Prosecution Insights
Last updated: July 17, 2026
Application No. 18/786,047

USER-DEFINED FUNCTION SECURITY FRAMEWORK

Non-Final OA §101§102§103
Filed
Jul 26, 2024
Priority
Aug 03, 2023 — provisional 63/530,650
Examiner
NGUYEN, TRONG H
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Cyral Inc.
OA Round
1 (Non-Final)
80%
Grant Probability
Favorable
1-2
OA Rounds
1y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
442 granted / 553 resolved
+21.9% vs TC avg
Strong +56% interview lift
Without
With
+56.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
15 currently pending
Career history
564
Total Applications
across all art units

Statute-Specific Performance

§101
2.9%
-37.1% vs TC avg
§103
85.8%
+45.8% vs TC avg
§102
6.4%
-33.6% vs TC avg
§112
3.0%
-37.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 553 resolved cases

Office Action

§101 §102 §103
DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-29 are pending. Claim Objections Claims 2, 6-8, 13-14, 16-20, and 28-29 are objected to because of the following informalities: “wherein invoking” in claims 2, 18, 19 should read “wherein the invoking”. “wherein rewriting” in claim 6 should read “wherein the rewriting”. “the query” in claims 7-8 lacks antecedent basis. “wherein providing” in claim 13 should read “wherein the providing”. “wherein determining” in line 1 of claims 14, 17, 20 should read “wherein the determining”. “The method of claim 5” in claim 16 should read “The method of claim 15”. “in response to determining” in line 3 of claim 16 should read “in response to the determining”. “The system” in line 1 of claim 20 should read “The method”. “an application of the UDF” in claim 28 should read “the applying of the UDF”. “applying” in claim 29 should read “the applying”. Appropriate correction is required. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-3, 9-11, 14-15, 17-18, 21-26, and 28 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1 recites determining a policy corresponding to the communication, the policy identifying a user-defined function (UDF) corresponding to the policy, the UDF being stored by the data source and invoking the UDF based at least in part on the policy. The limitation of determining a policy corresponding to the communication, the policy identifying a user-defined function (UDF) corresponding to the policy, the UDF being stored by the data source as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. That is, other than reciting “by the sidecar”, nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by the sidecar” language, “determining” in the context of this claim encompasses the user identifying a policy corresponding to the communication, the policy identifying a user-defined function (UDF) corresponding to the policy, the UDF being stored by the data source. The limitation of invoking the UDF based at least in part on the policy as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. That is, other than reciting “using the sidecar”, nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “using the sidecar” language, “invoking” in the context of this claim encompasses the user selecting the UDF based at least in part on the policy. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application because the claim does not recite additional elements that integrate the judicial exception into a practical application. Claim 1 recites the additional element of (a) receiving, at a sidecar, a communication for a data source and (b) the sidecar. However, the receiving step is recited at a high level of generality and amounts to mere data gathering which is a form of insignificant extra-solution activity. The sidecar performing the steps is also recited at a high level of generality and amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements are recited at a high level of generality and amount to mere data gathering which is a form of insignificant extra-solution activity and no more than mere instructions to apply the exception using a generic computer component. Thus, the claimed elements, either individually, or in the ordered combination do not add significantly more to the abstract idea. The claim is not patent eligible. Dependent claims 2-3, 9-11, 14-15, 17-18, and 21-24 further clarify the concept recited in claim 1 however this clarification still falls under the concept recited in claim 1 and does not amount to significantly more than the judicial exception. Dependent claims 2-3, 9-11, 14-15, 17-18, and 21-24 are rejected for at least the reason stated above with respect to claim 1. Claim 25 although not using the exact claim language, contains similar elements as recited in claim 1 and is also rejected for similar reasons. Claim 25 recites the additional element of a processor configured to perform the steps. However, the processor is recited at a high level of generality and amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept. Claim 26 although not using the exact claim language, contains similar elements as recited in claim 1 and is also rejected for similar reasons. Claim 26 recites the additional element of a computer program product embodied in a non-transitory computer readable medium and comprising instructions for performing the steps. However, the computer program product embodied in a non-transitory computer readable medium is recited at a high level of