DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
The application does not claim for foreign priority.

Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 04/08/2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

Such claim limitation(s) is/are: “a maintaining unit” recited in claims 11, 18 and 19; and “an access unit”, recited in claims 11, 13, 15 and 19.
.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 6-9 and 11-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 6, 7, 16 and 17 recite the limitation “said user access rights.” There is insufficient antecedent basis for this limitation in the claim. It is suggested to correct the limitation to “said access right.” 
Claims 9 and 19 recite the limitation “said access rights.” There is insufficient antecedent basis for this limitation in the claim. It is suggested to correct the limitation to “said access right of the user initiating said query” or other proper language.


The limitation “a maintaining unit” recited in claims 11, 18 and 19; and “an access unit”, recited in claims 11, 13, 15 and 19 invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
In this regard, the specification discloses “a maintaining unit 302” and “an access unit 304” in paragraph [0053], but fails to disclose particular structures to perform the function, for example, “maintaining … a lower access security label … and an upper access security label”; and for example,“…skipping said storage region during a read execution of said query”, respectively. 
Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).

(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 12, 14, 16 and 17 depend from the rejected claim 11 and does not overcome the rejection by its limitation. Thus, claims 12, 14, 16 and 17 are rejected under 112(b) as being dependent from the rejected claim 11.

9.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 11-19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 11, 18 and 19 recite the limitation “a maintaining unit”; and claims 11, 13, 15 and 19 recite the limitation “an access unit.” However, as described above, the disclosure does not provide adequate structure of “a maintaining unit” to perform the claimed function, for example, “maintaining … a lower access security label … and an upper access security label”; and “an access unit” to perform the claimed function, for example, “skipping said storage region during a read execution of said query.”  The specification just reiterates the claimed language (see paragraph [0053] of the original specification), but does not demonstrate that applicant has made an invention that achieves the claimed functions because the invention is not described with sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor had possession of the claimed invention. 
Claims 12, 14, 16 and 17 are rejected under 112(a) as being dependent from the rejected claim 11.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the 


Claims 1-4, 10, 11-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”).

Regarding claim 1: 
Cotner teaches:
A computer-implemented method for processing a query for accessing data in a database with row level security, wherein said data being organized in rows and columns, wherein rows are grouped in storage regions (claim 10: A computer-implemented method of controlling access to data in at least one row of a database, wherein said at least one row is associated with row-level access control information), said method comprising:
maintaining, as part of a control record .. (para. [0036]: 2. Each row within a secure table is associated with a security label, which can be a column within that security table. For example, that column can have a predetermined name (e.g. SECURITY_LABEL) or it can be identified through an SQL clause when the table is defined (e.g. AS SECURITY LABEL clause on the CREATE TABLE column definition). It will be understood that other techniques can be used to associate a security label with a row. --- It is noted that a security label teaches a control record; column can have a predetermined name (e.g. SECURITY_LABEL) teaches maintaining a control record), a lower access security label, representing a minimal user access right of any of said rows … (para. [0075]: The security label of the row has a value that is within a range of values that are accessible to the user; [0066]: a. The security level of the data contained in the row. This allows implementation of multilevel, hierarchical security schemes (e.g., TOP SECRET, SECRET, UNCLASSIFIED); para. [0073]: If the table does not have a SECURITY_LABEL column, then the query is processed in a conventional manner in operation 86 and the results of the query are returned to the user in operation 88. --- It is noted that for example, UNCLASSIFIED teaches a lower access security label; UNCLASSIFIED implies a minimal user access right of any of said rows), and an upper access security label representing a maximal user access right of any of said rows … (para. [0075]: The security label of the row has a value that is within a range of values that are accessible to the user; [0066]: a. The security level of the data contained in the row. This allows implementation of multilevel, hierarchical security schemes (e.g., TOP SECRET, SECRET, UNCLASSIFIED). --- It is noted that for example, TOP SECRET teaches an upper access security label; TOP SECRET implies a maximal user access right of any of said rows); and
upon determining, for a query, whether an access right of a user initiating said query is below said lower access security label of a storage region addressed by said query, skipping said storage (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: … i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. If not, the user is denied access to the row in operation 96; para. [0078]: The security label associated with the row is outside the range of values corresponding to the user's security label. In this case, the DBMS either ignores the row… --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; the user’s access right are determined teaches upon determining; [when] the security label associated with the row is outside the range of values corresponding to the user's security label, the DBMS either ignores the row teaches [when] an access right of a user is below said lower access security label of a storage, skipping said storage during a read execution of said query).
Cotner is silent about:
… as part of a control record for each storage region …; 
… rows in said storage region …;
… skipping said storage region … 
Dickie, in the same field of endeavor, teaches:
… as part of a control record for each storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. --- It is noted that each region teaches each storage region; metadata about each region corresponds to a control record for each storage region); 
… rows in said storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. --- It is noted that to filter table rows [of] each region of table storage teaches rows in said storage region);
… skipping said storage region … (para. [0013]: In this regard, a range map may be used to define regions that do not have to be read and searched in response to a query. For example, the query may require a surname of “Smith”. Thus, when a surname is part of a query, the surname “Smith”, by virtue of a range map, can be used to eliminate those storage regions that do not contain “Smith” based on the “Smith” query value and the range maps; para. [0005]: For example, if a storage region is known to contain records with column values between 100 and 200 (e.g., as stored in the range map metadata), then when a query with range values outside of that known range (e.g., a query with a value of 500) is evaluated, the evaluation can eliminate that storage region. --- It is noted that eliminate that storage region teaches skipping said storage region).

