SYSTEM AND METHOD FOR DETECTING AND PREVENTING ANOMALOUS BEHAVIOR OF NON-INTERACTIVE MACHINE TO MACHINE DATABASE ACCOUNTS

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Claims 1-20 are pending in this office action. Priority No foreign priority is claimed. Information Disclosure Statement The information disclosure statements (IDS's) submitted on 02/03/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 15 is directed to a device. The specification leaves the definition of device open-ended to include only software/firmware (para 0056). The processors or processing units may be interpreted as software processing units, absent any specific limitation that limits it to hardware element such as CPU. Consequently, the broadest reasonable interpretation of a claim drawn to a device could cover one or more elements devised to perform certain functions and comprising only software/firmware units (para 0056) or software per se, devised to hold functional blocks of software/firmware only thereby rendering the claim non-statutory. The Examiner suggests amending the instant claims by including hardware elements such as memory to execute instructions to perform the functions of the device. The dependent claims 16-20 depend on claim 15 and do not overcome the deficiency of claim 15, and hence are rejectable on that basis. Claim Interpretation under 35 U.S.C. 112(f) The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. Use of the word “means” (or “step for”) in a claim with functional language creates a rebuttable presumption that the claim element is to be treated in accordance with 35 U.S.C. 112(f) (pre-AIA 35 U.S.C. 112, sixth paragraph). The presumption that 35 U.S.C. 112(f) (pre-AIA 35 U.S.C. 112, sixth paragraph) is invoked is rebutted when the function is recited with sufficient structure, material, or acts within the claim itself to entirely perform the recited function. As to claim 8, claim limitation that claims a first computing device, has been interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because it uses a generic placeholder “computing device” coupled with functional language without reciting sufficient structure to achieve the function. Furthermore, the generic placeholder is not preceded by a structural modifier. Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, claim 8 has been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof. A review of the specification shows that the first computing device is a hardware component as described in Fig. 2 (element 200), for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation. If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pattabhiraman et al. (US 2017/0116426 A1, hereinafter Pattabhiraman), in view of Fan (CN-118395482-A). For claim 1, Pattabhiraman teaches a method performed by a responding computing device, the method comprising: receiving, from a querying computing device, a database query intended for the responding computing device, wherein the querying computing device generates and submits database queries autonomously as part of scheduled tasks (Fig. 1; para 0020-0022, 0025, 0055, 0088, 0186 - queries are generated and received from a device and to be executed on a database, wherein there are tasks or jobs associated with query purposes); determining: a role associated with the querying computing device, or one or more templates of database queries associated with the querying computing device (para 0017, 0021, 0026, 0068, 0088-0089 - role associated with the user and in turn with the user device; para 0014, 0020, 0022-0023 - template with associated queries); performing a validation of the database query to determine whether a user from the querying computing device is authorized to submit the database query to the responding computing device, wherein the validation is performed based on the role and the one or more templates of database queries (para 0014, 0017-0020, 0026, 0028, 0070, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and selectively enabling the database query to be executed on the responding computing device or preventing the database query from being executed on the responding computing device, wherein the database query is enabled to be executed based on determining that the user from querying computing device is authorized to submit the database query, and wherein the database query is prevented from being executed based on determining that the querying computing device user is not authorized to submit the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determine whether the querying computing device is authorized to submit the database query to the responding computing device and enabling or preventing the query to be executed based on determining that the querying computing device is authorized or not authorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results). Based on Pattabhiraman in view of Fan, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Fan in the system of Pattabhiraman, in order to allow or prevent the client user device from communicating with crucial entities such as database based on authority guidelines set by mechanisms such as roles and permission, thereby imparting data access security to the system thereby preventing unauthorized data access. For claim 2, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches determining whether a user from the querying computing device is unauthorized to submit the database query to the responding computing device; and preventing the database query from being executed on the responding computing device based on determining that the querying computing device user is unauthorized to submit the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determining whether the querying computing device is unauthorized to submit the database query to the responding computing device; and preventing the database query from being executed on the responding computing device based on determining that the querying computing device is unauthorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results). For claim 3, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above in the method of claim 2. Pattabhiraman further teaches suspending an account associated with the querying computing device; or causing database queries associated with the account to be monitored (para 0008, 0018-0019, 0026 - end user data analysis implying user monitoring). For claim 4, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein performing the validation of the database query comprises: comparing the database query and the one or more templates of the database queries (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and preventing the database query from being executed on the responding computing device based on comparing the database query and the one or more templates of the database queries (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute or prevented based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access based on query). For claim 5, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above in the method of claim 4. Pattabhiraman further teaches wherein performing the validation of the database query comprises: determining that a first portion of the database query matches the one or more templates of the database queries; determining that a second portion of the database query does not match the one or more templates of the database queries; and preventing the database query from being executed on the responding computing device based on determining that the second portion of the database query does not match the one or more templates of the database queries (para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - security setting validation with regards to queries and analytic templates, wherein queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates). For claim 6, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein the one or more templates of the database queries identify a list of database queries that the querying computing device is authorized to submit to the responding computing device (para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - queries may be composite queries that include plurality of queries, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates with security setting validation). For claim 7, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein performing the validation of the database query comprises: determining that the role of the querying computing device authorizes the querying computing device to submit the database query to the responding computing device (para 0014, 0017-0021, 0026, 0028, 0070, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client); and comparing the database query and the one or more templates of the database queries after determining that the role of the querying computing device authorizes the querying computing device to submit the database query to the responding computing device (para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access based on query; para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - security setting validation with regards to queries and analytic templates, wherein queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates, and queries associated with template for data retrieval based on security setting validation). For claim 8, Pattabhiraman teaches a system, comprising: a first computing device to: receive, from a second computing device, a database query intended for the first computing device, wherein the second computing device generates and submits database queries autonomously as part of scheduled tasks (Fig. 1, 12, 13; para 0020-0022, 0025, 0055, 0088, 0186 - queries are generated and received from a device and to be executed on a database, wherein there are tasks or jobs associated with query purposes); determine one or more templates of database queries associated with the second computing device (para 0014, 0020, 0022-0023 - template with associated queries; para 0017, 0021, 0026, 0068, 0088-0089 - role associated with the user and in turn with the user device); perform a validation of the database query to determine whether a user from the second computing device is authorized to submit the database query to the first computing device, wherein the validation is performed based on the one or more templates of database queries (para 0014, 0017-0020, 0026, 0028, 0070, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and selectively enable the database query to be executed on the first computing device or prevent the database query from being executed on the first computing device, wherein the database query is enabled to be executed based on determining that the user from the second computing device is authorized to submit the database query, and wherein the database query is prevented from being executed based on determining that the second computing device is not authorized to submit the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determine whether the querying computing device (second computing device) is authorized to submit the database query to the responding computing device (first computing device) and enabling or preventing the query to be executed based on determining that the querying computing device is authorized or not authorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results). Based on Pattabhiraman in view of Fan, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Fan in the system of Pattabhiraman, in order to allow or prevent the client user device from communicating with crucial entities such as database based on authority guidelines set by mechanisms such as roles and permission, thereby imparting data access security to the system thereby preventing unauthorized data access. For claim 9, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches determining that a user from the second computing device is unauthorized to submit the database query; and preventing or suspending the database query from being executed on the first computing device based on determining that the second computing device user is unauthorized to submit the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determining whether the second computing device is unauthorized to submit the database query to the first computing device; and preventing the database query from being executed on the first computing device based on determining that the second computing device is unauthorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results); and suspending an account associated with the second computing device (page 9 - “if the client does not have the execution authority corresponding to the decryption inquiry information, stopping processing the decryption inquiry information. Specifically, if the user role of the client does not match with the query information sent by the client, the client does not have the execution authority corresponding to the decryption query information. In order to ensure the access security of the local database, the decryption inquiry information can be stopped and the prompt information without access can be returned to the client” - account activities such as query execution requests are stopped or suspended). For claim 10, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches determining that the second computing device user account is unauthorized to submit the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access); and cause database queries associated with an account associated with the second computing device, to be monitored (para 0008, 0018-0019, 0026 - end user data analysis implying user monitoring). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determining that the second computing device is unauthorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results). For claim 11, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the first computing device is to: determine that a role of the first computing device authorizes the second computing device to submit the database query to the first computing device; compare the database query and the one or more templates of the database queries after determining that the role of the first computing device authorizes the second computing device to submit the database query to the first computing device (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and determine whether the second computing device is authorized to submit the database query to the first computing device based on comparing the database query and the one or more templates of the database queries (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute or prevented based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access based on query). For claim 12, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein the first computing device is to: determine the role of the second computing device based on information regarding the second computing device (para 0017, 0021, 0026, 0068, 0077, 0099, 0116 - role associated with the user and in turn with the user device or client device with client information associated with roles and permissions). For claim 13, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the first computing device is to: determine that a role of the first computing device authorizes the second computing device to submit a first portion of the database query to the first computing device; determine that the role of the first computing device does not authorize the second computing device to submit a second portion of the database query to the first computing device; and prevent the database query from being executed on the first computing device based on determining that the role of the first computing device does not authorize the second computing device to submit a second portion of the database query (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute or prevented based on the role; para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on roles and allowing or preventing queries in view of roles, permissions and templates). For claim 14, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the first computing device is to: determine that a first portion of the database query matches