Prosecution Insights
Last updated: July 17, 2026
Application No. 18/159,867

RESTRICTED DATABASE ACCESS IN WEB APPLICATIONS

Final Rejection §103
Filed
Jan 26, 2023
Examiner
LIN, SHERMAN L
Art Unit
2447
Tech Center
2400 — Computer Networks
Assignee
Dell Products L.P.
OA Round
4 (Final)
29%
Grant Probability
At Risk
5-6
OA Rounds
1y 7m
Est. Remaining
66%
With Interview

Examiner Intelligence

Grants only 29% of cases
29%
Career Allowance Rate
75 granted / 258 resolved
-28.9% vs TC avg
Strong +37% interview lift
Without
With
+36.6%
Interview Lift
resolved cases with interview
Typical timeline
5y 0m
Avg Prosecution
26 currently pending
Career history
300
Total Applications
across all art units

Statute-Specific Performance

§101
0.2%
-39.8% vs TC avg
§103
97.8%
+57.8% vs TC avg
§102
1.4%
-38.6% vs TC avg
§112
0.3%
-39.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 258 resolved cases

Office Action

§103
DETAILED ACTION In a communication received on 20 January 2026, and amended claims 1 and 11. Claims 1-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claim(s) 1 and 11 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-6, 8-16 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Murray et al. (US 7,644,285) in view of Shah et al. (US 2015/0135257 A1). With respect to claim 1, Murray discloses: a method (i.e., data is communicated between system elements and the launcher signs on to the database and creates a temporary restricted user in Murray, col. 3 lines 31-42), [a user credential] that is natively recognized by the database (i.e., the temporary sign on uses a database password and user name, and the database accepts the sign on as successful; credential accepted by the database itself is natively recognized by the database in Murray, col. 6 lines 1-11, col. 7 lines 32-47) and that defines database-level privileges corresponding to the database access rights (i.e., temporary sign on has restricted access to database files and the temporary user is limited to particular predefined data and functions; restrictions are database-level privileges corresponding to the user's database access rights in Murray, col. 5 line 60 to col. 6 line 1-3; col. 6 lines 56-67), wherein the temporary, user-specific database credential corresponds to a database principal selected from a database user account or a database role (i.e., creates a temporary database user and uses a temporary database user name and password to sign on as that temporary user in Murray, col. 2 lines 37-65; col. 6 lines 56-67), and wherein the temporary, user-specific database credential is not an identity token service, cookie, or tag evaluated by an application-layer or intermediary authorization service (i.e., credential is a temporary database user name/password and connect string accepted by the database, not an identity token, service cookie, or tag evaluated by an intermediary authorization service. in Murray, col. 2 lines 37-65; col. 6 lines 56-67; col. 7 lines 32-47); and when the user uses the webapp to access the database, the database, using the temporary database credential, enforces the database-level privileges to determine accessible database content and permitted operations (i.e., database accepts the temporary sign on, and the temporary sign on restricts database files to predefined data/functions; using the temporary database credential, the database enforces database-level privileges to determine accessible content and permitted operations in Murray, col. 5 line 60 to col. 6 line 1-3; col. 6 lines 56-67; col. 7 lines 32-47). Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: receiving, by a policy layer from a webapp, user information and a database request that identifies a database (i.e., policy layer sub-system receives a user request through an interface/URI, determines the user's identity, and accesses the user's profile for the requested service in Shah, ¶0065, ¶0066, ¶0068), and the database request is automatically made and transmitted by the webapp to the policy layer as a result of an interaction of a user with a page of the webapp (i.e., use of a URI/interface causes the policy management subsystem to detect the user's action and receive a request in Shah, ¶0017, ¶0053, ¶0065); obtaining, by the policy layer, information identifying database access rights for the user who transmitted the database request using the page of the webapp (i.e., policy management subsystem accesses the user's profile to identify applicable policies and then uses those policies with identity management in Shah, ¶0068, ¶0069); creating, by the policy layer at the database, a temporary, user-specific database credential (i.e., policy management subsystem obtains user policies and requests temporary credentials for services the user may access in Shah, ¶0018, ¶0041, ¶0069); returning, by the policy layer, the temporary database credential to either the user or to the webapp (i.e., temporary credentials are transmitted to or managed by the policy management subsystem to enable user access through an interface/service in Shah, ¶0018, ¶0041, ¶0069), and displaying by the webapp, based on the database-enforced access (i.e., interface is customized according to policies and can present only permitted services/resources/actions in Shah, ¶0017, ¶0023, ¶0070), (1) database content that the user is authorized to access (i.e., interface is customized to only utilize or show permissible services, resources, and actions in Shah, ¶0017, ¶0053, ¶0070), and (2) user privileges that the user has with respect to the database content (i.e., policies display identifies database service, resource, allow/deny effect, and actions the user may take in Shah, ¶0054, ¶0055, ¶0070), wherein the webapp does not evaluate, enforce, or determine database authorization or database access privileges (i.e., policy management subsystem determines user validity, extracts policies, and has identity management apply them; interface does not evaluate, enforce, or determine database authorization or privileges. in Shah, ¶0018, ¶0067, ¶0068). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 2, Murray discloses: the method as recited in claim 1, wherein the credential includes user privileges (i.e., temporary user is created with restricted access rights that allow only predefined data/functions in Murray, col. 7 lines 32-47). With respect to claim 3, Murray discloses: the method as recited in claim 1, wherein when the user uses the credential, the user is granted access to the database, and the access is constrained by user privileges (i.e., temporary database user name and password initiates a temporary database session, the database accepts the sign on, and access is in a restricted fashion in Murray, col. 2 lines 37-64; col. 7 lines 32-47). With respect to claim 4, Murray discloses: the method as recited in claim 1, wherein the credential is specific to the user (i.e., a separate password is created for each user file and the temporary signon uses the temporary database password and the user's name in Murray, col. 7 lines 32-47). With respect to claim 5, Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: the method as recited in claim 1, wherein the webapp is configured to use user privilege information in the credential to change what is displayed to, and/or selectable by, the user (i.e., interface is customized according to user policies and can show or allow only permissible services/resources/actions in Shah, ¶0017, ¶0053, ¶0070). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 6, Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: the method as recited in claim 1, wherein the information identifying the database privileges is obtained by the policy layer from either the database, or from a centralized identity management system (i.e., the policy management subsystem accesses user profiles/policies and communicates with an identity management service to obtain temporary credentials and define actions in Shah, ¶0018, ¶0023, ¶0069). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 8, Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: the method as recited in claim 1, wherein the credential is generated ad hoc in response to the database request (i.e., policy management subsystem receives a user request, obtains applicable policies, and requests temporary credentials in Shah, ¶0065, ¶0068, ¶0069). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 9, Murray discloses: the method as recited in claim 1, and to the database (i.e., creates a separate password for each user file, uses the user's name, and targets database 60 through the software application in Murray, col. 2 lines 27-36) Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: , wherein the credential is specific to the user, the webapp (i.e., generating a user-specific interface and credentials for particular services/resources/actions, such as a database service and named database resource in Shah, ¶0023, ¶0055, ¶0070). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 10, Murray discloses launcher mediates database access and creates temporary restricted database user (col. 2 lines 6-26). Murray do(es) not explicitly disclose the following. Shah, in order to reduce administrative burden by specifying user policies for any service using a policy sub-system (¶0019), discloses: the method as recited in claim 1, wherein the webapp makes no determination as to whether or not the user is granted access to the database (i.e., policy management subsystem determines whether the user is valid, extracts policies, and has identity management enforce allowed actions in Shah, ¶0067, ¶0068, ¶0069). Based on Murray in view of Shah, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Shah to improve upon those of Murray in order to reduce administrative burden by specifying user policies for any service using a policy sub-system. With respect to claim 11, the limitation(s) of claim 11 are similar to those of claim(s) 1. Therefore, claim 11 is rejected with the same reasoning as claim(s) 1. With respect to claim 12, the limitation(s) of claim 12 are similar to those of claim(s) 2. Therefore, claim 12 is rejected with the same reasoning as claim(s) 2. With respect to claim 13, the limitation(s) of claim 13 are similar to those of claim(s) 3. Therefore, claim 13 is rejected with the same reasoning as claim(s) 3. With respect to claim 14, the limitation(s) of claim 14 are similar to those of claim(s) 4. Therefore, claim 14 is rejected with the same reasoning as claim(s) 4. With respect to claim 15, the limitation(s) of claim 15 are similar to those of claim(s) 5. Therefore, claim 15 is rejected with the same reasoning as claim(s) 5. With respect to claim 16, the limitation(s) of claim 16 are similar to those of claim(s) 6. Therefore, claim 16 is rejected with the same reasoning as claim(s) 6. With respect to claim 18, the limitation(s) of claim 18 are similar to those of claim(s) 8. Therefore, claim 18 is rejected with the same reasoning as claim(s) 8. With respect to claim 19, the limitation(s) of claim 19 are similar to those of claim(s) 9. Therefore, claim 19 is rejected with the same reasoning as claim(s) 9. With respect to claim 20, the limitation(s) of claim 20 are similar to those of claim(s) 10. Therefore, claim 20 is rejected with the same reasoning as claim(s) 10. Claim(s) 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Murray et al. (US 7,644,285) in view of Shah et al. (US 2015/0135257 A1), and further in view of Lemaster et al. (US 2014/0289830 A1). With respect to claim 7, Murray discloses initiating temporary session using temporary database user name and password (col. 2 lines 37-65). Murray and Shah do(es) not explicitly disclose the following. Lemaster, in order to improve security exposure by providing deactivation of remote user sessions after a period of time (¶0060), discloses: the method as recited in claim 1, wherein the credential expires automatically after a period of time (i.e., session timeouts with start/end dates or expiration periods, and deleting tokens/closing access when the expiration time is met in Lemaster, ¶0060, ¶0072, ¶0082). Based on Murray in view of Shah, and further in view of Lemaster, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Lemaster to improve upon those of Murray in order to improve security exposure by providing deactivation of remote user sessions after a period of time. With respect to claim 17, the limitation(s) of claim 17 are similar to those of claim(s) 7. Therefore, claim 17 is rejected with the same reasoning as claim(s) 7. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Sherman Lin 5/23/2026 /S. L./Examiner, Art Unit 2447 /JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447
Read full office action

