Prosecution Insights
Last updated: July 17, 2026
Application No. 18/680,789

CONFIGURING INSTANCES FOR DATA OBSERVABILITY AND ACCESS

Non-Final OA §101§103
Filed
May 31, 2024
Examiner
ALLEN, BRITTANY N
Art Unit
2169
Tech Center
2100 — Computer Architecture & Software
Assignee
ServiceNow Inc.
OA Round
3 (Non-Final)
42%
Grant Probability
Moderate
3-4
OA Rounds
2y 3m
Est. Remaining
80%
With Interview

Examiner Intelligence

Grants 42% of resolved cases
42%
Career Allowance Rate
167 granted / 398 resolved
-13.0% vs TC avg
Strong +38% interview lift
Without
With
+37.7%
Interview Lift
resolved cases with interview
Typical timeline
4y 4m
Avg Prosecution
12 currently pending
Career history
428
Total Applications
across all art units

Statute-Specific Performance

§101
2.2%
-37.8% vs TC avg
§103
87.1%
+47.1% vs TC avg
§102
9.9%
-30.1% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 398 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Remarks This action is in response to the amendments received on 2/27/26. Claims 1-6, 8-12, and 15-23 are pending in the application. Claims 7, 11, and 13 have been canceled. Applicant’s arguments are carefully and respectfully considered. Claims 1-6, 8-12, and 15-23 are rejected under 35 U.S.C. 101. Claims 1-6, 8-12, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nowak et al. (US 2024/0232393), and further in view of Miao et al. (US 2013/0117313). Claims 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Nowak in view of Miao and further in view of Ormerod et al. (US 2020/0233841). Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-6, 8-12, and 15-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Step 2A, Prong One asks: Is the claim directed to a law of nature, a natural phenomenon (product of nature) or an abstract idea? See MPEP 2106.04 Part I. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. See MPEP 2106.04(a). The limitation of “monitoring, during a monitoring period, access”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, “monitoring” in the context of this claim encompasses the user mentally determining access. Similarly, the limitation of “generating, based on the monitoring, a log”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, “generating” in the context of this claim encompasses the user mentally tracking user accesses. The limitations of “automatically generating, based on the log and a first profile corresponding to the first user, a first access policy” and “automatically generating, based on the log and a second profile corresponding to the second user, a second access policy”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, “automatically generating” in the context of this claim encompasses the user mentally determining limits for the users. The limitations of “decrypting the first set of columns”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, “decrypting” in the context of this claim encompasses the user mentally translating data. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. At step 2a, prong two, this judicial exception is not integrated into a practical application. Claims 8 and 15 recite a processor to execute the operations, however, this is recited as a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts to no more than mere instructions to apply the exception using a generic computer component. Additionally, the claim recites “retrieving a data observability log,” “receiving a first request from a user,” “returning the first set of data to the first user,” “receiving a second request from the second user,” and “returning an error message.” These elements do not integrate the abstract idea into a practical application because they do not impose a meaningful limit on the judicial exception and provide only insignificant extra solution activity that is mere data gathering in conjunction with the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements amount to no more than mere instructions to apply an exception using generic computer components. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept. With respect to “returning the first set of data to the first user” and “returning an error message”, the courts have found limitations directed towards outputting to be well-understood, routine, and conventional. See MPEP 2106.05(d)(II). Presenting offers and gathering statistics, OIP Techs., 788 F.3d at 1362-63, 115 USPQ2d at 1092-93. With respect to “retrieving a data observability log,” “receiving a first request from a user,” and “receiving a second request from the second user,” the courts have found limitations directed towards data gathering to be well-understood, routine, and conventional. See MPEP 2106.05(d)(II). Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information). Considering the additional elements individually and in combination and the claim as a whole, the additional elements do not provide significantly more than the abstract idea. The claim is not patent eligible. With respect to claims 2, 9, and 16, the limitations are directed towards counting accesses by users, which further defines the mental process. With respect to claims 3, 4, 10, 11, 17, and 18, the limitations further define elements of the abstract idea and do not provide significantly more than the abstract idea. With respect to claims 5, 12, and 19, the limitations further disclose “monitoring” and “generating” limitations, similar to those addressed above, which are abstract ideas. The claim adds “modifying… the first access policy and the second access policy”, however, this encompasses the user mentally adjusting the previously established rules. With respect to claim 6 and 21-23, the limitations further define elements of the abstract idea and do not provide significantly more than the abstract idea. With respect to claim 20, the limitations further disclose “return an error message.” The courts have found limitations directed towards storing to be well-understood, routine, and conventional. See MPEP 2106.05(d)(II). Presenting offers and gathering statistics, OIP Techs., 788 F.3d at 1362-63, 115 USPQ2d at 1092-93. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-6, 8-12, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nowak et al. (US 2024/0232393), and further in view of Miao et al. (US 2013/0117313). With respect to claim 1, Nowak teaches a method, comprising: retrieving a data observability log that comprises user identities and respective initial permissions to access the data table (Nowak, pa 0004, the system may retrieve the user access information from a permissions database and an access log.); monitoring, during a monitoring period, access … by a first user having a first initial permission to access the data table and a second user having a second initial permission to access the data table (Nowak, pa 0004, the system may retrieve the user access information from a permissions database and an access log. For example, the user group information may indicate each user's coworkers, teams, roles, and other users in similar roles and the user access information may indicate each user's current access permissions and access history.); generating, based on the monitoring, a log indicating: … a respective first number of times the respective column was accessed by the first user; a respective second number of times the respective column was accessed by the second user (Nowak, pa 0035, Access subsystem 118 may additionally access an access log for the second plurality of users. The access log may indicate one or more occurrences of each user identifier accessing the one or more functions of the one or more applications to which the user identifier has access. For example, the access log may list each occurrence of access, along with dates, time stamps, details about the actions performed within each application, the permissions which allowed each occurrence of access, and any other information relevant to access history.); in response to the respective