Prosecution Insights
Last updated: July 17, 2026
Application No. 17/675,513

SYSTEM AND METHOD FOR IMPLEMENTING MANDATORY ACCESS CONTROL ON QUERIES OF A SELF-DESCRIBING DATA SYSTEM

Final Rejection §103
Filed
Feb 18, 2022
Priority
Apr 27, 2018 — provisional 62/663,777 +2 more
Examiner
CONYERS, DAWAUNE A
Art Unit
2152
Tech Center
2100 — Computer Architecture & Software
Assignee
Aras Corporation
OA Round
6 (Final)
66%
Grant Probability
Favorable
7-8
OA Rounds
0m
Est. Remaining
85%
With Interview

Examiner Intelligence

Grants 66% — above average
66%
Career Allowance Rate
346 granted / 527 resolved
+10.7% vs TC avg
Strong +19% interview lift
Without
With
+19.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 7m
Avg Prosecution
19 currently pending
Career history
549
Total Applications
across all art units

Statute-Specific Performance

§101
3.9%
-36.1% vs TC avg
§103
90.5%
+50.5% vs TC avg
§102
1.5%
-38.5% vs TC avg
§112
3.6%
-36.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 527 resolved cases

Office Action

§103
Detailed Action Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims Claims 1, 9, and 17 have been amended. Claims 4, 12, and 20 have been canceled. Claims 1-3, 5-11, and 13-19 are pending and rejected in the application. This action is Final. Response to Arguments Applicant Argues: The Examiner rejected Claims 1-3, 5-11 and 13-19 under 35 U.S.C. 112(a), first paragraph, as failing to comply with the written descript requirement. Regarding claims 1, 9, and 17, the Office indicates that "wherein the DAC policy comprises enabling access to items in a first subdomain of a first domain based on determining a user has access to a requested item in a second subdomain of a second domain," is allegedly not found in the specification. Applicant respectfully disagrees. Examiner Responds: Applicant’s, claims 1-3, 5-11, and 13-19, 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, arguments have been fully considered and are persuasive. Therefore, the rejection under 35 U.S.C. §112(a) is withdrawn. Applicant Argues: Applicant respectfully asserts that the cited references fail to teach or suggest at least the above-emphasized portions of amended independent claim 1. In particular, the cited references do not teach or suggest defining a DAC definition implementing the DAC policy, wherein the DAC definition comprises one or more conditionals, deriving a relationship between one or more items based on the one or more conditionals in the DAC definition, wherein the relationship determines whether access permission to the first item is enabled, and responsive to determining the derived attribute of the target item is satisfied and deriving the relationship, enabling access to the first item, as recited by the amended independent claims. The cited references appear to be silent regarding defining a DAC definition implementing a DAC policy, deriving a relationship between one or more items based on one or more conditionals in a DAC definition, much less using the derived relationship to enable access to a first item. Examiner Responds: Applicant's 35 USC § 103 arguments with respect to claims 1-3, 5-11, and 13-19 have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections – 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 5, 6, 9, 10, 13, 14, 18, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kandasamy et al. U.S. Patent Publication (2012/0151552; hereinafter: Kandasamy) in view of Lei U.S. Patent Publication (2012/0095988; hereinafter: Lei) and further in view of Alstrin et al. U.S. Patent Publication (2008/0021883; hereinafter: Alstrin) and further in view of Naldurg et al. U.S. Patent Publication (2008/0104665; hereinafter: Naldurg) Claims 1, 9, and 17 As to claims 1, 9, and 17, Kandasamy discloses a system comprising: a memory device storing instructions (paragraph[0048], the reference describes using memory for application operations.); and a processing device communicatively coupled to the memory device, wherein the processing device executes the instructions to (paragraph[0050], the reference describes using a processor and memory for application operations.): apply a mandatory access control (MAC) policy and domain access control (DAC) policy to an item type, wherein the DAC policy comprises enabling access to items in a first subdomain of a first domain based on determining a user has access to a requested item in a second subdomain of a second domain (paragraph[0043]-paragraph[0044], the reference describes using a mandatory access and domain-based access control (i.e., domain access control, as claimed). The reference describes giving access to all domains (i.e., first subdomain of a first domain, as claimed) based on a request from in a domain (i.e., second subdomain of a second domain, as claimed).); receive, from a processing device, a request to access a first item in a data structure, wherein the first item comprises the item type (paragraph[0031], the reference describes requesting data.). defining a DAC definition implementing the DAC policy, wherein the DAC definition comprises one or more conditionals (Figure 2, paragraph[0032], the reference describes creating a domain access policy with one or more permissions (i.e., permission, as claimed).); define a policy combining rule specifying that access to the first item is enabled according to an override based on a combination of whether the MAC policy, the DAC policy, or both provide access to the first item (paragraph[0032], the reference describes using access control policies on data based on the mandatory access and domain-based access control.); based on the policy combining rule, determine whether the derived attribute of the target item is satisfied (paragraph[0034], the reference describes using both access and domain controls to determine which data a user is allowed to access. The Examiner interprets the term whether as optional.); Kandasamy does not appear to explicitly disclose receive, at a processing device, a request to access a first item in a data structure, wherein the first item comprises the item type; responsive to receiving the request, execute a query definition comprising the MAC, wherein the query definition includes an execution path for traversing the data structure, and executing the query definition cause the processing device to convert the query definition into a database programming language that enables traversing, using the execution path in the data structure, one or more relationships between the first item and one or more other items to identify a target item; defining a derived attribute in the query definition specifying the first item to be accessed, wherein the query definition comprises a logical representation to determine one or more values of the derived attribute; deriving a relationship between one or more items based on the one or more conditionals in the DAC definition, wherein the relationship determines whether access permission to the first item is enabled; and responsive to determining the derived attribute of the target item is satisfied and deriving the relationship, enable access to the first item. However, Lei discloses responsive to receiving the request, execute a query definition comprising the MAC, wherein the query definition includes an execution path for traversing the data structure (Figure 2, paragraph[0025], the reference describes receiving a query expression (i.e., query definition, as claimed) that includes a protected column (i.e., MAC, as claimed).), and executing the query definition cause the processing device to convert the query definition into a database programming language that enables traversing (paragraph[0026], the first query is transformed into a new query expression (i.e., a database programing language, as claimed) that queries a database (that enables traversing, as claimed).), using the execution path in the data structure, one or more relationships between the first item and one or more other items to identify a target item (paragraph[0027], the reference describes the new query that includes relationships between the first query SNN and new query SNN.); Based on the policy combining rule, determine whether a derived attribute of the target item is satisfied (paragraph[0035], the reference determines which subset values (i.e., target item) that will meet the new expression requirements.); responsive to determining the derived attribute of the target item is satisfied and deriving the relationship, enable access to the first item (paragraph[0040], the reference describes returning the new query results based on policy attributes in the new expression.