DETAILED ACTION

Claims 1-19 are pending in this Office action.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 102
4.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


5.	Claims 1-19 rejected under 35 U.S.C. 102(a)(1) as being anticipated by Yoshinori  Aoki  (US-20070005155-A1).
	As per claim 1, Aoki teaches “a data protection method, comprising: receiving, by a database execution engine, data request information sent by a client,” ([0006]-[0007], [0009]-[0011]); 
“acquiring a preset policy corresponding to an identity of the client carried in the data request information,” ([0006]-[0007], [0009]-[0011]); and 

	As per claim 2, Aoki further shows “wherein performing, by the database execution engine according to the preset policy, the data protection operation for the requested data comprises: performing, by the database execution engine according to the preset policy, at least one of a data filtering operation or a data masking operation for the requested data according to the preset policy, wherein the preset policy comprises at least one of a filtering rule or a masking rule,” ([0021]-[0026]).
	As per claim 3, Aoki further shows “wherein performing, by the database execution engine, at least one of the data filtering operation or the data masking operation for the requested data comprises one of: performing the data masking operation for the requested data after performing the data filtering operation for the requested data; embedding a data filtering operation flow during a process of the data masking operation; performing the data filtering operation for the requested data; or performing the data masking operation for the requested data,” ([0021]-[0026]).
	As per claim 4, Aoki further shows “wherein in a case where a Structured Query Language (SQL) statement is received by the database execution engine, performing, by the database execution engine according to the preset policy, the data masking operation for the requested data comprises: generating an Abstract Syntax Tree (AST) according to the SQL statement; deeply traversing the AST to acquire table names and field names on which multiple outermost output fields of the SQL statement depend layer by layer; and performing the data masking operation for output fields 
	As per claim 5, Aoki further shows “wherein after acquiring the table names and the field names on which the multiple outermost output fields depend layer by layer, the method further comprises at least one of: prohibiting the masking operation for an output field in a clause related to an intermediate calculation in the SQL statement; or prohibiting the masking operation for an output field in a "where" conditional statement and/or a "limit" conditional statement in the SQL statement,” ([0021]-[0026]).
	As per claim 6, Aoki further shows “wherein the data masking operation is performed for a derivation table in a "select" clause of an association derivation table in the SQL statement by one of: acquiring a preset masking rule corresponding to a table and a field name on which an output field name, queried by the "select" clause of the association derivation table, depends, taking the preset masking rule as a masking rule of an output field corresponding to the output field name, and performing the data masking operation for the derivation table according to the masking rule,” ([0021]-[0026]); or
“executing the "select" clause of the association derivation table, wherein the derivation table is a derivation table for which the data masking operation has been performed according to the preset masking rule after the database execution engine executes the "select" clause of the association derivation table,” ([0021]-[0026]).
	As per claim 7, Aoki further shows “wherein after the database execution engine receives the SQL statement, in a case where the database determines that the SQL statement has not been rewritten, the database deeply traverse the AST to perform at 
	As per claim 8, Aoki further shows “wherein for each output field in the outermost output field list queried by the "select" statement, following steps are performed: selecting a first output field from the outermost output field list in a preset order; deeply traversing the dependency table to acquire a table name and a field name on which the first output field most deeply depends; acquiring a masking rule that is preset for the table name and the field name on which the first output field most deeply depends; and after determining that the SQL statement is the "select" statement, processing, according to the masking rule, a part of the SQL statement corresponding to the first output field to form a first SQL statement, and rewriting, by using the first SQL statement, an original value of an AST node corresponding to the first output field,” ([0021]-[0026]).
	As per claim 9, Aoki further shows “wherein after acquiring the masking rule for the table name and the field name on which the first output field most deeply depends and determining that the SQL statement is a "create table as select" statement or an "insert into select" statement, the method further comprises: inserting the masking rule 
	As per claim 10, Aoki further shows “wherein after rewriting the original value of the AST node corresponding to the each output field in the outermost output field list, the method further comprises: traversing the rewritten AST and re-synthesizing a second SQL statement, and determining the second SQL statement as a finally executed SQL statement,” ([0021]-[0026]).
	As per claim 11, Aoki further shows “wherein after traversing the rewritten AST and re-synthesizing the second SQL statement, and determining the second SQL statement as the finally executed SQL statement, the method further comprises: determining, by the database execution engine, a to-be-executed physical plan according to the finally executed SQL statement; and executing the physical plan and feeding back a processing result to the client,” ([0021]-[0026]).
	As per claim 12, Aoki further shows “wherein in a case where a Structured Query Language (SQL) statement is received by the database execution engine, performing, by the database execution engine, the data filtering operation for the requested data comprises: generating an Abstract Syntax Tree (AST) according to the SQL statement,” ([0021]-[0026]);
“traversing the AST to perform following steps: in a case where one leaf node in the AST is a physical table, acquiring a table filtering rule of the physical table; in the AST, adding one child query node, wherein an original parent node of the leaf node is a parent node of the child query node and the leaf node is a child node of the child query node; and applying the table filtering rule to the child query node; and after traversing 
	As per claim 13, Aoki further shows “wherein in a case where a non-SQL-type access request is received by the database execution engine, performing the data protection operation for the requested data according to the preset policy comprises: acquiring, by the database execution engine, data requested by the non-SQL-type access request; and acquiring the preset policy corresponding to the data and sequentially performing, according to the preset policy corresponding to the data, at least one of the following for each piece of data in a data set corresponding to the data: performing the data filtering operation for the each piece of data according to the filtering rule comprised in the preset policy corresponding to the data; or parsing the each piece of data, calling and using a masking rule corresponding to each column to perform the data masking operation for the each column separately, and combining masked columns into each piece of masked data according to an original data format,” ([0021]-[0026]).
	As per claim 14, Aoki further shows “wherein the database execution engine is connected to a policy device, the policy device provides a policy model for one or more database execution engines, and the policy device establishes the policy model according to at least one of an identity, a resource entity or a protection rule, wherein the protection rule comprises at least one of a masking rule or a filtering rule,’ ([0021]-[0026]).

	As per claim 16, Aoki further shows “wherein the policy device further stores a masking rule model, wherein the policy device determines the masking rule model according to at least one of a data masking operator or a data masking rule, wherein the data masking operator comprises a basic function for implementing data masking, and the data masking rule comprises a rule for data masking based on the data masking operator,” ([0021]-[0026]).
	As per claim 17, Aoki teaches “a data protection device, comprising: a receiving module, which is configured to receive data request information sent by a client; and a data protection module, which is configured to acquire a preset policy corresponding to an identity of the client carried in the data request information and perform a data protection operation for requested data according to the preset policy to obtain target data,” ([0006]-[0007], [0009]-[0011]).
	As per claim 18, Aoki further shows “a storage medium, which stores a computer program, wherein when the computer program is executed, the data protection method of any one of claims 1 to 16 is performed,” ([0021]-[0026]).
	As per claim 19, Aoki further shows “an electronic device, which comprises a memory and a processor, wherein the memory stores a computer program and the processor is configured to execute the computer program to perform the data protection method of any one of claims 1 to 16,” ([0021]-[0026]). 


Conclusion

6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 






 
                                        
 

                                

                                             





                                           Contact Information

7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIM T NGUYEN whose telephone number is (571)270-1757.  The examiner can normally be reached on Mon-Thurs 6-4:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Nov. 18, 2021
/KIM T NGUYEN/Primary Examiner, Art Unit 2153