Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
2. Claims 21-40 are presented for examination.
3. This office action is in response to the claims filed 08/29/2025.
4. Claims 21 and 31 are independent claims.
5. The office action is made Non-Final.
Information Disclosure Statement
6. The information disclosure statement (IDSs) submitted on 09/10/2025 was considered by the examiner.
Claim Objections
7. Claim 31 is objected to because of the following informalities:
claim 31 recites “A computer-implemented for applying access rights to a database comprising:”, while claims 32-40 depend on claim 31, claim 31 is a method claim. claim 31 should read recites “A computer-implemented method for applying access rights to a database comprising:”, Appropriate correction is required.
Claims 32-40 are also objected because they depend on claim 31.
Double Patenting
8. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
9. Claims 21-25, 28-30, 31-34, 36 and 38-40 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 21, 25-27, 22, 24, 28, 30, 31, 35-37, 33, 34, 38 and 40 of U.S Patent No 12235986. Although the claims at issue are not identical, they are not patentably distinct from each other.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
In the table below, the left side is parts of claims 21-25, 28-30, 31-34, 36 and 38-40 in the current application while the right side is the claims and text that conflict with the parts of claims 21, 25-27, 22, 24, 28, 30, 31, 35-37, 33, 34, 38 and 40.
19/025,546 (present application)
18/390,247 (U.S Patent No 12235986)
Claim 21. (New) A system for applying access rights to a database comprising: one or more computer processors operatively coupled to the database, wherein the one or more computer processors are individually or collectively programmed to:
(a) store one or more permission schemas in a plurality of permission schemas data structures, wherein the one or more permission schemas define one or more access permissions to data objects stored in the database without including user information;
(b) store an assignment of at least one permission schema to a user in a data structure, wherein the data structure comprises a unique user identifier and a unique identifier of the at least one permission schema; and
(c) calculate an access right associated with the user for performing an operation directed to at least a subset of data objects stored in the database, wherein the access right is calculated by retrieving the at least one permission schema assigned to the user via the data structure in (b).
Claim 21. (New) A system for applying access rights to a database comprising: one or more computer processors operatively coupled to the database, wherein the one or more computer processors are individually or collectively programmed to:
(a) create a plurality of permission schemas and storing the plurality of permission schemas in a plurality of permission schemas data structures, wherein the plurality of permission schemas data structures define one or more access permissions to data objects stored in the database without including user information;
(b) store an assignment of one or more of the plurality of permission schemas to a user in a data structure, wherein the data structure comprises a unique user identifier and one or more unique identifiers of the one or more of the plurality of permission schemas; and
(c) calculate an access right associated with the user for performing an operation directed to at least a subset of data objects stored in the database, wherein the access right is calculated by retrieving the one or more of the plurality of permission schemas assigned to the user via the plurality of permission schemas data structures in (a) and the data structure in (b).
Claims 22-25 & 28-30
Claims 25, 26, 27, 22, 24, 28 and 30 respectively
Claims 31-34, 36, 38-40
Claims 31, 35-37, 33 and 34, 38 and 40 respectively
Examiner Note
10. The Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the Applicant(s). Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the Applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
Claim Rejections - 35 USC § 102
11. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
15. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) The claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention;
12. Claims 21-24, 29, 30, 31-34, 39 and 40 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Van Dyke et al (US 6412070 B1) hereinafter as Van Dyke.
1. Regarding claim 1, Van Dyke teaches A system for applying access rights to a database comprising: one or more computer processors operatively coupled to the database, wherein the one or more computer processors are individually or collectively programmed to:
(a) store one or more permission schemas in a plurality of permission schemas data structures, wherein the one or more permission schemas define one or more access permissions to data objects stored in the database without including user information (“Fig 3 illustrating a control access data structure (a plurality of permission schemas data structures) used by the computing system to maintain defined control access rights (permission schemas)”, Fig 3, col 6, lines 4-10, “The definition of control access data structure 155 is stored in a schema of a directory service (DS) (permission schemas data structures)”, Figs 7 through 10, col 9, lines 36-45, “When a user 145 wants to manage the security of a particular object 125, administrative tool 400 queries a schema of the corresponding object 125 in order to display a list of all the control access rights that have been defined for that object 125.”, col 5, lines 37-49, “users 145 can dynamically create unique control access rights for one or more objects 125. As used herein, control access rights do not control access to data within objects 125, but control access to an operation, or action, to be performed on or by object 125, Fig 6, col 8, lines 26-37, “After defining a new control right by creating an access control data structure 155 in step 310, the control right must be assigned to a specific object 125 within computer 20… Operating system 120 also creates a unique identifier for the control access night and sets the "RightsGUID" 165 with the identifier to define the unique value.””);
Examiner interpretation: the control access data structure created in the Van Dyke reference , dynamically creating unique control access rights for each object, The user information is included in the access control entry (ACE) NOT in the control access data structure as per col 2, lines 14-17, “an improved access control entry (ACE) is defined (permission schema assignment/mapping) which holds a unique identifier of the trusted user (a unique user identifier) and a unique identifier of the control access data structure (a unique identifier of the at least one permission schema).”.
