encrypt sensitive data indicated by the configuration options” [0091]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 3, 5, 6, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Davis in view of Marr et al. (US 20150180931 A1, hereinafter Marr).
As to Claim 3:
Davis discloses the computer-implemented method of claim 2, but does not specifically disclose:
the encrypted data stream is transmitted using a first connection and the metadata is transmitted using a second connection.
However, the analogous art Marr does disclose the encrypted data stream is transmitted using a first connection and the metadata is transmitted using a second connection (e.g. Marr cryptographic encoded information is transmitted on first channels while metadata is transmitted on second channels [0032]; [0033]; payload data is encoded on the first channel and metadata is encoded on second channel [0060]; [0083]).  Davis and Marr are analogous art because they are from the same field of endeavor in secure data communication through encryption of data.
(e.g. see Marr, “transmit the first subset of channels over the network; and responsive to a request received over the network relating to the second subset of channels, transmit the second subset of channels over the network. In another aspect of the invention the server is further configured to perform a cryptographic operation on the information encoded to the first subset of channels, and in some aspects the server is further configured to encode cryptographic information related to the cryptographic operation to the second subset of channels” [0032]; [0033]; “In some embodiments, all or a majority of the payload data (i.e., data comprising the original content file) is encoded in the first channel, and all or a majority of the overhead data (e.g., data other than content file data such as key data, metadata, sequencing data, or any other data required to decode the first channel, etc.) is encoded in the blocks of the second channel” [0060]; “transformation of the information in the first subset of channels, for example through encryption, with the second (or more) subsets of channels including information for performing an inverse or other transform to recover the content file for use” [0083]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Davis and Marr before him or her, to modify the disclosure of Davis with the teachings of Marr to include the encrypted data stream is transmitted using a first connection and the metadata is transmitted using a second connection as claimed because Davis provides a method and system for detecting sensitive data in a data stream and selectively encrypting it based on metadata including configuration information (Davis [Abstract]-[0120]) which could be transmitted over a separate second channel (Marr [0032]; [0033]; [0060]; [0083]).  The suggestion/motivation for doing so would have been to enable content providers cost-effective content delivery using, for example, download and peer-to-peer mechanisms, while also allowing content providers the ability to control and restrict usage of the content (Marr [0042]).  Therefore, it would have been obvious to combine Davis and Marr to obtain the invention as specified in the instant claim(s).
As to Claim 5:
Davis in view of Marr discloses the computer-implemented method of claim 3, wherein the metadata comprises a cryptographic key, and the method comprises causing the second device to encrypt the data in a second data stream using the cryptographic key (e.g. Davis “The payload 606 and/or data stream 602 may include metadata that is undecipherable to a computing resource without authorization. In certain embodiments, the payload 606 may be undecipherable but for the metadata which may indicate a variety of information including information associated with the key material used to encrypt the payload 606” [0065]; “The cryptographic key management service may then determine endpoint key information 1310. The endpoint key information may include metadata or other information indicating a particular cryptographic key associated with the endpoint such as a public key. The cryptographic key management service may then encrypt the symmetric key with the endpoint key 1312. For example, the cryptographic key management service may encrypt the symmetric key with a key only accessible to the endpoint” [0106]).
As to Claim 6:
Davis in view of Marr discloses the computer-implemented method of claim 5, wherein the data is at the predetermined location in the decrypted data stream (e.g. Davis [0046]; [0051]; “A flag or marker 604 may be included in the data stream to indicate the presence of the encrypted payload 606. For example, in an embodiment a flag or marker 604 prior to the encrypted payload 606 indicates that data following the flag or marker 604 is sensitive data comprising the encrypted payload 606. A flag or marker 604 following the encrypted payload 606 may indicate the end of the encrypted payload 606” [0063]).
As to Claim 10:
Davis discloses the computer-implemented method of claim 7, but does not specifically disclose:
the encrypted data stream is received using a first connection and the metadata is received using a second connection.
However, the analogous art Marr does disclose the encrypted data stream is received using a first connection and the metadata is received using a second connection (e.g. Marr cryptographic encoded information is received over first channels while metadata is received over second channels [0032]; [0033]; payload data is encoded on the first channel and metadata is encoded on second channel [0060]; [0083]).  Davis and Marr are analogous art because they are from the same field of endeavor in secure data communication through encryption of data.