The motivation is to minimize processing requirements and elapsed time overhead associated with making row-level security checks (Cotner, para. [0009]) by eliminating storage regions from reading according to the user's security label.

Regarding claim 2: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1.
Cotner is silent about:
wherein in each of said storage regions a number of rows is stored, defined by a block size of said database storage and a length of said rows such that a maximum number of rows fits into said storage region.
Dickie teaches:
wherein in each of said storage regions a number of rows is stored, defined by a block size of said database storage and a length of said rows such that a maximum number of rows fits into said storage region (para. [0012]: … Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. The metadata may contain value ranges or range maps that indicate minimum (min) and maximum (max) values for a given column (col) variable. Accordingly, the metadata may be of the form: col 1 {min value, max value}. For example, if a storage region is known to contain records with column values between 100 and 200 (i.e., col 1 {100, 200}), then a query restricted to records with column values greater than 500 will not read that storage region. However, if a query has a value from 100 to 200, including the values of 100 and 200, then that storage region may be read and searched. In this regard, a range map may identify upper and lower range values or bounds for data within a given storage region. The upper and lower bound may be conservative or inclusive of that bound. In one example, for a given storage region, values that are less than or equal to the upper bound (e.g., a max) in storage region's metadata, and greater than or equal to the lower hound (e.g., a min), may be found in that storage region; para. [0044]: The range map hierarchy may be based on any number of levels of granularity (e.g., extents, pages, sets of rows, etc.) and may employ any desired data sizes for the hierarchy (e.g., 8 MB, 3 MB, 128 KB, 64 KB, etc.) to obtain any desired level of data hierarchy. --- It is noted that table rows teaches a number of rows is stored; desired data sizes (e.g., 8 MB, 3 MB, 128 KB, 64 KB, etc.) teaches defined by a block size; the upper bound (e.g., a max) implies a length of said rows such that a maximum number of rows fits into said storage region).
The motivation for claim 1 is applicable for claim 2.

Regarding claim 3: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, further comprising:
Cotner further teaches:
upon determining for a query whether said access right of said user initiating said query is above or equal to said upper access security label … addressed by said query, executing said read query against all rows … and skipping a row security table examination (para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102).
Cotner is silent about:
… a storage region …
Dickie, in the same field of endeavor, teaches:
… a storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows).
The motivation for claim 1 is applicable for claim 3.

Regarding claim 4: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1.
Cotner further teaches:
wherein said access right of the user initiating said query is organized as level access right, category access right and/or cohort access right (para. [0037]: The SECURITY_LABEL column in the row identifies the security level of the data contained in the row, as well as security categories to which the row applies. --- It is noted that the security level of the data teaches level access right; security categories teaches category access right).

Regarding claim 10:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, also comprising:
Cotner further teacehs:
omitting a storage range during reading as part of said query if at least one of said following conditions is met: a user's level is below a minimal level of said storage region (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: … i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. If not, the user is denied access to the row in operation 96; para. [0078]: The security label associated with the row is outside the range of values corresponding to the user's security label. In this case, the DBMS either ignores the row… --- it is noted that [when] the security label associated with the row is outside the range of values corresponding to the user's security label, the DBMS either ignores the row teaches if a user’s level is below a minimal level of said storage region, omitting said storage range during reading as part of said query), a user's category is not matched, or a user's cohort is not found in said storage region.

Regarding claim 11:
Claim 11 recites a database system which corresponds to a computer-implemented method of claim 1, and contains no additional limitations. Therefore claim 11 is rejected by applying the same rationale used to reject claim 1 above.

