DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1 and 8 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant argues: Applicant has amended claim 1 without admission to clarify that the prediction module [is] configured to provide a retrieval operation count predicted to result in a goal number of records upon (a) execution of a retrieval operation specifying the provided retrieval operation count for a current query followed by (b) identifying a subset of authorized data records among results of the retrieval operation. As an initial matter, the Action maps retrieval operation count to Saus' [0029] "partition size." However, Saus' partition size is merely a count of records ("The records are counted by sending a special query to the database where the records count be returned, but no records. ... the records are counted and it is determined there are that there are 11 records before Jul. 4, 2009." Saus [0029]) and is different from a predicted result of operations (a) ... followed by (b) ... as presently recited. The other cited references Ramamurthy, Ghazal, and Gurnani are unable to cure these deficiencies of Saus.
Examiner response: Examiner respectfully disagrees. Applicant states “As an initial matter, the Action maps retrieval operation count to Saus' [0029] "partition size." However, Saus' partition size is merely a count of records”. A partition size (i.e. number of records) reads on “a retrieval operation count predicted to result in a goal number of records upon”.
	Applicant appears to be emphasizing that Saus’ partition size does not result in a retrieval of records, however, the Applicant is only referring to step 230 of figure 2 where the partition size is being determined. At step 260 in figure 2, the records are retrieved according to the partition size (i.e. record count). (see e.g., Saus, para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above. The data set that is returned at step 260 includes the records that are able to be displayed comfortably within the browser.).
para [0035] Estimates could also be formed of set of data, and these size estimates could be incorporated into the algorithm that determines the partitioning value.). An “estimate” is a prediction. (see e.g., Saus, para [0036] Some embodiments use interpolation or predictive estimates of a good value given prior attempts. Some embodiments retain an estimate of the average size of data sets, and incorporate this into the determination of partition value. And para [0037] Some embodiments determine size at step 240 by forming a query that returns a count of records rather than returning the actual records themselves; and later performing another query to return the actual records as part of step 260 before a data set is returned.) 
	Saus does not explicitly disclose “(b) identifying a subset of authorized data records among results of the retrieval operation.”
Applicant argues: Turning to Ghazal, Applicant's arguments submitted March 23, 2021 stand, not having been rebutted by the Office, and in the interest of brevity are incorporated herein by reference. In brief, Ghazal [0042] and [0037] describe "trigger a re-plan" and "trigger re-planning an execution plan". Inasmuch as an "execution plan" is used to execute a database query and is not a prediction module, Ghazal fails to teach the update module being configured to modify the prediction module for subsequent queries as alleged. 
As to Gurnani, "a user decides that they want to redefine their query" (Gurnani [0044]) has nothing to do with modifying the prediction module as recited. Gurnani's predictive function has to do with predictive text ("if a user has input 'netb' ... , a predictive function may predict that a user is inputting the attribute value 'netbook'," Gurnani [0054]) whereas Gurnani's query refinement has to do with checkboxes in Fig. 6 ("Fig. 6 shows a preview area ... the user decides to select values for additional attributes" Gurnani [0044]). The latter does not involve the text prediction function, does not modify the text prediction function, and particularly does not improve[] an accuracy of subsequent retrieval operation counts provided by the prediction module. 

Examiner response: Examiner respectfully disagrees. The claims recite the limitation “the update module is configured to modify the prediction module for subsequent queries based on one or more performance indicators measured for the executed retrieval operation for the current query”. According to the claims the prediction module is being modified for subsequent queries, NOT that the subsequent queries themselves are modified. In other words, only the prediction module is modified, which is used for subsequent queries. The claims only state that the prediction module is modified but how the prediction module is actually modified is not answered by the claims. The only requirement is that the modification “improves an accuracy of subsequent retrieval operation counts provided by the prediction module”. 
para [0035] The method is likely to respond more quickly if estimates are more accurate. Accuracy is likely improved in light of some knowledge of the data within the field being partitioned. For example, if the minimum value, and maximum value are stored or estimated, then an initial value can be chosen to be a fraction of the range like 10% or 1% to minimize the likelihood of having to count the entire database. Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms. Such information could also be used as part of the decision to select a partitioning field at step 220. Estimates could also be formed of set of data, and these size estimates could be incorporated into the algorithm that determines the partitioning value. The partition value is modified based on stored state data estimated from prior queries (i.e one or more performance indicators.). The partition value is used for subsequent queries (para [0042] At 430 the query request is modified as discussed above in association with steps 220, 230, 240, and 250 of FIG. 2. At 440 a set of records is retrieved from a database using the modified query. At 450 at least some of the retrieved records are presented to the user. Embodiments of the method return all available records retrieved in 440 to the user for local caching. Other embodiments return only a certain number of lines, or a certain number of records, or an amount indicated by available space in a browser.). This modification results in improved accuracy estimates from “prior queries”. Thus, Saus teaches “improves an accuracy of subsequent retrieval operation counts provided by the prediction module”.