(e.g. see Marr, “transmit the first subset of channels over the network; and responsive to a request received over the network relating to the second subset of channels, transmit the second subset of channels over the network. In another aspect of the invention the server is further configured to perform a cryptographic operation on the information encoded to the first subset of channels, and in some aspects the server is further configured to encode cryptographic information related to the cryptographic operation to the second subset of channels” [0032]; [0033]; “In some embodiments, all or a majority of the payload data (i.e., data comprising the original content file) is encoded in the first channel, and all or a majority of the overhead data (e.g., data other than content file data such as key data, metadata, sequencing data, or any other data required to decode the first channel, etc.) is encoded in the blocks of the second channel” [0060]; “transformation of the information in the first subset of channels, for example through encryption, with the second (or more) subsets of channels including information for performing an inverse or other transform to recover the content file for use” [0083]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Davis and Marr before him or her, to modify the disclosure of Davis with the teachings of Marr to include the encrypted data stream is received using a first connection and the metadata is received using a second connection as claimed because Davis provides a method and system for detecting sensitive data in a data stream and selectively encrypting it based on metadata including configuration information (Davis [Abstract]-[0120]) which could be transmitted over a separate second channel (Marr [0032]; [0033]; [0060]; [0083]).  The suggestion/motivation for doing so would have been to enable content providers cost-effective content delivery using, for example, download and peer-to-peer mechanisms, while also allowing content providers the ability to control and restrict usage of the content (Marr [0042]).  Therefore, it would have been obvious to combine Davis and Marr to obtain the invention as specified in the instant claim(s).
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Davis in view of Hao et al. (US 20170155703 A1, hereinafter Hao).
As to Claim 4:
Davis discloses the computer-implemented method of claim 1, but does not specifically disclose:
the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device.
However, the analogous art Hao does disclose the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device (e.g. Hao IoT devices such as smart phones may include IoT modems which are powered by battery and communicate sensor data to backend cloud server [0017]; [0019]; [0020]; [0036]).  Davis and Hao are analogous art because they are from the same field of endeavor in secure communication of data to backend devices.
(e.g. see Hao, “the IoT devices 110 may connect to different backend cloud networks associated with the respective owners to perform certain functions and/or to exchange data with other IoT devices 110 associated with other owners. In this way, an IoT device 110 may connect (e.g., via IoT modems 120) with other IoT devices 110 in local area cloud 101 to perform certain tasks at a geographic location, and may also connect to other remote IoT devices 110 (e.g., IoT devices 110 in other local area clouds 101 at) through a backend cloud server to perform other tasks at other geographic locations” [0017]; “IoT modems 120 may be included with or are parts of IoT device 110. For example, certain types of IoT devices 110, such as smart phones, may include a transceiver that may be adapted to perform as IoT modem 120” [0019]; “IoT modem 120 may operate in a relatively power efficient manner such that IoT modem 120 may be active (e.g., be available to send and/or receive messages) for several years when powered by a small power source, such as a watch battery” [0020]; “cloud server 140 may, by default, use a more secure protocol (e.g., encrypting data using longer length encryption keys) and a high priority path and may direct cloud server 140 to receive sensor data from actuator IoT devices 110 using a less secure protocol (e.g., encrypting data using shorter length encryption keys)” [0036]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Davis and Hao before him or her, to modify the disclosure of Davis with the teachings of Hao to include the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device as claimed because Davis provides a method and system for detecting sensitive data in a data stream and selectively encrypting it based on metadata for transmission to a backend service (Davis [Abstract]-[0120]) which could include IoT device sensor data that is transmitted to a backend server (Hao [0017]; [0019]; [0020]; [0036]).  The suggestion/motivation for doing so would have been to allow devices to be monitored and controlled remotely across existing network infrastructure to enable more direct integration between the physical world and computer-based systems (Hao [0008]).  Therefore, it would have been obvious to combine Davis and Hao to obtain the invention as specified in the instant claim(s).
As to Claim 14:
Davis discloses the system of claim 12, but does not specifically disclose:
the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device.
However, the analogous art Hao does disclose the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device (e.g. Hao IoT devices such as smart phones may include IoT modems which are powered by battery and communicate sensor data to backend cloud server [0017]; [0019]; [0020]; [0036]).  Davis and Hao are analogous art because they are from the same field of endeavor in secure communication of data to backend devices.
