DETAILED ACTION
This Non Final Office Action is in response to Application filed on 02/10/2025.
Claims 1-20 filed on 02/10/2025 are being considered on the merits.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 02/10/2025 are accepted.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-2 and 16 provisionally rejected on the ground of nonstatutory double patenting as being obvious over claims 1, 4 and 13 of US 12259997 B2, hereinafter 997, in view of in view of Chee et. al. (US 20140282683 A1). This is a nonstatutory double patenting rejection.
Instant Application 19/049,799
US 12259997 B2
1. A system, comprising:one or more processors configured to:
1. A system, comprising: a processor configured to:
select a sample of records from a table associated with an external system;
obtain a set of record identifiers (IDs) associated with a selected data store associated with an external system, wherein the selected data store comprises a selected table, wherein the set of record IDs corresponds to a selected sample of records from the selected table;
determine record-level access permissions corresponding to a specified access type associated with a user with respect to the sample of records;
determine record-level access permissions associated with a user for records in the selected data store associated with the set of record IDs;
infer a table-level access permission corresponding to the specified access type associated with the user with respect to the table based at least in part on the record-level access permissions corresponding to the specified access type; and
infer one or more data store-level access permissions associated with the user for the selected data store based at least in part on the record-level access permissions associated with the user for the records in the selected data store, wherein the one or more data store-level access permissions comprise a table-level read access permission, wherein the table-level read access permission is inferred from record-level read access permissions associated with the user that were determined for the selected sample of records;
cause an update to be performed at the external system with respect to the table based at least in part on the table-level access permission corresponding to the specified access type associated with the user; and
determine a discrepancy between the inferred table-level read access permission associated with the user with the desired table-level access permission associated with the user; and in response to the discrepancy, cause an update to be performed at the external system;
one or more memories coupled to the one or more processors and configured to provide instructions to the one or more processors.
Claim 16
and a memory coupled to the processor and configured to provide instructions to the processor.
Claim 13
2. The system of claim 1, wherein to select the sample of records from the table associated with the external system comprises to: determine a sample size of record identifiers (IDs) associated with the table; instruct the external system to sort record IDs associated with records associated with the table; select a set of record IDs associated with the sample size based at least in part on the sorted record IDs; and obtain, from the external system, the set of record IDs, wherein the sample of records comprises records identified by the set of record IDs.
4. The system of claim 1, wherein the processor is further configured to: determine a sample size of record IDs associated with the selected data store; instruct the external system to sort record IDs associated with the records associated with the selected data store; and obtain, from the external system, the set of record IDs associated with the sample size based at least in part on the sorted record IDs.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1, 4 and 13 of 997 contains every element of claims 1-2 and 16 of the instant application except for the bolded limitations as seen in the above table. However,
Chee discloses permissions with corresponding access types (Chee [0056, 0058, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content, based on content accessed, adjustment to access level is performed, [0267-0268] discloses deducing/inferring and adjusting access level based on contexts). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 997 to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 8-9,11, and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1).
