DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 02/11/2020.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

8.	Claims 1-10, 13, 15-16, 18 and 20 of instant application are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-15 of US Patent No. 10,367813 in view of Muralidharan US 2008/0046964.


Instant application 16/787255
 Patent # 9,680,830
1. A method for evaluating security of data access statements, comprising: 

evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements; 

generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions; 


determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions; and 

calculating a criticality of the association rule based on the criticality of the SQL statements.  












2. The method of claim 1, wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements; and generating the critical item set from the filtered portion. 

 
3. The method of claim 2, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold, deleting one or more of the sessions, wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold. 
 
4. The method of claim 2, wherein generating the critical item set based on the sessions comprises:  CN920130021US03Page 26 of 32generating a critical 1-item set of the portion of the sessions, wherein each element of the critical 1-item set comprises one SQL statement; and in at least one round, in response to the critical 1-item set being non-non, generating a critical n-item set of the portion of the sessions, wherein n is greater than or equal to two and each element in the critical n-item set comprises n SQL statements that are arranged in order.  


5. The method of claim 4, further comprising, in at least one round, deleting one of the elements from the critical n-item set in response to one selected from the group consisting of: a support of the one element being zero, and a criticality of the one element being zero.  


6. The method of claim 4, wherein the criticality of the association rule comprises is calculated based on a criticality of an antecedent, a criticality of a consequent of the association rule, and a relationship between the antecedent and the consequent.  






7. The method of claim 1, wherein determining the association rule comprises: identifying a last SQL statement of an element of the critical item set as a consequent; identifying a plurality of other SQL statements of elements of the critical item set as antecedents; and using an antecedent-consequent formula associated with the consequent and the antecedents to represent the association rule.  


8. A computer program product comprising program instructions stored on a computer readable storage medium, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor to cause the processor to perform a method comprising: evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements;  CN920130021US03Page 27 of 32generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions; determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions; and calculating a criticality of the association rule based on the criticality of the SQL statements.  














9. The computer program product of claim 8, wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements; and generating the critical item set from the filtered portion.
  

10. The computer program product of claim 9, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold, deleting one or more of the sessions, wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold.  








13. The computer program product of claim 11, wherein the criticality of the association rule comprises is calculated based on a criticality of an antecedent, a criticality of a consequent of the association rule, and a relationship between the antecedent and the consequent.  





15. A system comprising: a computer processing circuit; and a computer-readable storage medium storing instructions, which, when executed by the computer processing circuit, are configured to cause the computer processing circuit to perform a method comprising: evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements; generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions;  CN920130021US03Page 29 of 32determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions; and calculating a criticality of the association rule based on the criticality of the SQL statements.  
















16. The system of claim 15, wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements; and generating the critical item set from the filtered portion.  






18. The system of claim 16, wherein generating the critical item set based on the sessions comprises: generating a critical 1-item set of the portion of the sessions, wherein each element of the critical 1-item set comprises one SQL statement; and in at least one round, in response to the critical 1-item set being non-non, generating a critical n-item set of the portion of the sessions, wherein n is greater than or equal to two and each element in the critical n-item set comprises n SQL statements that are arranged in order.  


20. The system of claim 15, wherein determining the association rule comprises: identifying a last SQL statement of an element of the critical item set as a consequent; identifying a plurality of other SQI statements of elements of the critical item set as antecedents; and using an antecedent-consequent formula associated with the consequent and the antecedents to represent the association rule.

    9. A method for evaluating data access statements with respect to database security, comprising: 
evaluating criticality of multiple Structured Query Language (SQL) statements contained in multiple sessions accessing, from a first computing system, a database implemented on a data server; 


generating, on the data server, a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session of the multiple sessions; 


extracting at least one association rule from the critical item set, each of the at least association rule indicating, a sequence of SQL statements; 



