DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Non-Final Office Action in response to communications received on July 3, 2024. Claims 1-20 are pending and addressed below.
Specification
For the record, Examiner acknowledges that the Specification submitted on July 3, 2024 has been accepted.
Drawings
For the record, Examiner acknowledges that the Drawings submitted on July 3, 2024 have been accepted.
Claim Objections
Claims 1, 11 and 16 are objected to because of the following informalities: Claim 1 recites the phrase “generating, via a message generation system, a set of data messages that are associated of the set of relationship tuples…” It is suggested the phrase be amended to “generating, via a message generation system, a set of data messages that are associated [[of]] with the set of relationship tuples…” for clarity and consistency. Claims 11 and 16 are objected to for similar reasons to claim 1.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “receiving, from a developer of the relationship-based authorization system, an authorization model from a data management system”. The limitation is unclear because the limitation is stating that the authorization model is being received from two different sources: the developer and the data management system. For examining purposes, the limitation is being interpreted as receiving the authorization model from a developer for a data management system, which is consistent with the instant specification (see paragraph [0026] of the specification as filed). Claims 11 and 16 are rejected for similar reasons to claim 1. Dependent claims 2-10, 12-15 and 17-20 are rejected for containing the same indefinite language as parent claims 1, 11 and 16 without further remedying the indefinite language.
Claim 2 recites the limitation “the respective object.” There are multiple previously recited respective objects and it is unclear as to which particular respective object the limitation is referring. Claims 12 and 17 are rejected for similar reasons to claim 2. Dependent claim 3 is rejected for containing the same indefinite language as parent claim 2 without further remedying the indefinite language.
Claim 8 recites the limitations “the respective object” and “the respective user.” There are multiple previously recited respective objects and respective users and it is unclear as to which particular respective object and respective user the limitations are referring.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 4-11, 13-16 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pang et al. (“Zanzibar: Google’s Consistent, Global Authorization System” and hereinafter referred to as Pang) in view of Ramamurthy et al. (U.S. Pub. No. 2012/0330925 cited in the IDS filed on 9/8/2025 and hereinafter referred to as Ramamurthy).
As to claim 1, Pang discloses a method for indexing permission relationships in a relationship-based authorization system, comprising:
receiving, from a developer of the relationship-based authorization system, an authorization model from a data management system, the authorization model indicating a set of users and a set of objects (sections 1, 2.1, 2.2 and 2.3.1, Pang teaches providing namespace configurations and tuples (i.e. models) that define objects and relationships to users for authorization);
identifying, via an identification system, a set of relations indicating relationships within the authorization model between the set of users and the set of objects, the set of relations corresponding to a set of relationship tuples, wherein a respective relationship tuple indicates an authorization level of a respective user for a respective object (sections 1, 2.1, 2.2 and 2.3.1, Pang teaches identifying relations from the namespace configurations/tuples indicating authorization levels for users to objects.). While Pang does generally disclose indices (see section 3 of Pang), Pang does not specifically disclose generating, via a message generation system, a set of data messages that are associated of the set of relationship tuples indicated within the authorization model, the set of data messages being generated to obtain a set of indices that indicate results of the set of data messages, wherein the set of indices are for authorizing access to data within the data management system as claimed. However, Ramamurthy does disclose
generating, via a message generation system, a set of data messages that are associated of the set of relationship tuples indicated within the authorization model, the set of data messages being generated to obtain a set of indices that indicate results of the set of data messages, wherein the set of indices are for authorizing access to data within the data management system (paragraphs [0018], [0026], [0047] and [0049], Ramamurthy teaches generating queries from authorization definitions to obtain a set of indices to authorize access.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Pang with the teachings of Ramamurthy for generating a set of data messages that are associated of the set of relationship tuples indicated within the authorization model because this would improve efficiency.
Claims 11 and 16 recite substantially similar subject matter to claim 1 and are therefore, rejected for similar reasons to claim 1 above. (Note: Claims 1 and 11 recite the additional limitations of processors and memories which are taught by Ramamurthy at, for example, paragraph [0093]).
As to claim 4, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, further comprising: receiving an update to the data management system, the update comprising adding one or more objects, removing one or more objects, or both (paragraphs [0050]-[0054] and [0077], Ramamurthy teaches receiving updated for adding/removing objects); and updating, via the message generation system, the set of indices based at least in part on receiving the update to the data management system (paragraphs [0050]-[0054] and [0077], Ramamurthy teaches updating the indices.).
Examiner supplies the same rationale for the combination of the references as in claim 1 above.
Claims 13 and 18 recite substantially similar subject matter to claim 4 and are therefore, rejected for similar reasons to claim 4 above.
As to claim 5, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, further comprising: receiving an update to the authorization model, the update comprising an addition of one or more users, one or more objects, one or more relations relating users and objects, or any combination thereof, a removal of one or more users, one or more objects, one or more relations relating users and objects, or any combination thereof, or both (paragraphs [0050]-[0054] and [0077], Ramamurthy teaches changing the authorization policy); and updating, via the message generation system, the set of data messages and the set of indices based at least in part on receiving the update to the authorization model (paragraphs [0050]-[0054] and [0077], Ramamurthy teaches updating the indices.).
Examiner supplies the same rationale for the combination of the references as in claim 1 above.
