DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 06/15/2021. Claims 1, 6-9, 11, 13, and 15-20 have been amended. Claims 1-20 are currently pending and have been considered below.

Response to Arguments
Applicant’s arguments, see pages 8-10, filed 06/15/2021, with respect to the rejection of claims 6-9 and 11-19 are under 35 U.S.C. 112(b) have been considered and are persuasive. However, Applicant's amendment necessitated the new ground(s) of rejection as will be discussed below.
Applicant’s arguments, see pages 8-10, filed 06/15/2021, with respect to the rejection of claims 11-19 are under 35 U.S.C. 112(a) have been considered and persuasive. However, Applicant's amendment necessitated the new ground(s) of rejection as will be discussed below.
Applicant’s arguments, see pages 10-12, filed 06/15/2021, with respect to the rejections of claims 1-20 under 35 U.S.C. 103, have been fully considered but are not persuasive.
On pages 11 and 12 of Remarks, Applicant asserts that Cotner, Dickie, Egawa, and/or Wolf (whether considered individually or in combination) does not teach the feature “modifying said storage region so said rows are partially omitted completely during reading based on a setting of said access of a user in comparison to said lower and said upper access security label of said control record of said specific storage region.” The Examiner respectfully disagrees.
In this regard, Cotner describes that
security label of the row has a value that is within a range of values that are accessible to the user. This is the case when the user's security dominates the row's security, both of the following conditions are true. i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. ii) … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102. (See para. [0075], emphasis added)

As shown in the SECURITY.TABLE 30 of FIG. 2C, SALLY's security label is “blue”, and accordingly, the resulting user view 32 includes only those rows of USER.TABLE 26 having a security label equal to the security label “blue”. (See para. [0032] & Fig. 2D, emphasis added)

That is, Cotner describes that if the security label has a value that is within a range of values that are accessible to the user, then the DBMS returns the result to the user, which teaches the feature “based on a setting of said access of a user in comparison to said lower and said upper access security label of said control record” recited in claim 1. Also, Cotner describes that the results include only a part of the table contents as illustrated in Fig. 2D, which teaches the feature “said rows are partially omitted completely during reading” recited in claim 1. 
Cotner is silent about the feature “… in comparison to … said control record of said specific storage region.” However, in this regard, Dickie describes that 
For example, if a storage region is known to contain records with column values between 100 and 200 (i.e., col 1 {100, 200}), … if a query has a value from 100 to 200, including the values of 100 and 200, then that storage region may be read and searched. In this regard, a range map may identify upper and lower range values or bounds for data within a given storage region. (See (para. [0012], emphasis added)

That is, if a storage region is known to contain records with column values between 100 and 200, and if a query has a value from 100 to 200, then that storage region may be read and searched, which teaches the feature “… in comparison to said control record of said specific storage.” In other words, Cotner in view of Dickie teaches that if a query has a value within a range contained in the table as taught by Dickie, then the DBMS returns the result to the user corresponding to the query from the table. This, In view of the above and as will be discussed 

Claim Rejections - 35 USC § 112
6.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1, 11, 20, respectively, recite the limitation “modifying (or modify) said storage region …” which however, does not appear to be described within the Specification.
In this regard, the specification describes that 
The way of filtering the storage regions is modified in a way that the rows are partially omitted completely during reading, depending on the setting of the access right of a user in comparison to the lower and upper access security label 

In other words, the specification describes that the way of filtering the storage regions is modified, but does not describe that the storage regions, themselves, are modified. Moreover, the feature “modifying the way of filtering the storage regions” would be technically different to one of ordinary skill in the art from the feature “modifying said storage region (itself)”. Otherwise, the Examiner does not find any relevant description that a skilled artisan would recognize applicant was in possession of the claimed invention. As such, the Examiner suggests Applicant to point to specific language within the Specification that fully discloses the above noted limitation of claims 1, 11 and 20, otherwise Applicant should amend the claims to recite limitations fully supported within Applicant’s Specification.
Claims 2-10, and 12-19 are rejected under 112(a) as being dependent from the rejected claims.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1, 11, 20, respectively, recite the limitation “modifying said storage region so said rows are partially omitted completely during reading …” It is unclear as to what is meant by the 
Claim1 recites the limitation “upon determining, for a query, whether an access right of a user, initiating said query is below …” It is unclear as to what is meant by the limitation “whether an access right of a user, initiating said query is below”. Is there any special purpose to add the comma “,” between “a user” and “initiating”?
Claims 2-10, and 12-19 are rejected under 112(b) as being dependent from the rejected claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 10-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”).