calculating criticality of each of the at least one association rule; 
evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating;
 ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and 
specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. 
    10. The method according to claim 9, wherein the generating a critical item set from the multiple sessions comprises: filtering at least a portion of sessions out of the multiple sessions based on the criticality of the multiple SQL statements; and generating a critical item set from the at least a portion of sessions. 
    11. The method according to claim 10, wherein the filtering at least a portion of sessions out of the multiple sessions based on the criticality of the multiple SQL statements comprises, in response to the criticality, of each SQL statement contained in a session of the multiple sessions, having met a first threshold, deleting the session from the multiple sessions to form the at least a portion of sessions. 
    12. The method according to claim 9, wherein the generating a critical item set from the multiple sessions comprises: generating a critical 1-item set of the at least a portion of sessions, wherein each element in the critical 1-item set comprises one SQL statement; in at least one round, in response to a critical (n-1)-item set of the at least a portion of sessions being, non-mill, generating a critical n-item set of the at least a portion of sessions, wherein n.gtoreq.2 and each element in the critical n-item set comprises n SQL statements that are arranged in order. 
    13. The method according, to claim 12, further comprising in the at least one round, deleting an element from the critical n-item set in response to any of the support of the element being zero, and the criticality of the element being zero. 


    14. The method according to claim 12, wherein the extracting at least one association rule from the critical item set comprises: with respect to each element in the critical item set, taking the last SQL statement contained in the element as a consequent; taking other SQL statements in the element as antecedents; and using a formula(antecedent.fwdarw.consequent) to represent one of the multiple association rules. 
    15. The method according to claim 9, wherein the calculating the criticality of each of the at least one association rule comprises, with respect to each association rule, calculating the criticality of the association rule based on criticality of an antecedent and criticality of a consequent in the association rule, and on a relationship between the antecedent and the consequent. 





    5. An computer program product for evaluating data access statements with respect to database security and protecting an automated database, the computer program product comprising a non-transitory computer-readable storage medium having program code embodied therewith, the program code executable by a plurality of processors to perform a method comprising: evaluating, by the plurality of processors, criticality of multiple Structured Query Language (SQL) statements contained in two or more sessions accessing, from a first computing system, a database implemented on a data server; generating, on the data server, a critical item set from the two or more sessions, each element in the critical item set indicating two or more SQL statements, each statement from a different session of the two or more sessions; extracting, by the plurality of processors, at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements; calculating, by the plurality of processors, criticality of each of the at least one association rule; evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rule; and specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. 

    6. The computer program product according to claim 5, wherein the generating comprises: filtering at least a portion of the two or more sessions out of the two or more sessions based on the criticality of the two or more SQL statements; and generating a critical item set from the at least a portion of the two or more sessions. 
    
7. The computer program product according to claim 5, wherein the generating comprises: generating a critical 1-item set of the at least a portion of the two or more sessions, wherein each element in the critical 1-item set comprises one SQL statement; in at least one round, in response to a critical (n-1)-item set of the at least a portion of sessions of the two or more sessions being non-null, generating a critical n-item set of the at least a portion of sessions of the two or more sessions, wherein n.gtoreq.2 and each element in the critical n-item set comprises n SQL statements that are arranged in order. 

    8. The computer program product according to claim 5, wherein the calculating comprises, with respect to each association rule, calculating the criticality of the association rule based on criticality of an antecedent and criticality of a consequent in the association rule, and on a relationship between the antecedent and the consequent. 




1. An apparatus for evaluating data access statements with respect to database security and protecting, an automated database, comprising: a plurality of processors; a non-transitory computer readable storage medium (CRSM) coupled to the plurality of processors; and computer code, stored on the CRSM and executed on the plurality of processors, the code comprising for: 
evaluating a criticality of two or more SQL statements, each statement from a different session of two or more sessions accessing a database, from a first computing system, a database implemented on a data server; 

generating, on the data server, a critical item set based upon the evaluated criticality of the two or more SQL statements from the two or more sessions, each element in the critical item set indicating one or more SQL statements contained in a session of the two or more sessions, extracting at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements; calculating criticality of each of the at least one association rule; evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. 
    2. The apparatus according to claim 1, wherein the generating comprises: filtering at least a portion of sessions out of the two or more sessions based on the criticality of the two or more SQL statements; and generating a critical item set from the at least a portion of two or more sessions. 