Prosecution Timeline

Show 2 earlier events
Jan 02, 2025
Response Filed
Mar 14, 2025
Final Rejection mailed — §103
Apr 28, 2025
Response after Non-Final Action
Jun 16, 2025
Request for Continued Examination
Jun 21, 2025
Response after Non-Final Action
Oct 23, 2025
Non-Final Rejection mailed — §103
Jan 20, 2026
Response Filed
Jun 01, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12639474
RESTRICTED ENVIRONMENTS FOR MESSAGE GENERATION IN NETWORKED ENVIRONMENTS
5y 8m to grant Granted May 26, 2026
Patent 12494926
QUIC TRANSPORT PROTOCOL-BASED COMMUNICATION METHOD AND SYSTEM
3y 8m to grant Granted Dec 09, 2025
Patent 12445523
DISCOVERY AND CONFIGURATION OF IOT DEVICES
5y 7m to grant Granted Oct 14, 2025
Patent 12267257
VIRTUAL MACHINE MIGRATION IN CLOUD INFRASTRUCTURE NETWORKS
5y 2m to grant Granted Apr 01, 2025
Patent 12206751
METHODS AND SYSTEMS FOR CONTENT DISTRIBUTION
4y 10m to grant Granted Jan 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
29%
Grant Probability
66%
With Interview (+36.6%)
5y 0m (~1y 7m remaining)
Median Time to Grant
High
PTA Risk
Based on 258 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month