generality and amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept. Claim 28 recites determining a user-defined function (UDF) to be applied in connection with determining a response to the input communication, wherein the UDF is determined based at least in part on an indication comprised in the input communication; determining the response to the input communication, including applying the UDF; and providing the response to the input communication based at least in part on an application of the UDF. The limitation of determining a user-defined function (UDF) to be applied in connection with determining a response to the input communication, wherein the UDF is determined based at least in part on an indication comprised in the input communication as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “determining” in the context of this claim encompasses the user identifying a user-defined function (UDF) to be applied in connection with determining a response to the input communication, wherein the UDF is determined based at least in part on an indication comprised in the input communication. The limitation of determining the response to the input communication, including applying the UDF as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “determining” in the context of this claim encompasses the user performing the UDF to create a response to the input communication. The limitation of providing the response to the input communication based at least in part on an application of the UDF as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “providing” in the context of this claim encompasses the user creating the response to the input communication based at least in part on an application of the UDF. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application because the claim does not recite additional elements that integrate the judicial exception into a practical application. Claim 1 recites the additional element of (a) receiving, at a data source, an input communication querying a subset of data stored at the data source and (b) the data source. However, the receiving step is recited at a high level of generality and amounts to mere data gathering which is a form of insignificant extra-solution activity. The data source is also recited at a high level of generality and amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-14, 21, and 24-29 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Walters (US 11392603). 1. Walters discloses A method, comprising: receiving, at a sidecar, a communication for a data source; (e.g. figs. 1, 6, 8, col. 3, ll. 2-3, col. 5, ll. 15-16, col. 10, ll. 4-14, col. 12, ll. 26-27: a request is sent by the database client to the proxy server…where the proxy server 102 receives requests from the client computer system 104…the client computer system submits 604 the request to the proxy server…The proxy server receives the request…At block 802 with the proxy server translates the request received from the client computer system…) determining, by the sidecar, a policy corresponding to the communication, the policy identifying a user-defined function (UDF) corresponding to the policy, the UDF being stored by the data source; and (e.g. figs. 2-3, 6-8, col. 3, ll. 19-28, 38-46, col. 5, ll. 25-50, col. 7, ll. 32-col. 8, ll. 4, col. 8, ll. 27-34, col. 10, ll. 31-49, col. 12, ll. 19-31: Rules may be provided to the proxy server in a variety of ways, according to various embodiments. In one embodiment, the rules are provided by database users and are submitted to the proxy server via a database client. In one embodiment, the rules are provided by the database administrator, and the rules are submitted to the proxy server via an administrative console connected to the proxy server. In one embodiment, each particular rule describes one or more conditions under which the particular rule is to be applied to a particular request…a request identifies an action to be taken when the rule is applicable. In one embodiment, the action may describe passing a request to the database server, rejecting requests, routing a request to a particular database server, logging a request or modifying a request before forwarding the request to a database server. In one embodiment, the action may cause the proxy server to produce a corresponding set of database commands that are based at least in part on the request…The set of applicability fields 306 describes when the rule represented by the rule record 304 is to be applied by a database proxy service. In one embodiment, the set of applicability fields 306 includes a request type filter 310, a user filter 312, and a client computer system filter 314…The set of action fields 308 describes actions performed by the database proxy service when a particular rule represented by the rule record 304 is applied. In one embodiment, the set of action fields 308 includes a translation action field 316, routing action field 318, a logging action field 320, a blocking action field 322, and a results action field 324. In one embodiment, the translation action field 316 describes a modification to an incoming request that produces a sequence of database commands for fulfilling the request…at block 610, the proxy server identifies an applicable rule from a database of rules maintained by the proxy server. In one embodiment, the proxy server