Regarding claim 1: 
Cotner teaches:
A computer-implemented method for processing a query for accessing data in a database with row level security, wherein said data being organized in rows and columns, wherein rows are grouped in storage regions (claim 10: A computer-implemented method of controlling access to data in at least one row of a database, wherein said at least one row is associated with row-level access control information), said method comprising:
maintaining, as part of a control record .. (para. [0036]: 2. Each row within a secure table is associated with a security label, which can be a column within that security table. For example, that column can have a predetermined name (e.g. SECURITY_LABEL) or it can be identified through an SQL clause when the table is defined (e.g. AS SECURITY LABEL clause on the CREATE TABLE column definition). It will be understood that other techniques can be used to associate a security label with a row. --- It is noted that a security label teaches a control record; column can have a predetermined name (e.g. SECURITY_LABEL) teaches maintaining a control record), a lower access security label, representing a minimal user access right of any of said rows … (para. [0075]: The security label of the row has a value that is within a range of values that are accessible to the user; [0066]: a. The security level of the data contained in the row. This allows implementation of multilevel, hierarchical security schemes (e.g., TOP SECRET, SECRET, UNCLASSIFIED); para. [0073]: If the table does not have a SECURITY_LABEL column, then the query is processed in a conventional manner in operation 86 and the results of the query are returned to the user in operation 88. --- It is noted that for example, UNCLASSIFIED teaches a lower access security label; UNCLASSIFIED implies a minimal user access right of any of said rows), and an upper access security label representing a maximal user access right of any of said rows … (para. [0075]: The security label of the row has a value that is within a range of values that are accessible to the user; [0066]: a. The security level of the data contained in the row. This allows implementation of multilevel, hierarchical security schemes (e.g., TOP SECRET, SECRET, UNCLASSIFIED). --- It is noted that for example, TOP SECRET teaches an upper access security label; TOP SECRET implies a maximal user access right of any of said rows); and
modifying said storage region so said rows are partially omitted completely during reading based on a setting of said access of a user in comparison to said lower and said upper access security label of said control record (para. [0075]: a. The security label of the row has a value that is within a range of values that are accessible to the user. This is the case when the user's security dominates the row's security, both of the following conditions are true. i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. ii) … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102; para. [0032] & Fig. 2D: As shown in the SECURITY.TABLE 30 of FIG. 2C, SALLY's security label is “blue”, and accordingly, the resulting user view 32 includes only those rows of USER.TABLE 26 having a security label equal to the security label “blue”. --- It is noted that if the security label has a value that is within a range of values that are accessible to the user, then the DBMS returns the result to the user; here the results include only a part of the table contents, which teaches said rows are partially omitted during reading. Further noted that it is unclear what is meant by the feature “modifying said storage region so said rows are partially omitted completely …”, thus, for the sake of examination, it is interpreted as reading said storage region with partially omitting said rows); and
upon determining, for a query, whether an access right of a user initiating said query is below said lower access security label of a storage region addressed by said query, skipping said storage … during a read execution of said query (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: … i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. If not, the user is denied access to the row in operation 96; para. [0078]: The security label associated with the row is outside the range of values corresponding to the user's security label. In this case, the DBMS either ignores the row… --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; the user’s access right are determined teaches upon determining; [when] the security label associated with the row is outside the range of values corresponding to the user's security label, the DBMS either ignores the row teaches [when] an access right of a user is below said lower access security label of a storage, skipping said storage during a read execution of said query).
Cotner is silent about:
… as part of a control record for each storage region …; 
… rows in said storage region …;
… in comparison to … said control record of said specific storage region; and
… skipping said storage region … 
Dickie, in the same field of endeavor, teaches:
… as part of a control record for each storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. --- It is noted that each region teaches each storage region; metadata about each region corresponds to a control record for each storage region); 
… rows in said storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. --- It is noted that to filter table rows [of] each region of table storage teaches rows in said storage region);
… in comparison to … said control record of said specific storage region (para. [0012]: For example, if a storage region is known to contain records with column values between 100 and 200 (i.e., col 1 {100, 200}), … if a query has a value from 100 to 200, including the values of 100 and 200, then that storage region may be read and searched. In this regard, a range map may identify upper and lower range values or bounds for data within a given storage region. --- It is noted that if a query has a value from 100 to 200, then that storage region may be read and searched, which teaches in comparison to said control record of said specific storage); and
… skipping said storage region … (para. [0013]: In this regard, a range map may be used to define regions that do not have to be read and searched in response to a query. For example, the query may require a surname of “Smith”. Thus, when a surname is part of a query, the surname “Smith”, by virtue of a range map, can be used to eliminate those storage regions that do not contain “Smith” based on the “Smith” query value and the range maps; para. [0005]: For example, if a storage region is known to contain records with column values between 100 and 200 (e.g., as stored in the range map metadata), then when a query with range values outside of that known range (e.g., a query with a value of 500) is evaluated, the evaluation can eliminate that storage region. --- It is noted that eliminate that storage region teaches skipping said storage region).
In this regard, Dickie describes that some database management systems maintain metadata about each storage region in the form of range values or range maps that define minimum and maximum ranges in a given storage region in order to filter storage regions before actually reading and searching the stored data. (See para. [0005])
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner’s system by enhancing Cotner’s system to 
The motivation is to minimize processing requirements and elapsed time overhead associated with making row-level security checks (Cotner, para. [0009]) by eliminating storage regions from reading according to the user's security label.

