DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
Claims 1-20 remain pending in the application.
Claims 1-20 are rejected under 35 U.S.C. 103.

Response to Amendment and Arguments
The amendment filed 04 January 2021 has been entered. 
Applicant’s amendments to the disclosure ¶ [0030]-[0034] and to claims 6 and 15 have overcome the objections previously set forth in the Non-Final Office Action mailed 10 December 2020. The objections to the disclosure and claims 6 and 15 have been withdrawn.
Applicant’s arguments with respect to the rejection of claims 2, 5, 7, 11, 14 and 16 under 35 U.S.C. 112(b) have been fully considered and are persuasive due to the amendments to claims 2, 5, 7, 11, 14 and 16.
Applicant’s arguments with respect to the rejection of claims 1-20 under 35 U.S.C. 103 have been fully considered and are persuasive due to the amendments to independent claims 1, 10, and 19.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of the cited art of record Oracle.
 Applicant’s argument that Nochta does not teach “responsive to determining that a source table of said source database is maintained using multi-level security attributes” has been fully considered, but is not persuasive. Applicant argues the cited subject matter in Nochta, in which various 
Applicant’s argument that Nochta does not teach “migrating said source table from said source database supporting row level security to said target database not supporting row-level security”, ” has been fully considered, but is not persuasive. Nochta discloses that each of the source and target system has a different access control model (Nochta, ¶ [0017]). Nochta further discloses that the system is for transforming access control information between source and target systems (Nochta, ¶ [0016]). Thus, the system of Nochta allows for the configuration in which the access control data of a source system that has an access control model supporting row-level security is transformed to the target system’s access control model that does not. 


	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 9-11, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nochta (US 2010/0050267), Wan et al. (US 2017/0116295), and Oracle (“Oracle Database Concepts: Data Blocks, Extents, and Segments”, Pub. 2005).

Regarding claim 1, Nochta, in the analogous field of data migration, teaches A computer-implemented method for migrating database content with row-level security from a source database to a target database (Nochta: A system and method for transforming access control information between source and target systems. Each source and target system has an access control model, ¶ [0016]; access control models are Role-based Access Controls (used enterprise portal applications), Group-based Access Controls (used in most operating systems, relational databases, and file systems), Security Label based Access Controls, ¶ [0004]; systems use a variety of access control models. For example, a role-based model, ¶ [0017]), said method comprising: 
determining that said data of said source database is arranged in tables with rows and columns, [] (Nochta: : the source system’s access control model is identified, ¶ [0023]; system resources include database tables, ¶ [0016]);
determining a type of said source database to be migrated (Nochta: the source system’s access control model is identified, ¶ [0023]); 
responsive to determining that a source table of said source database is maintained using multi-level security attributes (Nochta: access control models are Role-based Access Controls (used enterprise portal applications), Group-based Access Controls (used in most operating systems, relational databases, and file systems), Security Label based Access Controls, ¶ [0004]): 
creating a data structure for a source table of said source database for storing meta-data comprising said multi-level security attributes (Nochta: Once the access control data and the relationships between the data have been identified as described in FIG. 3, at process block 505, a logical structure of the access control matrix is created, ¶ [0028]); 
determining dimensions of said multi-level security attributes (Nochta: a set of access control data is identified in the access control model of the target system. At process block 410, a set of the access control model includes users, groups, and resources, the relationships identified at process block 410 define which users are included in which groups and the actions that groups may perform on resources, such as read, write, modify, and so on, ¶ [0026]); and 
migrating said source table from said source database supporting row level security to said target database not supporting row-level security (Nochta: A system and method for transforming access control information between source and target systems. Each source and target system has an access control model, ¶ [0016]; access control models are Role-based Access Controls (used enterprise portal applications), Group-based Access Controls (used in most operating systems, relational databases, and file systems), Security Label based Access Controls, ¶ [0004]; each of the source and target system has a different access control model… systems use a variety of access control models. For example, a role-based model, ¶ [0017];).

However, Nochta does not teach adding columns to a target table of said target database relating to said source table, said added columns representing said multi-level security attributes of said source table.
Wan et al., in the analogous field of data migration, teaches adding columns to a target table of said target database relating to said source table, said added columns representing said multi-level security attributes of said source table (Wan et al.: the process 400 may extract an attribute from the metadata. In some examples, the process 400 may map the attribute to a new column of a data warehouse, ¶ [0073]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Nochta with that of Wan et al. and to add a 

However, the combination of Nochta and Wan et al. does not teach wherein said rows are grouped in storage regions.
Oracle, in the analogous field of databases, teaches wherein said rows are grouped in storage regions (Oracle: At the finest level of granularity, Oracle stores data in data blocks. One data block corresponds to a specific number of bytes of physical database space on disk. The next level of logical database space is an extent. An extent is a specific number of contiguous data blocks allocated for storing a specific type of information, page 2-2).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Nochta and Wan et al. with that of Oracle and to organize rows of the database tables into storage regions which are defined by a block size and row length. By doing so, the database space can be defined by logical units so as to facilitate the management of storage space.

