Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1, 2, 5, 6, 8, 9, 12, 13, 15, 16, 19 and 20 have been examined.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/17/2021 has been entered.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1, 2, 5, 6, 8, 9, 12, 13, 15, 16, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Micucci et al. [US 2013/0174275 A1, July 2, 2012], in view of Branish et al. [US 20140380051 A1, June 21, 2013].

With respect to claim 1, Micucci teaches a method comprising: 
receiving, by a query management server device of a multi-tenant database environment ([0041] a multi-tenant database environment, FIG. 1A) a first query [e.g. queries to tenant data storage 22] from a client computing device [e.g. user systems 12], wherein the first query is placed at the client computing device by a user on behalf of a tenant in the multi-tenant database environment ([0087] user systems 12 (which may be client systems) communicate with application servers 100 to request and update system-level and tenant-level data from system 16 that may involve sending one or more queries to tenant data storage 22 and/or system data storage 24. System 16 (e.g., an application server 100 in system 16) automatically generates one or more SQL statements (e.g., one or more SQL queries) that are designed to access the desired information. System data storage 24 may generate query plans to access the requested data from the database);
prior to generating a response, analyzing, by the query management device ([0137] the request 1 can be sent via a user interface (e.g., 30 of FIG. 1B) or an application program interface (e.g., API 32). An I/O port 420 can accommodate the , the first query to determine whether non-sensitive data requested by the first query reveals sensitive data including confidential information that is inconsequential to the user ([0236] a security level table can specify whether a user can see a particular type of record and/or particular records. 
[0428-0429] rules can enforce the confidentiality of certain topics, such as the ABC News deal of FIG. 26 or other various sensitive or proprietary topics which should not be shared with external users.
The content of various alert notifications can be customized to warn users to not post about certain designated keywords, subjects, or other topics. That is, in one example, such as alert notification 2620 of FIG. 26, the message can be customized to warn the user to not post about the designated subject, keyword, or topic. Various keywords, subjects, and topics can be identified in the system so that any input data received from a user is automatically filtered to identify such terms to trigger an appropriate alert notification. The same automatic identification filtering of input data can be applied to the names and content of attached files, using the same principles. In some implementations, only when the designated keywords, subjects, or topics are identified is an appropriate alert notification generated and displayed).

Micucci does not teach:
wherein analyzing includes evaluating contents of the first query in relation to a table such that the contents are mapped to one or more sections of the table via one or more values, wherein the one or more values to identify whether the one or more sections include the sensitive data;
upon identifying the one or more sections including the sensitive data, to prevent revealing the sensitive data,
converting, by the query management device, the first query into a second query by rewriting one or more portions or a whole of the first query into the second query, wherein the one or more portions are identified as one or more parts of a script of the first query requesting the sensitive data such that results from processing of the second query are limited to the non-sensitive data,
wherein the one or more parts of the script are further identified based on one or more filters assigned to the first query to filter out a first dataset identifying the sensitive data such that the results obtained from processing the second query are limited to the non-sensitive data;
generating, by the query management server device, a response to the second query such that the response includes the results having the non-sensitive data and excluding the sensitive data, wherein the non-sensitive data is identified by a second dataset based on the one or more filters; and
transmitting, by the query management server device, the response to the client computing device.