the one or more templates of the database queries; determine that a second portion of the database query does not match the one or more templates of the database queries; and prevent the database query from being executed on the first computing device based on determining that the second portion of the database query does not match the one or more templates of the database queries (para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - security setting validation with regards to queries and analytic templates, wherein queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates). For claim 15, Pattabhiraman teaches a device, comprising: one or more processors configured to: receive, from a second computing device, a database query intended for a first computing device, wherein the second computing device generates and submits database queries autonomously as part of scheduled tasks (Fig. 1, 12, 13; para 0020-0022, 0025, 0055, 0088, 0186 - queries are generated and received from a device and to be executed on a database, wherein there are tasks or jobs associated with query purposes); determine one or more templates of database queries associated with the second computing device (para 0014, 0020, 0022-0023 - template with associated queries; para 0017, 0021, 0026, 0068, 0088-0089 - role associated with the user and in turn with the user device); perform a validation of the database query to determine whether a user from the second computing device is unauthorized to submit a portion of the database query to the first computing device, wherein the validation is performed based on the one or more templates of database queries (para 0014, 0017-0020, 0026, 0028, 0070, 0089-0090 - role is checked to see if the query is not allowed to be performed, i.e. if the user is unauthorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and prevent the database query from being executed on the first computing device based on the second computing device user being unauthorized to submit a portion of the database query to the first computing device (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access). Although authority determination based on permissions and roles of a user associated with the device in turn reflects ability of the device to submit or execute the query, and thereby allowing or preventing the query submission/execution is a commonly known mechanism in the art, Pattabhiraman does not appear to explicitly disclose, however Fan discloses determine whether the second computing device is unauthorized to submit the database query to the first computing device and preventing the query to be executed based on determining that the querying computing device is unauthorized to submit the database query (page 2 - “determining the user role of the client…” - client associated with user to determine if allowing or preventing the device from executing the query based on the role; page 3 - “In one embodiment, the step of obtaining the database execution result of the local database according to the user role and the decryption query information comprises: according to the user role…, judging whether the client has the execution authority corresponding to the decryption inquiry information; if the client has the execution authority …, sending the inquiry command in the decryption inquiry information to the local database; obtaining the database execution result returned by the local database based on the query command.”, page 8 - “representing that the client has the execution authority corresponding to the decryption inquiry information. and sending the query command in the decrypted query information to the local database” - implying that the client has or doesn’t have the authority to obtain query results). Based on Pattabhiraman in view of Fan, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Fan in the system of Pattabhiraman, in order to allow or prevent the client user device from communicating with crucial entities such as database based on authority guidelines set by mechanisms such as roles and permission, thereby imparting data access security to the system thereby preventing unauthorized data access. For claim 16, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the one or more processors are further configured to: determine that a role of the first computing device authorizes the second computing device to submit an additional portion of the database query to the first computing device; and determine that the role of the first computing device does not authorize the second computing device to submit the portion of the database query to the first computing device (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized to submit the query which can execute or prevented based on the role; para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on roles and allowing or preventing queries in view of roles, permissions and templates). For claim 17, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein the one or more processors are further configured to: suspend an account associated with the first computing device; or cause database queries associated with the account to be monitored (para 0008, 0018-0019, 0026 - end user data analysis implying user monitoring). For claim 18, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein the one or more templates of the database queries identify a list of database queries that the second computing device is authorized to submit to the first computing device (para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - queries may be composite queries that include plurality of queries, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates with security setting validation). For claim 19, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the one or more processors are further configured to: determine that a role of the first computing device authorizes the second computing device to submit the database query to the first computing device; and compare the database query and the one or more templates of the database queries after determining that the role of the first computing device authorizes the second computing device to submit the database query to the first computing device (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the query is allowed to be performed, i.e. if the user is authorized to submit the query which can execute based on the role associated with the user and in turn with the querying client, and queries associated with template for data retrieval based on security setting validation); and determine that the second computing device is not authorized to submit the database query to the first computing device based on comparing the database query and the one or more templates of the database queries (para 0014, 0017-0020, 0026, 0028, 0089-0090 - role is checked to see if the user/client is authorized or not authorized to submit the query which can execute or prevented based on the role; para 0026, 0073, 0082 - queries and template use by authorized users allowing or denying execution or access based on query). For claim 20, Pattabhiraman in view of Fan teaches the claimed subject matter as discussed above. Pattabhiraman further teaches wherein, to perform the validation of the database query, the one or more processors are further configured to: determine that the portion of the database query does not match the one or more templates of the database queries; and prevent the database query from being executed on the first computing device based on determining that the portion of the database query does not match the one or more templates of the database queries (para 0020-0021, 0081-0082, 0087-0088, 0090, 0185-0186 - security setting validation with regards to queries and analytic templates, wherein queries may be composite queries that include plurality of queries representing portions of a composite query, each one based on analytic templates and allowing or preventing queries in view of roles, permissions and templates). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAYESH M JHAVERI/Primary Examiner, Art Unit 2433