Regarding claim 12:
Claim 12 recites the database system which corresponds to the computer-implemented method of claim 2, and contains no additional limitations. Therefore claim 12 is rejected by applying the same rationale used to reject claim 2 above.

Regarding claim 13:
Claim 13 recites the database system which corresponds to the computer-implemented method of claim 3, and contains no additional limitations. Therefore claim 13 is rejected by applying the same rationale used to reject claim 3 above.

Regarding claim 14:
Claim 14 recites the database system which corresponds to the computer-implemented method of claim 4, and contains no additional limitations. Therefore claim 14 is rejected by applying the same rationale used to reject claim 4 above.

Regarding claim 20:
Claim 20 recites a computer program product which corresponds to a computer-implemented method of claim 1, and additionally contains program instructions and one or more computing systems or controllers. However, Cotner teaches program instructions and one or more computing systems or controllers (FIG. 1 & para. [0026]: the web server includes a single DBMS 18 that services each of the web sites. --- It is noted that the web server teaches one or more computing systems; it is inherent that the web server contains program instructions).
Therefore claim 20 is rejected by applying the same rationale used to reject claim 1 above.

Claims 5-7, 9, 15-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”), and further in view of Egawa et al. (JP 2006/163586 A; hereinafter, “Egawa”).

Regarding claim 5:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 4.
Cotner in view of Dickie is silent about:
wherein said level access right is maintained as an integer value.
Egawa, in the same field of endeavor, teaches:
(FIG. 3 & page 3 of English translation: Further, the storage unit 12 stores a type access right database that holds information on whether access is permitted for each access mode determined in advance for each type of user. Specifically, as shown in FIG. 3, information (access level value) indicating whether access is possible for each access mode of the user of the type is recorded in association with the type identifier as information for specifying the type. --- It is noted that access level value (i.e., 1, 2, and 3) in FIG. 3 teaches level access right is maintained as an integer value).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as an integer value, as taught by Egawa, in order to represent the access right of users as a relative magnitude.
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple integer values for the user's security label.

Regarding claim 6:  
Cotner in view of Dickie and Egawa teaches:
The computer-implemented method according to claim 5.
Cotner further teaches:
… wherein said user access rights of a user initiating said query must match … in order to access said related row (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102. --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; [when] the security label associated with the row is equal to the security level indicated by the row's security label, the DBMS processes the row and retrieves the requested data values teaches said user access rights must match in order to access said related row).
Cotner in view of Dickie is silent about:
wherein said category access right is a set of all-of-tag implemented as a bitmap, … match all bits of said bitmap …
Egawa teaches:
wherein said category access right is a set of all-of-tag implemented as a bitmap, … match all bits of said bitmap … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches category access right is a set of all-of-tag implemented as a bitmap; the logical product and logical sum of the values is used to determine whether or not access teaches user access rights match all bits of said bitmap in order to access).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as a bit representation, as 
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple bitmap representation for the user's security label.

Regarding claim 7: 
Cotner in view of Dickie and Egawa teaches:
The computer-implemented method according to claim 6.
Cotner further teaches:
wherein said cohort access right is … (para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow. --- It is noted that for example, the label “sunset” teaches cohort access right; further noted that the claim does not specify what cohort access right, thus for the sake of examination, it is interpreted as an access right for hierarchical data), wherein said user access rights of the user initiating said query must match … in order to access said related row (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102. --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; [when] the security label associated with the row is equal to the security level indicated by the row's security label, the DBMS processes the row and retrieves the requested data values teaches said user access rights must match in order to access said related row).
Cotner in view of Dickie is silent about:
wherein said … access right is a set of any-of-tag implemented as said bitmap …, match at least one bits of said bitmap …
Egawa teaches:
wherein said … access right is a set … as said bitmap …, match at least one bits of said bitmap … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches category access right is a set of all-of-tag implemented as a bitmap; the logical product and logical sum of the values is used to determine whether or not access teaches user access rights match at least one bits of said bitmap in order to access).
The motivation for claim 6 is applicable for claim 7.

