Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsInfovia LLC › 17686693
Last updated: April 19, 2026
Application No. 17/686,693

Database Integrated Secure View

Final Rejection §103
Filed
Mar 04, 2022
Examiner
AYALA, KEVIN ALEXIS
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Infovia LLC
OA Round
4 (Final)
64%
Grant Probability
Moderate
5-6
OA Rounds
3y 4m
To Grant
96%
With Interview

This examiner grants 64% of cases after interview

+31.8% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 164 resolved cases, 2023–2026

Examiner Intelligence

AYALA, KEVIN ALEXIS View full profile →
Grants 64% of resolved cases
64%
Career Allow Rate
105 granted / 164 resolved
+6.0% vs TC avg
Strong +32% interview lift
Without
With
+31.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
35 currently pending
Career history
199
Total Applications
across all art units

Statute-Specific Performance

§101
11.6%
-28.4% vs TC avg
§103
53.2%
+13.2% vs TC avg
§102
6.7%
-33.3% vs TC avg
§112
23.9%
-16.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 164 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments In response to 35 USC 103, filed 01/26/2026, on pages 9-12, For independent claims 1,10 and 15 along with either respective dependent claims, applicant argues that the cited references do not teach “the secure view system including a schema of table structures integrated into the database as a schema instantiation of the table structures” and “the query of the database being initiated through a secure view layer of the secure view system”. King teaches the secure view system including a schema of table structures integrated into the database as a schema instantiation of the table structures. King indicates “the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. Creating databases and tables [0015][0018][0072] Fig. 2”. King shows creating tables (which are the secure view system) into the database, the database containing schema. King does show a secure view system integrated into the database. Furthermore, the claims do not recite the secure view system is implemented within a client’s current database structure. However, King does not teach the query of the database being initiated through a secure view layer of the secure view system. Ortiz teaches “the query of the database being initiated through a secure view layer of the secure view system”. Ortiz discloses “an intelligence layer 116 may provide an application programming interface through which queries can be run using combined aspects of both data sets. the intelligence layer 116 also provides graphical user interfaces from which dashboards or other visual representations using interactive visual elements and/or controls derived from the results of the queries can be rendered [0140]. An intelligence layer may provide an application programming interface through which queries can be run. These queries can include regular queries where information stored in the secure data warehouse is queried directly to return a result, and also more challenging machine learning-based queries where a machine learning model operates within the secure computing infrastructure platform [0023]. Queries, for example, can be conducted on joined versions of separate tables based on a primary or foreign key that is common to both (e.g., a userID, a user name, an address, a phone number), or a schema that is common to both (e.g., two tables of insurance claims that can be used to more accurately identify a typical payout amount for a particular type of event, such as flooding) [0024][0029][0129] Fig. 2B”. Ortiz discloses a query of the database through “secure view layer”. The query being initiated can be broadly be interpreted as running it. The Examiner does not concede that Ortiz’s “secure view layer” is different that the claimed “secure view layer”. Thus, King in view of Ortiz teach “the secure view system including a schema of table structures integrated into the database as a schema instantiation of the table structures” and “the query of the database being initiated through a secure view layer of the secure view system”. Applicant argues that McFall fails to teach “wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer”. The examiner does not concede. McFall teaches “wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer”. McFall recites “the sensitive vs. non-sensitive distinction leads to an important optimization. The optimization occurs because the extra queries required, as discussed above, replace the aggregate function with a COUNT (here, “SELECT COUNT(*) WHERE gender=‘Male’;”), thus ending up with a query that concerns no public columns and so does not need noise. In this case, these extra queries that are conducted by Lens do not incur privacy budget and their results are exact [0146][0439]. Masking, generalising, or perturbing this data before sharing it with developers provides a layer of defense against privacy breach while retaining the utility of the data [0686][0171][0386][0525-[0532]”. As shown above, the combination of King and Ortiz teach “the secure view system including a schema of table structures integrated into the database as a schema instantiation of the table structures” and “the query of the database being initiated through a secure view layer of the secure view system”. Applicant further argues that McFall does not disclose a secure view layer integrated into the database with a schema of table structures populated with metapolicies. However, this limitation is being taught by King. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-14 are rejected under 35 U.S.C. 103 as being unpatentable over King et al. (US 20090094193, hereinafter King) in view of Ortiz et al. (US 20220108026, hereinafter Ortiz). Re. claim 1, King discloses a computing device, comprising: memory configured to maintain a database of relational data that includes identifying data and sensitive data associated with the identifying data (King discloses memory storing information [0092] allow the representation of entities to be structured in a relational database [0017]. Table 220 includes columns that store both sensitive data (e.g. column 230) and non-sensitive data (e.g. columns 224, 226, and 228). For example, the salary of employee "Jane Roe" is stored in column 230 as "56,000" and her phone number is currently not known as indicated by the "NULL" value stored in column 226. Similarly, the salary of employee "Tom Burns" is stored in column 230 as "54,000" and his phone number is stored in column 226 as "555-3422" [0057][0029][0036], the relational database contains sensitive data and non-sensitive data “identifying data”); a secure view system implemented at least partially in computer hardware and configured to integrate with the database of relational data, the secure view system including a schema of table structures integrated into the database as a schema instantiation of the table structures (King discloses the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. Creating databases and tables [0015][0018][0072], creating tables into the database), the table structures populated with metapolicies that indicate the associations of the sensitive data with the identifying data, and the metapolicies indicating secure view policies that define access permissions to view one or more of the sensitive data (King discloses security policies may be stored in one or more database objects within a database. For example, the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. The same security policy can be associated with multiple columns in multiple tables, while at same time allowing database users to manage the permissions expressed in the security policy from a single location relative to the one or more entity attributes [0026]. The techniques described herein are not in any way limited to applying only one security policy defined for one column in one table [0047]. This condition of security policy 240 indicates that for each row of table 220, the value of the column 230 ("Salary") may be viewed only by database users that belong to a group with a "GROUP_ID" that matches the value stored in the "MANAGER_ID" column [0059][0018], security policies manages access permissions to view one or more of the sensitive data. Tables are created with security policies with multiple columns (columns contains sensitive and non-sensitive data)); and a query interface associated with the database and configured to query the database of the relational data for data results (King discloses the techniques described herein can guarantee that no matter what type of mechanism (e.g., an application, query tool, database client API, etc.) a user may use to access a particular database [0035]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client [0052] [0098][0100]), the query of the database being initiated through a secure view layer of the secure view system, and the data results generated based at least in part on the secure view policies that define an access permission of the query to return viewable one or more sensitive data as the data results (King discloses a database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][0030][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052]); a processor couple with the memory and configured to cause the computing device to display the data results including the viewable one or more sensitive data based on the access permission and obfuscated data based on the secure view policies (King discloses the database client API may include the function “IS_MASKED(input-value)”, which function when executed with a given value as input parameter would return “TRUE” when the input parameter is a security-NULL value and “FALSE” otherwise. Other embodiments may provide a client with different mechanisms for checking whether a given value is a security-NULL value [0022]. Database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][003-0031][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052][0043]. Main memory also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor [0092] Fig. 2). King discloses a secure view system, King does not explicitly teach but Ortiz teaches the query of the database being initiated through a secure view layer of the secure view system (Ortiz teaches an intelligence layer 116 may provide an application programming interface through which queries can be run using combined aspects of both data sets. the intelligence layer 116 also provides graphical user interfaces from which dashboards or other visual representations using interactive visual elements and/or controls derived from the results of the queries can be rendered [0140]. An intelligence layer may provide an application programming interface through which queries can be run. These queries can include regular queries where information stored in the secure data warehouse is queried directly to return a result, and also more challenging machine learning-based queries where a machine learning model operates within the secure computing infrastructure platform [0023]. Queries, for example, can be conducted on joined versions of separate tables based on a primary or foreign key that is common to both (e.g., a userID, a user name, an address, a phone number), or a schema that is common to both (e.g., two tables of insurance claims that can be used to more accurately identify a typical payout amount for a particular type of event, such as flooding) [0024][0029][0129] Fig. 2B). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by King to the query of the database being initiated through a secure view layer of the secure view system as disclosed by Ortiz. One of ordinary skill in the art would have been motivated for the purpose of controlling the underlying access to protected information and improve computational security and reduce potential exposure (Ortiz [0030][0041]). Re. claim 2, the combination of King-Ortiz teach the computing device as recited in claim 1, wherein the associations of the sensitive data with the identifying data are represented in the schema of the table structures as label-data pairs (King discloses allow the representation of entities to be structured in a relational database [0017]. Table 220 includes columns that store both sensitive data (e.g. column 230) and non-sensitive data (e.g. columns 224, 226, and 228). For example, the salary of employee "Jane Roe" is stored in column 230 as "56,000" and her phone number is currently not known as indicated by the "NULL" value stored in column 226. Similarly, the salary of employee "Tom Burns" is stored in column 230 as "54,000" and his phone number is stored in column 226 as "555-3422" [0057-0058][0036][0014], the relational database contains sensitive data and non-sensitive data “identifying data”). Re. claim 3, the combination of King-Ortiz teach the computing device as recited in claim 2, wherein an identifying data is associated with one or more of the sensitive data as the label-data pairs (King discloses allow the representation of entities to be structured in a relational database [0017]. Table 220 includes columns that store both sensitive data (e.g. column 230) and non-sensitive data (e.g. columns 224, 226, and 228). For example, the salary of employee "Jane Roe" is stored in column 230 as "56,000" and her phone number is currently not known as indicated by the "NULL" value stored in column 226. Similarly, the salary of employee "Tom Burns" is stored in column 230 as "54,000" and his phone number is stored in column 226 as "555-3422" [0057-0058][0036][0014], the relational database contains sensitive data and non-sensitive data “identifying data”). Re. claim 4, the combination of King-Ortiz teach the computing device as recited in claim 1, wherein a secure view layer is configured to filter the sensitive data in the database based on one or more of table filters, row filters, or column filters of the relational data, the secure view layer configured to provide a secure view of the sensitive data using the table structures (King discloses allow a table, having columns for which column-level security is defined, to be structured and stored in third normal form. When a user with access privileges to this table requests data from the table, the data from the columns with column-level security is filtered by applying the defined security policy or policies on a row-by-row basis before any results are returned to the user [0017]. In addition to extended security logic 208, Query engine 206 may comprise a component that is operable to add predicates to the "WHERE" clauses of received SQL queries before the SQL queries are executed. These predicates may be based on the security contexts of database connections over which the SQL queries are sent and may operate as row-level filters [0053-0054][0069-0070], the extended security logic as the secure view layer). Re. claim 5, the combination of King-Ortiz teach the computing device as recited in claim 4, wherein the query interface is configured to initiate the query through the secure view layer, and the data results of the query are returned through the secure view layer (King discloses Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client [0052]. Query engine 206 compiles and executes query "Q1" against database [0064]). Re. claim 7, the combination of King-Ortiz teach the computing device as recited in claim 1, wherein the secure view policies implement selective data share of the identifying data and the sensitive data of the relational data (King discloses determines that a security policy is satisfied for a particular row, then extended security logic 208 stores the data values from the columns to which that security policy is defined in a result set of rows that is to be returned to the client. When the security policy is not satisfied for a particular row, then extended security logic 208 replaces the data values from the columns to which that security policy is defined with security-NULL values in the result set of rows [0053]. The salary of employee "Jane Roe" is stored in column 230 as "56,000" and her phone number is currently not known