Regarding claim 1, Scott teaches a system, comprising: one or more processors (Scott the computer system illustrated in Figure 1) configured to:
select a sample of records from a table associated with an external system (Scott discloses in [0078] obtaining search records as a result of a search query, where the records are associated with a data store 232, i.e. database/table ([0056]), where each record is identified by its unique record ID and associated metadata information disclosed in [0043] “The electronic records stored in the record store 232 are selectively accessible to members of the organization, either through explicit access or implicit access gained through various membership associations within the organization. Each electronic record is assigned a record ID and is associated with a set of metadata.”);
determine record-level access permissions [corresponding to a specified access type] associated with a user with respect to the sample of records (Scott [0085, 0089-0090] and Figure 7 discloses tracking accessibility of the user through databases to identify explicit access/permission of the records and implicit/inferred access/permission of the records, [0070] and Figures 4A-C and 5 illustrates a database/matrix on how e.g. member/user M2 has explicit permissions R2 and implicit permission to R1);
infer a table-level access permission [corresponding to the specified access type] associated with the user with respect to the table based at least in part on the record-level access permissions [corresponding to the specified access type] (Scott [0085, 0089-0090] and Figure 7 discloses tracking accessibility of the user through databases to identify explicit access/permission of the records and implicit/inferred access/permission of the records, [0070] and Figures 4A-C and 5 illustrates a database/matrix on how e.g. member/user M2 has explicit permissions R2 and implicit permission to R1, [0033] further discloses implicit/inferred access/permission, where the records tracking accessibility enable the system to selectively assign the store access level to each member according to what records the member is privileged to access); and
one or more memories coupled to the one or more processors and configured to provide instructions to the one or more processors (Scott discloses the system in Figures 1-3 discloses the client computers and server 130 comprising computer servers as disclosed in [0040], where computer devices and servers comprising processors and memories).
Scott does not disclose the below limitation.
Chee discloses determining and inferring record-level access permissions corresponding to a specified access type (Chee [0056, 0058, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content, based on content accessed, adjustment to access level is performed, [0058] “The partial-access 234 can represent limited set of privileges or access of available functions. The partial-access 234 can specifically exclude the ability for the individual user 205 to set or modify the access level 214 of any user, create or delete any instance of the individual-member profile 206, or a combination thereof.”,[0267-0268] discloses deducing/inferring and adjusting access level based on contexts);
cause an update to be performed at the external system with respect to the table based at least in part on the table-level access permission corresponding to the specified access type associated with the user (Chee [0267] “The access control module 824 is configured to control access for multiple users across multiple devices in the device-grouping 304. The access control module 824 can be configured to set the access level 214 based on the context 308 for accessing the personal device 102, the group-accommodation device 106, the peripheral device 108, the host device 110, the content 302 or feature thereon, or a combination thereof.”, [292] “The content history 312, the access history 216, or a combination thereof can be passed to the adjustment module 814. The adjustment module 814 is configured to adjust the individual-member profile 206, including the access level 214”, [0056, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content, based on content accessed, adjustment to access level is performed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Regarding claim 16, claim 16 recites similar limitations to claim 1, therefore rejected with the same rationale and motivation applied to claim 1.
Regarding claim 8, Scott in view of Chee teaches the system of claim 1, wherein to select the sample of records from the table associated with the external system comprises to:
Scott does not disclose the below limitation.
Chee discloses query the external system for a set of audit logs that describes historical access requests to the table by the user; and identify from a set of records from the set of audit logs, wherein the sample of records comprises the identified set of records (Chee [292] “The content history 312, the access history 216, or a combination thereof can be passed to the adjustment module 814. The adjustment module 814 is configured to adjust the individual-member profile 206, including the access level 214”, [0056, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Regarding claim 9, Scott in view of Chee teaches the system of claim 8.
Scott does not disclose the below limitation.
Chee discloses wherein to determine the record-level access permissions corresponding to the specified access type associated with the user with respect to the sample of records comprises to parse an audit log to determine whether the audit log describes that the user is permitted or not to perform the specified access type to the record in the table (Chee [292] “The content history 312, the access history 216, or a combination thereof can be passed to the adjustment module 814. The adjustment module 814 is configured to adjust the individual-member profile 206, including the access level 214”, [0056, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Regarding claim 11, Scott in view of Chee teaches the system of claim 1.
Scott does not disclose the below limitation.
Chee discloses wherein the one or more processors are further configured to present, at a user interface, the table-level access permission corresponding to the specified access type associated with the user with respect to the table (Chee [0056-0058] illustrate in Figures 2-4 interfaces presenting access level permissions to different list of records/functions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Regarding claim 14, Scott in view of Chee teaches the system of claim 1.
Scott does not disclose the below limitation.
