DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 11/2/2020.
Claims 1, 8-9, 15 and 17-20 have been amended.
Claims 1-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/2/2020 has been entered.


Response to Arguments
The objection to claim 16 has been maintained as the claim has not been amended to address the objection as suggested in the previous Office Action mailed on 9/1/2020.
The rejection under 35 U.S.C. 112(b) of claims 1, 8 and 15 has been withdrawn as the claims have been amended.
Applicant's arguments filed 11/2/2020 have been fully considered but they are not persuasive. 
Applicant argues on pages 11-12 of the Remarks that Rissanen does not disclose or suggest “rewriting the request for access to the data by evaluating the variables and clauses in the data access rules to concrete values, substituting the evaluated variables and clauses into the request for access, and reducing the request for access rules based on the substitution, so as to provide access only to data allowed by the data access policy rules integrated into the intermediate representation”.
Examiner respectfully disagrees with the Applicant’s arguments.  Rissanen does teach rewriting the request for access to the data by evaluating the variables and clauses in the data access rules to concrete values (Rissanen: paragraphs 0020, 0027, 0051, 0054, 0070, “The processing of the query includes determining the access condition(s) applicable in the context of the current database query in view of policy attribute values, e.g., the user's identity, the targeted tables and columns and/or environment information, such as time and location”... “a query modifying means 28 via a device-internal 
Rissanen further discloses substituting the evaluated variables and clauses into the request for access, and reducing the request for access rules based on the substitution, so as to provide access only to data allowed by the data access policy rules integrated into the intermediate representation (Rissanen: paragraphs 0070 and 0091-0095, “It is noted that the dynamic nature of the access condition is preserved, unlike a hypothetic amended query in which the access condition has been converted into static form by a preliminary database query, namely, assuming Carol's salary is 15,000: SELECT salary FROM employee WHERE salary=<15000 Assuming the original query is in conformity with the syntax of the query language, the 
    PNG
    media_image1.png
    517
    446
    media_image1.png
    Greyscale

.

Claim Objections
Claim 16 is objected to because of the following informalities:  
Regarding claim 16, this claim recites “The method of claim 15”.  It should be changed to “The computer program product of claim 15” for consistency.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
Regarding claims 1, 8 and 15, these claims recite the limitations “the clauses” and “the evaluated clauses”.  There is insufficient antecedent basis for these limitations in the claims.
Dependent claims 2-7, 9-14 and 16-20 are rejected under 35 U.S.C. 112(b) as they being dependent upon a rejected base claims 1, 8, and 15, respectively.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by RISSANEN (US 20150220659) (hereinafter RISSANEN).

Regarding claim 1, RISSANEN discloses a computer-implemented method for controlling access to data by computer systems, the method comprising: generating an intermediate representation by integrating a combination of data access policy rules comprising variables and rules that govern data attributes, the data attributes including RISSANEN: paragraphs 0068 and 0070, “The attribute evaluating means 22 supplies attribute values [v.sub.i], which have been extracted from the query or fetched by lookup from one or more remote attribute sources, to a policy decision means 24, which has access to AC policy information P stored in a policy memory 30, which may or may not be a part of the PEP 12. The policy decision means 24 evaluates the AC policy partially and forwards the result, a simplified AC policy P', to an analyzing means 26 adapted to derive access conditions and supply these to the query modifying means 28”); receiving a request for access to the data (RISSANEN: paragraph 0070, “The data thus provided relate to a query Q intercepted from the communication network”); rewriting the request for access to the data by evaluating the variables and clauses in the data access rules to concrete values (Rissanen: paragraphs 0020, 0027, 0051, 0054, 0070, “The processing of the query includes determining the access condition(s) applicable in the context of the current database query in view of policy attribute values, e.g., the user's identity, the targeted tables and columns and/or environment information, such as time and location”... “a query modifying means 28 via a device-internal network (single lines). The data thus provided relate to a query Q intercepted from the communication network. The attribute evaluating means 22 supplies attribute values [v.sub.i], which have been extracted from the query or fetched by lookup from one or more remote attribute sources, to a policy decision means 24, which has access to AC policy information P stored in a policy memory 30, which may or may not be a part of the PEP 12. The policy decision means 24 evaluates the AC policy partially and forwards the result, a simplified AC policy P', to an analyzing means 26 adapted to derive access conditions and supply these to the query modifying means 28.”), substituting the evaluated variables and clauses into the request for access, and reducing the request for access rules based on the substitution, so as to provide access only to data allowed by the data access policy rules integrated into the intermediate representation (Rissanen: paragraphs 0070 and 0091-0095, “It is noted that the dynamic nature of the access condition is preserved, unlike a hypothetic amended query in which the access condition has been converted into static form by a preliminary database query, namely, assuming Carol's salary is 15,000: SELECT salary FROM employee WHERE salary=<15000 Assuming the original query is in conformity with the syntax of the query language, the amended query has not undergone any amendment deviating from the syntax and will therefore be executed by the database. However, if Carol had not been included in the "employee" table, the database would have returned an error or a void result, similarly to the case where the salaries of all other employees in the "employee" table had been greater than Carol's salary. Hence, the information in the "employee" table is protected from unauthorized access, as required by the ABAC policy”… “Similarly, the query modifying means 28, which is responsible for amending the database query by imposing one or more access conditions in accordance with the AC policy, may formulate these conditions in accordance with the applicable query language and insert them as an (further) entry following the reserved word "WHERE"”); and executing the rewritten request and providing only data allowed by the data access policy rules integrated into the intermediate representation (RISSANEN: paragraphs 0070-0071, 0091 and 0094, “The policy memory 30 may be supplied with new or updated policy information P from a preparation unit 32, which is aware of the policy language (shown symbolically as "XACML"), the way in which the database 14 is organized ("DB") and of the query language that it accepts (" SQL").”).