first number of times being greater than a threshold (Nowak, pa 0040, access adjustment system 102 may receive a threshold of 50%, such that any predictions … exceeding 50% (e.g., prediction 503, prediction 509, and prediction 515) are determined to mean that access is required for the corresponding user.), automatically generating, based on the log a first profile corresponding to the first user, a first access policy to enable access to … the data table by the first user (Nowak, pa 0044, access adjustment subsystem may determine that the machine learning model prediction does not match the user's current permissions because the user does not have access to a particular function and the machine learning model predicts that the user requires access to that function. In this example, access adjustment subsystem 120 may add access to the particular function for the user.); in response to the respective second number of times being greater than the threshold (Nowak, pa 0040, access adjustment system 102 may receive a threshold of 50%, such that any predictions … exceeding 50% (e.g., prediction 503, prediction 509, and prediction 515) are determined to mean that access is required for the corresponding user.), automatically generating, based on the log and a second profile corresponding to the second user, a second access policy to enable access to … the data table by the second user (Nowak, pa 0044, access adjustment subsystem may determine that the machine learning model prediction does not match the user's current permissions because the user does not have access to a particular function and the machine learning model predicts that the user requires access to that function. In this example, access adjustment subsystem 120 may add access to the particular function for the user.). Nowak doesn't expressly discuss that the data elements are a plurality of columns of a data table, for each column of the plurality of columns of the data table: a first number of times the respective column was accessed by the first user; a second number of times the respective column was accessed by the second user, receiving a first request from the first user requesting a first set of data in a first set of columns of the plurality of columns; in response to an access to the first set of columns being enabled in the first access policy, decrypting the of a first set of columns and returning the first set of data to the first user; receiving a second request from the second user requesting the first set of data; in response to the access to the first set of data not being enabled in the second access policy, returning an error message. Miao teaches a plurality of columns of the data table (Miao, pa 0020, a physical or database table is an underlying table in the database where records are physically stored and updated, and is generally defined in the database schema. A database view (e.g., a SQL view) is a query that can be explicitly defined in the database schema for the database, and that extracts data from the physical tables. In some cases, a database view can be associated with metadata to create a baseview. Baseview metadata can generally be used to allow the baseview to use different column names than an underlying database view, limit the baseview to a subset of columns from the underlying database view, list users that are allowed to see the baseview, combine multiple database views, etc.)…, wherein the plurality of columns are encrypted at a column-level (pa 0041, access policy rules can also be defined that have the effect of restricting access to individual fields such as columns of a database.); …automatically generating, based on… a first profile corresponding to the first user, a first access policy controlling access to each column of the plurality of columns of the data table by the first user (Miao, pa 0091, At block 903, access control rules are specified on the first entity. For example, the database administrator may specify rules similar to those set forth above, e.g., on a role-by-role basis.); …automatically generating, based on … a second profile corresponding to the second user, a second access policy controlling access to each column of the plurality of columns of the data table by the second user (Miao, pa 0091, At block 903, access control rules are specified on the first entity. For example, the database administrator may specify rules similar to those set forth above, e.g., on a role-by-role basis.); receiving a first request from the first user requesting a first set of data in a first set of columns of the plurality of columns (Miao, pa 0017, Attending physician 110, a doctor in the radiology department, can use a client device such as notebook computer 112 to retrieve the x-ray and HIV lab results by using one or more resources to query database 102.); in response to an access to the first set of columns being enabled in the first access policy, decrypting the of a first set of columns and returning the first set of data to the first user (Miao, pa 0017, If indicated by an access policy, access control module 106 can filter the results provided to the attending physician so that they are consistent with access privileges available to the attending physician. For example, the attending physician may be able to access all of the lab results because he is a member of the department to which the patient is admitted, e.g., the radiology department. The lab results can be provided to the attending physician via a GUI 114. GUI 114 can include various data from the patient's lab results, indicating that the patient has a fractured rib and is HIV positive.); receiving a second request from the second user requesting the first set of data (Miao, pa 0067, Next, at block 502, a data request is rewritten to include conditions for the sensitive or auditable column. For example, if a user has submitted a query "SELECT [BV LAB_ORB]." then this query can be rewritten with conditions based on rules for the sensitive data fields.); in response to the access to the first set of data not being enabled in the second access policy, returning an error message (Miao, pa 0069, Next, at block 504, results are surfaced consistently with the rules. In this example, for a doctor in the state of Washington that is not in the radiology department, the HIV LabResults column returned by the BV _LAB_ORB view may have a value of"***REDACTED***" displayed on the doctor's computer.). It would have been obvious at the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified with the teachings of Miao because it allows user roles to be enforced at a column level (Miao, pa 0020). With respect to claim 2, Nowak in view of Miao teaches the method of claim 1, wherein monitoring access to the plurality of columns of the data table by the first user and the second user comprises: for each column of the plurality of columns: counting the first respective number of times the respective column is accessed by the first user; and counting the second respective number of times the respective column is accessed by the second user (Nowak, pa 0035, Access subsystem 118 may additionally access an access log for the second plurality of users. The access log may indicate one or more occurrences of each user identifier accessing the one or more functions of the one or more applications to which the user identifier has access. For example, the access log may list each occurrence of access, along with dates, time stamps, details about the actions performed within each application, the permissions which allowed each occurrence of access, and any other information relevant to access history.). With respect to claim 3, Nowak in view of Miao teaches the method of claim 1, wherein the first access policy is different from the second access policy (Nowak, pa 0023, Based on a user's role, the user may have access to certain functions within the application and may not have access to other functions. Applications may