DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Applicant has amended Claims 1, 10 and 19 and Claims 1-20 are pending.


Response to Remarks

In responses to Applicant’s argument filed on 10/04/2021 on page 12 recited: “Yang describes "methods, apparatus, systems and articles of manufacture are disclosed to facilitate electronic data security." Yang, Abstract. Yang fails to describe at least "wherein generating the execution plan comprises searching, in response to receiving the query, a search index; returning a result set of documents based on the query; filtering the result set based on the received access control list associated with the user; returning the filtered result set, the filtered result set including documents the user is authorized to view; gathering structured query language (SQL) aggregations based on the filtered result set."

In response to the amendment made to the claims of above, Examiner a new 103 rejection has been issued relying on a new secondary reference to address the change to scope of previous invention. Therefore, this office action is based on a new ground of rejection. Applicant is advised to review detailed mapping of claim limitations to the relevant sections of the Isard et al., US 2011/0246439. 

Claim Rejections - 35 USC§ 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 19, 20  are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al., US 2017/0344749 hereinafter, Yang, in view of Mittelstadt et al., US 20130097430 A1, hereinafter Mittelstadt and further in view of Isard et al., US 2011/0246439, hereinafter Isard.

As per claim 1, (Currently Amended) A computer-implemented method comprising: receiving, by at least one processor, (Yang discloses employing the query handler (e.g., “.. query and an access control”) queries the data storage for records (e.g., “.. content managed by a content management system.”) corresponding to the terms of the query) a query and an access control list associated with a user, the query requesting content managed by a content management system;
data records in the data storage 110. The incoming query 145 includes query term(s) and a user ID. The query handler 140 parses the query 145 to 1) identify query terms (e.g., location, type, other keyword, etc.) and 2) identify a privilege tag for the querying user (e.g., based on user ID). The query handler 140 queries the data storage 110 for records corresponding to the terms of the query 145. Queries can be performed by column based on a field of interest, for example.”)

(Yang discloses) the constraining Page 3 of 14Docket No.: 046294-528001US Application No.: 16/418,185comprising limiting the at least one processor from adding a content item of the plurality of content items to a permissions-filtered results set based on the access control list identifying the user as not having permission to access the content item; aggregating, by the at least one processor and based on the execution plan, the permissions-filtered results set; and returning, by the at least one processor, the aggregated permissions-filtered results set.
(Yang [0045] “The example system 100 also includes a data retriever 160 that retrieves data records from the data storage 110 based on the query results from the query handler 140 as filtered by the access filter 150. That is, for the query results to which the access filter 150 determines the querying user has permission to access, the data retriever 160, alone or in conjunction with the data processor 120, retrieves the corresponding data records from the data storage 110 based on the ID or key 410 associated with each of the data records 401, 402.”)

(With respect to claim 1, Yang does not explicitly discloses a method of generating execution plan)
generating, by the at least one processor, an execution plan for processing the query, the execution plan based on the query and the access control list, wherein generating the execution plan comprises:

However, Mittelstadt discloses a method of executing a query using the execution plan (e.g., “an execution plan based on the query”) and the indexes (e.g., “a content index of a plurality of content items”) in order to find and retrieve the data in the database tables that satisfies the criteria of the query (e.g., “possible results returned from the query using a content index of a plurality of content items”)
(Mittelstadt [0036] “The optimizer 215 performs query optimization on the parsed statement 210. As a result of query optimization, the optimizer 215 generates one or more execution plans 225, using data such as resource availability, platform capabilities, query content information, etc.,)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Mittelstadt, a method of executing a query using the execution plan to effectively organize query executions. For instance, Yang discloses a method facilitate electronic data security in a storage system, organizing data table and identifying records and security tag associate with the record. The teachings of Mittelstadt a method of using execution plan for query execution would greatly improve system wide security and query execution processes because the query execution plan may tightly control query executions based on pre-defined business requirements such as user/group access permission and repetitive executions of query. 

(Furthermore, Yang does not explicitly discloses a method of returning a result set of documents based on the query in response to receiving the query and search index) searching, in response to receiving the query, a search index; returning a result set of documents based on the query; 
However, Isard discloses a method of determining a plurality of per-index server results. 
(Isard [0180] “Then, at block 1004, the indexers to which the query was distributed can search their data stores for events that are responsive to the query. 
Isard claim “16.  .. applying the hybrid query against an index of each of the distributed index servers to determine a plurality of per-index server results”) 
Note that Examiner interpreted term “a search index” in the claim  based on the specification paragraph [0033] where index is being used to distribute (partition) search queries in a distributed network query system.

(Moreover, Isard discloses applying the filter to query results, which may then be aggregated later) filtering the result set based on the received access control list associated with the user; returning the filtered result set, the filtered result set including documents the user is authorized to view; gathering structured query language (SQL) aggregations based on the filtered result set; searching a column store database to perform the SQL aggregations; and returning the SQL aggregations to the content management system; constraining, by the at least one processor and based on the execution plan, 
(Isard [0004] “receiving a query associated with a set of interest at a search engine, determining a filter representation of the set, and sending the filter and the query to index servers that each store a portion of a search engine corpus. Each of the index servers may apply the filter to query results, which may then be aggregated by, e.g., a front end server of the search engine.”)