Regarding claim 2: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1.
Cotner is silent about:
wherein in each of said storage regions a number of rows is stored, defined by a block size of said database storage and a length of said rows such that a maximum number of rows fits into said storage region.
Dickie teaches:
wherein in each of said storage regions a number of rows is stored, defined by a block size of said database storage and a length of said rows such that a maximum number of rows fits into said storage region (para. [0012]: … Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows. The metadata may contain value ranges or range maps that indicate minimum (min) and maximum (max) values for a given column (col) variable. Accordingly, the metadata may be of the form: col 1 {min value, max value}. For example, if a storage region is known to contain records with column values between 100 and 200 (i.e., col 1 {100, 200}), then a query restricted to records with column values greater than 500 will not read that storage region. However, if a query has a value from 100 to 200, including the values of 100 and 200, then that storage region may be read and searched. In this regard, a range map may identify upper and lower range values or bounds for data within a given storage region. The upper and lower bound may be conservative or inclusive of that bound. In one example, for a given storage region, values that are less than or equal to the upper bound (e.g., a max) in storage region's metadata, and greater than or equal to the lower hound (e.g., a min), may be found in that storage region; para. [0044]: The range map hierarchy may be based on any number of levels of granularity (e.g., extents, pages, sets of rows, etc.) and may employ any desired data sizes for the hierarchy (e.g., 8 MB, 3 MB, 128 KB, 64 KB, etc.) to obtain any desired level of data hierarchy. --- It is noted that table rows teaches a number of rows is stored; desired data sizes (e.g., 8 MB, 3 MB, 128 KB, 64 KB, etc.) teaches defined by a block size; the upper bound (e.g., a max) implies a length of said rows such that a maximum number of rows fits into said storage region).
The motivation for claim 1 is applicable for claim 2.

Regarding claim 3: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, further comprising:
Cotner further teaches:
upon determining for a query whether said access right of said user initiating said query is above or equal to said upper access security label … addressed by said query, executing said read query against all rows … and skipping a row security table examination (para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102).
Cotner is silent about:

Dickie, in the same field of endeavor, teaches:
… a storage region … (para. [0012]: Some database management systems (DBMSs) maintain metadata about each region of table storage in order to filter table rows before actually reading the data stored in those rows).
The motivation for claim 1 is applicable for claim 3.

Regarding claim 4: 
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1.
Cotner further teaches:
wherein said access right of the user initiating said query is organized as level access right, category access right and/or cohort access right (para. [0037]: The SECURITY_LABEL column in the row identifies the security level of the data contained in the row, as well as security categories to which the row applies. --- It is noted that the security level of the data teaches level access right; security categories teaches category access right).