have different levels of access. For example, an application may include standard user access ( e.g., with a lowest level of permissions), manager access (e.g., with more permissions), administrator access ( e.g., with a highest level of permissions), or other levels. Examiner Note: two users may have different roles and therefore different access policies). With respect to claim 4, Nowak in view of Miao teaches the method of claim 1, wherein the first access policy is the same as the second access policy (Nowak, pa 0023, Based on a user's role, the user may have access to certain functions within the application and may not have access to other functions. Applications may have different levels of access. For example, an application may include standard user access ( e.g., with a lowest level of permissions), manager access (e.g., with more permissions), administrator access ( e.g., with a highest level of permissions), or other levels. Examiner Note: two users may have the same role and therefore the same access policies). With respect to claim 5, Nowak in view of Miao teaches the method of claim 1, further comprising: monitoring, during a second monitoring period, a change in access to the plurality of columns of the data table by the first user and the second user; generating, based on the second monitoring period, a second log; and modifying, based on the second log, the first access policy and the second access policy (Nowak, pa 0026, the machine learning model may update predictions over time based on changes in association or access information associated with users.). With respect to claim 6, Nowak in view of Miao teaches the method of claim 1, wherein a duration of the monitoring period is predefined according to a data observability configuration setting (Nowak, pa 0035, the permissions database may include additional details, such as time restraints on the permissions (e.g., only allowed to access certain functions during a certain time frame or for a certain period of time)). With respect to claims 8-12 and 15-19, the limitations are essentially the same as claims 1-5, and are rejected for the same reasons. With respect to claim 20, Nowak in view of Miao teaches the non-transitory computer-readable storage medium of claim 15, wherein the executable instructions, when executed by the one or more processors of the computer system, further cause the computer system to: return an error message to the first user when the first access policy does not permit access to the plurality of columns in the data table (Miao, pa 0069, Next, at block 504, results are surfaced consistently with the rules. In this example, for a doctor in the state of Washington that is not in the radiology department, the HIV LabResults column returned by the BV _LAB_ORB view may have a value of"***REDACTED***" displayed on the doctor's computer.). Claims 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Nowak in view of Miao and further in view of Ormerod et al. (US 2020/0233841). With respect to claim 21, Nowak in view of Miao teaches the method of claim 1, as discussed above. Nowak in view of Miao doesn't expressly discuss storing the log using a rotated table that is configured to overwrite stale data with new data. Ormerod teaches storing the log using a rotated table that is configured to overwrite stale data with new data (Ormerod, pa 0002-0003, table configured to store log data using table rotation). It would have been obvious at the effective filing date of the invention to a person having ordinary skill in the art to which said subject matter pertains to have modified Nowak in view of Miao to have included the teachings of Ormerod because it can help prevent tables from becoming too large (Ormerod, pa 0004). With respect to claims 22 and 23, the limitations are essentially the same as claims 21, and are rejected for the same reasons. Response to Arguments 35 U.S.C. 101 Applicant argues that the claimed limitations are not mental processes. The Examiner respectfully disagrees. The rejection above has provided how each limitation is construed as a mental process. Applicant has not argued against any of the specific reasons. Therefore, the Examiner maintains that the claim recites a mental process. Applicant argues that the processor and memory perform specific technical operations to facilitate the claim limitations and provide integration of the judicial exception into a practical application. The Examiner respectfully disagrees. The mere recitation that a processor and memory are used when performing the operation requires nothing more than performing the mental process “on a generic computer” or “in a computer environment” and using the “computer as a tool.” “Claims can recite a mental process even if they are claimed as being performed on a computer.” See MPEP 2106.04(a)(2)(III)(C). Therefore, the focus of the claims is not on such an improvement in computers as tools, but on certain independently abstract ideas that use computers as tools. Applicant argues that paragraph 18 discloses determining a module access policy (MAP) based on the monitored information to enable column level encryption to provide integration of the judicial exception into a practical application. The Examiner respectfully disagrees. While the specification discusses a MAP data structure, it is not incorporated into the claim language in such a way to integrate the mental process into a practical application. Applicant has not pointed to which log of the claims is meant to correspond to the specification’s description of a module access policy, however, both of the logs are claimed as part of data gathering or a mental process rather than elements that meaningfully limit the judicial exception. It is important to note, the judicial exception alone cannot provide the improvement. The improvement can be provided by one or more additional elements. See the discussion of Diamond v. Diehr, 450 U.S. 175, 187 and 191-92, 209 USPQ 1, 10 (1981)) in subsection II, below. In addition, the improvement can be provided by the additional element(s) in combination with the recited judicial exception. See MPEP 2106.05(a). The Examiner is to identify whether there are any additional elements (features/limitations/steps) recited in the claim beyond the judicial exception(s), and then evaluating those additional elements individually and in combination to determine whether they contribute an inventive concept (i.e., amount to significantly more than the judicial exception(s)). See MPEP 2106.05. The currently amended claims to not appear to provide additional elements that are sufficient to amount to significantly more than the judicial exception. The claim only recite the outcome of the alleged improvement without any details about how the outcome is accomplished. Applicant argues that the claims recite in inventive concept not disclosed by the prior art as indicated by the examiner in the above referenced examiner interview conducted on January 27, 2026. The Examiner respectfully disagrees. In the interview, the examiner gave suggestions about subject matter that could be added or clarified to bring out the inventive concept. However, as discussed the current amendments do not include additional elements that are sufficient to amount to significantly more than the judicial exception. 35 U.S.C. 103 Applicant seems to argue a newly amended limitation. Applicant’s amendment has rendered the previous rejection moot. Upon further consideration of the amendment, a new grounds of rejection is made in view of Nowak et al. (US 2024/0232393). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRITTANY N ALLEN whose telephone number is (571)270-3566. The examiner can normally be reached M-F 9 am - 5:00 pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sherief Badawi can be reached at 571-272-9782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRITTANY N ALLEN/ Primary Examiner, Art Unit 2169
Read full office action