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei to transform a query expression based on the access policy which would result in the claim invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei to quickly optimize queries related to tables that are subject to access control policies (Lei: paragraph[0002]). The combination of Kandasamy and Lei do not appear to explicitly disclose defining a derived attribute in the query definition specifying the first item to be accessed, wherein the query definition comprises a logical representation to determine one or more values of the derived attribute; deriving a relationship between one or more items based on the one or more conditionals in the DAC definition, wherein the relationship determines whether access permission to the first item is enabled; However, Alstrin discloses defining a derived attribute in the query definition specifying the first item to be accessed, wherein the query definition comprises a logical representation to determine one or more values of the derived attribute (paragraph[0074], the reference describes defining parameters (i.e., attribute, as claimed) in a baseline query definition (i.e., query definition, as claimed) dynamically (e.g., figure 3) (i.e., a logical representation, as claimed).). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei and Alstrin to dynamically define values in a query definition which would result in the claim invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei and Alstrin to quickly determine deference between a new and old snapshot with generating an additional snapshot (Alstrin: paragraph[0006]). The combination of Kandasamy, Lei, and Alstrin do not appear to explicitly disclose deriving a relationship between one or more items based on the one or more conditionals in the DAC definition, wherein the relationship determines whether access permission to the first item is enabled; However, Naldurg discloses deriving a relationship between one or more items based on the one or more conditionals in the DAC definition, wherein the relationship determines whether access permission to the first item is enabled (paragraph0063]-paragraph[0065], the reference describes creating a relationship based on access rights. The Examiner interprets the element “whether” as optional.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei, Alstrin, and Naldurg to create access relationships which would result in the claim invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei, Alstrin, and Naldurg to efficiently analyze and detect explicit information-flow vulnerabilities in access control configurations (Naldurg: paragraph[0006]). Claims 2, 10, and 18 As to claims 2, 10, 18, the combination of Kandasamy, Lei, Alstrin, and Naldurg discloses all the elements in claim 1, as noted above, and Kandasamy further disclose wherein the MAC policy includes a condition that indicates to enable access to the first item when the attribute is satisfied (paragraph[0025], the reference describes the conditions to access data.). Claims 5 and 13 As to claims 5 and 13, the combination of Kandasamy, Lei, Alstrin, and Naldurg discloses all the elements in claim 1, as noted above, and Lie further disclose wherein the processing device is further to: implement a role based access control policy for the first item (paragraph[0028], the reference discloses changing the data based on the access policy for a user(i.e., implement a role, as claimed).); determine a role of the entity that made the request(paragraph[0026], the reference describes determining the users access rights based on the access policy.); based on the role of the entity and the derived attribute, determine whether to enable access to the first item (paragraph[0039], the reference describes determining whether a user has access based on the users credentials (i.e., the role, as claimed).). Claims 6 and 14 As to claims 6 and 14, the combination of Kandasamy, Lei, Alstrin, and Naldurg discloses all the elements in claim 1, as noted above, and Lei disclose wherein access is enabled if the role is a certain level or if the derived attribute is satisfied (paragraph[028]-paragraph[00029], the reference describes determining when access is granted based on the policy and user credentials (i.e., role is a certain level).). Claims 3, 11, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kandasamy et al. U.S. Patent Publication (2012/0151552; hereinafter: Kandasamy) in view of Lei U.S. Patent Publication (2012/0095988; hereinafter: Lei) and further in view of Alstrin et al. U.S. Patent Publication (2008/0021883; hereinafter: Alstrin) and further in view of Naldurg et al. U.S. Patent Publication (2008/0104665; hereinafter: Naldurg) and further in view of Vepa et al. U.S. Patent Publication (2015/0089575; Vepa) Claims 3, 11, and 19 As to claims 3, 11, and 19, the combination of Kandasamy, Lei, Alstrin, and Naldurg discloses all the elements in claim 1, as noted above, but do not appear to explicitly disclose wherein the target item is a parent item of the first item. However, Vepa discloses wherein the target item is a parent item of the first item (paragraph[0139], the reference describes the system determining a parent data among a plurality of data.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Vepa to create access rights on object which would result in the claim invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Vepa to quickly avoid wasteful duplication of access rights by implementing a global container that contains policies that are applicable to multiple separate applications in the environment (Vepa: paragraph[0013]). Claims 7, 8, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kandasamy et al. U.S. Patent Publication (2012/0151552; hereinafter: Kandasamy) in view of Lei U.S. Patent Publication (2012/0095988; hereinafter: Lei) and further in view of Alstrin et al. U.S. Patent Publication (2008/0021883; hereinafter: Alstrin) and further in view of Naldurg et al. U.S. Patent Publication (2008/0104665; hereinafter: Naldurg) and further in view of Chari et al. U.S. Patent Publication (2014/0196104; Chari) Claims 7 and 15 As to claims 7 and 15, the combination of Kandasamy, Lei, Alstrin, and Naldurg discloses all the elements in claim 1, as noted above, but do not appear to explicitly disclose wherein access is enabled if the role is a certain level and if the derived attribute is satisfied. However, Chari discloses wherein access is enabled if the role is a certain level and if the derived attribute is satisfied (paragraph[0026], the reference describes determining the user role and attributes to access data.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Chari to set roles which would result in the invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Chari to efficiently generate role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles (Chari: paragraph[0007]). Claims 8 and 16 As to claims 8 and 16, the combination of Kandasamy, Lei, Naldurg, and Alstrin discloses all the elements in claim 1, as noted above, but do not appear to explicitly disclose wherein the processing device is further to define the derived attribute for a plurality of item types, wherein the derived attribute comprises a uniform data type for each of the plurality of item types. However, Chari discloses wherein the processing device is further to define the derived attribute for a plurality of item types, wherein the derived attribute comprises a uniform data type for each of the plurality of item types (paragraph[0026], the reference describes a system setting access rights for data.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to have modified the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Chari to set roles which would result in the invention. The skilled artisan would have been motivated to improve the teachings of Kandasamy with the teachings of Lei, Alstrin, Naldurg, and Chari to efficiently generate role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles (Chari: paragraph[0007]). Final Rejection Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAWAUNE A CONYERS whose telephone number is (571)270-3552. The examiner can normally be reached on M-F 8:00am-4:30pm EST. EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neveen Abel-Jalil can be reached on (571) 270-0474. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DAWAUNE A CONYERS/Primary Examiner, Art Unit 2152 June 11, 2026
Read full office action