Chee discloses wherein to cause the update to be performed at the external system with respect to the table comprises to cause the update to an access control list (ACL) associated with the table (Chee [0267] “The access control module 824 is configured to control access for multiple users across multiple devices (i.e. controlling access to multiple devices requires access control list) in the device-grouping 304. The access control module 824 can be configured to set the access level 214 based on the context 308 for accessing the personal device 102, the group-accommodation device 106, the peripheral device 108, the host device 110, the content 302 or feature thereon, or a combination thereof.”, [292] “The content history 312, the access history 216, or a combination thereof can be passed to the adjustment module 814. The adjustment module 814 is configured to adjust the individual-member profile 206, including the access level 214”, [0056, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content, based on content accessed, adjustment to access level is performed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Regarding claim 15, Scott in view of Chee teaches the system of claim 1.
Scott does not disclose the below limitation.
Chee discloses wherein to cause the update to be performed at the external system with respect to the table comprises to cause a change to a protected attribute associated with the sample of records (Chee [0267] “The access control module 824 is configured to control access for multiple users across multiple devices in the device-grouping 304. The access control module 824 can be configured to set the access level 214 based on the context 308 for accessing the personal device 102, the group-accommodation device 106, the peripheral device 108, the host device 110, the content 302 or feature thereon, or a combination thereof.”, [292] “The content history 312, the access history 216, or a combination thereof can be passed to the adjustment module 814. The adjustment module 814 is configured to adjust the individual-member profile 206, including the access level 214”, [0056, 0060] discloses different types of access levels, e.g. limited content-based access such as a particular, i.e. identified, content associated with particular category, age, etc., as opposed to complete access, where distinction of contents indicate that the contents are associated with identifier to identify e.g. children content, based on content accessed, adjustment to access level is performed, where adjusting the access level causes a change to a protected attribute associated with any requested/selected records to be accessed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1) and Vignet et. al. (US 20090216766 A1).
Regarding claim 2, Scott in view of Chee teaches the system of claim 1, wherein to select the sample of records from the table associated with the external system comprises to:
determine a sample size of record identifiers (IDs) associated with the table (Scott [0076] “For example, the search module 254 may identify records that were created within a time window specified in the submitted search query. The list of relevant records identified by the search module 254 in the records store 232 based on a search query is provided to the filtering module 258 for filtering from the list records that are not accessible by the member.”, where a sample size of records is identified based on defined time window and accessibility by member, where each identified record is associated with a record ID as disclosed in [0043]).
Scott in view of Chee do not disclose the below limitation.
Vignet discloses instruct the external system to sort record IDs associated with records associated with the table; select a set of record IDs associated with the sample size based at least in part on the sorted record IDs; and obtain, from the external system, the set of record IDs, wherein the sample of records comprises records identified by the set of record IDs (Vignet [0033] “In the example shown in FIG. 2, the database records 202 are sorted based on their unique IDs 208. However, a user may want to sort the database records 202 based on their values 206, which, in the example shown in FIG. 2, represent a cost associated with each database record 202. In an example embodiment, the user may click on a sort button 214, which may include an up arrow and/or a down arrow, in the GUI 106. The client 102 may, in response to the user clicking the sort button 214, send a request over the network 106 to the server 104 to sort the database records 202 in either ascending or descending order.”, [0038] “The server 104 may send a response message to the client 102. The response message may cause the browser 108 and/or the GUI 110 to display the database records 202 (such as in the form of the table 200) according to the sorting performed in response to receiving the request.”, where the sort button 214 is also available at the ID window 208, which enable the request, in response to the user clicking, to be sent to the server 104, and accordingly, obtain/display sorted records based in the records IDs in ascending or descending order).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Thompson to incorporate the teaching of Vignet to utilize the above feature, with the motivation of convenience in displaying records based on any parameters, e.g. cost, ID, etc., the desired by the user, as recognized by (Vignet Abstract [0033]).