(b) store an assignment of at least one permission schema to a user in a data structure, wherein the data structure comprises a unique user identifier and a unique identifier of the at least one permission schema (col 2, lines 14-17, “an improved access control entry (ACE) is defined (permission schema assignment/mapping) which holds a unique identifier of the trusted user (a unique user identifier) and a unique identifier of the control access data structure (a unique identifier of the at least one permission schema).”, Fig 4, col 6, lines 45-56, “an improved access control entry (ACE) 200 (an assignment of at least one permission schema) by which the invention is able to grant applications 140 rights to operate on objects 125. ACE 200 includes security identifier (SID) 205 (a unique user identifier) that identifies the trusted user 145 to which the ACE applies.”, col 7, lines 25-44, “object GUID 220 holds a unique identifier of a corresponding access control data structure 155 (a unique identifier of the at least one permission schema). Access request 150 specifies the desired access in the form of an access mask and optionally a list of object GUIDs that identify control rights.”, col 9, lines 3-7, “applications 140 are able to define unique control access rights and evaluate whether a requesting user 145 has the right to control the requested object 125 based on the defined control access rights.\-9CVBN M’;.’6”); and
(c) calculate an access right associated with the user for performing an operation directed to at least a subset of data objects stored in the database, wherein the access right is calculated by retrieving the at least one permission schema assigned to the user via the data structure in (b) (col 2, lines 2-17, “In order to grant the access right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.”, “Fig 6 illustrating one mode of operation of the computing system that defines control access rights and authenticates user requests based on the defined rights”, col 5, lines 37-49, “users 145 can dynamically create unique control access rights for one or more objects 125. As used herein, control access rights do not control access to data within objects 125, but control access to an operation, or action, to be performed on or by object 125.”, col 7, lines 45-60, “The invention describes a new access control data structure that facilitates the dynamic creation and assignment of access rights that are unique to the type of object.”, col 10, lines 28-48, “dynamically granting and defining control access rights for objects within a computing environment…the invention provides an operating system having system calls such that applications are able to programmatically define, grant and deny control access rights.”).
13. Regarding claim 22, Van Dyke teaches the invention as claimed in claim 21 above and further teaches wherein the one or more permission schemas are stored in a permission schemas data structure comprising a name of a permission schema (Fig 3, names of the control access data structure), a unique identifier of the permission schema (Abstract, “an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.”, Fig 4, “object GUID 220 holds a unique identifier of a corresponding access control data structure 155.”) and a definition of an access permission (Fig 3, col 6, lines 4-10, “The definition of control access data structure 155 is stored in a schema of a directory service (DS).”).
14. Regarding claim 23, Van Dyke teaches the invention as claimed in claim 21 above and further teaches wherein the access right comprises a mode of access (Fig 6, Fig 10, permission (mode of access)).
15. Regarding claim 24, Van Dyke teaches the invention as claimed in claim 23 above and further teaches wherein the mode of access is a read access, read/write access, modify access, or execute access (Fig 6, Fig 10, permission (mode of access)).
16. Regarding claim 29, Van Dyke teaches the invention as claimed in claim 21 above and further teaches wherein the database stores the data objects in a set of predetermined data structures (Fig 2, col 5, lines 2-17, “computing objects 125”, col 5, lines 25-35, “operating system 120 maintains security information for each object 125”).
17. Regarding claim 30, Van Dyke teaches the invention as claimed in claim 29 above and further teaches wherein the one or more access permissions comprise a predicate and an access mode associated with least one of the set of predetermined data structures (Appendix II, “This API takes the Object security descriptor, desired access mask, and a list of ObjectType GUIDs and returns a True/False status value (predicate) based on whether the desired access is permitted to the porperty set(s) and properties of the DS object.”, “the returned GrantedAccess and AccessStatus”).
18. Regarding claims 31-34, 39 and 70, those claims recite a method performs the method of system claims 21-34, 29 and 30 respectively and are rejected under the same rationale.
Claim Rejections - 35 USC § 103
19. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
20. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
a) A patent may not be obtained through the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
21. Claims 25-28 and 35-38 are rejected under 35 U.S.C.103 as being unpatentable over Van Dyke et al (US 6412070 B1) hereinafter as Van Dyke in view of Becker (EP 1483877 B1) hereinafter as Becker.
22. Regarding claim 25, Van Dyke teaches the invention as claimed in claim 21 above and further implicitly teaches wherein the access right is calculated further based on a permission status (“Fig 6 illustrating one mode of operation of the computing system that defines control access rights and authenticates user requests based on the defined rights”, col 5, lines 37-49, “users 145 can dynamically create unique control access rights for one or more objects 125. As used herein, control access rights do not control access to data within objects 125, but control access to an operation, or action, to be performed on or by object 125.” col 10, lines 28-48, “dynamically granting and defining control access rights for objects within a computing environment…the invention provides an operating system having system calls such that applications are able to programmatically define, grant and deny control access rights.”).