Prosecution Timeline

Show 5 earlier events
Dec 04, 2025
Final Rejection mailed — §101, §103
Jan 27, 2026
Examiner Interview Summary
Jan 27, 2026
Applicant Interview (Telephonic)
Feb 27, 2026
Request for Continued Examination
Mar 09, 2026
Response after Non-Final Action
Apr 21, 2026
Non-Final Rejection mailed — §101, §103
Jun 30, 2026
Applicant Interview (Telephonic)
Jun 30, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670125
MAINTAINING METADATA CONSISTENCY OF A MOUNTED FILE SYSTEM DURING RUNTIME
6y 11m to grant Granted Jun 30, 2026
Patent 12650998
TRIGGERING KNOWLEDGE PANELS
5y 3m to grant Granted Jun 09, 2026
Patent 12639373
SPATIALLY PARTITIONED IDEALLY CHUNKED ENTITY TREE
2y 6m to grant Granted May 26, 2026
Patent 12625854
ANALYTICAL PLATFORM FOR DISTRIBUTED DATA
1y 5m to grant Granted May 12, 2026
Patent 12613876
DATABASE VALUE EXPLORATION SYSTEM
2y 6m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
42%
Grant Probability
80%
With Interview (+37.7%)
4y 4m (~2y 3m remaining)
Median Time to Grant
High
PTA Risk
Based on 398 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month