Regarding claim 8, claim 8 discloses a system claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons.   

Regarding claim 15, claim 15 discloses a product claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claims 2, 9 and 16, RISSANEN discloses generating at least one data access rule based on data access policies, data attributes including attributes per data subject, as a part of the intermediate representation (RISSANEN: paragraphs 0082-0085, “The attributes of the database column mappings are not part of the access decision request on which the partial evaluation is to be performed. Instead, the policy attributes are: [0084] the attributes from the query mapping, which point out which table and which column are being accessed and with what operation; [0085] any other attributes derivable from the context of the database query, such as the authenticated subject, time of day, method of communication and so on.”).

Regarding claims 3, 10 and 17, RISSANEN discloses further comprising: extracting at least one logical clause from the data access rule wherein each clause contains data access attributes only from the group of properties that are known in pre-processing time (RISSANEN: paragraphs 0053 and 0070, “the PEP extracts an access condition from the policy that contains an attribute which can be assessed based on information stored in the database but which is not possible to assess neither based on the target table or target column in the query, nor on a construct type appearing in the query, nor on an identity of the user or on environment data. The PEP is adapted to convert this attribute in the access condition into an associated column and/or table in the database, so that the database, when it processes the amended query”); compiling and evaluating the extracted at least one logical clause into at least one evaluated clause comprising at least one data-source specific expression (RISSANEN: paragraph 0070, “The query modifying means 28 amends the query Q on the basis of the access conditions thus obtained, and outputs an amended query Q' to the communication interface 20, which in normal circumstances forwards this to the database 14. The policy memory 30 may be supplied with new or updated policy information P from a preparation unit 32, which is aware of the policy language (shown symbolically as "XACML"), the way in which the database 14 is organized ("DB") and of the query language that it accepts (" SQL").”); and rewriting the request for access to data using the at least one evaluated clause (RISSANEN: paragraph 0070, “The query modifying means 28 amends the query Q on the basis of the access conditions thus obtained, and outputs an amended query Q' to the communication interface 20”).

Regarding claims 4, 11 and 18, RISSANEN discloses wherein the intermediate representation is generated remotely from storage of the data to be accessed, and the generated intermediate representation is stored close to the data to be accessed (RISSANEN: paragraphs 0024 and 0086, “policy decision means 24 may during partial evaluation fetch the role and org-unit of the subject through the context handler from a remote policy information point (PIP), and the target matches and the condition can be simplified”); and the method further comprises: storing the at least one evaluated clause in a compressed form (RISSANEN: paragraph 0023, “the invention can be easily integrated into an existing database system, such as by routing database queries via a unit for intercepting queries, wherein both the user interface and the database can be utilized without further modifications since the access control policy, despite being encoded with an attribute-based language, is enforced by modifying code in the query language for which the user interface and database are adapted”).

Regarding claims 5, 12 and 19, RISSANEN discloses further comprising: including in the generated intermediate representation a masking function for masking at least some field values from data to be accessed (RISSANEN: paragraphs 0052 and 0086, “the query may be amended to the effect that any values of columns to which access is denied are replaced by null values. For instance, the column may be filtered out. This way, the query submitter obtains a masked view of the database contents” … “XACML encoding format”).

Regarding claims 6 and 13, RISSANEN discloses wherein the intermediate representation is generated in a pre-computation phase, and the request for access to data is rewritten and executed in a runtime phase (RISSANEN: paragraphs 0020 and 0070, “in cases where the policy contains attributes which are necessary for evaluation and whose values cannot be determined using information stored in the database, the partial evaluation may serve to eliminate those policy attributes before the access condition is determined and included into the query that is to be handed over to the database. After an access condition has been derived, it is included into the query by amending the latter in conformity with the syntactic rules of the query language and the names used for referencing tables, columns etc. in the database”).

Regarding claims 7 and 14, RISSANEN discloses wherein the intermediate representation is generated, and the request for access to data is rewritten and executed, in a single phase (RISSANEN: paragraphs 0031, 0051 and 0070, “the different access conditions may be combined and then imposed by a single amendment operation”).

Regarding claim 20, RISSANEN discloses wherein the intermediate representation is generated in a pre-computation phase, and the request for access to data is rewritten and executed in a runtime phase… (RISSANEN: paragraphs 0020 and 0070, “in cases where the policy contains attributes which are necessary for evaluation and whose values cannot be determined using information stored in the database, the partial evaluation may serve to eliminate those policy attributes before the access condition is determined and included into the query that is to be handed over to the database. After an access condition has been derived, it is included into the query by amending the latter in conformity with the syntactic rules of the query language and the names used for referencing tables, columns etc. in the database””).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/TRANG T DOAN/Primary Examiner, Art Unit 2431