DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment
This is a reply to the amendment filed on 11/13/2020, in which, claim(s) 1-18 are pending. Claim(s) 1, 5, 7, 11, 13, and 17 are amended. No claim(s) are cancelled or newly added.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 1, 7, and 13 have been considered. The objection of claim(s) 1, 7, and 13 is maintained due to some of the alleged amendment to claim are not found.

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicants’ arguments, see pages 7-12, filed 11/13/2020, regarding the U.S.C. 102 and 103 rejections of claims 1-18 have been fully considered and are not persuasive.
Applicants argue that Fitzpatrick, alone, or in combination with Brock, fails to teach or suggest “generating, by the permission processor, a reduced attribute table, the generating comprising…”.

Besides, a prior art reference must be considered in its entirety, i.e., as a whole, including portions that would lead away from the claimed invention. W.L. Gore & Assoc., Inc. v. Garlock, Inc., 721 F.2d 1540, 220 USPQ 303 (Fed. Cir. 1983), cert. denied, 469 U.S. 851 (1984). See MPEP § 2141.02.
Therefore, the rejection is maintained.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Objections
Claims 1, 7, and 13, are objected to because of the following informalities:  
Claims 1 (line 17), claim 7 (line 14) and claim 13 (line 15) limitations “the one or more permission rules” should be “[[the]] one or more permission rules” since the term “one or more permission rules” is mentioned the very first time in the claims.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Fitzpatrick et al. (US 2006/0224597 A1) in view of Brock et al. (US 2016/0063270 A1).
Regarding Claims 1, 7, and 13, Fitzpatrick discloses
receiving a query from a requesting user to perform an operation including a request to access data related to one or more target users stored in a database ([0049], “Requests from clients… get the UIDs of users who have given permission to a subscriber to update records”, i.e. to perform an operation on the data related to the users, [0010], “a permissions database”); and 
determining, by a permission processor of the application server, whether the requesting user has permission to perform the operation ([0049], “Requests from clients… get the UIDs of users who have given permission to a subscriber to update records…sends it to the server if permissions are appropriately set and the server checks the permissions (of the requesting user)”), the determining including: 
generating, by the permission processor, an attribute table comprising the one or more target users and one or more user attributes, the one or more user attributes comprising metadata associated with the one or more target users ([0122], “The create user API 1012 may include multiple parameters such as, by way of example but not limitation, username, password, firstname, lastname, and email. This API may result in an entry in the user (attribute) table 1102”, refer to user table 1102 in Fig. 11 which comprises one or more target users and their attributes, i.e. metadata associated with the users); 
storing, by the permission processor, the attribute table on the database ([0010], “a permissions database”, [0018] & [0023], “several examples of (attribute) tables that may be included in a database”); 
generating, by the permission processor, a reduced attribute table, the generating comprising removing one or more target users from the attribute table (reduced attribute) tables”, e.g. a permissions table 1108 with target user “000003” is removed from the table); and 
applying, by the permission processor, the one or more permission rules to each of the one or more target users remaining in the reduced attribute table ([0121], “FIG. 11 depicts several examples 1100 of (reduced attribute) tables”, e.g. a permissions table 1108 shows that the one or more permission rules applied to the target users “000001” & “000002” remaining in the table).  
Fitzpatrick does not explicitly teach but Brock teaches 
receiving a query from a requesting user by an application server and via a client interface associated with the application server ([0031], “interacting with a graphical user interface (GUI) provided by the browser on a display… provided by the system 16 or other systems or servers. For example, the user interface device can be used to access data and applications hosted by system”).
Fitzpatrick and Brock are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to receive a request to perform an operation on data related to one or more target users (as disclosed by Fitzpatrick) where the request is received via a user interface associated with the server (as taught by Brock). The motivation/suggestion would have been to enable a system administrator to more effectively manage the large number of permissions associated with database systems (Brock, Abstract).

Regarding Claims 2, 8, and 14, the combined teaching of Fitzpatrick and Brock teaches wherein the one or more target users for removal from the attribute table are selected based on one or more user attributes associated with the requesting user (Fitzpatrick, [0121], “FIG. 11 depicts several examples 1100 of (reduced attribute) tables”, e.g. a permissions table 1108 with target user “000003” is removed from the table because [0123], “Permissions allow or disallow the sharing of data with other users”, i.e. attribute related to the requesting user).

Regarding Claims 3, 9, and 15, the combined teaching of Fitzpatrick and Brock teaches wherein the one or more target users for removal from the attribute table are selected based on one or more permission rules associated with the operation (Fitzpatrick, [0121], “FIG. 11 depicts several examples 1100 of (reduced attribute) tables”, e.g. a permissions table 1108 with target user “000003” is removed from the table because [0123], “Permissions allow or disallow the sharing of data with other users”, i.e. permission rules associated with the operation).

Regarding Claims 4, 10, and 16, the combined teaching of Fitzpatrick and Brock teaches scanning, by the permission processor, one or more rules associated with the operation to select one or more user attributes; and retrieving, by the permission processor, the one or more user attributes from a data table of the database (Fitzpatrick, [0090], “The update is available to the user identified in the grantee UID field on a push or pull basis, as indicated in the push/pull field. User data changes result in added records in the pending transaction log 608. User sync request checked (scanned) for the grantee UID associated with the requesting pull transaction, and the data (i.e. user attributes) is provided if there is a match”).

Regarding Claims 5, 11, and 17, the combined teaching of Fitzpatrick and Brock teaches receiving, by the permission processor, an update to the one or more permission rules ([0038], “checking permissions, as described in more detail with reference to FIGS. 4 and 5, and forwards data associated with the update (of permission rules)”, [0040], “The server sends updates”); and 
updating, by the permission processor, the attribute table based on the update to the one or more permission rules (Fitzpatrick, [0010], “an engine for updating the permissions database”, based on updated permission rules, e.g. described in [0123], “Permissions allow or disallow the sharing of data with other users”).

Regarding Claims 6, 12, and 18, the combined teaching of Fitzpatrick and Brock teaches wherein the attribute table comprises a long column and a string column representing the one or more user attributes (Fitzpatrick, [0121], “FIG. 11 depicts several examples 1100 of (attribute) tables”, e.g. (attribute) table 1114 comprises a long column and a string column).

Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of .
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHENG-FENG HUANG/Examiner, Art Unit 2497