searches a rules database, and evaluates applicability logic for each rule in the rules database to determine whether each rule in the rules database is applicable to the request. In one embodiment, the proxy server identifies a set of rules that are applicable to the request. In one embodiment, at block 612, the proxy server applies the set of rules to generate a set of database commands that, when executed on a particular database server, fulfill the request. In one embodiment, if the set of rules is empty, the proxy server generates a set of database commands that matches the request. In one embodiment, based at least in part on the applicable rules, the set of database commands may be a modified version of the request, a matching version of the request, or an empty set of database commands…FIG. 8 shows an illustrative example of a process that, as a result of being performed by a proxy server, fulfills a request by applying a selected rule to the request to produce a set of database commands which are submitted to a database server. A flowchart 800 illustrates an embodiment of a process that begins at block 801 with a proxy server storing a log entry that records the receipt of the request at the proxy server. At block 802 with the proxy server translates the request received from the client computer system into a corresponding set of database commands. The set of database commands is generated so that execution of the set of database commands on a database server fulfills the request.) invoking the UDF based at least in part on the policy using the sidecar. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-19, col. 10, ll. 39-49, col. 12, ll. 26-31: the proxy server applies one or more rules to the request to produce a set of database commands. In one embodiment, the set of database commands is forwarded to the database server where the set of database commands is executed…the proxy server 102 receives requests from the client computer system 104, translates the requests into a series of SQL database commands, and submits the database commands to the database server 108…In one embodiment, the proxy server identifies a set of rules that are applicable to the request. In one embodiment, at block 612, the proxy server applies the set of rules to 40 generate a set of database commands that, when executed on a particular database server, fulfill the request…the set of database commands may be a modified version of the request, a matching version of the request, or an empty set of database commands. In one embodiment, at block 614, the proxy server submits the set of database commands to the database server…At block 802 with the proxy server translates the request received from the client computer system into a corresponding set of database commands. The set of database commands is generated so that execution of the set of database commands on a database server fulfills the request.) 2. Walters discloses The method of claim 1, wherein invoking the UDF comprises causing the data source to apply the UDF with respect to data stored in the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-21, 45-50, col. 10, ll. 39-49, col. 12, ll. 26-31) 3. Walters discloses The method of claim 2, wherein the UDF is applied in connection with determining a response to a query associated with the communication. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-21, 45-50, col. 10, ll. 39-49, col. 12, ll. 26-31) 4. Walters discloses The method of claim 1, wherein the invoking the UDF comprises: providing, by the sidecar, an input communication for the data source, the input communication based on the UDF and the communication; providing the input communication to the data source; and returning a response to the input communication from the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-10, col. 5, ll. 15-23, col. 10, ll. 39-49, 55-67, col. 12, ll. 26-31, col. 13, ll. 6-16) 5. Walters discloses The method of claim 4, wherein in response to receiving the input communication, the data source locally executes the UDF in connection with determining the response to the input communication. (e.g. figs. 1, 6, 8, col. 3, ll. 4-10, col. 5, ll. 15-23, col. 10, ll. 39-41, 55-67, col. 12, ll. 26-31, col. 13, ll. 6-8) 6. Walters discloses The method of claim 1, wherein the invoking the UDF comprises: rewriting the communication to obtain an input communication to be provided the data source, wherein rewriting the communication comprises modifying the communication to comprise logic associated with the UDF; and providing the input communication to be provided to the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-19, col. 10, ll. 39-49, col. 12, ll. 26-31) 7. Walters discloses The method of claim 6, wherein the data source processes the query to obtain a response to the communication with the policy having been enforced. (e.g. figs. 1, 6, 8, col. 3, ll. 4-10, col. 5, ll. 15-23, col. 10, ll. 39-41, 55-67, col. 12, ll. 26-31, col. 13, ll. 6-8) 8. Walters discloses The method of claim 6, wherein the data source processes the query to perform the logic associated with the UDF comprised in the input communication without calling the data source calling the UDF. (e.g. figs. 1, 6, 8, col. 3, ll. 4-10, col. 5, ll. 15-23, col. 10, ll. 39-41, 55-67, col. 12, ll. 26-31, col. 13, ll. 6-8) 9. Walters discloses The method of claim 