Regarding claim 2, the combination of Nochta, Wan et al., and Oracle teaches wherein in each of said storage regions a number of rows is stored defined by a block size of said database and a length of said rows such that a maximum number of rows fits into said storage region (Oracle: At the finest level of granularity, Oracle stores data in data blocks. One data block corresponds to a specific number of bytes of physical database space on disk. The next level of logical database space is an extent. An extent is a specific number of contiguous data blocks allocated for storing a specific type of information, page 2-2).

claim 9, the combination further teaches wherein said target database is selected from the group consisting of a relational database, a column-based database, and a hierarchical database (Nochta: A system and method for transforming access control information between source and target systems. Each source and target system has an access control model, ¶ [0016]; access control models are Role-based Access Controls (used enterprise portal applications), Group-based Access Controls (used in most operating systems, relational databases, and file systems), Security Label based Access Controls, ¶ [0004]).

Claims 10 and 18 amount to a system comprising instructions that, when executed by one or more processors, performs the method of claims 1 and 9 respectively.  Accordingly, Claims 10 and 18 are rejected for substantially the same reasons as presented above for claims 1 and 9 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable instructions written in any suitable programming language, computer-readable storage media ¶ [0046] – [0048]).

Claim 11 amounts to a system comprising instructions that, when executed by one or more processors, performs the method of claim 2.  Accordingly, claim 11 is rejected for substantially the same reasons as presented above for claim 2 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable 


Claim 19 amounts to a computer program product comprising instructions that, when executed by one or more processors, performs the method of claim 1.  Accordingly, claim 19 is rejected for substantially the same reasons as presented above for claim 1 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable instructions written in any suitable programming language, computer-readable storage media ¶ [0046] – [0048]).


Claims 3-5, 12-14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nochta (US 2010/0050267), Wan et al. (US 2017/0116295), Oracle (“Oracle Database Concepts: Data Blocks, Extents, and Segments”, Pub. 2005), and IBM (“IBM PureData System for Analytics, Version 7.1: Security Labels”, Pub. 2014)

Regarding claim 3, the combination of Nochta, Wan et al., and Oracle teaches the method according to claim 1, as shown prior. The combination further teaches responsive to determining one of said dimensions [] (Nochta: a set of access control data is identified in the access control model of the target system. At process block 410, a set of relationships between the access control data is identified. For example, if the access control model includes users, groups, and resources, the relationships identified at process block 410 define which users are included in which groups and the actions that , adding a [] column to said table of said target table (Wan et al.: the process 400 may extract an attribute from the metadata. In some examples, the process 400 may map the attribute to a new column of a data warehouse, ¶ [0073]).
However, the combination does not teach the specific security attribute level access right. 
IBM, in the analogous field of multi-level security, teaches the specific security label level access right (IBM: The security label has three dimensions: level, category, and cohort, Security Labels).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Nochta, Wan et al., and Oracle with that of IBM and to add a column to the target table for the specific security label of level access right label. The same method of data migration is applied with the substitution of the access control data for the known specific access control label: level access right.

Regarding claim 4, the combination of Nochta, Wan et al., Oracle, and IBM further teaches responsive to determining one of said dimensions comprises a category label indicative of a category level access right (Nochta: a set of access control data is identified in the access control model of the target system. At process block 410, a set of relationships between the access control data is identified. For example, if the access control model includes users, groups, and resources, the relationships identified at process block 410 define which users are included in which groups and the actions that groups may perform on resources, such as read, write, modify, and so on, ¶ [0026]), adding a category access right column to said table of said target table (Wan et al.: the process 400 may extract an attribute from the metadata. In some examples, the process 400 may map the attribute to a new column of a data warehouse, ¶ [0073]), wherein said category access right column supports N different P201802669US01Page 19 of 25categories, determined during said step of determining dimensions of said multi-level security attributes (IBM: The security label has three dimensions: level, category, and cohort…Categories are a set of all-of tag values associated with a table row. To access the object, the user security profile must match against the entire set of category tags. A table row can have a number of categories, Security Labels).

Regarding claim 5, the combination further teaches responsive to determining that one of said dimensions comprises a cohort label indicative of a cohort access right (Nochta: a set of access control data is identified in the access control model of the target system. At process block 410, a set of relationships between the access control data is identified. For example, if the access control model includes users, groups, and resources, the relationships identified at process block 410 define which users are included in which groups and the actions that groups may perform on resources, such as read, write, modify, and so on, ¶ [0026]), adding a level access right column to said table of said target table (Wan et al.: the process 400 may extract an attribute from the metadata. In some examples, the process 400 may map the attribute to a new column of a data warehouse, ¶ [0073]), wherein said level access right column supports M different leaves, determined during said step of determining dimensions of said multi-level security attributes (IBM: The security label has three dimensions: level, category, and cohort, Security Labels).