as indicated by the "NULL" value stored in column 226. Similarly, the salary of employee "Tom Burns" is stored in column 230 as "54,000" and his phone number is stored in column 226 as "555-3422" [0057]). Re. claim 8, the combination of King-Ortiz teach the computing device as recited in claim 1, wherein the secure view policies implement cell-level security of cell data in the database, the cell-level security of cell data implemented by a combination of one or more row secure view policies and one or more column secure view policies (King discloses extended security logic 208 may be operable to apply one or more security policies to each row in the retrieved set of rows. When extended security logic 208 determines that a security policy is satisfied for a particular row, then extended security logic 208 stores the data values from the columns to which that security policy is defined in a result set of rows that is to be returned to the client. When the security policy is not satisfied for a particular row, then extended security logic 208 replaces the data values from the columns to which that security policy is defined with security-NULL values in the result set of rows [0053][0030][0069-0071]). Re. claim 9, the combination of King-Ortiz teach the computing device as recited in claim 1, wherein the schema of table structures is compatible with multiple, different relational database platforms (King discloses a server that is operable to perform various functionalities against one or more databases. For example, by utilizing its allocated resources, a database server may be operable to perform various data management functions (including, but not limited to, controlling and facilitating access to particular databases, processing requests by clients to access particular databases, and processing requests by clients to add, delete, or modify data in particular databases), as well as database management functions (including, but not limited to, creating databases and tables, allocating disk space for databases and tables, and creating and maintaining user login information, role information, and security policy information). In clustered operational environments, a database server may be a server instance that operates as part of a cluster of database server instances that is operable to perform data management functions and database management functions against one or more databases [0015]. Database 210 is not limited to storing any particular number of tables or other database objects with which security policies [0056]). Re. claim 10, King discloses a secure view system, comprising: at least one memory; and at least one processor coupled with the at least one memory (King discloses a main memory 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 302 for storing information and instructions to be executed by processor 304 [0092]. Fig. 3) and configured to cause the secure view system to: integrate a schema of table structures integrated into a database of relational data, the schema of table structures integrated into the database as a schema instantiation of the table structures (King discloses the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. Creating databases and tables [0015][0018][0072], creating tables into the database), the table structures populated with metapolicies that indicate associations of sensitive data with identifying data in the database, and the metapolicies indicating secure view policies that define access permissions to view one or more of the sensitive data (King discloses security policies may be stored in one or more database objects within a database. For example, the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. The same security policy can be associated with multiple columns in multiple tables, while at same time allowing database users to manage the permissions expressed in the security policy from a single location relative to the one or more entity attributes [0026]. The techniques described herein are not in any way limited to applying only one security policy defined for one column in one table [0047]. This condition of security policy 240 indicates that for each row of table 220, the value of the column 230 ("Salary") may be viewed only by database users that belong to a group with a "GROUP_ID" that matches the value stored in the "MANAGER_ID" column [0059][0018], security policies manages access permissions to view one or more of the sensitive data. Tables are created with security policies with multiple columns (columns contains sensitive and non-sensitive data)); and filter, with a secure view layer of the secure view system, the sensitive data in the database responsive to a query and based on one or more of table filters, row filters, or column filters of the relational data (King discloses allow a table, having columns for which column-level security is defined, to be structured and stored in third normal form. When a user with access privileges to this table requests data from the table, the data from the columns with column-level security is filtered by applying the defined security policy or policies on a row-by-row basis before any results are returned to the user [0017]. In addition to extended security logic 208, Query engine 206 may comprise a component that is operable to add predicates to the "WHERE" clauses of received SQL queries before