1, wherein the sidecar serves as a proxy between a client and the data source. (e.g. figs. 1, 6, 8, col. 2, ll. 66-col. 3, ll. 2, col. 5. Ll. 5-7) 10. Walters discloses The method of claim 9, wherein the communication is received from the client. (e.g. figs. 1, 6, 8, col. 3, ll. 2-3, col. 5, ll. 15-16, col. 10, ll. 4-14, col. 12, ll. 26-27) 11. Walters discloses The method of claim 1, further comprising: obtaining a response comprising at least a subset of data responsive to the communication for the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 8-10, col. 5, ll. 20-23, col. 10, ll. 55-67, col. 13, ll. 6-15) 12. Walters discloses The method of claim 11, further comprising: providing the response to a client system from which the communication is received. (e.g. figs. 1, 6, 8, col. 3, ll. 8-10, col. 5, ll. 20-23, col. 11, ll. 11-14, col. 13, ll. 6-15) 13. Walters discloses The method of claim 12, wherein providing the response to the client system comprises: post-processing the response before sending the response to the client system. (e.g. col. 3, ll. 11-13, col. 11, ll. 4-16, col. 13, ll. 6-16) 14. Walters discloses The method of claim 1, wherein determining the policy corresponding to the communication comprises: identifying one or more policies to be enforced with respect to obtaining a response to the communication, wherein the one or more policies are identified based at least in part on at least one characteristic associated with one or more of (i) the communication, (ii) a system from which the communication is received, (iii) a user or account associated with the system, and (iv) the data source. (e.g. figs. 2-3, 6-8, col. 3, ll. 19-35, col. 5, ll. 30-40, col. 7, ll. 32-51) 21. Walters discloses The method of claim 1, wherein the UDF is stored in a UDF library at the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-21, 45-50, col. 10, ll. 39-49, col. 12, ll. 26-31) 24. Walters discloses The method of claim 1, wherein the UDF causes a subset of data responsive to a query associated with the communication for the data source to be filtered from a response provided for the query. (e.g. col. 8, ll. 27-34) 25. This claim is rejected for similar reasons as in claim 1. Walters further discloses A system, comprising: a processor configured to perform the steps (e.g. figs. 1, 6, 8, col. 29, ll. 47-66) 26. This claim is rejected for similar reasons as in claim 1. Walters further discloses A computer program product embodied in a non-transitory computer readable medium and comprising computer instructions for performing the steps (e.g. figs. 1, 6, 8, col. 29, ll. 47-66) 27. Walters discloses A method, comprising: receiving, at a dispatcher of a sidecar, a communication for a data source, the sidecar including the dispatcher and a plurality of services; (e.g. figs. 1, 6, 8, col. 3, ll. 2-3, col. 5, ll. 15-16, col. 10, ll. 4-14, col. 12, ll. 26-27: a request is sent by the database client to the proxy server…where the proxy server 102 receives requests from the client computer system 104…the client computer system submits 604 the request to the proxy server…The proxy server receives the request…At block 802 with the proxy server translates the request received from the client computer system…) determining, by a first service, a policy corresponding to the communication, the policy identifying a user-defined function (UDF) corresponding to the policy; (e.g. figs. 2-3, 6-8, col. 3, ll. 19-28, 38-46, col. 5, ll. 25-50, col. 7, ll. 32-col. 8, ll. 4, col. 8, ll. 27-34, col. 10, ll. 31-49, col. 12, ll. 19-31: Rules may be provided to the proxy server in a variety of ways, according to various embodiments. In one embodiment, the rules are provided by database users and are submitted to the proxy server via a database client. In one embodiment, the rules are provided by the database administrator, and the rules are submitted to the proxy server via an administrative console connected to the proxy server. In one embodiment, each particular rule describes one or more conditions under which the particular rule is to be applied to a particular request…a request identifies an action to be taken when the rule is applicable. In one embodiment, the action may describe passing a request to the database server, rejecting requests, routing a request to a particular database server, logging a request or modifying a request before forwarding the request to a database server. In one embodiment, the action may cause the proxy server to produce a corresponding set of database commands that are based at least in part on the request…The set of applicability fields 306 describes when the rule represented by the rule record 304 is to be applied by a database proxy service. In one embodiment, the set of applicability fields 306 includes a request type filter 310, a user filter 312, and a client computer system filter 314…The set of action fields 308 describes actions performed by the database proxy service when a particular rule represented by the rule record 304 is applied. In one embodiment, the set of action fields 308 includes a translation action field 316, routing action field 318, a logging action field 320, a blocking action field 322, and a results action field 324. In one embodiment, the translation action field 316 describes a modification to an incoming request that produces a sequence of database commands