Regarding claim 10:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, also comprising:
Cotner further teaches:
omitting a storage range during reading as part of said query if at least one of said following conditions is met: a user's level is below a minimal level of said storage region (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: … i) The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. If not, the user is denied access to the row in operation 96; para. [0078]: The security label associated with the row is outside the range of values corresponding to the user's security label. In this case, the DBMS either ignores the row… --- it is noted that [when] the security label associated with the row is outside the range of values corresponding to the user's security label, the DBMS either ignores the row teaches if a user’s level is below a minimal level of said storage region, omitting said storage range during reading as part of said query), a user's category is not matched, or a user's cohort is not found in said storage region.

Regarding claim 11:
Claim 11 recites a database system which corresponds to a computer-implemented method of claim 1, and additionally contains limitations “one or more computer processors; one or more computer readable storage devices; program instructions stored on the one or more computer readable storage devices for execution by at least one of the one or more computer processors”. However, Cotner further teaches: one or more computer processors (See Fig. 6 & para. [0060]: query processor 20); one or more computer readable storage devices (See Fig. 6 & para. [0061]: the data storage unit 24, the cache 66; also it is inherent that a processor includes or is connected with a program memory); program instructions stored on the one or more computer readable storage devices for execution by at least one of the one or more computer processors (See Fig. 6 & para. [0061]: The query processor 20 processes the received query in a conventional manner. --- It is noted that processes the received query teaches program instructions).
Therefore, claim 11 is rejected by applying the same rationale used to reject claim 1 above and additional teaching by Cotner stated above.

Regarding claim 12:
Claim 12 recites the database system which corresponds to the computer-implemented method of claim 2, and contains no additional limitations. Therefore claim 12 is rejected by applying the same rationale used to reject claim 2 above.

Regarding claim 13:
Claim 13 recites the database system which corresponds to the computer-implemented method of claim 3, and contains no additional limitations. Therefore claim 13 is rejected by applying the same rationale used to reject claim 3 above.

Regarding claim 14:
Claim 14 recites the database system which corresponds to the computer-implemented method of claim 4, and contains no additional limitations. Therefore claim 14 is rejected by applying the same rationale used to reject claim 4 above.

Regarding claim 20:
Claim 20 recites a computer program product which corresponds to a computer-implemented method of claim 1, and additionally contains program instructions and one or more computing systems or controllers. However, Cotner teaches program instructions and one or more computing systems or controllers (FIG. 1 & para. [0026]: the web server includes a single DBMS 18 that services each of the web sites. --- It is noted that the web server teaches one or more computing systems; it is inherent that the web server contains program instructions).
Therefore claim 20 is rejected by applying the same rationale used to reject claim 1 above.

Claims 5-7, 9, 15-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”), and further in view of Egawa et al. (JP 2006/163586 A; hereinafter, “Egawa”).

Regarding claim 5:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 4.
Cotner in view of Dickie is silent about:
wherein said level access right is maintained as an integer value.
Egawa, in the same field of endeavor, teaches:
wherein said level access right is maintained as an integer value (FIG. 3 & page 3 of English translation: Further, the storage unit 12 stores a type access right database that holds information on whether access is permitted for each access mode determined in advance for each type of user. Specifically, as shown in FIG. 3, information (access level value) indicating whether access is possible for each access mode of the user of the type is recorded in association with the type identifier as information for specifying the type. --- It is noted that access level value (i.e., 1, 2, and 3) in FIG. 3 teaches level access right is maintained as an integer value).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as an integer value, as taught by Egawa, in order to represent the access right of users as a relative magnitude.
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple integer values for the user's security label.

Regarding claim 6:  
Cotner in view of Dickie and Egawa teaches:
The computer-implemented method according to claim 5.
Cotner further teaches:
… wherein said access rights of a user initiating said query must match … in order to access said related row (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102. --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; [when] the security label associated with the row is equal to the security level indicated by the row's security label, the DBMS processes the row and retrieves the requested data values teaches said user access rights must match in order to access said related row).
Cotner in view of Dickie is silent about:
wherein said category access right is a set of all-of-tag implemented as a bitmap, … match all bits of said bitmap …
Egawa teaches:
wherein said category access right is a set of all-of-tag implemented as a bitmap, … match all bits of said bitmap … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches category access right is a set of all-of-tag implemented as a bitmap; the logical product and logical sum of the values is used to determine whether or not access teaches user access rights match all bits of said bitmap in order to access).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as a bit representation, as taught by Egawa, in order to allow the access right of users to be determined by a logical calculation.
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple bitmap representation for the user's security label.