Thus, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to combine teachings of Isard into the combined system of Yang for the advantageous purpose of employing distributed query indexing and searching environment to improve the speed and cost for queries against information. (See Isard paragraph [0003] - [0005])

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine teachings of Mittelstadt and Isard into the system of Yang because, they are analogous art as being directed to the same field of endeavor, the system and method of enhanced data security for database management system. (See Yang par. [0001] Mittelstadt FIG.1, Abstract and Yang FIG.5, Isard FIG.1, FIG.2 and par. [0015], [0024])

As per claim 2. (Original) The method as in claim 1, further comprising:  Yang discloses a method of using tag and/or other notation to identify which record may be accessible by user or group: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity.
(Yang [0039] Thus, a tag and/or other notation 420 is used to identify which record 410 can be accessed by which group 210. In certain examples, a binary ‘AND’ operation of security tag 420 and privilege tag 320 is executed for a given user 310, and, if the result is nonzero, then that user has permission to access that record. If the result of the AND operation is zero, then the user cannot access that record.)

As per claim 3. (Original) The method as in claim 2, wherein the user permissions index comprises Yang discloses a method of using bitwise operation to exclude access list of query results: an access control list index maintained by the content management system.
(Yang [0085] In certain examples, the bit or bitwise operation includes an AND, OR, XOR, NOT, etc., binary operation yielding one or more binary outcomes for comparison to determine whether the user/group is allowed or excluded from access. In certain examples, rather than a permissive list of groups, a negate/exclude access list can be provided.)

As per claim 4. (Original) The method as in claim 3, wherein the evaluating of the user permissions comprises searching an access control list index for 
Yang discloses a method of using query hander as filtered by access filter which determines the querying user has permission to access the record:: access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.
(Yang [0045] The example system 100 also includes a data retriever 160 that retrieves data records from the data storage 110 based on the query results from the query handler 140 as filtered by the access filter 150. That is, for the query results to which the access filter 150 determines the querying user has permission to access, the data retriever 160, alone or in conjunction with the data processor 120, retrieves the corresponding data records from the data storage 110 based on the ID or key 410 associated with each of the data records 401, 402.)

As per claim 5. (Original)The method as in claim 1, wherein the query comprises 
Yang discloses a method of using input devices for users to enter data and commands: 
 a string of characters entered by the user into a user interface.
(Yang [0074] In the illustrated example, one or more input devices 922 are connected to the interface circuit 920. The input device(s) 922 permit(s) a user to enter data and commands into the processor 912. The input device(s) 922 can be implemented by, for example, an audio sensor, a microphone, a keyboard, a button, a mouse, a touchscreen, a track-pad, a trackball, isopoint and/or a voice recognition system.)

Claims 6, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Yang in view of Mittelstadt and further in view of Isard and TOLMAN et al., US 2016/0210326 hereinafter, TOLMAN.

As per claim 6. (Original) The method as in claim 5, wherein the returning the aggregated permissions-filtered results set comprises 
Yang does not explicitly discloses: providing the aggregated permissions-filtered results set to the user interface.  
However, Tolman discloses a method of defining the plurality of post-aggregation filters with a second "AND" operator that defines the plurality of post-aggregation filters:
(Tolman [0011] determine whether the query instructions define a plurality of post-aggregation filters to be employed following the execution of the instructions that perform the aggregation; and in response to a determination that the query instructions define a plurality of post -aggregation filters, replace instructions within the query instructions that define the plurality of post-aggregation filters with a second "AND" operator that defines the plurality of post-aggregation filters to generate the homogenized instructions.)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Tolman, defining the plurality of post-aggregation filters because it further limiting query resulting accurate search results.

Claims 7, 8, 16, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Yang in view of Mittelstadt and further in view of Isard and Gonzalez et al. US 2011/0302194 hereinafter, Gonzalez.

As per claim 7. (Original) The method as in claim 1, wherein the generating is based on a virtual field.  
Yang does not explicitly discloses a method of including virtual field in query however, Gonzalez discloses a method of associating tuple (e.g., “virtual field”) including key, value and timestamp with the each row to maintain the history of changes of the record: 
(Gonzalez [0038] “A history is maintained for each tuple. For instance, internally a tuple is stored as (key, value, timestamp) where the timestamp represents a time at which the tuple was written. A single key can have multiple entries, one for each version of the tuple. Desirably, all rows in all user tables are stored in a single composite table, such as "Rows" as shown in Table 2 below.”)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Gonzalez, representing timestamp at which the tuple was written because it offers a means to query searches in terms of the record of history.

