Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to application filed on March 2, 2026, in which claims 1-12 are presented for further examination.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on March 2, 2026 has been entered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-12 are rejected under 35 USC 103(a) as being unpatentable over KALABE et al. (US 20230080220 A1) (hereinafter KALABE) in view of Chen et al. (US 20230403306 A1) (hereinafter Chen).
As per claims 1, 5 and 9, KLABE discloses a plurality of processing nodes, wherein at least one processing node of the plurality of processing nodes [Client device 105a and 105b] is configured to: receive a user-defined function (“UDF”) prior to installation [UDF compiler 126 can receive the UDF at some point prior to execution of a database query that calls the UDF, prior to (and/or separate from) database runtime, paragraph 45]; scan source code of the user-defined function [In order to achieve safety during the compilation step, a ban list of modules can be maintained and the UDF code can be scanned before the compilation, paragraph 22]. However KLABE does not disclose in response to identification of at least one of a plurality of predetermined conditions in the user-defined function during the scan; require that the UDF is executed at a secure server outside of the plurality of processing nodes, wherein the at least one of a plurality of conditions is associated with unauthorized content of the UDF. On the other hand, Chen discloses in response to identification of at least one of a plurality of predetermined conditions in the user-defined function during the scan, require that the UDF is executed at a secure server outside of the plurality of processing nodes, wherein the at least one of a plurality of conditions is associated with unauthorized content of the UDF [permissions stored in the security manager policies 420 and/or sandbox policies 422, paragraph 73, it is understood that the permissions and policies are interpreted as predetermined conditions], require that the UDF is executed at a secure server outside of the plurality of processing nodes, wherein the at least one of a plurality of conditions is associated with unauthorized content of the UDF [the security manager 416 is implemented as a security manager object that allows an application to implement a security policy such as a security manager policies 420 and enables the application to determine, before performing a possibly unsafe or sensitive operation, what the operation is and whether it is being attempted in a security context that allows the operation to be performed. The security manager policies 420 can be implemented as a file with permissions that the UDF server 406 is granted. The UDF server 406 therefore can allow or disallow the operation based at least in part on the security policy, paragraph 80 (It is understood that Chen teaches evaluating a UDF against predefined security conditions using the security manager and security manager policies, where disallowed operations correspond to conditions associated with unauthorized content of the UDF. In response, Chen enforces execution within a sandboxed environment (e.g., UDF server 406), which is logically isolated and operates under restricted permissions. This sandbox constitutes a secure server separate from the plurality of processing nodes, as it isolates execution of UDFs containing unauthorized content from the normal processing environment. Accordingly, Chen teaches requiring execution of the UDF at a secure server outside the processing nodes based on identified unauthorized conditions)]. Both references KALABE and Chen are in the field of endeavor of data storage and accessing the secured data. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine for executing compiled user defined function (UDF) in interpreted database query engine as disclosed in KALABE with the authorizing access by the application to data based on strategies of the context as taught by Chen to access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service, disclosed in Chen.
As per claims 2, 6 and 10, KALABE discloses wherein the at least one processing node is further configured to, in response to absence of the plurality of predetermined conditions, direct the UDF to be executed by one or more of the plurality of processing nodes [receiving, from an interface, a database query that invokes a UDF defined in an interpreted programming language. For example, one or more components of the database system 102, such as query interpreter 124, in conjunction with one or more processors, a memory 120 storing instructions for executing on a processor and/or related data, etc., may receive, from the interface, the database query that invokes the UDF defined in the interpreted programming language, Paragraph 46].
As per claims 3, 7 and 11, KALABE discloses wherein the plurality of predetermined conditions comprises operating system level calls, access check of non-permissible directories, and existence of source code that causes corruption or deletion of files or directories [external code where importing external libraries in the UDFs may be possible to benefit from the wide range of available modules to use in generating UDFs (e.g., available Python modules). Another example of such challenges may include typing where an operator can manage differences between the strictly-typed database system and the weakly-typed UDF code. Another example of such challenges may include safety where the system can be secured from unauthorized access over, or via, the UDFs, paragraph 18].
As per claims 4, 8 and 12, Chen discloses wherein the at least one processing node is configured to identify a corrective action for the UDF that is executed at the secure server outside of the plurality of processing nodes [the UDF server 406 executes within a sandbox process 414 as more fully described below. In some examples, the UDF server 406 is implemented in Python interpreted by an interpreter process, paragraph 78].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOOSHA ARJOMANDI whose telephone number is (571)272-9784. The examiner can normally be reached on (571)272-9784.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sanjiv Shah can be reached on (571)272-4098. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
March 18, 2026
/NOOSHA ARJOMANDI/Primary Examiner, Art Unit 2166