Regarding claim 7: 
Cotner in view of Dickie and Egawa teaches:
The computer-implemented method according to claim 6.
Cotner further teaches:
wherein said cohort access right is … (para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow. --- It is noted that for example, the label “sunset” teaches cohort access right; further noted that the claim does not specify what cohort access right, thus for the sake of examination, it is interpreted as an access right for hierarchical data), wherein said access rights of the user initiating said query must match … in order to access said related row (para. [0072]: … A user, in operation 72, prepares a query for submission to a DBMS that has a table that includes a SECURITY_LABEL column. …  The user's security level and security categories are determined in operation 74 using the techniques described earlier; para. [0075]: The security level indicated by the user's security label is greater than or equal to the security level indicated by the row's security label, as determined in operation 94. … If so, then the next condition is tested in operation 98. … If that is the case, the DBMS processes the row and retrieves the requested data values and returns the result to the user in operation 102. --- it is noted that a query teaches a query; a user prepares a query for submission teaches a user initiating said query; the user’s access right teaches an access right of a user; [when] the security label associated with the row is equal to the security level indicated by the row's security label, the DBMS processes the row and retrieves the requested data values teaches said user access rights must match in order to access said related row).
Cotner in view of Dickie is silent about:
wherein said … access right is a set of any-of-tag implemented as said bitmap …, match at least one bits of said bitmap …
Egawa teaches:
wherein said … access right is a set … as said bitmap …, match at least one bits of said bitmap … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches category access right is a set of all-of-tag implemented as a bitmap; the logical product and logical sum of the values is used to determine whether or not access teaches user access rights match at least one bits of said bitmap in order to access).
The motivation for claim 6 is applicable for claim 7.

Regarding claim 9:  
Cotner in view of Dickie teaches:
The computer-implemented method according to claim 1, further comprising:
Cotner further teaches:
maintaining said access right of the user initiating said query of the user by maintaining a level value (para. [0030]: A security table (SECURITY.TABLE) 30 relates a user ID (USERID) with a security label (SECLABEL) such as security labels “red”, “blue”, or “green.” --- It is noted that security table (SECURITY.TABLE) 30 teaches access rights of the user; security labels “red”, “blue”, or “green” teaches a level value), a category mask, comprising a … summary of all categories assigned to the user (para. [0034]: The security label also identifies security categories within that security level that the user is allowed to access … For example, a given user might be allowed to view data designated by certain security levels, such as the security levels: TOP SECRET, SECRET, and UNCLASSIFIED. --- It is noted that security label identifying security categories teaches a category mask; the security levels: TOP SECRET, SECRET, and UNCLASSIFIED teaches summary of all categories assigned to the user), and a cohort mask, comprising a … summary of all cohorts assigned to the user (para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow; para. [0057]: For example the user “BOSS 1” has access privileges defined in table 64 by the label “rainbow” in row 64 b, thereby giving that user a higher degree of access. --- It is noted that access privileges defined in table 64 teaches a cohort mask comprising a summary of all cohorts assigned to the user).
Cotner in view of Dickie is silent about:
… a bitmap summary of all categories …, and … a bitmap summary of all cohorts …
Egawa teaches:
… a bitmap summary of all categories …, and … a bitmap summary of all cohorts … (page 3: When a plurality of group identifiers are acquired in process S1, the maximum value (or the logical sum of the values when the access right is expressed by a bit value) is acquired from the access level values corresponding to each group identifier; page 4: The control unit 11 compares the GAL and the MAL, and acquires the one with the smaller access level value (in the case of bit representation, the logical product is used) (S5). The control unit 11 determines whether or not access in the access mode related to the access request is possible based on the access level value acquired in step S5. --- It is noted that the access right is expressed by a bit value teaches a bitmap summary of all categories and cohorts).
 in view of Dickie’s system by enhancing Cotner in view of Dickie’s system to indicate the user's security label as a bit representation, as taught by Egawa, in order to allow the access right of users to be determined by a logical calculation.
The motivation is to minimize processing time in determining whether or not a user has an access right to a storage region by using simple bitmap representation for the user's security label.

Regarding claim 15:
Claim 15 recites the database system which corresponds to the computer-implemented method of claim 5, and contains no additional limitations. Therefore claim 15 is rejected by applying the same rationale used to reject claim 5 above.