As per claim 8. (Original) The method of claim 7, wherein the virtual field comprises time series data.  
Gonzalez discloses a method of tuple comprising key, value and timestamp which may be used to index series of properties (See Gonzalez [Table 1] and paragraph [0038])

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Gonzalez, a method of tuple comprising key, value and timestamp which may be used to index series of properties because it offers a means to query searches with additional information such as timestamp and the association of (key, value) mapping schema and therefore it enhances search feature.

Claims 9, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Yang in view of Mittelstadt, further in view of Isard, Gonzalez and Cao et al., US 2014/0280159 hereinafter, Cao.

As per claim 9. (Original) The method of claim 7, wherein the virtual field specifies a machine learning operation.  
Cao discloses a method of driving machine learning models based on statistical data which may be comprising input data sets such as tuple, historical information (e.g., “timestamps) 
(Cao [0059] “it can be statistics-driven, by using machine learning models with statistics about the input data sets (e.g., tuple size, cardinality) and historical information about prior query executions (e.g., execution time).”)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Gao, a method of driving machine learning models based on statistics about the input data sets (e.g., tuple size, cardinality) and historical information about prior query executions (e.g., execution time) because statistical data enhances machine learning that improves efficiency of query process.

As per claim 10. (Currently Amended) A system comprising: at least one data processor; and at least one memory storing instructions which, when executed by the at least one data processor, result in operations comprising: receiving a query and an access control list associated with a user, the query requesting content managed by a content management system; generating an execution plan based on the query and the access control list, wherein generating the execution plan comprises: searching, in response to receiving the query, a search index; returning a result set of documents based on the query; filtering the result set based on the received access control list associated with the user; Page 5 of 14Docket No.: 046294-528001US Application No.: 16/418,185 returning the filtered result set, the filtered result set including documents the user is authorized to view; gathering structured query language (SQL) aggregations based on the filtered result set; searching a column store database to perform the SQL aggregations; and returning the SQL aggregations to the content management system; constraining, based on the execution plan, 

Claims 10 is analogous to claim 1 and is rejected under the same rationale as indicated above.

As per claim 11. (Original) The system as in claim 10, wherein the operations further comprise: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity.  

Claims 11 is analogous to claim 2 and is rejected under the same rationale as indicated above.

As per claim 12. (Original) The system as in claim 11, wherein the user permissions index comprises an access control list index maintained by the content management system.  

Claims 12 is analogous to claim 3 and is rejected under the same rationale as indicated above.

As per claim 13. (Original) The system as in claim 12, wherein the evaluating of the user permissions comprises searching an access control list index for access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.  

Claims 13 is analogous to claim 4 and is rejected under the same rationale as indicated above.

As per claim 14. (Original) The system as in claim 10, wherein the query comprises a string of characters entered by the user into a user interface.  

Claims 14 is analogous to claim 5 and is rejected under the same rationale as indicated above.

As per claim 15. (Original) The method as in claim 14, wherein the returning the aggregated permissions-filtered results set comprises providing the aggregated permissions-filtered results set to the user interface.  

Claims 15 is analogous to claim 6 and is rejected under the same rationale as indicated above.

As per claim 16. (Original) The method as in claim 10, wherein the generating is based on a virtual field. 

Claims 16 is analogous to claim 7 and is rejected under the same rationale as indicated above. 
 
As per claim 17. (Original) The method of claim 16, wherein the virtual field comprises time series data. 

Claims 17 is analogous to claim 8 and is rejected under the same rationale as indicated above.
 
As per claim 18. (Original) The method of claim 16, wherein the virtual field specifies a machine learning operation. 

Claims 18 is analogous to claim 9 and is rejected under the same rationale as indicated above.
 
As per claim 19. (Currently Amended) A non-transitory computer program product storing instructions which, when executed by at least one data processor, causes operations comprising: receiving a query and an access control list associated with a user, the query requesting content managed by a content management system; Page 7 of 14Docket No.: 046294-528001US Application No.: 16/418,185 generating an execution plan based on the query and the access control list, wherein generating the execution plan comprises: searching, in response to receiving the query, a search index; returning a result set of documents based on the query; filtering the result set based on the received access control list associated with the user; returning the filtered result set, the filtered result set including documents the user is authorized to view; gathering structured query language (SQL) aggregations based on the filtered result set; searching a column store database to perform the SQL aggregations; and returning the SQL aggregations to the content management system; constraining, based on the execution plan, 

Claims 19 is analogous to claim 1 and is rejected under the same rationale as indicated above.
As per claim 20. (Original) The non-transitory computer program product of claim 19, wherein the operations further comprise: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity, wherein the user permissions index comprises an access control list index maintained by the content management system, and wherein the evaluating of the user permissions comprises searching an access control list index for access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.  

Claims 20 is analogous to claim 4 and is rejected under the same rationale as indicated above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHONGSUH PARK whose telephone number is (408) 918-7574.  The examiner can normally be reached on Monday - Friday 8:00-5:30 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached on (571)272-3978 EST.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHONGSUH PARK/Examiner, Art Unit 2154                                                                                                                                                                                                        

/HOSAIN T ALAM/Supervisory Patent Examiner, Art Unit 2154