Regarding claim 3, Scott in view of Chee and Vignet teaches the system of claim 2.
Scott discloses [0043 0076] identify records accessible to users according to the user’s access level and filtering non accessible records, however, Scott does not disclose the below limitation.
Chee discloses wherein the sample size of record IDs associated with the table is determined based on one or more of the following: a size associated with the table, a historical access evaluation result associated with the user, and the specified access type associated with the user with respect to the table (Chee [0056] “The access level 214 is a representation of features or functions of the computing system 100 accessible to or available for control by the individual user 205. For example, the access level 214 can be a complete-access 232, a partial-access 234, a non-control access 236, a content-based access 238, or a combination thereof.”, [0057-0058] discloses records/functions can be selected and accessed based on specified access type associated with the user with respect to the list/table of available records/functions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott to incorporate the teaching of Chee to utilize the above feature, with the motivation of conveniently adjusting access level, as recognized by (Chee [0268]).
Claims 4-7, 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1) and West et. al. (US 20230141952 A1).
Regarding claim 4, Scott in view of Chee teaches the system of claim 1.
Scott in view of Chee does not explicitly disclose the below limitation.
West discloses wherein to determine the record-level access permissions corresponding to the specified access type associated with the user with respect to the sample of records comprises to generate an application programming interface (API) call to the external system to use an impersonation function to test whether the user is permitted to perform the specified access type to a record in the sample of records (West [0024-0025], [0031] “The API 132 can decode the selection data 143. Decoding the selection data 143 can include parsing the selection data 142 to obtain the encoded data string that was generated by the encoding engine 134. The API 132 can decode the encoded data string to obtain the set of permissions…Once the API 132 identifies the matching index data structure 133b, the API 132 can determine a level of access, if any, the second user device is to have to particular secured content or real-time data stream. In some implementations, this is achieved based on the permissions obtained from the selection data and the permissions associated with each indexed data structure. In other implementations, the API can determine, based on filtering parameters in the decoded permissions data, that second user device is only to have access to the content identified by the content ID field of the index data structure record for a period of time identified by the one or more filtering parameters. Alternatively, or in addition, the API can also determine, based on the filtering parameters, the permissions, or both, that the second user device 140 is to have its access terminated after a specific data, time, or both.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of West to utilize the above feature, with the motivation of utilizing API To determine permissions/access level of requests, as recognized by (West [0021, 004-0025, 0031]).
Regarding claim 17, claim 17 recites similar limitations to claim 4, therefore rejected with the same rationale and motivation applied to claim 4.
Regarding claim 5, Scott in view of Chee and West teaches the system of claim 4.
Scott in view of Chee does not explicitly disclose the below limitation.
West discloses wherein the specified access type associated with the user with respect to the record comprises one or more of a read access, a write access, and a delete access (West [0006] “…the one or more filtering parameters can impose an access control limit access to the identified real-time stream of content generated by the wearable device.”, [0038] “In some implementations, the filtering parameters can include, for example, a time window of underlying data and/or time window of request, delayed data and/or current real-time, a geo-location fenced in area that requires the third-party user device or third party using the second user device to be within a radius of a particular latitude and longitude, function capabilities such as read only with redactions, read only, read/write, update data, administer read/write/updates, and/or the like.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of West to utilize the above feature, with the motivation of accessing content in a secure manner utilizing different access levels, as recognized by (West Abstract).
Regarding claim 18, claim 18 recites similar limitations to claim 5, therefore rejected with the same rationale and motivation applied to claim 5.
Regarding claim 6, Scott in view of Chee and West teaches the system of claim 5.
Scott in view of Chee does not explicitly disclose the below limitation.
