METHOD AND DEVICES FOR DETERMINING DATA ACCESS RESTRICTIONS

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the application 18/856571 filed on 10/11/2024. Claims 1-12 have been examined and are pending in this application. Priority Applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d) to Application No. PCT/EP2023/059547, filed on 04/12/2023, which claims priority from Application No. EP 22167900.4, filed 04/12/2022, is acknowledged. Information Disclosure Statement The information disclosure statement (IDS), submitted on 10/21/2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Interpretation - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Claim Rejections – 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-5 and 7-11 are rejected under 35 U. S. C. 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more. Regarding claim 1, the claim recites the limitations “determining a first access restriction;” “determining a data provenance of second data;” and “determining [] a second access restriction;” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind. Therefore, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application. It’s noted that the claim recites the operations “monitoring the first access restriction;” and “dynamically determining the second access restriction.” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering/processing/storing information, which are a form of insignificant extra-solution activity. It’s also noted that the claims recite additional limitation/elements (i.e., data processing apparatus, processor, memory, etc.,). However, said additional elements are recited at a high-level of generality (i.e., as a generic computing device performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception or abstract idea using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter. Regarding claims 2-11, claims 2-11 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea and the claims do not positively recite any other operations that could be considered as the abstract idea is being integrated into a practical application or significantly more. It’s noted that claim 3 recites the limitation: “determining the data provenance of the second data;” claim 5 recites the limitation: “determining second metadata associated with the second data;” claim 7 recites the limitations: “determining a third access restriction;” “determining [] represent a stricter access restriction;” “determining a combined access restriction;” “determining [] a second access restriction;” and claim 7 recites the limitation: “controlling access to the second data.” Said steps are either directed to mental processes and/or in a form of insignificant extra-solution activities; The aforementioned steps are not sufficient to consider that the abstract idea is being integrated into a practical application or significantly more. Therefore, claims 2-11 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Ravizza et al. (“Ravizza,” US 2020/0193038) in view of Vickrey et al. (“Vickrey,” US 2022/0398242). Regarding claim 1: Ravizza discloses a computer implemented method for determining data access restrictions, the method comprising: determining a first access restriction to first data (Ravizza: fig. 2, par. 0060 a portion of a hierarchically organized knowledge graph 200 is depicted [] the knowledge graph 200 is organized in 4 layers. The nodes of top layer L2 202 may be accessible by every user (i.e., every user has at least the right to view or read each node on the top layer L2). Thus, the user has the node read right); determining a data provenance of second data, the determined data provenance indicating a dependency of the second data on the first data (Ravizza: fig. 2, par. 0062 the shown middle layer L1 204 includes certain groups-in particular sub-graphs- [] each sub-graph may be represented by one node in the next higher level layer); and determining, based on the data provenance and the first access restriction, a second access restriction to the second data (Ravizza: fig. 2, par. 0063 if the knowledge graph is structured in such a hierarchically organized way, all the methods to manage access rights discussed may easily be applied, in particular the node owner right, the node active right, and the node read right). Ravizza does not explicitly disclose determining the first access restriction comprises monitoring the first access restriction and determining the second access restriction comprises dynamically determining the second access restriction based on the monitored first access restriction. However, Vickrey discloses determining the first access restriction comprises monitoring the first access restriction (Vickrey: par. 0041 the access control device 102 may monitor the ecosystem databases 110A-N for changes and automatically store those changes to the mediation database 112) (Vickrey: par. 0055 block 302 in which the access control device 102 monitors the ecosystem database(s) 110 for changes to one or more of the databases 110 [] the access control device 102 may monitor for changes continuously, periodically, or in response to the occurrence of one or more conditions); and determining the second access restriction comprises dynamically determining the second access restriction based on the monitored first access restriction (Vickrey: par. 0058 in block 312, the access control device 102 updates one or more (e.g., all) of the non-originating ecosystem databases 110 to identify the change to the mediation database 112 [] the non-originating ecosystem databases 110 may be updated immediately, periodically, or in response to the occurrence of one or more conditions). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Vickrey with the system/method of Ravizza to include determining the second access restriction comprises dynamically determining the second access restriction based on the monitored first access restriction. One would have been motivated to providing a method for access control with multiple security ecosystems may include monitoring for changes to a first access control database stored on the access control device and automatically updating a second access control database stored on the access control device (Vickrey: par. 0002). Regarding claim 2: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses wherein the data provenance of the second data indicates one or more of a plurality of dependency types of the second data on the first data, and wherein the second access restriction is determined based on the indicated dependency type (Ravizza: par. 0059 the change of an access right may depend on a structure of the knowledge graph, an access history of a user to a node, and/or a parameter of a user-in particular his profile-indicative of a condition outside the knowledge graph). Regarding claim 3: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses wherein determining the data provenance of the second data comprises determining a provenance graph of the second data (Ravizza: par. 0060 referring to FIG. 2, a block diagram of an embodiment of a portion of a hierarchically organized knowledge graph 200 is depicted). Regarding claim 4: Ravizza in view of Vickrey discloses the method according to claim 3. Ravizza further discloses wherein the provenance graph comprises one or more provenance edges indicative of the dependency, in particular the dependency type, of the second data on the first data (Ravizza: par. 0039 the changing the access right to a node for a user dynamically, depending on a parameter of a user indicative of a condition outside the knowledge graph, may include assigning access rights to a user to nodes to which another user has access rights, if the user and the other user are linked in a social media network). Regarding claim 5: Ravizza in view of Vickrey discloses the method according to claim 1. Vickrey further discloses wherein the first access restriction is determined based on stored first metadata associated with the first data and wherein the method further comprises: determining second metadata associated with the second data, wherein the second metadata is indicative of, in particular comprises, the determined data provenance, the first access restriction and/or the second access restriction (Vickrey: par. 0033 particular ecosystem may have no, or limited, knowledge of the other ecosystem(s) [] the access control device 102 may maintain one or more ecosystem databases 114 for each of the supported ecosystems to store data and otherwise satisfy the requirements associated with the corresponding ecosystem. Additionally, the access control device 102 may include a mediation database 112 that stores data related to various activities that occur within any of the ecosystems supported by the access control device 102). The motivation is the same that of claim 1 above. Regarding claim 6: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses controlling access to the second data based on the second access restriction, in particular denying a read access to the second data and/or allowing a discovery access to the second data, wherein the discovery access enables a user to find the second data and/or to read second metadata of the second data (Ravizza: par. 0049 the changing the access right to a node for a user dynamically, depending on an access history of a user to a node, may include removing the node read right if a user did not access one of the next lower level nodes for a predefined period of time. This way, a proliferation of access rights to nodes may also be counter-fought). Regarding claim 7: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses determining a third access restriction to third data, wherein the determined data provenance indicates a dependency of the second data on the third data (Ravizza: fig. 2; par. 0061 the lowest level L0 206 (i.e., the fact level in which all nodes include elementary facts) may represent a traditional knowledge graph, in which nodes are connected via links or edges); determining, which of the first and third access restrictions represents a stricter access restriction and/or determining a combined access restriction based on the first and third access restriction (Ravizza: fig. 2; par. 0062 each sub-graph may be represented by one node in the next higher level layer. For example, node 210 represents the sub-graph 208. The node 212 of subgraph 208 represents an area, or a portion, of the lowest layer L0 206 of the complete knowledge graph. This way, elementary facts are all stored on the lowest layer 206 of the knowledge graph 200); determining, based on the data provenance and the stricter access restriction and/or the combined access restriction, a second access restriction to the second data (Ravizza: fig. 2, par. 0063 if the knowledge graph is structured in such a hierarchically organized way, all the methods to manage access rights discussed may easily be applied, in particular the node owner right, the node active right, and the node read right). Regarding claim 8: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses a data processing apparatus comprising means for carrying out the method of claim 1 (Ravizza: par. 0086 programmable data processing apparatus). Regarding claim 9: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses an apparatus comprising: a memory configured to store a computer program comprising instructions (Ravizza: fig. 5 item 504 a system memory); and a processor in communication with the memory, wherein the processor, upon executing the instructions, is configured to cause the apparatus carry out the method of claim 1 (Ravizza: fig. 5 item 502 processors or processing units). Regarding claim 10: Ravizza in view of Vickrey discloses the method according to claim 1. Ravizza further discloses a non-transitory computer-readable medium comprising instructions which, when executed by a computer, cause the computer to carry out the method of claim 1 (Ravizza: par. 0081 the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention). Regarding claim 11: Ravizza in view of Vickrey discloses the method according to claim 5. Ravizza further discloses storing the second metadata (Ravizza: par. 0031 all nodes of a sub-graph-in particular, content of facts stored in a related node). Regarding claim 12: Ravizza in view of Vickrey discloses the method according to claim 5. Ravizza further discloses controlling access to the second data based on the second access restriction, in particular denying a read access to the second data and/or allowing a discovery access to the second data, wherein the discovery access enables a user to find the second data and/or to read second metadata of the second data (Ravizza: par. 0049 the changing the access right to a node for a user dynamically, depending on an access history of a user to a node, may include removing the node read right if a user did not access one of the next lower level nodes for a predefined period of time. This way, a proliferation of access rights to nodes may also be counter-fought). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439