Regarding claim 9:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, further comprising:
Cotner further teaches:
maintaining said access rights of the user by maintaining a level value (para. [0030]: A security table (SECURITY.TABLE) 30 relates a user ID (USERID) with a security label (SECLABEL) such as security labels “red”, “blue”, or “green.” --- It is noted that security table (SECURITY.TABLE) 30 teaches access rights of the user; security labels “red”, “blue”, or “green” teaches a level value), a category mask, comprising a … summary of all categories assigned to the user (para. [0034]: The security label also identifies security categories within that security level that the user is allowed to access … For example, a given user might be allowed to view data designated by certain security levels, such as the security levels: TOP SECRET, SECRET, and UNCLASSIFIED. --- It is noted that security label identifying security categories teaches a category mask; the security levels: TOP SECRET, SECRET, and UNCLASSIFIED teaches summary of all categories assigned to the user), and a cohort mask, comprising a … summary of all cohorts assigned to the user (para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow; para. [0057]: For example the user “BOSS 1” has access privileges defined in table 64 by the label “rainbow” in row 64 b, thereby giving that user a higher degree of access. --- It is noted that access privileges defined in table 64 teaches a cohort mask comprising a summary of all cohorts assigned to the user).
Cotner in view of Dickie is silent about:
… a bitmap summary of all categories …, and … a bitmap summary of all cohorts …
Egawa teaches:
… a bitmap summary of all categories …, and … a bitmap summary of all cohorts … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches a bitmap summary of all categories and cohorts).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as a bit representation, as taught by Egawa, in order to allow the access right of users to be determined by a logical calculation.
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple bitmap representation for the user's security label.

Regarding claim 15:


Regarding claim 16:
Claim 16 recites the database system which corresponds to the computer-implemented method of claim 6, and contains no additional limitations. Therefore claim 16 is rejected by applying the same rationale used to reject claim 6 above.

Regarding claim 17:
Claim 17 recites the database system which corresponds to the computer-implemented method of claim 7, and contains no additional limitations. Therefore claim 17 is rejected by applying the same rationale used to reject claim 7 above.

Regarding claim 19:
Claim 19 recites the database system which corresponds to the computer-implemented method of claims 9 and 10, and contains no additional limitations. Therefore claim 19 is rejected by applying the same rationale used to reject claims 9 and 10 above.

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”), and further in view of Egawa et al. (JP 2006/163586 A; hereinafter, “Egawa”) and Wolf et al. (US 2016/0162599 A1; hereinafter, “Wolf”).

Regarding claim 8:  
Cotner in view of Dickie and Egawa teaches:

Cotner further teaches:
wherein for each of the multi-level security dimensions level, category, cohort … (para. [0030]: A security table (SECURITY.TABLE) 30 relates a user ID (USERID) with a security label (SECLABEL) such as security labels “red”, “blue”, or “green”; para. [0034]: The security label also identifies security categories within that security level that the user is allowed to access … For example, a given user might be allowed to view data designated by certain security levels, such as the security levels: TOP SECRET, SECRET, and UNCLASSIFIED; para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow; para. [0057]: For example the user “BOSS 1” has access privileges defined in table 64 by the label “rainbow” in row 64 b, thereby giving that user a higher degree of access. --- It is noted that security table (SECURITY.TABLE) 30 teaches the multi-level security dimensions level; security label identifying security categories teaches category; access privileges defined in table 64 teaches cohort).
Cotner in view of Dickie and Egawa is silent about:
… a new data field is added to a zone map of a storage region.
Wolf, in the same field of endeavor, teaches: 
… a new data field is added to a zone map of a storage region (para. [0009]: Some database management systems (DBMSs) maintain zone maps which may be used to filter out rows of a table before actually reading the data stored in those rows; para. [0010]: A zone map is a collection of metadata for a database table. This metadata may include value ranges (sometimes referred to as a range map) that indicate minimum (min) and maximum (max) values for each column (col) of the table in each zone; para. [0011]: A zone map for these regions may have a hierarchical structure that includes a range of values for both extents and pages, where a page range map describes a subset of the data described by an extent range map. --- It is noted that a range of values teaches a new data field; a zone map for storage regions teaches a zone map of a storage region).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie and Egawa’s system by enhancing Cotner in view of Dickie and Egawa’s system to include a range of values of storage regions in the zone map, as taught by Wolf, in order to improve the scheduling of query execution. 
The motivation is to minimize processing requirements and elapsed time overhead associated with making row-level security checks (Cotner, para. [0009]) by improving query plan optimization and the scheduling of query execution.

Regarding claim 18:
Claim 18 recites the database system which corresponds to the computer-implemented method of claim 8, and contains no additional limitations. Therefore claim 18 is rejected by applying the same rationale used to reject claim 8 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Rozenberg et al. (US 2019/0171839 A1) discloses a method for data protection in a computer system associated with a plurality of levels of access rights; and Rafiq et al. (US . 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar Patel can be reached on (571) 272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/W.Y./Examiner, Art Unit 2491



/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491