West discloses wherein the one or more processors are further configured to, in response to a determination that the user is permitted to perform the specified access type to the record, determine whether the user is permitted to perform the specified access type to a field within the record (West [0024-0025], [0031] “The API 132 can decode the selection data 143. Decoding the selection data 143 can include parsing the selection data 142 to obtain the encoded data string that was generated by the encoding engine 134. The API 132 can decode the encoded data string to obtain the set of permissions…Once the API 132 identifies the matching index data structure 133b, the API 132 can determine a level of access, if any, the second user device is to have to particular secured content or real-time data stream. In some implementations, this is achieved based on the permissions obtained from the selection data and the permissions associated with each indexed data structure. In other implementations, the API can determine, based on filtering parameters in the decoded permissions data, that second user device is only to have access to the content identified by the content ID field of the index data structure record for a period of time identified by the one or more filtering parameters. Alternatively, or in addition, the API can also determine, based on the filtering parameters, the permissions, or both, that the second user device 140 is to have its access terminated after a specific data, time, or both.”, West further discloses accessing a searched (based on matching index data) content, where each indexed data structure, i.e. field, associated with permission, where the indexed data structure pertaining to filtered data as disclosed in [0037] “the access key can include data that is used to index the data structure in the secure database. In some implementations, the one or more filtering parameters impose an access control limit access to the identified real-time stream of content generated by the wearable device… the one or more filtering parameters include a data ”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of West to utilize the above feature, with the motivation of utilizing API To determine permissions/access level of requests, as recognized by (West [0021, 004-0025, 0031]).
Regarding claim 19, claim 19 recites similar limitations to claim 6, therefore rejected with the same rationale and motivation applied to claim 6.
Regarding claim 7, Scott in view of Chee and West teaches the system of claim 6, wherein the…is determined to be associated with a … ID that is inherited from a parent table at the external system, and wherein to determine whether the user is permitted to perform the specified access type to the … within the record comprises to use stored parent-child table relationships to locate the parent table (Scott [0063] “Returning to FIG. 3, the database generation module 250 combines the explicit database and membership databases in the database store to generate accessibility database F.”, [0064] “The database generation module 250 stores the database F in the database store 244 for use by the modules. Database F indicates records that are explicitly or implicitly accessible by each member of the organization. In contrast to the explicit databases and membership databases that track access to records through a plurality of groups and access connections, the accessibility database F tracks access to records through a direct mapping between the records and members of the organization.”, [0070] Figure 5 illustrates an example of combining databases and matrices to compute database F, where this process involves stored group tables comprising parent and child relationship tables in the membership associations 240, as disclosed in [0047, 0050-0051], where access to a record, associated with an ID and metadata, is determined by a particular member explicitly and implicitly (inferred)).
Scott does not explicitly disclose record field. However, West discloses accessing a searched (based on matching index data) content, where each indexed data structure, i.e. field, associated with permission, where the indexed data structure pertain to filtered data as disclosed in [0037] “the access key can include data that is used to index the data structure in the secure database. In some implementations, the one or more filtering parameters impose an access control limit access to the identified real-time stream of content generated by the wearable device… the one or more filtering parameters include a data”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of others to incorporate the teaching of West to utilize the above feature, with the motivation of utilizing API To determine permissions/access level of requests, as recognized by (West [0021, 004-0025, 0031]).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1) and Doyle et. al. (US 20110010761 A1).
Regarding claim 10, Scott in view of Chee teaches the system of claim 1, wherein to infer the table-level access permission corresponding to the specified access type associated with the user with respect to the table based at least in part on the record-level access permissions corresponding to the specified access type comprises to:
Scott in view of Chee does not disclose the below limitations.