(e.g. see Hao, “the IoT devices 110 may connect to different backend cloud networks associated with the respective owners to perform certain functions and/or to exchange data with other IoT devices 110 associated with other owners. In this way, an IoT device 110 may connect (e.g., via IoT modems 120) with other IoT devices 110 in local area cloud 101 to perform certain tasks at a geographic location, and may also connect to other remote IoT devices 110 (e.g., IoT devices 110 in other local area clouds 101 at) through a backend cloud server to perform other tasks at other geographic locations” [0017]; “IoT modems 120 may be included with or are parts of IoT device 110. For example, certain types of IoT devices 110, such as smart phones, may include a transceiver that may be adapted to perform as IoT modem 120” [0019]; “IoT modem 120 may operate in a relatively power efficient manner such that IoT modem 120 may be active (e.g., be available to send and/or receive messages) for several years when powered by a small power source, such as a watch battery” [0020]; “cloud server 140 may, by default, use a more secure protocol (e.g., encrypting data using longer length encryption keys) and a high priority path and may direct cloud server 140 to receive sensor data from actuator IoT devices 110 using a less secure protocol (e.g., encrypting data using shorter length encryption keys)” [0036]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Davis and Hao before him or her, to modify the disclosure of Davis with the teachings of Hao to include the first device is a battery powered Internet of Things device, the data is sensor data and the second device is a backend device as claimed because Davis provides a method and system for detecting sensitive data in a data stream and selectively encrypting it based on metadata for transmission to a backend service (Davis [Abstract]-[0120]) which could include IoT device sensor data that is transmitted to a backend server (Hao [0017]; [0019]; [0020]; [0036]).  The suggestion/motivation for doing so would have been to allow devices to be monitored and controlled remotely across existing network infrastructure to enable more direct integration between the physical world and computer-based systems (Hao [0008]).  Therefore, it would have been obvious to combine Davis and Hao to obtain the invention as specified in the instant claim(s).
Claims 8 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Davis in view of Jones et al. (US 20110161325 A1, hereinafter Jones).
As to Claim 8:
Davis discloses the computer-implemented method of claim 7, but does not specifically disclose:
hardcoding, at the second device, the location of the data..
However, the analogous art Jones does disclose hardcoding, at the second device, the location of the data (e.g. Jones hardcode references to access data and/or files form the determined location [0005]; [0056]).  Davis and Jones are analogous art because they are from the same field of endeavor in handing requests for data over a communication network.
(e.g. see Jones, “One way of dealing with this problem of accessing external data from objects within a compiled file is for the developer to manually program/hardcode references to the external repository to access the data and/or files from the determined location” [0005]; “The components provided by the component module 116b may be organized in a component library. In one instance, a hard-coded source code file may be created from a static platform that includes unalterable binary components and parses pre-built components” [0056]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Davis and Jones before him or her, to modify the disclosure of Davis with the teachings of Jones to include hardcoding, at the second device, the location of the data as claimed because Davis provides a method and system for detecting sensitive data in a data stream and selectively encrypting it based on metadata flags/markers (Davis [Abstract]-[0120]) which could be hardcoded references to determined locations (Jones [0005]; [0056]).  The suggestion/motivation for doing so would have been to store references to files and objects within a repository to which data and/or files may then be mapped from remote or external data sources (Jones [0027]).  Therefore, it would have been obvious to combine Davis and Jones to obtain the invention as specified in the instant claim(s).
As to Claim 11:
Davis in view of Jones discloses the computer-implemented method of claim 8, further comprising encrypting, at the second device, the data in a second data stream using a private key (e.g. Davis “The endpoint key information may include metadata or other information indicating a particular cryptographic key associated with the endpoint such as a public key. The cryptographic key management service may then encrypt the symmetric key with the endpoint key 1312. For example, the cryptographic key management service may encrypt the symmetric key with a key only accessible to the endpoint” [0106]; “The cryptographic key management service may then encrypt the sensitive data with a symmetric key 1306. The symmetric key may be generated by the system executing the process 1300 or may be obtained from the key materials” [0105]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Puiatti et al. (US 20060109982 A1) is cited for secured transmission of data with control words and re-encryption of deciphered data after verification.
Bhogal et al. (US 20070079117 A1) is cited for selective encryption of data after data transmission is unmarshaled.
Hars et al. (US 20120278635 A1) is cited for migration of stored data by partial decryption and re-encryption of the data using a location associated value.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

12.02.2022