Claims 12-14 amount to a system comprising instructions that, when executed by one or more processors, performs the method of claims 3-5, respectively.  Accordingly, Claims 12-14 are rejected for substantially the same reasons as presented above for claims 3-5 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-

Claim 20 amounts to a computer program product comprising instructions that, when executed by one or more processors, performs the method of claim 3.  Accordingly, claim 20 is rejected for substantially the same reasons as presented above for claim 3 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable instructions written in any suitable programming language, computer-readable storage media ¶ [0046] – [0048]).

Claims 6, 8, 15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Nochta (US 2010/0050267), Wan et al. (US 2017/0116295), IBM (“IBM PureData System for Analytics, Version 7.1: Security Labels”, Pub. 2014), Oracle (“Oracle Database Concepts: Data Blocks, Extents, and Segments”, Pub. 2005) and George et al. (US 7,620,665).

Regarding claim 6, the combination of Nochta, Wan et al., IBM, and Oracle further teaches The method according to claim 5, as shown prior. Nochta generally teaches mapping the source access control data to the target access control model: the source data is transformed according to the extracted access control model of the target system, ¶ [0030]).
However, the combination does not explicitly teach adding a mapping table to said target database for mapping said multi-level security attributes with said following structure: TABLE MLS_MAPPING (, MLS_TYPE VARCHAR(10), MLS_BINARY binary(Z), MLS_LABEL, where Z is max (M, N)).
George et al., in the analogous field of database migration, teaches adding a mapping table to said target database for mapping said multi-level security attributes with said following structure: ZABLE MLS_MAPPING (, MLS_TYPE VACHAR(10), MLS_BINARY binary(Z), MLS_LABEL, where Z is max (M, N) (George et al.: FIG. 6B shows an example of custom mapping information that may be stored using an XML format, although other data formats could be used, Col. 9 lines 27 – 30 and FIG. 6)
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the teachings of Nochta, Wan et al., IBM, and Oracle with that of George et al. and to add a mapping table to the target database. By doing so, custom transformations can be easily associated with the appropriate tables, (George et al. Col. 10, lines 6 -13).

Regarding claim 8, the combination further teaches copying user data row-wise from said source table to said target table; and inserting said determined multi-level security attributes row-wise to said target table (George et al.: The data is migrated one table at a time, with each row of each table being migrated one row at a time, Col. 8 lines 23-24).
 
Claims 15 and 17 amount to a system comprising instructions that, when executed by one or more processors, performs the method of claims 6 and 8, respectively.  Accordingly, Claims 15 and 17 are rejected for substantially the same reasons as presented above for claims 6 and 8 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or .

Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Nochta (US 2010/0050267), Wan et al. (US 2017/0116295), IBM (“IBM PureData System for Analytics, Version 7.1: Security Labels”, Pub. 2014), Oracle (“Oracle Database Concepts: Data Blocks, Extents, and Segments”, Pub. 2005), George et al. (US 7,620,665) and Yang et al. (US 2017/0344749).

Regarding claim 7, the combination of Nochta, Wan et al. , IBM, Oracle and George et al. teaches the method according to claim 6, as shown prior. The combination further teaches [] a category access right: [] and for a cohort access right (IBM: The security label has three dimensions: level, category, and cohort…Categories are a set of all-of tag values associated with a table row. To access the object, the user security profile must match against the entire set of category tags. A table row can have a number of categories. Cohorts are a set of any-of tag values associated with a table row. To access the object, the user security profile must match at least one of the cohort tags. A table row can have any number of cohorts, Security Labels).
However, the combination does not teach adding data into said mapping table MLS_MAPPING as follows: for a category access right: adding all determined categories with bit codes; and for a cohort access right: adding bit codes for all leaves and all nodes above them.
Yang et al. teaches adding data into said mapping table MLS_MAPPING as follows: for a category access right: adding all determined categories with bit codes; and for a cohort access right: adding bit codes for all leaves and all nodes above them (Yang et al.: bit map security tags are used to indicate access privileges, see FIG. 2-3 and ¶ [0030]-[0035])


Claim 16 amounts to a system comprising instructions that, when executed by one or more processors, performs the method of claim 7.  Accordingly, claim 16 is rejected for substantially the same reasons as presented above for claim 7 and based on the references’ disclosure of the necessary supporting hardware and software (Wan et al.: processor(s) 138 , hardware, computer-executable instructions, firmware, or combinations thereof. Computer-executable instruction or firmware implementations of the processor(s) 138 may include computer-executable or machine-executable instructions written in any suitable programming language, computer-readable storage media ¶ [0046] – [0048]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LANA ALAGIC whose telephone number is (571)270-1624.  The examiner can normally be reached on Monday-Friday 8:00 am-4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TAMARA T KYLE can be reached on (571)272-4241.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/L.A./Examiner, Art Unit 2156                                                                                                                                                                                                        04/10/2021

/TAMARA T KYLE/Supervisory Patent Examiner, Art Unit 2156