DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 22 November 2022 has been entered.
 Response to Amendment
Applicant’s amendment filed 22 November 2022 amends claim 1. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, on page 8 of the response, “Applicants respectfully submit, however, that Carey’s hash algorithm used to compute the hash of the analysis result that is included in its ‘audit record’ is different than ‘information describing at least one data processing operation’ recited in amended claim 1…Carey’s hash of ‘(d) the response produced by the program’ included in its ‘audit record’ is a hash value, which alone does not describe an operation performed by a program ‘on [a] first data set to generate [a] second data set.’” In response, Examiner agrees that the current amendments to claim 1 overcome the previous reading of the hash algorithm to the claimed information describing at least one data processing operation. However, Carey discloses that audit record additionally includes the trusted analysis program/VDT itself ([0214]) and the VDT includes header information that includes the test ID, test version, and test descriptive name ([0217]) along with metadata that includes a description of the test being performed on the data ([0218]). Identifying information and description information respective to the test being performed on the data to generate the result reads on the claimed information describing a data derivation operation performed on the first data set to generate the second data set.
Applicant argues, “Hoover additionally fails to disclose or suggest ‘configuration information associated with the generation of the second data set of the data processing program’ as recited in dependent claim 9.” In response, Applicant has failed to fully consider the proposed combination of Carey and Hoover as presented with respect to claim 9. Specifically, Carey discloses that the data is processed in a trusted execution environment by a trust analysis program to produce result data ([0273] & [0286] & [0298] & [0339]). The execution of the trusted analysis program results in the creation of an audit record that includes the hash of the data, the hash of the analysis result, and a hash of the program ([0298]. Carey does not disclose that the audit record includes configuration information. Hoover discloses an audit record that can include format information ([0031] & Figure 3: satmessageformat can be considered configuration information). The audit record, and its’ corresponding format, would be considered to be associated with the generation of the result data to the extent that the audit record is generated using the same trust analysis program that produces the result data. 	
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 7, 8, 13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Carey, WO 2013/059368. Referring to claim 1, Carey discloses a data protection system wherein a trusted data analysis platform has access to raw data that is to be analyzed ([0256]-[0258]), which meets the limitation of access a first data set. The data is processed in a trusted execution environment by a trust analysis program to produce result data ([0273] & [0286] & [0298] & [0339]), which meets the limitation of processing the first data set using a data processing program executing with in a secure execution environment of the trusted data management platform to generate a second data set. During execution of the trusted analysis program on the data, a hash of data is calculated, a hash of the analysis result is calculated, and a hash of the program is executed ([0298]: hash of the program reads on the claimed identification information associated with the data processing program), which meets the limitation of generating and storing fact information associated with the second data set, the fact information comprising a hash of the first data set, a hash of the second data set, and identification information associated with the data processing program. The execution of the trusted analysis program results in the creation of an audit record that includes the hash of the data, the hash of the analysis result, and a hash of the program ([0298]: audit records reads on the claimed assertion), which meets the limitation of generating an assertion based on the fact information. The audit record additionally includes the trusted analysis program/VDT itself ([0214]) and the VDT includes header information that includes the test ID, test version, and test descriptive name ([0217]) along with metadata that includes a description of the test being performed on the data ([0218]: identifying information and description information respective to the test being performed on the data to generate the result reads on the claimed data derivation operation performed on the first data set to generate the second data set; Examiner notes that support for the amended claim language that requires the information describing at least one data processing operation to be generated by the data processing program was described as being present in paragraph [0072] of Applicant’s specification which suggests that the data processing program 106a generates the fact information. Therefore, Carey reads on this limitation to the extent that the audit record is generated by the trusted analysis program [0298]), which meets the limitation of the fact information comprising information describing at least one data processing operation performed by the data processing program on the first data set to generate the second data set, the information being generated by the data processing program and comprising a data derivation operation. The audit record is digital signed ([0298]) such that the digital signature requires the hashing the audit record ([0292]: hash of the object being signed and the audit record is being signed [0298]) and the utilization of a private key of the trusted execution environment to create the digital signature ([0247]: trusted execution environment creates the digital signature [0298]. Therefore, the private key used to create the digital signature would belong to the trusted execution environment), which meets the limitation of the assertion comprising a hash of the fact information and a digital signature generated using a first cryptographic key, the first cryptographic key being securely associated with the trusted data management platform. The audit record can be output the cloud service to maintain trusted chain of handling ([0214]), which meets the limitation of transmitting the assertion to a trusted assertion service separate from the trusted data management platform for recordation by the trusted assertion service.
Referring to claim 2, Carey discloses that the data can be provided from an originating entity ([0195]), which meets the limitation of receiving the first data set from a data provider system.
Referring to claim 3, Carey discloses that the trusted analysis program analysis program can be created by an entity separate from the entity that receives the trusted analysis program and executes the trusted analysis program ([0206] & [0271]: trusted analysis program can be a VDT and VDTs can be created by trusted entities such as an academic lab and provided to and executed by medical clinicians), which meets the limitation of receiving the data processing program from a data processing service separate from the trusted data management platform for execution within the secure execution environment of the trusted data management platform.
Referring to claim 4, Carey discloses that audit report includes a hash of the trusted analysis program ([0298]) and that the trusted analysis program can be created by an entity separate from the entity that receives the trusted analysis program and executes the trusted analysis program ([0206] & [0271]: hash of the program created by an entity would effectively identify the entity to the extent that the entity created the program), which meets the limitation of wherein the identification associated with the data processing program comprises an identifier of the data processing service.