for fulfilling the request…at block 610, the proxy server identifies an applicable rule from a database of rules maintained by the proxy server. In one embodiment, the proxy server searches a rules database, and evaluates applicability logic for each rule in the rules database to determine whether each rule in the rules database is applicable to the request. In one embodiment, the proxy server identifies a set of rules that are applicable to the request. In one embodiment, at block 612, the proxy server applies the set of rules to generate a set of database commands that, when executed on a particular database server, fulfill the request. In one embodiment, if the set of rules is empty, the proxy server generates a set of database commands that matches the request. In one embodiment, based at least in part on the applicable rules, the set of database commands may be a modified version of the request, a matching version of the request, or an empty set of database commands…FIG. 8 shows an illustrative example of a process that, as a result of being performed by a proxy server, fulfills a request by applying a selected rule to the request to produce a set of database commands which are submitted to a database server. A flowchart 800 illustrates an embodiment of a process that begins at block 801 with a proxy server storing a log entry that records the receipt of the request at the proxy server. At block 802 with the proxy server translates the request received from the client computer system into a corresponding set of database commands. The set of database commands is generated so that execution of the set of database commands on a database server fulfills the request.) providing, by a second service, an input communication for the data source, the input communication based on the UDF and the communication; providing the input communication to the data source; and returning a response to the input communication from the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-10, col. 5, ll. 15-23, col. 10, ll. 39-49, 55-67, col. 12, ll. 26-31, col. 13, ll. 6-16: the proxy server applies one or more rules to the request to produce a set of database commands. In one embodiment, the set of database commands is forwarded to the database server where the set of database commands is executed and produces results. In one embodiment, the database server returns the results to the proxy server, and the proxy server forwards the results to the database client…where the proxy server 102 receives requests from the client computer system 104, translates the requests into a series of SQL database commands, and submits the database commands to the database server 108 over a persistent logical connection maintained by the proxy server 102. In one embodiment, the database server 108 produces results which are returned to the proxy server 102 over the logical connection and relayed to the client computer system 104… at block 612, the proxy server applies the set of rules to generate a set of database commands that, when executed on a particular database server, fulfill the request. In one embodiment, if the set of rules is empty, the proxy server generates a set of database commands that matches the request. In one embodiment, based at least in part on the applicable rules, the set of database commands may be a modified version of the request, a matching version of the request, or an empty set of database commands. In one embodiment, at block 614, the proxy server submits the set of database commands to the database server…at block 616, the database server executes the set of database commands received from the proxy server…as a result of executing the set of database commands, the database server produces a set of results. In one embodiment, at block 618, the database server returns the set of results to the proxy server… At block 802 with the proxy server translates the request received from the client computer system into a corresponding set of database commands. The set of database commands is generated so that execution of the set of database commands on a database server fulfills the request…the selected database server generates results in response to the set of database commands, and the results are received 812 by the proxy server) 28. Walters discloses A method, comprising: receiving, at a data source, an input communication querying a subset of data stored at the data source; (e.g. figs. 1, 6, 8, col. 3, ll. 2-8, col. 5, ll. 15-19, col. 10, ll. 4-7, 48-49, col. 12, ll. 24-31, 62-63: a request is sent by the database client to the proxy server, and the proxy server applies one or more rules to the request to produce a set of database commands. In one embodiment, the set of database commands is forwarded to the database server…where the proxy server 102 receives requests from the client computer system 104, translates the requests into a series of SQL database commands, and submits the database commands to the database server 108…at block 602 with a client computer system generating a request to be submitted to the database server by the proxy server…at block 614, the proxy server submits the set of database commands to the database server… at block 801 with a proxy server storing a log entry that records the receipt of the request at the proxy server. At block 802 with the proxy server translates the request