Doyle discloses determine a respective percentage of permitted record-level access permissions corresponding to the specified access type from the record-level access permissions corresponding to the specified access type associated with the user with respect to the sample of records; compare the respective percentage against a threshold percentage; and infer the table-level access permission corresponding to the specified access type associated with the user with respect to the table based at least in part on the comparison of the respective percentage against the threshold percentage (Doyle [0049] “Initially, the remote device may receive a request to access security-sensitive application or content in the remote device 502. Upon receiving the request for access, the remote device may determine if its history of access to connectivity satisfy a threshold limit or condition 504. If it is determined that the remote device has a history of access to connectivity that satisfies the threshold limit or condition (e.g., a first history of access to connectivity that indicates recent access to connectivity), the remote device may apply a first level of security in providing (e.g., granting, restricting, denying) the user access to the security-sensitive application and/or content 506…The multiple levels of security may provide varying levels of access to the security-sensitive applications and/or content.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of Doyle to utilize the above feature, with the motivation of conveniently authenticating users based on prior access, as recognized by (Doyle [0049]).
Claims 12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1) and Koshti et. al. (US 20210150024 A1).
Regarding claim 12, Scott in view of Chee teaches the system of claim 1.
Scott in view of Chee does not disclose the below limitation.
Koshti discloses wherein the one or more processors are further configured to: compare the table-level access permission corresponding to the specified access type associated with the user with respect to the table to a set of desired security configurations to determine a discrepancy; and determine the update to be performed at the external system with respect to the table based at least in part on the discrepancy (Koshti [0045] “…security tool 110 may compare each risk 126A, 126B, and 126C to a second threshold 128B to determine whether access patterns 210 and error margins 212 should be updated. The threshold 128B may be set significantly higher or lower than threshold 128A. Thus, if risks 126A, 126B, and 126C exceed or fall below threshold 128B, then certain adjustments should be made to access patterns 210 and/or error margins 212 to better tune security tool 110 to determine data breaches in the future. For example, security tool 110 may adjust access patterns 210A and/or 210B based on the comparison of risks 126A, 126B, and 126C to threshold 128b. Security tool 110 may add particular access times and/or access information to access patterns 210A and 210B to adjust access patterns 210A and 210B. As another example, security tool 110 may increase or decrease error margins 212 based on the comparison of risks 126A, 126B, and 126C to threshold 128B.”, where the threshold is the desired security configuration, depending on the error margin and the risk associated with the user access/permissions, where the system analyze the access risk against a threshold and accordingly adjust/update access permission as disclosed in [0017]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of xxx to utilize the above feature, with the motivation of detecting and preventing data breaches, as recognized by (Koshti [0017]).
Regarding claim 20, claim 20 recites similar limitations to claim 12, therefore rejected with the same rationale and motivation applied to claim 12.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Scott et. al. (US 20200065511 A1), hereinafter Scott in view of Chee et. al. (US 20140282683 A1) and Miedema et. al. (US 20220075674 A1).
Regarding claim 13, Scott in view of Chee teaches the system of claim 1.
Scott does not disclose the below limitation.
Chee discloses wherein the one or more processors are further configured to present, at a user interface, an interactive element such that in response to a user selection of the interactive element, the one or more processors are configured to cause the update to be performed at the external system with respect to the table comprises (Chee Figure 2 [0057] “The complete-access 232 can represent system administrator privileges or complete access of all available functions. The complete-access 232 can include function or accessibility for setting or adjusting the access level 214 for various other users of the computing system 100. The complete-access 232 can further include function or accessibility for transferring or managing content between devices of the computing system 100, creating or deleting the individual-member profile 206 for the other users, overriding commands or access inputs to the computing system 100 other users of the computing system 100 or a combination thereof.”).
Scott in view of Chee does not disclose the below limitation.
Miedema discloses generating a call to an application programming interface (API) associated with the external system (Miedema [0077] “an operator can manipulate the API to change the access level capabilities and/or may define access privileges to adapt to certain situations.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Scott in view of Chee to incorporate the teaching of Miedema to utilize the above feature, with the motivation of adapting access privileges to certain situations, as recognized by (Miedema [0077]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ponzio (US 20140208399 A1) discloses a method and system for accessing a computing resource.
Stieglitz (US 7614078 B1) discloses threshold access based upon stored credentials
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/Primary Examiner, Art Unit 2497