However, Becker explicitly teaches wherein the access right is calculated further based on a permission status (Abstract, “access right comprises right status variable (S V)”, page 3, “defining any right of access entered in the module of access control as a set of independent variables and related variables. These variables comprise at least, in addition to a variable identifying the access right and a variable of validity dates, an action date variable on the access right entered in the access control module and a variable state that can take one of three coded values, that is to say either valid access right, invalid access right or deleted access right.”).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the concept of teachings suggested in Becker’s system into Van Dyke’s and by incorporating Becker into Van Dyke because both systems are related to object access permission would provide a protocol for disabling/erasing access rights to scrambled data (Becker).
23. Regarding claim 26, Van Dyke and Becker teach the invention as claimed in claim 25 above and Van Dyke further teaches wherein the permission status is stored in separate data structure (col 11 & 12, Appendix I (Extended Rights List This appendix lists control access rights automatically created and stored in an extended rights container by Windows. RTM. NT when an active directory is initialized:) & II (“Access Verification API This appendix details Windows. RTM. NT API calls that allow applications to verify control access rights.”, Fig 3, col 5, lines 50-67, “"RightsGUID" field 165 is used by operating system 120 to verify access control.”, col 6, lines 10-24, “When user 145 logs on to computer 20, operating system 120 verifies an entered password according to information stored in a security database.”).
24. Regarding claim 27, Van Dyke and Becker teach the invention as claimed in claim 26 above and Van Dyke further teaches wherein the permission status indicates a validity of a current permission associated with the user (Fig 3, col 5, lines 50-67, “"RightsGUID" field 165 is used by operating system 120 to verify access control.”, col 6, lines 10-24, “When user 145 logs on to computer 20, operating system 120 verifies an entered password according to information stored in a security database.”), also Becker teaches the limitation at (Abstract, page 1, “right status variable (S V), the status assignment variable (S Vx) of the message, corresponding to an enabled, disabled or erased access right, to the status variable (S V) of the entered access right.”).
25. Regarding claim 28, Van Dyke and Becker teach the invention as claimed in claim 25 above and Van Dyke further teaches wherein the access right is recalculated when the permission status is invalid (col 7, lines 45-60, “The invention describes a new access control data structure that facilitates the dynamic creation and assignment of access rights that are unique to the type of object.”, col 10, lines 28-48, “dynamically granting and defining control access rights for objects within a computing environment…the invention provides an operating system having system calls such that applications are able to programmatically define, grant and deny control access rights.”), also Becker teaches the limitation at (page 6, “updates the access right by inputting the access right whose action date corresponds to the invalidation date. The input access right is assigned a state variable corresponding to the invalid access right.”, page 3, “defining any right of access entered in the module of access control as a set of independent variables and related variables. These variables comprise at least, in addition to a variable identifying the access right and a variable of validity dates, an action date variable on the access right entered in the access control module and a variable state that can take one of three coded values, that is to say either valid access right, invalid access right or deleted access right.”).
In line with Applicant pre-grand Pub [0071]:
[0071], “The status may indicate whether the current permission is still valid. In some cases, permission for a user may be recalculated or updated when the status indicates the permission is outdated or invalid. The status may be used for triggering calculation of the permission or access rights for a user.”
26. Regarding claims 35-38, those claims recite a method performs the method of system claims 25-28 respectively and are rejected under the same rationale.
CONCLUSION
27. The prior art made of record and not relied upon is considered pertinent to applicant s disclosure.
Salazar (US 20040122792 A1) discloses managing access to data items in a database that are arranged into a hierarchy of nodes.
Torman et al (US 20140006441 A1) discloses determining user access to custom metadata.
Warshavsky et al (US 20130298202 A1) discloses providing permissions to users in an on-demand service environment.
French et al (US 20120102079 A1) discloses controlling access to or accessing computer files over a computer network.
McPherson et al (US 20070283443 A1) discloses Translation of role-based authoring models for managing RBAC "roles" to resource authorization policy (RAP), such as ACL-based applications.
Kan et al (US 20110218999 A1)
Kilday et al (US 9460026 B1)
Potsh et al (US 20140172745 A1)
Bharadwaj et al (US 20080022361 A1)
Beck (US 20070240203 A1)
Sumner-Moore et al (US 20060230043 A1)
Cook et al (US 6820082 B1)
Piecko (US 20150081747 A1)
Baldry et al (US 10803005 B2)
Gunda et al (US 20080071804 A1)
Kling et al (US 9639594 B2)
BAPAT SUBODH (EP 0952698 A2)
Morita (WO 2012039081 A1)
LUO (WO 2014153759 A1)
STURGE TIMOTHY (CA 2719095 A1)
DUTTA TANMOY (CA 2507886 C)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HICHAM SKHOUN whose telephone number is (571)272-9466. The examiner can normally be reached Normal schedule: Mon-Fri 10am-6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amy Ng can be reached at 5712701698. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HICHAM SKHOUN/Primary Examiner, Art Unit 2164