Claims 14 and 19 recite substantially similar subject matter to claim 5 and are therefore, rejected for similar reasons to claim 5 above.
As to claim 6, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, wherein receiving the authorization model comprises: receiving, from a first tenant of a multi-tenant system, a first authorization model for the data management system, the first authorization model indicating information for authorizing users associated with the first tenant to access one or more objects within the data management system that are associated with the first tenant, wherein the data management system is accessible by one or more tenants of the multi-tenant system, and wherein the first authorization model comprises the authorization model (sections 1, 2.1 and 3.1.1, Pang teaches cloud services and storing information in separation.).
Claims 15 and 20 recite substantially similar subject matter to claim 6 and are therefore, rejected for similar reasons to claim 6 above.
As to claim 7, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, wherein the set of data messages comprise a set of data queries and the method further comprises: obtaining the set of indices used for authorizing access to the data within the data management system based at least in part on one or more data query operations on the set of data queries, the one or more data query operations combining the set of data queries (paragraphs [0018], [0026], [0047], [0049] and [0075], Ramamurthy teaches generating queries from authorization definitions to obtain a set of indices to authorize access where queries are joined.).
Examiner supplies the same rationale for the combination of the references as in claim 1 above.
As to claim 8, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, wherein a respective index of the set of indices indicates a direct relationship between a respective user and a respective object, a computed relationship between the respective user and the respective object, a nested relationship between the respective user and the respective object, a hierarchical relationship between the respective user and the respective object, or any combination thereof (sections 2.1, 2.3.1 and 3, Pang teaches indices for user-object relations, nested and hierarchical relationships.).
As to claim 9, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, wherein the set of data messages are structured query language (SQL) queries (paragraph [0030], Ramamurthy teaches SQL.).
Examiner supplies the same rationale for the combination of the references as in claim 1 above.
As to claim 10, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1, wherein the authorization model is a fine-grained authorization model that is defined via a domain-specific language (sections 2.1, 2.3.1 and 3, Pang teaches fined-grain authorization.).
Claim(s) 2-3, 12 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pang and Ramamurthy as applied to claims 1, 11 and 16 above, and further in view of Jain et al. (U.S. Pub. No. 2024/0256582 and hereinafter referred to as Jain).
As to claim 2, the combination of teachings between Pang and Ramamurthy disclose the method of claim 1. The combination of teachings between Pang and Ramamurthy does not specifically disclose further comprising: receiving, from a client, a natural language query, the natural language query indicating a request for a user associated with the client to access one or more objects of the set of objects that are stored within the data management system based at least in part on the set of relations indicated within the authorization model; authorizing the client to obtain a subset of objects of the set of objects associated with the request that the user is authorized to access based at least in part on the set of indices generated via the message generation system, the user being authorized to access a respective object of the set of objects that is associated with the request based at least in part on at least one index of the set of indices indicating that the user has a relationship with the respective object; and transmitting, to the client, the subset of objects associated with the request of the natural language query that the user is authorized to access based at least in part on one or more relationships between the user and the subset of objects that the user are authorized to access as claimed. However, Jain does disclose
further comprising: receiving, from a client, a natural language query, the natural language query indicating a request for a user associated with the client to access one or more objects of the set of objects that are stored within the data management system based at least in part on the set of relations indicated within the authorization model (paragraphs [0003], [0024] and [0055], Jain teaches receiving natural language queries from users for accessing data where access permissions are in place);
authorizing the client to obtain a subset of objects of the set of objects associated with the request that the user is authorized to access based at least in part on the set of indices generated via the message generation system, the user being authorized to access a respective object of the set of objects that is associated with the request based at least in part on at least one index of the set of indices indicating that the user has a relationship with the respective object (paragraphs [0003], [0024], [0037] and [0055], Jain teaches providing access only to documents which the user has access to after receiving the query and based on permissions and an index); and
transmitting, to the client, the subset of objects associated with the request of the natural language query that the user is authorized to access based at least in part on one or more relationships between the user and the subset of objects that the user are authorized to access (paragraphs [0003], [0024], [0037] and [0055], Jain teaches providing the documents the user is allowed to access to the user.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Pang with the teachings of Jain for having a natural language query because this would improve user experience.
Claims 12 and 17 recite substantially similar subject matter to claim 2 and are therefore, rejected for similar reasons to claim 2 above.
As to claim 3, the combination of teachings between Pang, Ramamurthy and Jain disclose the method of claim 2, further comprising:
transmitting, via an application programming interface associated with the set of indices used for authorizing access within the data management system, a message requesting for an indication of the subset of objects associated with the request of the natural language query (paragraphs [0037] and [0044], Jain teaches transmitting requests via API); and
receiving, via the application programming interface, the subset of objects associated with the request based at least in part on the user having a relationship with each object of the subset of objects, wherein the subset of objects transmitted to the client based at least in part on receiving the subset of objects via the application programming interface (paragraphs [0037], [0044] and [0055], Jain teaches receiving the documents from the API.).
Examiner supplies the same rationale for the combination of the references as in claim 2 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THADDEUS J PLECHA whose telephone number is (571)270-7506. The examiner can normally be reached M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THADDEUS J PLECHA/ Examiner, Art Unit 2438