received from the client computer system into a corresponding set of database commands. The set of database commands is generated so that execution of the set of database commands on a database server fulfills the request…At block 810, the proxy server submits the set of database commands to the selected database server) determining a user-defined function (UDF) to be applied in connection with determining a response to the input communication, wherein the UDF is determined based at least in part on an indication comprised in the input communication; determining the response to the input communication, including applying the UDF; and providing the response to the input communication based at least in part on an application of the UDF. (e.g. figs. 1, 6, 8, col. 3, ll. 5-10, col. 5, ll. 20-23, 45-50, 61-65, col. 10, ll. 55-67, col. 13, ll. 6-15: the set of database commands is forwarded to the database server where the set of database commands is executed and produces results. In one embodiment, the database server returns the results to the proxy server, and the proxy server forwards the results to the database client…the database server 108 produces results which are returned to the proxy server 102 over the logical connection and relayed to the client computer system 104…The database server 108 includes a relational database service 114 that manages a relational database 116. In one embodiment, the relational database service 114 is a service that accepts SQL commands via an implementation-specific interface, and applies the SQL commands to information contained in the relational database 116…The database server 108 executes the database commands and produces results which are returned over the logical connection to the proxy server 102…at block 616, the database server executes the set of database commands received from the proxy server. In one embodiment, execution of the database commands is performed on a database engine running on the database server. In one embodiment, the set of database commands is comprised of SQL commands. In one embodiment, the set of database commands includes a stored procedure. In one embodiment, as a result of executing the set of database commands, the database server produces a set of results. In one embodiment, at block 618, the database server returns the set of results to the proxy server…the selected database server generates results in response to the set of database commands, and the results are received 812 by the proxy server…At block 816, the proxy server returns the results to the requester.) 29. Walters discloses The method of claim 28, wherein the UDF is stored at the data source, and applying the UDF comprises executing the UDF locally at the data source. (e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-21, 45-50, col. 10, ll. 39-49, col. 12, ll. 26-31) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Walters (US 11392603) in view of Kvalnes (US 20230289457). 15. Walters discloses The method of claim 14, wherein the determining the policy corresponding to the communication further comprises: determining that a plurality of policies are to be enforced; (e.g. figs. 2-3, 6-8, col. 3, ll. 19-35, col. 5, ll. 30-40, col. 7, ll. 32-51) and does not appear to explicitly disclose but Kvalnes discloses determining whether enforcement of the plurality of policies is expected to cause a conflict; and determining a conflict resolution for the plurality of policies. (e.g. ¶33) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kvalnes into the invention of Walters for the purpose of avoiding contradictory results (Kvalnes, ¶33). 16. Walters discloses The method of claim 5 (see above) and does not appear to explicitly disclose but Kvalnes discloses wherein the determining the policy corresponding to the communication further comprises: in response to determining the conflict resolution for the plurality of policies, causing the conflict resolution to be implemented in connection with enforcement of the plurality of policies. (e.g. ¶33). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kvalnes into the invention of Walters for the purpose of avoiding contradictory results (Kvalnes, ¶33). 17. Walters discloses The method of claim 14, wherein determining the policy corresponding to the communication comprises: determining that the one or more policies collectively identify a plurality of UDFs to be invoked; (e.g. figs. 2-3, 6-8, col. 3, ll. 19-28, 38-46, col. 5, ll. 25-50, col. 7, ll. 32-col. 8, ll. 4, col. 8, ll. 27-34, col. 10, ll. 31-49, col. 12, ll. 19-31) and does not appear to explicitly disclose but Kvalnes discloses determining whether an application of the plurality of UDFs is expected to cause a conflict; and determining a conflict resolution for the plurality of UDFs. (e.g. ¶33). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kvalnes into the invention of Walters for the purpose of avoiding contradictory results (Kvalnes, ¶33). 18. Walters-Kvalnes discloses The method of claim 17, wherein invoking the UDF based on the policy comprises: causing the conflict resolution to be implemented in connection with the application of the plurality of UDFs. (e.g. ¶33). Same motivation as in claim 17 would apply. 