Branish teaches:
wherein analyzing includes evaluating contents of the first query in relation to a table such that the contents are mapped to one or more sections of the table via one or more values [e.g. transaction tables], wherein the one or more values to identify whether the one or more sections include the sensitive data [e.g. controlling access to sensitive data]; upon identifying the one or more sections including the sensitive data, to prevent revealing the sensitive data [e.g. whether to grant access to the requested data in either a masked or an unmasked format] ([0025-0026] database engine program 104, on receiving an incoming database query from the user, sends the query to query optimizer program 132 for selecting an optimal query execution plan in satisfying the conditions of the query. Security manager program 140 includes program instructions executable by server computer 106 to control access to data that is subject to data security management. 
Controlling access to sensitive data includes determining whether to grant access to the requested data in either a masked or an unmasked format based at least in part on a requesting user's authentication credentials… FIGS. 2A-6 provide an example of a high performance secure data access in data processing system 100 using an example customer database containing at least two transaction tables 150 and 152);
converting, by the query management device, the first query into a second query by rewriting one or more portions or a whole of the first query into the second query, wherein the one or more portions are identified as one or more parts of a script of the first query requesting the sensitive data such that results from processing of the second query are limited to the non-sensitive data [e.g. via SCRAMBLE function] ([0057] query optimizer program 132 rewrites the predicate for query (2)…. database engine program 104 executes the optimized query (3) (instead of 
wherein the one or more parts of the script are further identified based on one or more filters [e.g. user role type] assigned to the first query to filter out a first dataset identifying the sensitive data such that the results obtained from processing the second query are limited to the non-sensitive data ([0040-0046] the credentials can include information associated with the user's role within an enterprise. As previously indicated, values contained in some attributes, such as "ACCOUNT" 202 and 242 of FIG. 2, are protected and access to such sensitive data is restricted at least for some authenticated users.
The value of the USER_TYPE variable equal to 0 indicates that the requesting user has authorization to access unmasked value of the protected attribute, while the value of the USER_TYPE variable equal to 1 indicates that the requesting user is permitted to access only masked value of the protected attribute…); 
generating, by the query management server device, a response to the second query such that the response includes the results having the non-sensitive data [e.g. Fig. 5A, presents masked first view execution results 500 to the user] and excluding the sensitive data, wherein the non-sensitive data is identified by a second dataset based on the one or more filters [e.g. masked format based on first user's authority level]; and transmitting, by the query management server device, the response to the client computing device ([0052-0053] FIGS. 5A and 5B illustrate how transaction information is presented to database users having authority to see sensitive attributes in masked format only, .. The first user sends a request to access data in first transaction table 150 via, for example, query interface program 134a. query interface program 134a forwards the first user's request to the security manager program 140. In response to receiving the first user's request, security manager program 140 performs steps in conjunction with FIG. 3, including creating and executing the first view (as shown at 306). Subsequently, security manager program 140 sends first view execution results back to the query interface program 134a. In response, the query interface program 134a presents first view execution results 500 to the user in the form shown in FIG. 5A…. sensitive data (account values) are presented in "ACCOUNT" attribute 505 in masked format based on first user's authority level. 
FIG. 5B illustrates second view execution results 502 that may be presented by query interface program 134a in response to second user's request to access second transaction table 152. For illustration purposes only assume that a second user is authorized to see account values in second transaction table 152 in a masked format. 
Security manager program 140 advantageously allows a given user to transparently query the transactional data using either masked or unmasked version of the primary key's sensitive attributes, but never both of them).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to modify the system of Micucci with evaluating contents of the first query in relation to a table by mapping one or more sections of the table via one or more values for preventing reveal of the sensitive data of Branish. Such 

With respect to dependent claim 2, Micucci as modified by Branish further teaches wherein determining comprises checking potential results of the query to be included in the response with one or more datasets identifying the non-sensitive data, wherein the one or more datasets include one or more of historical results, predetermined lists, preferences, policies, and legal or ethical protocols (Branish [0026] controlling access to sensitive data includes determining whether to grant access to the requested data in either a masked or an unmasked format based at least in part on a requesting user's authentication credentials).

With respect to dependent claim 5, Micucci as modified by Branish further teaches receiving, by the first computing device, the first query from a second computing device over a network, wherein the first and second computing devices are communicatively coupled over the network, and wherein the first computing device includes a server computing device and wherein the second computing device includes a client computing device (Branish [0018] FIG. 1, the data processing system 100 includes two client computers 118 and 120 coupled to a server computer 106 and one or more processing nodes 122a-122c, that manage the storage and retrieval of data in storage devices 124a-124c, via a network 102 such as the Internet).
transmitting, by the first computing device, the response to the second computing device, wherein the response is displayed at the second computing device using a display device, and wherein the query is placed and the response is accessed using an interface accessible to a user having access to the second computing device (Branish [0022-0024] query interface 134a and 134b provides a software application that allows users to create, read, update and delete information stored in storage devices 124a-124c. Query interface 134a, 134b allows users to compose and submit SQL commands to a RDBMS 130, which, in response, may be configured to process the SQL and return query information, or results of update actions).

Regarding claims 8, 9, 12, 13, 15, 16, 19 and 20; the instant claims recite substantially same limitations as the 1, 2, 5 & 6 claims and are therefore rejected under the same prior-art teachings.

Response to Amendment
In response to the 11/17/2020 office action claims 1, 2, 5, 6, 8, 9, 12, 13, 15, 16, 19 and 20 have been amended, no new claim has been added, and claim 3, 4, 7, 10, 11, 14, 17 and18 have been cancelled. Claims 1, 2, 5, 6, 8, 9, 12, 13, 15, 16, 19 and 20 are currently pending and stand rejected.

Response to Arguments

The arguments regarding Connolly and Ronda are moot because the references Connolly and Ronda are now replaced with the new reference Branish. The new ground of rejection as necessitated by the new limitation is presented herein.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SOHEILA G DAVANLOU whose telephone number is (571)270-5155.  The examiner can normally be reached on Monday - Friday, 9:00am - 6:00 Eastern Time..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alford Kindred can be reached on (571)272-4037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 


SOHEILA G DAVANLOU
Examiner
Art Unit 2153



/ALFORD W KINDRED/Supervisory Patent Examiner, Art Unit 2153