DETAILED ACTION
Notice of Pre-AIA or AIA Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2.A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/18/2026 has been entered.
Response to Arguments
3. According to applicant’s argument filed on 03/18/2026, claim(s) 1-2,4,6-11 and 14-18 have been amendment; and claim 3 had canceled, hereby acknowledged.
4. Applicant’s arguments with respect to independent claim(s) 1,8 and 15 have been fully considered but are moot based on the new ground of rejection.
5. Applicant argues that the primary reference Satish do not discloses the new amended claim limitation which recites: “the accessing comprising: computing an intersection between permissions granted to the second cloud-based software application and the access permissions specified by the first data schema; and providing, to the second cloud-based software application, a portion of the first data for which the intersection specifies read permission and rejecting or preventing modification of first data portions for which the intersection does not specify write permission”.
6. Examiner would like to point out that the new secondary reference Fathalla (US Pub.No.2022/0114274) teaches the above claimed limitation (see, the rejection below).
Claim Rejections - 35 USC § 103
7.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
8.Claim(s) 1-2 and 4-21 are rejected under 35 U.S.C. 103 as being unpatentable over
Satish (US Pat.No,11,895,126) in view of Fathalla (US Pub.No.2022/0114274).
9. Regarding claims 1, 8 and 15 Satish teaches a method/ cloud-based software platform /non-transitory computer-readable medium for providing access to data in a cloud-based software platform, the method comprising: generating, by a first cloud-based software application connected to a user account and running on the cloud-based software platform, first data associated with the user account; the first data being structured in accordance with a first data schema specifying data types of a plurality of fields; storing the first data in a cloud data store association with the user account; and accessing the first data by a second cloud-based software application connected to the user account and running on the cloud-based software platform, subject to access permissions specified by the first data schema (Fig.1-2 and Col.13, lines.60-67; Col.14, lines.1-13 teaches a cloud-based service can refer to a service hosted by one more computing resources that are accessible to end users over a network, for example, by using a web browser or other application on a client device [i.e., first and second cloud based software application connected to a user account] to interface with the remote computing resources. For example, a service provider may provide a data intake and query system 108 by managing computing resources configured to implement various aspects of the system (e.g., intake system 210, indexing system 212, query system 214, common storage 216, data store catalog 220, or query acceleration data store 222, etc.) and by providing access to the system to end users via a network. Typically, a user may pay a subscription or other fee to use such a service. Each subscribing user of the cloud-based service may be provided with an account that enables the user to configure a customized cloud-based system based on the user's preferences.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets);
Satish teaches all the above claimed limitations but fails to teach the accessing comprising: computing an intersection between permissions granted to the second cloud-based software application and the access permissions specified by the first data schema; and providing, to the second cloud-based software application, a portion of the first data for which the intersection specifies read permission and rejecting or preventing modification of first data portions for which the intersection does not specify write permission.
Fathalla teaches the accessing comprising: computing an intersection between permissions granted to the second cloud-based software application and the access permissions specified by the first data schema; and providing, to the second cloud-based software application, a portion of the first data for which the intersection specifies read permission and rejecting or preventing modification of first data portions for which the intersection does not specify write permission (Para:00023 teaches distributed file management system, a file may be stored at a data center that provides other computing devices with access to the file as a cloud-based service. Para:0035 teaches determining that the file 40 is locked for editing, the processor 12 may be further configured to deny the second application instance 36 access to the file. The processor 12 may, for example, be configured to deny a second access request 60 made by the second application instance 36 for both read privileges and edit privileges 54A but allow a request for only read privileges.
Para:0036-0037 teaches In examples in which the processor 12 grants the second application instance 36 access to the file 40, the processor 12 may be configured to do so without granting the modification privileges 54 to the second application instance 36. For example, when the processor 12 receives a second access request 60 from the second application instance 36 to access the file 40 with both read privileges and edit privileges 54A, but the lock status metadata 48 indicates that the file 40 is locked for editing at the second server computing device 20, the processor 12 may be configured to grant the second application instance 36 access to the file 40 in read-only mode rather than with both reading and editing enabled).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Satish to include computing an intersection between permissions granted to the second cloud-based software application and the access permissions specified by the first data schema; and providing, to the second cloud-based software application, a portion of the first data for which the intersection specifies read permission and rejecting or preventing modification of first data portions for which the intersection does not specify write permission as taught by Fathalla such a setup will provide improved security and protection to the data
10. Regarding claims 2, 9 and 16 Satish teaches the method/ cloud-based software platform /non-transitory computer-readable medium, wherein the accessing the first data comprises: identifying data objects stored in the cloud data store that comprise the first data; and retrieving the data objects that are consistent with the first data schema (Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
11. Regarding claims 4, 11 and 18 Satish teaches the method/ cloud-based software platform /non-transitory computer-readable medium, wherein the first data is inaccessible to a second instance by the second cloud-based software application (Col.15, lines.20-38 teaches the data intake and query system 108 in a remote distributed system, shared computing resource environment, or as a cloud-based service can improve compute resource utilization. In a shared computing resource environment, one instance of a data intake and query system can be configured to process the data from one customer or tenant or from multiple customers or tenants. Even in cases where a separate instance of a data intake and query system is used for each customer, the underlying hardware on which the instances of the data intake and query system 108 are instantiated may still process data from different tenants. Accordingly, in a shared computing resource environment, the data from different tenants may not be physically separated on distinct hardware devices. For example, data from one tenant may reside on the same hard drive as data from another tenant or be processed by the same processor. In such cases, the data intake and query system 108 can maintain logical separation between tenant data. For example, the data intake and query system can include separate directories for different tenants and apply different permissions and access controls to access the different directories or to process the data, etc. (i.e., different access control for different users).
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets).