    3. The apparatus according to claim 1, wherein the generating comprises: generating a critical 1-item set of the at least a portion of the two or more sessions, wherein each element in the critical 1-item set comprises one SQL statement; generating, in at least one round, in response to a critical (n-1)-item set of the at least a portion of the two or more sessions being non-null, a critical n-item set of the at least a portion of the two or more sessions, wherein n.gtoreq.2 and each element in the critical n-item set comprises n SQL statements that are arranged in order. 

    4. The apparatus according, to claim 1, wherein the calculating comprises calculating, with respect to each association rule, the criticality of the association rule based on criticality of an antecedent and criticality of a consequent in the association rule, and on a relationship between the antecedent and the consequent. 









As claims 1/8/15, all the limitation of claim 1/5/9 disclose by the Patent 9,680,830 claim 1/5/9 respectively, But Patent 9,680,830 does not explicitly disclose determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions. 
  	 However, Muralindharan discloses determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions (par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule).

 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of combining those claims 1/5/9 of Patent 9,680,830 , based on the teaching of determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules of Muralidharan, because doing so would provide violation rules to protect database( par 0037).


 	As per claims 2-10,13,16,18 and 20 of instant application is rejected same on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 2-4,6-8,10-15  of US Patent No. 9,680,830 in view of Muralindrahan ( US 2008/0046964) 


Claim 1 of instant application are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of US Patent No. 10,367813 in view of Muralidharan US 2008/0046964.




Instant application 16/787255
Patent # 10,693,877
1. A method for evaluating security of data access statements, comprising: 

evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements; 

generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions; 


determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions; and 

calculating a criticality of the association rule based on the criticality of the SQL statements.  






2. The method of claim 1, wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements; and generating the critical item set from the filtered portion. 

 
3. The method of claim 2, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold, deleting one or more of the sessions, wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold. 
 
4. The method of claim 2, wherein generating the critical item set based on the sessions comprises:  CN920130021US03Page 26 of 32generating a critical 1-item set of the portion of the sessions, wherein each element of the critical 1-item set comprises one SQL statement; and in at least one round, in response to the critical 1-item set being non-non, generating a critical n-item set of the portion of the sessions, wherein n is greater than or equal to two and each element in the critical n-item set comprises n SQL statements that are arranged in order.  


5. The method of claim 4, further comprising, in at least one round, deleting one of the elements from the critical n-item set in response to one selected from the group consisting of: a support of the one element being zero, and a criticality of the one element being zero.  


6. The method of claim 4, wherein the criticality of the association rule comprises is calculated based on a criticality of an antecedent, a criticality of a consequent of the association rule, and a relationship between the antecedent and the consequent.  


7. The method of claim 1, wherein determining the association rule comprises: identifying a last SQL statement of an element of the critical item set as a consequent; identifying a plurality of other SQL statements of elements of the critical item set as antecedents; and using an antecedent-consequent formula associated with the consequent and the antecedents to represent the association rule.  


1. A method for evaluating data access statements with respect to database security, comprising: 
evaluating criticality of two or more Structured Query Language (SQL) statements, each statement from a different session of two or more sessions accessing, from a first computing system, a database implemented on a data server; generating, on the data server, a critical item set from the two or more sessions, each element in the critical item set indicating one or more SQL statements in a session of the two or more sessions; extracting at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements in a session of the two or more sessions; calculating criticality of each of the at least one association rule; evaluating a session based upon a criticality of the at least one association rule; terminating, by the data server, the session based upon a result of the evaluating the session based upon the criticality; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and specifying, the data server, a security policy corresponding to each of the at least two association rules according to the ranking. 
    2. The method according to claim 1, wherein the generating a critical item set from the multiple sessions comprises: filtering at least a portion of sessions out of the multiple sessions based on the criticality of the multiple SQL statements; and generating a critical item set from the at least a portion of sessions. 
    3. The method according to claim 2, wherein the filtering at least a portion of sessions out of the multiple sessions based on the criticality of the multiple SQL statements comprises, in response to the criticality, of each SQL statement contained in a session of the multiple sessions, having met a first threshold, deleting the session from the multiple sessions to form the at least a portion of sessions. 
    4. The method according to claim 1, wherein the generating a critical item set from the multiple sessions comprises: generating a critical 1-item set of the at least a portion of sessions, wherein each element in the critical 1-item set comprises one SQL statement; in at least one round, in response to a critical (n-1)-item set of the at least a portion of sessions being non-null, generating a critical n-item set of the at least a portion of sessions, wherein n.gtoreq.2 and each element in the critical n-item set comprises n SQL statements that are arranged in order. 
    5. The method according to claim 4, further comprising in the at least one round, deleting an element from the critical n-item set in response to any of: the support of the element being zero, and the criticality of the element being zero. 
    6. The method according to claim 4, wherein the extracting at least one association rule from the critical item set comprises: with respect to each element in the critical item set, taking the last SQL statement contained in the element as a consequent; taking other SQL statements in the element as antecedents; and using a formula (antecedent->consequent) to represent one of the multiple association rules. 
    7. The method according to claim 1, wherein the calculating the criticality of each of the at least one association rule comprises, with respect to each association rule, calculating the criticality of the association rule based on criticality of an antecedent and criticality of a consequent in the association rule, and on a relationship between the antecedent and the consequent. 