Referring to claim 7, Carey discloses that the execution of the trusted analysis program results in the creation of an audit record that includes a hash of the program ([0298]), which meets the limitation of wherein the fact information further comprises a hash of the data processing program.
Referring to claim 8, Carey discloses that the execution of the trusted analysis program results in the creation of an audit record that includes a timestamp ([0298] & [0340]), which meets the limitation of wherein the fact information further comprises a timestamp associated with the generation of the second data set by the data processing program.
Referring to claim 13, Carey discloses that the data is analyzed/processed by the trust analysis program ([0273] & [0286] & [0298] & [0339]) in response to a request to analyze/process being received ([0229] & [0233] & [0286]), which meets the limitation of receiving a data processing request from a data processing service to process the first data set using the data processing program, and wherein processing the first data set using the data processing program is performed in response to receiving the data processing request. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 5, 6 are rejected under 35 U.S.C. 103 as being unpatentable over Carey, WO 2013/059368, in view of Yach, WO 02/25409. Referring to claims 5, 6, Carey does not disclose that the audit record includes a digital signature from the trusted entity that created the program. Yach discloses digitally signing a software application by the software application developer using the private key of the software application developer  (Page 19, line 16 – Page 20, line 20), which meets the limitation of wherein the assertion further comprises a digital signature generated using a second cryptographic key, the second cryptographic key being securely associated with the data processing service, wherein the assertion further comprises a digital signature generated using a third cryptographic key, the third cryptographic key being securely associated with the data processing program. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the audit record of Carey to have included the digital signature of the trusted entity that created the program in order to provide a way to identify the creator of problematic software applications as suggested by Yach (Page 20, lines 10-20).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Carey, WO 2013/059368, in view of Hoover, U.S. Publication No. 2005/0193043. Referring to claim 9, Carey does not disclose that the audit record includes configuration information. Hoover discloses an audit record that can include format information ([0031] & Figure 3: satmessageformat can be considered configuration information), which meets the limitation of wherein the fact information further comprises configuration information associated with the generation of the second data set by the data processing program. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the audit record of Carey to have included policy-based format information in order to ensure that audit records are supported as suggested by Hoover ([0031]).
Claims 11, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Carey, WO 2013/059368, in view of Weller, U.S. Publication No. 2006/0282441. Referring to claim 11, Carey discloses a data protection system wherein a trusted data analysis platform has access to raw data that is to be analyzed ([0256]-[0258]), which meets the limitation of access a first data set. The data is processed in a trusted execution environment by a trust analysis program to produce result data ([0273] & [0286] & [0298] & [0339]). During execution of the trusted analysis program on the data, a hash of data is calculated, a hash of the analysis result is calculated, and a hash of the program is executed ([0298]: hash of the program reads on the claimed identification information associated with the data processing program). The execution of the trusted analysis program results in the creation of an audit record that includes the hash of the data, the hash of the analysis result, and a hash of the program ([0298]).
Carey does not specify where the audit record data and the analysis result data is stored in relation to each other. Weller discloses audit data that can be stored in a secure database along with analyzed data ([0055]), which meets the limitation of wherein the fact information is securely stored with the second data set by the trusted data management platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the audit record data and the analysis result data of Carey to have been stored together, in the manner suggested by Weller, because Weller discloses that such an embodiment is one of a finite number of possible storage solutions that could have been implemented by one of ordinary skill in the art with a reasonable expectation of success ([0055]). 
Referring to claim 12, Carey discloses a data protection system wherein a trusted data analysis platform has access to raw data that is to be analyzed ([0256]-[0258]), which meets the limitation of access a first data set. The data is processed in a trusted execution environment by a trust analysis program to produce result data ([0273] & [0286] & [0298] & [0339]). During execution of the trusted analysis program on the data, a hash of data is calculated, a hash of the analysis result is calculated, and a hash of the program is executed ([0298]: hash of the program reads on the claimed identification information associated with the data processing program). The execution of the trusted analysis program results in the creation of an audit record that includes the hash of the data, the hash of the analysis result, and a hash of the program ([0298]).
Carey does not specify where the audit record data and the analysis result data is stored in relation to each other. Weller discloses audit data that can be stored in a secure database separate from the analyzed data ([0055]), which meets the limitation of wherein the fact information is securely stored by the trusted data management platform in a database separate from the second data set. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the audit record data and the analysis result data of Carey to have been stored separately, in the manner suggested by Weller, because Weller discloses that such an embodiment is one of a finite number of possible storage solutions that could have been implemented by one of ordinary skill in the art with a reasonable expectation of success ([0055]). 
Claims 14, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Carey, WO 2013/059368, in view of Proudler, U.S. Publication No. 2003/0041250.
Referring to claim 14, Carey discloses that the data is analyzed/processed by the trust analysis program ([0273] & [0286] & [0298] & [0339]) in response to a request to analyze/process being received ([0229] & [0233] & [0286]: request would be considered a request for the processing result and would therefore be considered a request for the second data set), which meets the limitation of receiving a data request for a data consumer system for the second data set, and in response to the data request, transmitting the second data set [and the fact information] to the data consumer system.
Carey does not specify that the audit record is provided to the requester. Proudler discloses providing audit information and processing result information to a requester ([0141]), which meets the limitation of in response to the data request, transmitting the second data set and the fact information to the data consumer system. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the audit record of Carey to have been provided to the requester along with processing results in order to provide the requester with an indication of processing failure as suggested by Proudler ([0143]).
Referring to claim 15, Carey discloses that the request can be provided via a platform interface ([0140] & [0363]-[0364]), which meets the limitation of wherein the trusted management platform exposes a data marketplace interface to the data consumer system and wherein the data request is received via the data marketplace interface.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437