12. Regarding claims 5, 12 and 19 Satish teaches the method/ cloud-based software platform /non-transitory computer-readable medium, wherein the first data schema is published in a repository comprising a plurality of data schemas accessible to cloud-based applications running on the cloud-based software platform (Fig.1-2 and Col.13, lines.60-67; Col.14, lines.1-13 teaches a cloud-based service can refer to a service hosted by one more computing resources that are accessible to end users over a network, for example, by using a web browser or other application on a client device to interface with the remote computing resources. For example, a service provider may provide a data intake and query system 108 by managing computing resources configured to implement various aspects of the system (e.g., intake system 210, indexing system 212, query system 214, common storage 216, data store catalog 220, or query acceleration data store 222, etc.) and by providing access to the system to end users via a network. Typically, a user may pay a subscription or other fee to use such a service. Each subscribing user of the cloud-based service may be provided with an account that enables the user to configure a customized cloud-based system based on the user's preferences.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
13. Regarding claims 6, 13 and 20 Satish teaches the method/ cloud-based software platform /non-transitory computer-readable medium further comprising: generating, by a third cloud-based software application connected to the user account and running on the cloud-based software platform, second data associated with the user account, the second data being structured in accordance with a second data schema different from the first data schema; and storing the second data in the cloud data store in association with the user account (Fig.1-2 and Col.13, lines.60-67; Col.14, lines.1-13 teaches a cloud-based service can refer to a service hosted by one more computing resources that are accessible to end users over a network, for example, by using a web browser or other application on a client device to interface with the remote computing resources. For example, a service provider may provide a data intake and query system 108 by managing computing resources configured to implement various aspects of the system (e.g., intake system 210, indexing system 212, query system 214, common storage 216, data store catalog 220, or query acceleration data store 222, etc.) and by providing access to the system to end users via a network. Typically, a user may pay a subscription or other fee to use such a service. Each subscribing user of the cloud-based service may be provided with an account that enables the user to configure a customized cloud-based system based on the user's preferences.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
14. Regarding claims 7 and 14 Satish teaches the method/ cloud-based software platform, further comprising: accessing the second data associated with the user account by a fourth cloud- based software application connected to the user account and running on the cloud-based software platform, subject to access permissions specified by the second data schema (Fig.1-2 and Col.13, lines.60-67; Col.14, lines.1-13 teaches a cloud-based service can refer to a service hosted by one more computing resources that are accessible to end users over a network, for example, by using a web browser or other application on a client device to interface with the remote computing resources. For example, a service provider may provide a data intake and query system 108 by managing computing resources configured to implement various aspects of the system (e.g., intake system 210, indexing system 212, query system 214, common storage 216, data store catalog 220, or query acceleration data store 222, etc.) and by providing access to the system to end users via a network. Typically, a user may pay a subscription or other fee to use such a service. Each subscribing user of the cloud-based service may be provided with an account that enables the user to configure a customized cloud-based system based on the user's preferences.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
15. Regarding claims 10 and 17 Satish teaches cloud-based software platform /non-transitory computer-readable medium, wherein the data objects comprise: second data structured in accordance with the first data schema and generated by a third cloud-based software application connected to the user account and running on the cloud-based software platform (Fig.1-2 and Col.13, lines.60-67; Col. 14, lines. 1-13 teaches a cloud-based service can refer to a service hosted by one more computing resources that are accessible to end users over a network, for example, by using a web browser or other application on a client device [i.e., third cloud based software application] to interface with the remote computing resources. For example, a service provider may provide a data intake and query system 108 by managing computing resources configured to implement various aspects of the system (e.g., intake system 210, indexing system 212, query system 214, common storage 216, data store catalog 220, or query acceleration data store 222, etc.) and by providing access to the system to end users via a network. Typically, a user may pay a subscription or other fee to use such a service. Each subscribing user of the cloud-based service may be provided with an account that enables the user to configure a customized cloud-based system based on the user's preferences.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
16. Regarding claim 21 Satish teaches the method, wherein the first data schema defines the plurality of fields by corresponding field names, respective data types for the plurality of fields, and respective access permissions for the plurality of fields including at least one of private, read- only, write-only, append-only, or read-write (Col.22, lines.30-41 teaches the metadata catalog 221 can store information about datasets used or supported by the data intake and query system 108 and/or one or more rules that indicate which data in a dataset to process and how to process the data from the dataset. The information about the datasets can include configuration information, such as, but not limited to the type of the dataset, access and authorization information for the dataset, location information for the dataset, physical and logical names or other identifiers for the dataset, etc. The rules can indicate how different data of a dataset is to be processed and/or how to extract fields or field values from different data of a dataset.
Col.25, lines.23-58 teaches each request or command received by a client device and/or data source 202, the gateway 215 can authenticate the computing device from which the requester command was received and/or determine whether the requester has sufficient permissions or authorizations to make the request. In some cases, as part of authenticating the user the system 108 can determine the permissions of the users, such as, the datasets, or components of the system 108 that the user can access. In some cases, users can have different permissions to different components of the system. For example, one user may have access to the intake system 210, indexing system 212, and query system 214, and another user may only have access to the query system 214. As another example, one user may be identified as an administrator and have permissions to access and/or modify configuration files, etc., and another user may only have read-only permissions in order to execute queries and receive results of the queries.
Col.79, lines.47-56 teaches the query acceleration data store 222 can be utilized to service requests from different client devices 204, the query acceleration data store 222 can implement access controls (e.g., an access control list) with respect to the stored datasets. In this way, the stored datasets can optionally be accessible only to users associated with requests for the datasets. Optionally, a user who provides a query can indicate that one or more other users are authorized to access particular requested datasets).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DEREENA T CATTUNGAL/ Primary Examiner, Art Unit 2431