   


 	As per claims 2-7 of instant application is rejected same on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 2-7  of US Patent No. 9,680,830 in view of Muralindrahan ( US 2008/0046964) 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 8-10, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Tongshu et al US 8,499170 in view of Muralidharan et al US 2008/0046964.

 	As per claim 1, Tongshu   A method for evaluating security of data access statements, comprising:
 	 evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements ( col 5, lines 20-25, lines, 32-35,  examines the SQL  for critical ); 
 	generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions(col 5, lines 25-30, searches for patterns of the SQL that are contained in policies  );
 	 determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions (col 5, lines 30-25, associated with a policy is a severity level ); and 
 	calculating a criticality of the association rule based on the criticality of the SQL statements (col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements ).
 	Tongshu does not explicitly disclose determining an association rule based on the critical item set.
 	However, Muralidharan discloses determining an association rule based on the critical item set ( par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, because doing so would prevent the intrusion query (par 0038).


 	As per claim 2, Tongshu in view of Muralidharan discloses the method of claim 1, the combination discloses wherein generating the critical item set based on the sessions comprises:
 filtering a portion of the sessions based on the criticality of the SQL statements (Muralidharan, par 0025 The parsed information received by sensor 102 is generated by database engine 112 in response to a request to execute a SQL statement. Based on the parsed information, sensor 102 may check a variety of parameters ); and 
 	generating the critical item set from the filtered portion ( Muralidharan, par 0031 a rule engine with built-in set, i.e. generating, of rules that provides real-time intrusion prevention).

 	As per claim 3, Tongshu in view of Muralidharan discloses the method of claim 2, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold, deleting one or more of the sessions ( Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements     and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ), wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold (Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements  and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).

 	As per claim 8, Tongshu discloses a computer program product comprising program instructions stored on a computer readable storage medium ( col 3, lines 42-45,  web server  ), wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor ( col 3, lines 55-56 web server ) to cause the processor to perform a method comprising: 
 	evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements ( col 5, lines 20-25, lines, 32-35,  examines the SQL  for critical ); 
 	generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions(col 5, lines 25-30, searches for patterns of the SQL that are contained in policies );
 	 determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions (col 5, lines 30-25, associated with a policy is a severity level ); and 
 	calculating a criticality of the association rule based on the criticality of the SQL statements (col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements ).

 	Tongshu does not explicitly disclose determining an association rule based on the critical item set.
 	However, Muralidharan discloses determining an association rule based on the critical item set ( par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, because doing so would prevent the intrusion query (par 0038).
 
 	As per claim 9, Tongshu in view of Muralidharan discloses the computer program product of claim 8, the combination discloses wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements (Muralidharan, par 0025 The parsed information received by sensor 102 is generated by database engine 112 in response to a request to execute a SQL statement. Based on the parsed information, sensor 102 may check a variety of parameters); and generating the critical item set from the filtered portion (Muralidharan, par 0031 a rule engine with built-in set, i.e. generating, of rules that provides real-time intrusion prevention).

