APPARATUSES, SYSTEMS, AND METHODS FOR PROVIDING ACCESS RIGHTS MANAGEMENT IN A BUILDING GRAPH

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/29/2026 has been entered. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 1, 3, 6-7, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (U.S. Patent Application Publication No. 2013/0047230, hereinafter “Krishnan”) in view of McErlean et al. (U.S. Patent Application Publication No. 2015/0101021, hereinafter “McErlean”). Claim 1: Krishnan discloses a method for providing access control to data of a system, the method comprising: providing an interface (§ 0097, Line 1-2; When a user authenticates to the CPS tool 70, the credentials are verified); receiving access control information via the interface, the access control information relating to a subset of the data of the system (§ 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior); generating an access control command based at least in part upon the received access control information (See citation above. The user is associated to a tenant/customer group (partitioned group)); processing the access control command to create an external repository which is external to the system (§ 0064, Lines 6-8; Each partition forms part of a shard, which may in turn be located on a separate database server or physical location), the external repository including the subset of the data of the system (§ 0099, Lines 8-9; The user in turn will be provided with a temporary secured compartment (logical) to work on its data); and providing access to at least a portion of the subset of the data of the system to a user (§ 0100, Lines 1-2; The buffer pool manager of the database will provide data to the user based on user query). Krishnan does not appear to disclose the external repository being a synchronized copy of the subset of the data of the system that is at least periodically updated to sync with the subset of data. McErlean discloses the external repository being a synchronized copy of the subset of the data of the system that is at least periodically updated to sync with the subset of data (§ 0009, Lines 1-6; The synchronizing can occur periodically and can include reading from a tenant audit log that records changes to the cloud copy occurring since a previous synchronization and reading from an on-premises audit log that records changes to the on-premise content occurring since the previous synchronization). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan’s temporary secured compartment by incorporating the concept of periodically synchronization, as taught by McErlean, in order to ensure that Krishnan’s temporary secured compartment is up-to-date with respect to the shard/database. Claim 3: Krishnan in view of McErlean further discloses wherein the received access control information includes an identifier of a tenant and one or more entities associated with the tenant (Krishnan, § 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior) (Also see Krishnan, § 0100, Lines 3-8, which discloses only data for which the user-ID is authorized). Claim 6: Krishnan in view of McErlean further discloses receiving an authentication request from the user and selectively authenticating the user based at least in part upon the authentication request (Krishnan, § 0097, Lines 1-2; When a user authenticates to the CPS tool 70, the credentials are verified), whereby the providing access to at least a subset of the data of the system to the user is performed based at least in part upon the user being authenticated (Krishnan, § 0100, Lines 3-8; Once the user is logged in, the temporary compartment will be created, and only that data for which the user-ID is authorized and in that compartment, he can do all the activities). Claim 7: Krishnan in view of McErlean further discloses: receiving a query from the user; executing the query against the external repository to obtain query result data; and transmitting the query result data to the user (Krishnan, § 0100, Lines 1-2; The buffer pool manager of the database will provide data to the user based on user query). Claim 19: Krishnan in view of McErlean further discloses wherein the external repository is on an external device which is coupled to a network and external to the system (Krishnan, § 0064, Lines 6-8; Each partition forms part of a shard, which may in turn be located on a separate database server or physical location), the external device being configured to provide the user, operating a user device connected to the network, with direct access to the at least a portion of the subset of the data of the system from the external repository over the network (Krishnan, § 0099, Lines 8-9; The user in turn will be provided with a temporary secured compartment (logical) to work on its data). Claim(s) 2, 4-5, and 9-12 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (U.S. Patent Application Publication No. 2013/0047230, hereinafter “Krishnan”) in view of McErlean et al. (U.S. Patent Application Publication No. 2015/0101021, hereinafter “McErlean”); further in view of Akkiraju et al. (U.S. Patent Application Publication No. 2016/0203327, hereinafter “Akkiraju”). Claim 2: Krishnan in view of McErlean discloses the method as recited in claim 1. Krishnan in view of McErlean does not appear to disclose wherein the access control command is a SPARQL Protocol and RDF Query Language (SPARQL) query. Akkiraju discloses translating a query to a structured query in SPARQL (§ 0029, Lines 4-7). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan and McErlean’s access control command by translating it to SPARQL, as taught by Akkiraju, in order to express the command in a graph database query language (Akkiraju, § 0029, Lines 5-6). Claim 4: Krishnan in view of McErlean discloses the method as recited in claims 1 and 3. Krishnan in view of McErlean does not appear to disclose wherein the identifier of the tenant and data corresponding to the one or more entities associated with the tenant are stored in a graph database. Akkiraju discloses populating a repository in a graph database (§ 0026, Lines 6-8) (§ 0035, Lines 7-8, 16-18, and 24-26). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan and McErlean’s tenant data/repository by populating it in a graph database, as taught by Akkiraju, in order to provide a more granular and complementary form of access control for facts (Akkiraju, § 0024, Lines 5-7) and represent a preferred abstraction for computer scientists and programmers for representing and processing data (Akkiraju, § 0026, Lines 2-4). Claim 5: Krishnan in view of McErlean further in view of Akkiraju further discloses wherein the access control command is a SPARQL query used to generate a tenant repository as the external repository (Akkiraju, § 0029, Lines 4-7; Translating a query to a structured query in SPARQL). The motivation to modify Krishnan and McErlean’s access control command by translating it to SPARQL, as taught by Akkiraju, is to express the command in a graph database query language (Akkiraju, § 0029, Lines 5-6). Claim 9: Krishnan discloses a method for providing access control to data of a system, the method comprising: creating a tenant object (§ 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior); generating a tenant repository based at least in part upon the tenant object (§ 0099, Lines 8-9; The user in turn will be provided with a temporary secured compartment (logical) to work on its data); selectively authenticating a tenant user (§ 0097, Lines 1-2; When a user authenticates to the CPS tool 70, the credentials are verified); receiving a query from the tenant user (§ 0100, Lines 1-2; The buffer pool manager of the database will provide data to the user based on user query); performing the query against the tenant repository to generate query response data (See citation above. The user issues a query); and selectively transmitting the query response data to the tenant user (See citation above. The user is provided data based on the query). Krishnan does not appear to disclose the tenant repository being a synchronized copy of a subset of data of the system that is at least periodically updated to sync with the subset of data and populating the tenant repository in a graph database. McErlean discloses the tenant repository being a synchronized copy of a subset of data of the system that is at least periodically updated to sync with the subset of data (§ 0009, Lines 1-6; The synchronizing can occur periodically and can include reading from a tenant audit log that records changes to the cloud copy occurring since a previous synchronization and reading from an on-premises audit log that records changes to the on-premise content occurring since the previous synchronization). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan’s temporary secured compartment by incorporating the concept of periodically synchronization, as taught by McErlean, in order to ensure that Krishnan’s temporary secured compartment is up-to-date with respect to the shard/database. Akkiraju discloses populating a repository in a graph database (§ 0026, Lines 6-8) (§ 0035, Lines 7-8, 16-18, and 24-26). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan and McErlean’s tenant repository by populating it in a graph database, as taught by Akkiraju, in order to provide a more granular and complementary form of access control for facts (Akkiraju, § 0024, Lines 5-7) and represent a preferred abstraction for computer scientists and programmers for representing and processing data (Akkiraju, § 0026, Lines 2-4). Claim 10: Krishnan in view of McErlean further in view of Akkiraju further discloses wherein the tenant object is associated with a SPARQL Protocol and RDF Query Language (SPARQL) query (§ 0029, Lines 4-7). The motivation to modify Krishnan and McErlean’s tenant object to be associated with a SPARQL query, as taught by Akkiraju, is to support a graph database query language (Akkiraju, § 0029, Lines 5-6). Claim 11: Krishnan in view of McErlean further in view of Akkiraju further discloses wherein the tenant object includes an identifier of a tenant and one or more entities associated with the tenant (Krishnan, § 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior) (Also see Krishnan, § 0100, Lines 3-8, which discloses only data for which the user-ID is authorized). Claim 12: Krishnan in view of McErlean further in view of Akkiraju further discloses wherein the identifier of the tenant and data corresponding to the one or more entities associated with the tenant (Krishnan, § 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior) (Also see Krishnan, § 0100, Lines 3-8, which discloses only data for which the user-ID is authorized) are stored in a graph database (Akkiraju, § 0026, Lines 6-8) (Akkiraju, § 0035, Lines 7-8, 16-18, and 24-26). The motivation to modify Krishnan and McErlean’s tenant data/repository by populating it in a graph database, as taught by Akkiraju, is to provide a more granular and complementary form of access control for facts (Akkiraju, § 0024, Lines 5-7) and represent a preferred abstraction for computer scientists and programmers for representing and processing data (Akkiraju, § 0026, Lines 2-4). Claim(s) 8 is rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (U.S. Patent Application Publication No. 2013/0047230, hereinafter “Krishnan”) in view of McErlean et al. (U.S. Patent Application Publication No. 2015/0101021, hereinafter “McErlean”); further in view of Gupta et al. (U.S. Patent Application Publication No. 2020/0379421, hereinafter “Gupta”). Claim 8: Krishnan in view of McErlean discloses the method as recited in claim 1. Krishnan in view of McErlean does not appear to disclose wherein the subset of the data of the system is Building Management System (BMS) data. Gupta discloses a building management system (§ 0076, Lines 3-5; A BMS is a system of devices configured to control, monitor, and manage equipment in or around a building or building area). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan and McErlean’s system by extending its use to a BMS system, as taught by Gupta, in order to increase its use cases. Krishnan discloses, in 0026, that embodiments of his invention are capable to being implemented in conjunction with any other type of computing environment now known or later developed. Claim(s) 13 is rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (U.S. Patent Application Publication No. 2013/0047230, hereinafter “Krishnan”) in view of McErlean et al. (U.S. Patent Application Publication No. 2015/0101021, hereinafter “McErlean”); further in view of Akkiraju et al. (U.S. Patent Application Publication No. 2016/0203327, hereinafter “Akkiraju”); further in view of Gupta et al. (U.S. Patent Application Publication No. 2020/0379421, hereinafter “Gupta”). Claim 13: Krishnan in view of McErlean further in view of Akkiraju discloses the method as recited in claims 9 and 11. Krishnan in view of McErlean in view of Akkiraju does not appear to disclose wherein the data of the system is Building Management System (BMS) data stored by a management system. Gupta discloses a building management system (§ 0076, Lines 3-5; A BMS is a system of devices configured to control, monitor, and manage equipment in or around a building or building area). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan, McErlean, and Akkiraju’s system by extending its use to a BMS system, as taught by Gupta, in order to increase its use cases. Krishnan discloses, in § 0026, that embodiments of his invention are capable to being implemented in conjunction with any other type of computing environment now known or later developed. Claim(s) 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnan et al. (U.S. Patent Application Publication No. 2013/0047230, hereinafter “Krishnan”) in view of McErlean et al. (U.S. Patent Application Publication No. 2015/0101021, hereinafter “McErlean”); further in view of Akkiraju et al. (U.S. Patent Application Publication No. 2016/0203327, hereinafter “Akkiraju”); further in view of Wright, II et al. (U.S. Patent No. 8718236, hereinafter “Wright”). Claim 14: Krishnan disclose a system for providing access control to stored data, comprising: a network (§ 0054, Lines 8-12; Computer system/server 12 can communicate with one or more networks); a device coupleable to the network, the device configured to receive input from a user and to transmit information via the network (See citation above); and a management system communicatively coupleable to the network (§ 0063, Lines 2-7; A cloud private shard securer (CPS) tool 70 that implements the functions of the management layer 64), the management system including, a management data storage, the management data storage configured to store tenant data (§ 0064, Lines 6-8; Each partition forms part of a shard, which may in turn be located on a separate database server or physical location) (§ 0068, Lines 4-5; A pure multi-tenant/customer shared private shard with its specifics of security constraint); and a computer processor configured to execute instructions that generate an interface for interacting with the management system via the network (§ 0097, Lines 1-2; When a user authenticates to the CPS tool 70, the credentials are verified), wherein the management system is configured to receive a tenant object from the device (§ 0097, Lines 2-5) and to generate a tenant repository based at least in part upon the tenant object (§ 0099, Lines 8-9; The user in turn will be provided with a temporary secured compartment (logical) to work on its data), wherein, after generation and population of the tenant repository, the management system is further configured to: receive an authentication request from the device via the network; and selectively authenticate a tenant based at least in part upon the received authentication request before allowing access to the tenant repository or data thereon. Krishnan does not appear to disclose: the tenant repository being a synchronized copy of a subset of the stored data that is at least periodically updated to sync with the subset of stored data; populating the tenant repository in a graph database; wherein, after generation and population of the tenant repository, the management system is further configured to: receive an authentication request from the device via the network; and selectively authenticate a tenant based at least in part upon the received authentication request before allowing access to the tenant repository or data thereon. McErlean discloses the tenant repository being a synchronized copy of a subset of the stored data that is at least periodically updated to sync with the subset of stored data (§ 0009, Lines 1-6; The synchronizing can occur periodically and can include reading from a tenant audit log that records changes to the cloud copy occurring since a previous synchronization and reading from an on-premises audit log that records changes to the on-premise content occurring since the previous synchronization). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan’s temporary secured compartment by incorporating the concept of periodically synchronization, as taught by McErlean, in order to ensure that Krishnan’s temporary secured compartment is up-to-date with respect to the shard/database. Akkiraju discloses populating a repository in a graph database (§ 0026, Lines 6-8) (§ 0035, Lines 7-8, 16-18, and 24-26). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan and McErlean’s tenant repository by populating it in a graph database, as taught by Akkiraju, in order to provide a more granular and complementary form of access control for facts (Akkiraju, § 0024, Lines 5-7) and represent a preferred abstraction for computer scientists and programmers for representing and processing data (Akkiraju, § 0026, Lines 2-4). Wright discloses wherein, after generation and population of the tenant repository (Column, 2, Lines 18-22; A system for providing data storage to a customer comprises at least one subsystem that designates a portion of data storage space, remotely accessible by the customer over a computer network, as a repository for the customer to store personal data), the management system is further configured to: receive an authentication request from the device via the network (Column 2, Lines 24-26; The customer may access the repository by going through an authentication process); and selectively authenticate a tenant based at least in part upon the received authentication request before allowing access to the tenant repository or data thereon (See citation above). Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Krishnan, McErlean, and Akkiraju’s tenant repository by allowing authenticated access to it after it has been created, as taught by Wright, in order to provide secure on-line repositories to customers (Wright, Column 2, Lines 17-18). Claim 15: Krishnan in view of McErlean further in view of Akkiraju and Wright further discloses wherein the management system is configured to receive an authentication request from the device via the network and to selectively authenticate a tenant based at least in part upon the received authentication request (Krishnan, § 0097, Lines 1-2; When a user authenticates to the CPS tool 70, the credentials are verified). Claim 16: Krishnan in view of McErlean further in view of Akkiraju and Wright further discloses wherein the system further comprises an external device (Krishnan, § 0064, Lines 6-8; Each partition forms part of a shard, which may in turn be located on a separate database server or physical location), wherein the management system is configured to cause the external device to store the generated repository (Krishnan, § 0099, Lines 8-9; The user in turn will be provided with a temporary secured compartment (logical) to work on its data), the external device configured to provide access to the generated repository (Krishnan, § 0068, Lines 4-5; A pure multi-tenant/customer shared private shard with its specifics of security constraint). Claim 17: Krishnan in view of McErlean further in view of Akkiraju and Wright further discloses wherein the tenant object is associated with a SPARQL Protocol and RDF Query Language (SPARQL) query, and further wherein the management system is configured to generate the tenant repository based at least in part upon the SPARQL query (Akkiraju, § 0029, Lines 4-7). The motivation to modify Krishnan and McErlean’s tenant object to be associated with a SPARQL query, as taught by Akkiraju, is to support a graph database query language (Akkiraju, § 0029, Lines 5-6). Claim 18: Krishnan in view of McErlean further in view of Akkiraju and Wright further discloses wherein the SPARQL query (Akkiraju, § 0029, Lines 4-7) is associated with an identifier of a tenant and one or more entities associated with the tenant (Krishnan, § 0097, Lines 2-5; During verification, the CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (partitioned group) and other behavior) (Also see Krishnan, § 0100, Lines 3-8, which discloses only data for which the user-ID is authorized). Claim 20: Krishnan in view of McErlean further in view of Akkiraju and Wright further discloses wherein the tenant object includes a plurality of subjects comprising at least one of location(s), system(s) or equipment, and the tenant repository is populated based at least on the plurality of subjects (Krishnan, § 0097, Lines 2-5; The CPS brings back the necessary key, which results in a user getting associated to a tenant/customer group (“system”) and other behavior) (Krishnan, § 0100, Lines 3-7; Once logged in, the temporary compartment will be created, and only that data for which the user-ID is authorized (taking in consideration the identity (“system”) and sensitivity index (“system”) the compartment will utilize) will be accessible). Response to Arguments Applicant’s arguments, see page 6, filed 01/29/2026, with respect to the rejection of claim 14 under 35 USC 112 have been fully considered and are persuasive. The rejection of claim 14 under 35 USC 112(b) has been withdrawn. Applicant’s arguments on page 7 with respect to claim(s) 1, 9, and 14 and their dependent claims 2-8, 10-13, and 15-20, respectively, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. As detailed in the rejection of claims 1, 9, and 14, McErlean discloses the claimed synchronized copy that is updated to sync periodically. Conclusion 4Any inquiry concerning this communication or earlier communications from the examiner should be directed to NAM T TRAN whose telephone number is (408)918-7553. The examiner can normally be reached Monday-Friday 7AM-3PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached at 571-272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NAM T TRAN/Primary Examiner, Art Unit 2455