Prosecution Timeline

Show 6 earlier events
Aug 29, 2024
Non-Final Rejection mailed — §103
Nov 29, 2024
Response Filed
Mar 12, 2025
Final Rejection mailed — §103
Sep 12, 2025
Request for Continued Examination
Sep 23, 2025
Response after Non-Final Action
Oct 21, 2025
Non-Final Rejection mailed — §103
Mar 23, 2026
Response Filed
Jun 16, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12681959
DATABASE ACCESS SYSTEM USING MACHINE LEARNING-BASED RELATIONSHIP ASSOCIATION
5y 2m to grant Granted Jul 14, 2026
Patent 12675473
GENERATING DATABASE QUERY USING MACHINE-LEARNED LARGE LANGUAGE MODELS
2y 4m to grant Granted Jul 07, 2026
Patent 12664142
HIERARCHICAL SCRIPT DATABASE AND DATABASE APPLICATIONS
4y 11m to grant Granted Jun 23, 2026
Patent 12657192
METHOD AND APPARATUS FOR DISPLAYING SEARCH RESULT, AND COMPUTER STORAGE MEDIUM
3y 6m to grant Granted Jun 16, 2026
Patent 12657194
Ranking Search Queries Using Contextual Relevance and Third-Party Factors
2y 9m to grant Granted Jun 16, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

7-8
Expected OA Rounds
66%
Grant Probability
85%
With Interview (+19.2%)
3y 7m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 527 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month