 	As per claim 10, Tongshu in view of Muralidharan discloses the computer program product of claim 9, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold (Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements     and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ), deleting one or more of the sessions, wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold (Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements  and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).

 	As per claim 15, Tongshu discloses a system comprising: a computer processing circuit; and a computer-readable storage medium storing instructions, which, when executed by the computer processing circuit ( col 3, lines 42-45,  web server ), are configured to cause the computer processing circuit to perform a method comprising: evaluating a criticality of a plurality of Structured Query Language (SQL) statements contained in a plurality of sessions accessing a database based on a sensitivity of data stored in tables referenced by the SQL statements ( col 5, lines 20-25, lines, 32-35,  examines the SQL  for critical ); 
 	generating a critical item set comprising a plurality of elements based on the sessions, wherein each of the elements in the critical item set indicates one or more of the SQL statements contained in one of the sessions(col 5, lines 25-30, searches for patterns of the SQL that are contained in policies );
 	 determining an association rule based on the critical item set, wherein the association rule indicates a sequence of the one or more SQL statements as executed in the one of the sessions (col 5, lines 30-25, associated with a policy is a severity level ); and 
 	calculating a criticality of the association rule based on the criticality of the SQL statements (col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements ).

 	Tongshu does not explicitly disclose determining an association rule based on the critical item set.
 	However, Muralidharan discloses determining an association rule based on the critical item set ( par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, because doing so would prevent the intrusion query (par 0038).
 

 	As per claim 16, Tongshu in view of Muralidharan discloses the system of claim 15, wherein generating the critical item set based on the sessions comprises: filtering a portion of the sessions based on the criticality of the SQL statements (Muralidharan, par 0025 The parsed information received by sensor 102 is generated by database engine 112 in response to a request to execute a SQL statement. Based on the parsed information, sensor 102 may check a variety of parameters); and generating the critical item set from the filtered portion (Muralidharan, par 0031 a rule engine with built-in set, i.e. generating, of rules that provides real-time intrusion prevention).

 	As per claim 17, Tongshu in view of Muralidharan discloses the system of claim 16, wherein filtering the portion of the sessions comprises in response to a criticality of one or more of the SQL statements meeting a first threshold ( Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements  and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule), deleting one or more of the sessions, wherein the deleted one or more sessions are associated with the criticality of the one or more SQL statements meeting the first threshold (Tongshu, col 5, lines 43-45, severity levels may be characterized as to calculating the severity level of the SQL Statements  and Muralidharan, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ).


Claim 7, 13-14 and 20 rejected under 35 U.S.C. 103 as being unpatentable over Tongshu et al US 8,499170 in view of Muralidharan et al US 2008/0046964 in view of Chong et al US 2006/0235837.

 	As per claim 7, Tongshu in view of Muralidhara discloses the method of claim 1, wherein determining the association rule comprises: 
 	identifying a last SQL statement of an element of the critical item set ( Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ); 
 	identifying a plurality of other SQL statements of elements of the critical item set ( Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and   Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule); and  
using the SQL statements to represent the association rule (  Tongshu, col 5, lines 43-45, using severity levels sql statements may be characterized as to calculating the severity level of the SQL Statements).
  	 The combination does not disclose SQL statement of an element as a consequent and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents.
 	However, Chong discloses SQL statement of an element as a consequent ( par [0109] Non-recursive rules: The antecedents cannot be inferred by the given rule, or any rule that depends on the given rule's consequents.) and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents ( [0112] Non-recursive user-defined rules can be evaluated using SQL (join) queries by formulating the FROM and WHERE clauses based upon the antecedents and the SELECT clause based on the consequents of the rule so as to return the inferred triples).


 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, based on the teaching of recursively defined rule in the queries of Chong, because doing so would adapted to the kinds of queries generated by match is critical for the performance of match to improve the query patterns ( par 0138).


 	As per claim 13, Tongshu in view of Muralidhara discloses the computer program product of claim 11, wherein the criticality of the association rule comprises is calculated based on a criticality  (Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ), a criticality of a consequent of the association rule (Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and   Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ), and 
 	The combination does not disclose a relationship between the antecedent and the consequent.