the SQL queries are executed. These predicates may be based on the security contexts of database connections over which the SQL queries are sent and may operate as row-level filters [0053-0054], the extended security logic as the secure view layer), the query generating data results based at least in part on the secure view policies applied to the sensitive data (King discloses a database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][0030][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052]); And display the data results including viewable sensitive data based on access permission and obfuscated data based on the secure view policies (King discloses the database client API may include the function “IS_MASKED(input-value)”, which function when executed with a given value as input parameter would return “TRUE” when the input parameter is a security-NULL value and “FALSE” otherwise. Other embodiments may provide a client with different mechanisms for checking whether a given value is a security-NULL value [0022]. Database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][003-0031][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052][0043] Fig. 2). King discloses a secure view system, King does not explicitly teach but Ortiz teaches the query of the database being initiated through the secure view layer via a query interface that is associated with the database (Ortiz teaches an intelligence layer 116 may provide an application programming interface through which queries can be run using combined aspects of both data sets. the intelligence layer 116 also provides graphical user interfaces from which dashboards or other visual representations using interactive visual elements and/or controls derived from the results of the queries can be rendered [0140]. An intelligence layer may provide an application programming interface through which queries can be run. These queries can include regular queries where information stored in the secure data warehouse is queried directly to return a result, and also more challenging machine learning-based queries where a machine learning model operates within the secure computing infrastructure platform [0023]. Queries, for example, can be conducted on joined versions of separate tables based on a primary or foreign key that is common to both (e.g., a userID, a user name, an address, a phone number), or a schema that is common to both (e.g., two tables of insurance claims that can be used to more accurately identify a typical payout amount for a particular type of event, such as flooding) [0024][0029][0129] Fig. 2B). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by King to include the query of the database being initiated through the secure view layer via a query interface that is associated with the database as disclosed by Ortiz. One of ordinary skill in the art would have been motivated for the purpose of controlling the underlying access to protected information and improve computational security and reduce potential exposure (Ortiz [0030][0041]). Re. claim 11, rejection of claim 10 is included and claim 11 is rejected with the same rationale as applied in claim 2. Re. claim 12, rejection of claim 11 is included and claim 12 is rejected with the same rationale as applied in claim 3. Re. claim 13, rejection of claim 10 is included and claim 13 is rejected with the same rationale as applied in claim 7. Re. claim 14, rejection of claim 10 is included and claim 14 is rejected with the same rationale as applied in claim 8. Claims 6, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over King et al. (US 20090094193, hereinafter King) in view of Ortiz et al. (US 20220108026, hereinafter Ortiz) and in further view of McFall et al. (US 20200327252, hereinafter McFall). Re. claim 6, King-Ortiz teach the computing device as recited in claim 5, King-Ortiz do not explicitly teach but McFall teaches wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer (McFall teaches the sensitive vs. non-sensitive distinction leads to an important optimization. The optimization occurs because the extra queries required, as discussed above, replace the aggregate function with a COUNT (here, “SELECT COUNT(*) WHERE gender=‘Male’;”), thus ending up with a query that concerns no public columns and so does not need noise. In this case, these extra queries that are conducted by Lens do not incur privacy budget and their results are exact [0146][0439]. Masking, generalising, or perturbing this data before sharing it with developers provides a layer of defense against privacy breach while retaining the utility of the data [0686][0171][0386][0525-[0532]). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by King-Ortiz to include wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer as disclosed by McFall. One of ordinary skill in the art would have been motivated for the purpose of the ability to designate columns as public or private and automatically decide whether to add noise to queries based on whether they concern private columns (McFall [0085]). Re. claim 15, King discloses a method, comprising: maintaining a database of relational data that includes identifying data and sensitive data associated with the identifying data (King discloses allow the representation of entities to be structured in a relational database [0017]. Table 220 includes columns that store both sensitive data (e.g. column 230) and non-sensitive data (e.g. columns 224, 226, and 228). For example, the salary of employee "Jane Roe" is stored in column 230 as "56,000" and her phone number is currently not known as indicated by the "NULL" value stored in column 226. Similarly, the salary of employee "Tom Burns" is stored in column 230 as "54,000" and his phone number is stored in column 226 as "555-3422" [0057][0036], the relational database contains sensitive data and non-sensitive data “identifying data”); integrating a schema of table structures of a secure view system into the database, the schema of table structures integrated into the database as a schema instantiation of the table structures (King discloses the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. Creating databases and tables [0015][0018][0072], creating tables into the database); populating the table structures with metapolicies that indicate the associations of the sensitive data with the identifying data, and the metapolicies indicating secure view policies that define access permissions to view one or more of the sensitive data (King discloses security policies may be stored in one or more database objects within a database. For example, the database objects storing security policies may be tables, views, materialized views, indexes, or any other data structures that a database server can create and maintain as part of a database schema [0036]. The same security policy can be associated with multiple columns in multiple tables, while at same time allowing database users to manage the permissions expressed in the security policy from a single location relative to the one or more entity attributes [0026]. The techniques described herein are not in any way limited to applying only one security policy defined for one column in one table [0047]. This condition of security policy 240 indicates that for each row of table 220, the value of the column 230 ("Salary") may be viewed only by database users that belong to a group with a "GROUP_ID" that matches the value stored in the "MANAGER_ID" column [0059][0018], security policies manages access permissions to view one or more of the sensitive data. Tables are created with security policies with multiple columns (columns contains sensitive and non-sensitive data)); initiating a query of the database of the relational data for data results (King discloses a user sends a query requesting the data in the employee table [0027]); and generating data results of the query based at least in part on the secure view policies that define an access permission of the query to return viewable one or more sensitive data as the data results (King discloses a database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][0030][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052]); and displaying the data results including the viewable one or more sensitive data based on the access permission and obfuscated based on the secure view policies (King discloses the database client API may include the function “IS_MASKED(input-value)”, which function when executed with a given value as input parameter would return “TRUE” when the input parameter is a security-NULL value and “FALSE” otherwise. Other embodiments may provide a client with different mechanisms for checking whether a given value is a security-NULL value [0022]. Database developer may define a column-level security policy to allow a user who belongs to a benefits administration role to view the Social Security numbers of only those people for whom the user manages various benefits [0025]. The user has permissions to access at least some data in the employee table, the database server retrieves the set of data that is requested in the received query [0029][003-0031][0039]. Query engine 206 may be implemented as a set of instructions which, when executed by one or more processors, is operable to: process requests for data received from a client, such as client 202; retrieve the requested data from one or more databases, such as database 210; and to return the retrieved data to the client. Generate execution plans or other operator trees that may be used to execute the received queries; execute or cause the execution of the received queries at least against database 210 and retrieve the requested sets of rows therefrom; and return the sets of rows to the client or clients that sent the queries [0052][0043] Fig. 2). King discloses a secure view system, King does not explicitly teach but Ortiz teaches the query of the database being initiated through a secure view layer of the secure view system (Ortiz teaches an intelligence layer 116 may provide an application programming interface through which queries can be run using combined aspects of both data sets. the intelligence layer 116 also provides graphical user interfaces from which dashboards or other visual representations using interactive visual elements and/or controls derived from the results of the queries can be rendered [0140]. An intelligence layer may provide an application programming interface through which queries can be run. These queries can include regular queries where information stored in the secure data warehouse is queried directly to return a result, and also more challenging machine learning-based queries where a machine learning model operates within the secure computing infrastructure platform [0023]. Queries, for example, can be conducted on joined versions of separate tables based on a primary or foreign key that is common to both (e.g., a userID, a user name, an address, a phone number), or a schema that is common to both (e.g., two tables of insurance claims that can be used to more accurately identify a typical payout amount for a particular type of event, such as flooding) [0024][0029][0129] Fig. 2B). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by King to the query of the database being initiated through a secure view layer of the secure view system as disclosed by Ortiz. One of ordinary skill in the art would have been motivated for the purpose of controlling the underlying access to protected information and improve computational security and reduce potential exposure (Ortiz [0030][0041]). King-Ortiz teach a secure view system including a schema of table structures integrated into a database and a query interface associated with the database, King Ortiz do not explicitly teach but McFall teaches wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer (McFall teaches the sensitive vs. non-sensitive distinction leads to an important optimization. The optimization occurs because the extra queries required, as discussed above, replace the aggregate function with a COUNT (here, “SELECT COUNT(*) WHERE gender=‘Male’;”), thus ending up with a query that concerns no public columns and so does not need noise. In this case, these extra queries that are conducted by Lens do not incur privacy budget and their results are exact [0146][0439]. Masking, generalising, or perturbing this data before sharing it with developers provides a layer of defense against privacy breach while retaining the utility of the data [0686][0171][0386][0525-[0532][0085][0096] Figs. 1 and 2). Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by King-Ortiz to include wherein the secure view layer leverages a database optimizer of the database to optimize the query using the schema of table structures integrated into the database, the database optimizer being proprietary to a database platform of the database and the secure view system configured to interface with the database optimizer via the secure view layer as disclosed by McFall. One of ordinary skill in the art would have been motivated for the purpose of the ability to designate columns as public or private and automatically decide whether to add noise to queries based on whether they concern private columns (McFall [0085]). Re. claim 16, rejection of claim 15 is included and claim 16 is rejected with the same rationale as applied in claims 2 and 3. Re. claim 17, rejection of claim 15 is included and claim 17 is rejected with the same rationale as applied in claim 4. Re. claim 18, rejection of claim 17 is included and claim 18 is rejected with the same rationale as applied in claim 5. Re. claim 20, rejection of claim 15 is included and claim 20 is rejected with the same rationale as applied in claim 8. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Woodward (US 20190332795) discloses he system can provide secure data retrieval for entities of the network. For example, a security sub-system can maintain one or more permissions for authorized users that determines what information the users can retrieve. Based on the security sub-system, a data retrieval request can be filtered to ensure the authorized user is only provided with information according to the established permissions. Kumar (US 11544239) discloses the database access layer may be an interface that provides connectivity and access to a lower level physical database storage. This interface may provide functionality to obtain and synchronize physical schema, data, or both, and to execute queries on the source database [Col 38 lines 9-28]. The database access layer 4090 may be an interface that provides the semantic interface 4030 connectivity and access to a data source, for example the in-memory database 4040, the external database 4060, or both [Col 39 lines 17-29]. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN AYALA/Primary Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Mar 04, 2022
Application Filed
Apr 20, 2024
Non-Final Rejection — §103
Oct 25, 2024
Response Filed
Dec 26, 2024
Final Rejection — §103
Jun 30, 2025
Request for Continued Examination
Jul 06, 2025
Response after Non-Final Action
Jul 23, 2025
Non-Final Rejection — §103
Jan 26, 2026
Response Filed
Mar 23, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/293,398
Patent 12549375
DEFINING AND MANAGING FORMS IN A DISTRIBUTED LEDGER TRUST NETWORK
2y 5m to grant Granted Feb 10, 2026
17/330,368
Patent 12542684
SOCIAL MEDIA CONTENT MANAGEMENT SYSTEMS
2y 5m to grant Granted Feb 03, 2026
18/510,462
Patent 12542675
SYSTEMS AND METHODS FOR ENCRYPTED MULTIFACTOR AUTHENTICATION USING IMAGING DEVICES AND IMAGE ENHANCEMENT
2y 5m to grant Granted Feb 03, 2026
16/826,484
Patent 12531746
ENABLING CONSENSUS IN DISTRIBUTED TRANSACTION PROCESSING SYSTEMS
2y 5m to grant Granted Jan 20, 2026
17/449,616
Patent 12530454
Behavior analysis based on finite-state machine for malware detection
2y 5m to grant Granted Jan 20, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
64%
Grant Probability
96%
With Interview (+31.8%)
3y 4m
Median Time to Grant
High
PTA Risk
Based on 164 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month