DETAILED ACTION
	Claims 1-17 are pending. This is in response to the application filed on May 24, 2019 which claims priority to the Korean application filed on November 24, 2016.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-8, 11 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20150150075 (hereinafter Vahlis) in view of PG Pub 20140283096 (Neerumalla)

 	Regarding claim 1, Vahlis discloses an apparatus for monitoring a database, the apparatus comprising: a transceiver; and a processor operatively coupled to the transceiver (par. [0039] discloses the Checker Agent 250 includes a processor 201, a transceiver 241, and a memory 202), wherein the processor is configured to: 
 	acquire a query used in access of the database from the database through the transceiver (Figs. 1-2, par. [0031]-[0035] and [0039]-[0042] discloses a system where a user submit a query to access a database that the query is intercepted by the Checker Agent with the transceiver); 
 	replace a first code, included in the acquired query (par. [0035] disclose the query q is modified to a query q’). However, Vahlis does not disclose checking for the text or syntax of query q or q’. Neerumalla discloses a query is modified then is checked with the Allow list for legitimate query when detecting for SQL injection attack (Figs. 2-3 and par. [0057]-[0067]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Vahlis with Neerumalla to further teach query checking to a predefined text; convert the text to a second code for query checking.  One would have done so to further improve detecting malicious SQL query by comparing not only the result for policy compliance but also the query pattern itself; and 
 	Neerumalla further discloses output information on validity of the acquired query on the basis of a comparison result of the first code and the second code (par. [0067). 

	Claims 8 and 11 are rejected  in view of claim 1 rejection.
 wherein the processor is configured to determine the text on the basis of a type of the query (par. [0077] discloses looking for the text pattern PASSWORD=` `OR 1=1--` when the query associated with username and password).  	Regarding claims 6 and 16, Neerumalla discloses wherein the processor outputs an alarm which notifies that hacking to the database occurs if the first code and the second code are not matched to each other (par. [00550 and [0067] disclose alerting to the user and the system administrator).  	Regarding claims 7 and 17, Neerumalla discloses wherein the processor is configured to display a screen which indicates the alarm through a display or to transmit a message which notifies the alarm to another apparatus (par. [0067] discloses “…the system 100 may treat the query as a potential code injection (e.g., SQL injection) vulnerability in the web application and alert a system administrator to review and potentially repair the vulnerability…”. This clearly suggests a display is shown with alerted message). 
Claims 2, 9 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over PG Vahlis in view of Neerumalla and further in view of PG Pub 20150304337 (hereinafter Nguyen-Tuong) 	Regarding claims 2, 9 and 12, neither Vahlis and Neerumalla expressly discloses wherein the first code is included in the acquired query as an annotation of the acquired query. Nguyen-Tuong discloses detecting injection attack including detecting for %s in the query (par. [0234]-[0248]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Vahlis and Neerumalla with Nguyen-Tuong to further teach the claimed feature.  One would have done so as an obvious variation to further improve detecting malicious SQL query with reasonable expectation for success besides looking for the ‘OR 1=1—‘ which is usually used in blind SQL injections as disclosed in Neerumalla (par. [0077]).
Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over PG Vahlis in view of Neerumalla and further in view of PG Pub 20120117644 (hereinafter Soeder) 	Regarding claims 3 and 13, neither Vahlis and Neerumalla expressly disclosed wherein the first code is disposed to a predetermined location of the acquired query. Soeder discloses looking for the value username artificially and prematurely ends of the query (par. [0007]-[0008]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Vahlis and Neerumalla with Soeder to further teach the claimed feature.  One would have done so as an obvious variation to further improve detecting malicious SQL query with reasonable expectation for success.
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over PG Vahlis in view of Neerumalla and further in view of Patent 8631497 (hereinafter Oliphant) 	Regarding claims 4 and 14, neither Vahlis and Neerumalla expressly discloses wherein the acquired query is a query identified as consuming a greater time than a predetermined time for data access among a plurality of queries used in the access to the database. Oliphant discloses using time threshold for SQL injection detection (Fig. 2 and col. 2, lines 11-40 and col. 4, lines 17-58). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Vahlis and Neerumalla with Oliphant to further teach the claimed feature.  One would have done so as an obvious variation to further improve detecting malicious SQL query with reasonable expectation for success.
				Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994.  The examiner can normally be reached on Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  


/TRI M TRAN/Primary Examiner, Art Unit 2494