 	However, Chong discloses a relationship between the antecedent and the consequent( par [0109] Non-recursive rules: The antecedents cannot be inferred by the given rule, or any rule that depends on the given rule's consequents and  [0112] Non-recursive user-defined rules can be evaluated using SQL (join) queries by formulating the FROM and WHERE clauses based upon the antecedents and the SELECT clause based on the consequents of the rule so as to return the inferred triples).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, based on the teaching of recursively defined rule in the queries of Chong, because doing so would adapted to the kinds of queries generated by match is critical for the performance of match to improve the query patterns ( par 0138).


 	As per claim 14, Tongshu in view of Muralidhara discloses the computer program product of claim 8, wherein determining the association rule comprises: 
 	identifying a last SQL statement of an element of the critical item set ( Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ); 
 	identifying a plurality of other SQL statements of elements of the critical item set ( Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and   Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule); and  
using the SQL statements to represent the association rule (  Tongshu, col 5, lines 43-45, using severity levels sql statements may be characterized as to calculating the severity level of the SQL Statements).
  	 The combination does not disclose SQL statement of an element as a consequent and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents.
 	However, Chong discloses SQL statement of an element as a consequent ( par [0109] Non-recursive rules: The antecedents cannot be inferred by the given rule, or any rule that depends on the given rule's consequents.) and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents ( [0112] Non-recursive user-defined rules can be evaluated using SQL (join) queries by formulating the FROM and WHERE clauses based upon the antecedents and the SELECT clause based on the consequents of the rule so as to return the inferred triples).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, based on the teaching of recursively defined rule in the queries of Chong, because doing so would adapted to the kinds of queries generated by match is critical for the performance of match to improve the query patterns ( par 0138).

 	As per claim 20, Tongshu in view of Muralidhara discloses the system of claim 15, wherein determining the association rule comprises: identifying a last SQL statement of an element of the critical item set (Tongshu, col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule ); 
 	identifying a plurality of other SQL statements of elements of the critical item set ( Tongshu,  col 5, lines 20-25, lines, 32-35,  examines, i.e. identifying, the SQL  for critical and   Muralidhara, par 0037 determines which rule or rules in the repository have been violated by parsed statement, and performs the action or actions that are associated with the violated rules, I.E critical rule); and  
using the SQL statements to represent the association rule ( Tongshu, col 5, lines 43-45, using severity levels sql statements may be characterized as to calculating the severity level of the SQL Statements).
  	 The combination does not disclose SQL statement of an element as a consequent and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents.
 	However, Chong discloses SQL statement of an element as a consequent ( par [0109] Non-recursive rules: The antecedents cannot be inferred by the given rule, or any rule that depends on the given rule's consequents.) and antecedents and using an antecedent-consequent formula associated with the consequent and the antecedents ( [0112] Non-recursive user-defined rules can be evaluated using SQL (join) queries by formulating the FROM and WHERE clauses based upon the antecedents and the SELECT clause based on the consequents of the rule so as to return the inferred triples).
 	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of searches for patterns of the SQL that are contained in policy of Tongshu, based on the teaching of determining the rule has been associated with violated rule of Muralidharan, based on the teaching of recursively defined rule in the queries of Chong, because doing so would adapted to the kinds of queries generated by match is critical for the performance of match to improve the query patterns ( par 0138).  

Allowable Subject Matter

Claims 4-6,11-12 and 18-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Muralidharan et al US 2006/0136493 discloses approach for preventing zero day exploits supported at the database system level is to examine each Structured Query Language (SQL) statement before it enters the database engine in order to determine its validity. For example, after a database vulnerability is announced and until a patch for the vulnerability is released, system administrators have to examine the SQL statements that are targeted towards their databases to ensure that they are not malicious. This approach, however, may not prevent all future attacks, because system administrators may not be familiar with the database structure and may not be able to discern a malicious statement from a legitimate one. Moreover, this approach is practically impossible to implement in high-end database systems that service a heavy SQL statement load and that are required to provide fast response times. Furthermore, this approach may not be able to prevent every possible form of attack, because a SQL statement may be recursive, may access multiple tables, or may seek access to system-wide information, and because the system administrator may not be able to determine whether the SQL statement is malicious just by looking at the statement itself.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495