19. Walters-Kvalnes discloses The method of claim 17, wherein invoking the UDF based on the policy comprises: determining an input communication for the data source, (Walters, e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-19, col. 10, ll. 39-49, col. 12, ll. 26-31) wherein the input communication includes an indication of the conflict resolution; (Kvalnes, e.g. ¶33) and providing the input communication to the data source. (Walters, e.g. figs. 1, 6, 8, col. 3, ll. 4-7, col. 5, ll. 15-19, col. 10, ll. 39-49, col. 12, ll. 26-31). Same motivation as in claim 17 would apply. Claims 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Walters (US 11392603) in view of Maman (US 20130133059). 22. Walters discloses The method of claim 1 (see above) and does not appear to explicitly disclose but Maman discloses wherein the UDF masks a subset of data returned from the data source in response to a query associated with the communication for the data source. (e.g. ¶19, 45) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Maman into the invention of Walters for the purpose of ensuring that sensitive information is not revealed to the accessing application requesting this information (Maman, ¶19). 23. Walters discloses The method of claim 1 (see above) and does not appear to explicitly disclose but Maman discloses wherein the UDF obfuscates a subset of data returned from the data source in response to a query associated with the communication for the data source. (e.g. ¶19, 45) It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Maman into the invention of Walters for the purpose of ensuring that sensitive information is not revealed to the accessing application requesting this information (Maman, ¶19). Allowable Subject Matter Claim 20 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome the claim objections set forth above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Bodziony (US 20200218829) discloses Returning to FIG. 3, if the proxy determines that a coprocessor (for performing data masking) has not been deployed to the resources responsible for the targeted tables, the proxy generates and compiles a coprocessor (350) and deploys the coprocessor to the resources responsible for the targeted tables (360). Once the coprocessor has been deployed, the proxy directs the query to the database (370), via the coprocessor, such that the coprocessor performs the data masking and the proxy then returns the responsive data to the client (e.g., FIG. 1, 160). In embodiments of the present invention where the database is an HBase, the proxy identifies the one or more regions of data accessed by the query and the one or more region servers responsible for these regions. The proxy then determines whether a coprocessor has been deployed to the identified region servers and if no proxy was already deployed, the proxy generates, compiles, and deploys a coprocessor for data masking, to the region servers. Rohel (US 20180351923) discloses an edge encryption proxy/gateway that encrypts sensitive portions of data before sending them to an external service provider for storage may also generate metadata that indicates one or more properties of a portion of the data being encrypted and enable the service provider to perform operations that depend on the one or more properties. For example, the edge encryption proxy/gateway may, upon determining that a portion of data (e.g., an IP address) being relayed to the service provider will be encrypted, may determine properties of the portion of data needed to support functions provided by the service provider (e.g., the property of whether an IP address is an IPV6 address). Metadata indicating these properties may then be encoded (e.g., using an interface description language such as a Protocol Buffer) (an attribute of a target device) and included, along with the encrypted data, in a payload of data forwarded to the service provider for storage. The metadata may indicate the one or more properties without revealing all the information of the data that has been selected for edge encryption. Mital (US 20200236108) discloses a mechanism for providing connection to a database is described. A connection to the database is intercepted. The connection is assigned to an instance of the database. A sidecar is configured to proxy the connection to the database. The sidecar is stateless and passes all communications for the connection to the instance of the database. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312. The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TRONG H NGUYEN/Primary Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

Jul 26, 2024
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682074
STATIC VALIDATION OF MACHINE CODE FOR SECURITY PROPERTIES
2y 3m to grant Granted Jul 14, 2026
Patent 12675726
QUANTUM SERVICE DISCOVERY
3y 5m to grant Granted Jul 07, 2026
Patent 12670252
METHODS AND SYSTEMS FOR PROTECTING COMPUTER SYSTEMS FROM ENCRYPTION-BASED MALWARE
3y 3m to grant Granted Jun 30, 2026
Patent 12664319
DATA ENCRYPTION SUITABLE FOR USE IN SYSTEMS WITH PROCESSING-IN-MEMORY
3y 12m to grant Granted Jun 23, 2026
Patent 12657301
SYSTEM AND METHOD FOR EARLY NOTIFICATION OF CYBER VAULT DATA INTEGRITY SCANNER COMPROMISE
3y 0m to grant Granted Jun 16, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
80%
Grant Probability
99%
With Interview (+56.4%)
3y 2m (~1y 2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 553 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month