Regarding claim 16:
Claim 16 recites the database system which corresponds to the computer-implemented method of claim 6, and contains no additional limitations. Therefore claim 16 is rejected by applying the same rationale used to reject claim 6 above.

Regarding claim 17:
Claim 17 recites the database system which corresponds to the computer-implemented method of claim 7, and contains no additional limitations. Therefore claim 17 is rejected by applying the same rationale used to reject claim 7 above.

Regarding claim 19:
.

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2017/0053133 A1; hereinafter, “Cotner”) in view of Dickie et al. (US 2015/0095299 A1; hereinafter, “Dickie”), and further in view of Egawa et al. (JP 2006/163586 A; hereinafter, “Egawa”) and Dickie (US 2015/0363404 A1; hereinafter, “Dickie404”).

Regarding claim 8:  
Cotner in view of Dickie and Egawa teaches:
The computer-implemented method according to claim 7.
Cotner further teaches:
wherein for each of the multi-level security dimensions level, category, and cohort, … (para. [0030]: A security table (SECURITY.TABLE) 30 relates a user ID (USERID) with a security label (SECLABEL) such as security labels “red”, “blue”, or “green”; para. [0034]: The security label also identifies security categories within that security level that the user is allowed to access … For example, a given user might be allowed to view data designated by certain security levels, such as the security levels: TOP SECRET, SECRET, and UNCLASSIFIED; para. [0053]: A hierarchical security scheme is illustrated, conceptually, in FIG. 4. … These security levels, namely the color names, are similar to the security label shown in FIG. 2A used in a conventional database. However, the scheme shown in FIG. 4 is a hierarchical security scheme in which security levels are grouped together to create different levels of security in a multilevel security system. For example, the security level 56 bearing the label “sunset” includes all the access privileges for the lower level security labels within its branch, namely, red, orange and yellow. Accordingly, the security label sunset is located at a higher level in the security scheme than the security labels red, orange and yellow; para. [0057]: For example the user “BOSS 1” has access privileges defined in table 64 by the label “rainbow” in row 64 b, thereby giving that user a higher degree of access. --- It is noted that security table (SECURITY.TABLE) 30 teaches the multi-level security dimensions level; security label identifying security categories teaches category; access privileges defined in table 64 teaches cohort).
Cotner in view of Dickie and Egawa is silent about:
… a new data field is added to a zone map of a storage region.
Dickie404, in the same field of endeavor, teaches: 
… a new data field is added to a zone map of a storage region, wherein the new data field is an invisible field (para. [0068]: The newly re-computed E(x) is subtracted from the hybrid zone map at step 940. Alternatively, the E(x) value computed when the page was last updated may be stored with the zone map metadata for the page … In other words, when the index indicator is used as a starting point, the indices and the indexed pages become “invisible” by way of the hybrid zone map. Since the underlying “stale” data are not visible or available, database clean up or “garbage collection” is not immediately required; para. [0069]: Present invention embodiments may be utilized for generating hybrid zone maps using any quantity of metadata (e.g., range maps, index indicators, histograms, etc.) for storage regions for any type of database (e.g., relational, object oriented, NoSQL, etc.), memory or any other storage structure. --- It is noted that generating hybrid zone maps using any quantity of metadata (e.g., range maps, index indicators, histograms, etc.) for storage regions for any type of database teaches a new data field is added to a zone map of a storage region; the indices and the indexed pages become “invisible” by way of the hybrid zone map teaches the new data field is an invisible field).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cotner in view of Dickie and Egawa’s system by 
The motivation is to minimize processing requirements and elapsed time overhead associated with making row-level security checks (Cotner, para. [0009]) by improving query plan optimization and the scheduling of query execution.

Regarding claim 18:
Claim 18 recites the database system which corresponds to the computer-implemented method of claim 8, and contains no additional limitations. Therefore claim 18 is rejected by applying the same rationale used to reject claim 8 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Rozenberg et al. (US 2019/0171839 A1) discloses a method for data protection in a computer system associated with a plurality of levels of access rights; and Rafiq et al. (US 2010/0036846 A1) discloses a method for implementing a security policy using a bitmap for determining access privileges to each object associated with the request. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar Patel can be reached on (571) 272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/W.Y./Examiner, Art Unit 2491





/ASHOKKUMAR B PATEL/            Supervisory Patent Examiner, Art Unit 2491