Applicant argues: Then, at pages 16-19, the Action admits that Saus fails to teach actions (c) and (d), turning instead to Banister Figs. 4 and 6, supplemented by Gurnani. The Action suggests that Banister's target system 102 is an authorization service based on its requesting access to records. However, Banister provides no indication that the records accessed by the target system are associated with any access privileges of any client. That is, Banister fails to teach retrieving, from the remote authorization service, a second plurality of identifiers of the authorized data records ... wherein the authorized data records are authorized to be sent to the client based on access privileges of the client, and other data records among the available data records are not authorized to be sent to the client as presently recited. Gurnani is unable to cure the deficiencies of 
Examiner response: arguments with respect to claim 8 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. A new grounds of rejection is made in view of Yang et al. to address this argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5, 6, 21 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1).
Regarding Claim 1,
Saus teaches a computer-implemented system for authorized data retrieval, comprising: 
para [0020] Typically a client station 110 is a personal computer such as a desktop system, laptop or hand-held running a suitable operating system and browser.), and one or more network adapters (para [0020] A client station 110 has access via a network 115 to an application server 120 and a database server 130.), the one or more computing nodes being interconnected by one or more network connections (para [0020] The network 115 consists of the interconnection of two or more machines typically using Transport Control Protocol (TCP) and Internet Protocol (IP) to share data.), the system further comprising: 
a learning subsystem hosted on one or more of the computing nodes and comprising a prediction module and an update module (para [0038] The adaptive query modifier component 350 carries out some of the functions of steps 220, 230, 240, and 250 discussed above in conjunction with FIG. 2.), 
wherein the prediction module is configured to provide a retrieval operation count predicted to result in a goal number of records upon (para [0029] At step 240, the partition size is determined. The partition size is determined by counting the number of records within the partition defined by the partitioning value.) (a) execution of a retrieval operation specifying the provided retrieval operation count for a current query (para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above. The data set that is returned at step 260 includes the records that are able to be displayed comfortably within the browser.); 
wherein the update module is configured to modify the prediction module for subsequent queries based on one or more performance indicators (Para [0035] For example, if the minimum value, and maximum value are stored or estimated, then an initial value can be chosen to be a fraction of the range like 10% or 1% to minimize the likelihood of having to count the entire database. Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms. Such information could also be used as part of the decision to select a partitioning field at step 220. Estimates could also be formed of set of data, and these size estimates could be incorporated into the algorithm that determines the partitioning value) measured for the executed retrieval operation for the current query (para [0042] At 430 the query request is modified as discussed above in association with steps 220, 230, 240, and 250 of FIG. 2. At 440 a set of records is retrieved from a database using the modified query. At 450 at least some of the retrieved records are presented to the user. Embodiments of the method return all available records retrieved in 440 to the user for local caching. Other embodiments return only a certain number of lines, or a certain number of records, or an amount indicated by available space in a browser.); and
wherein the modifying the prediction module improves an accuracy of subsequent retrieval operation counts provided by the prediction module (para [0035] Again with regard to FIG. 2, embodiments of the invention include a broad class of determination algorithms within step 230. The invention is operable without any knowledge of the values present in the database. The method is likely to respond more quickly if estimates are more accurate. Accuracy is likely improved in light of some knowledge of the data within the field being partitioned.); and 
a middleware subsystem hosted on one or more of the computing nodes (para [0038] Turning now to FIG. 3, an exemplary system 300 for retrieving records of a database is depicted.) and communicatively coupled to one or more clients (para [0038] A client component 310 receives data from a user, or from a program that has directed the formation of a query request.), one or more databases (para [0046] Another special query, counting records for the second partitioning value estimate, is sent to the database 370), … and the learning subsystem (para [0038] The adaptive query modifier component 350 carries out some of the functions of steps 220, 230, 240, and 250 discussed above in conjunction with FIG. 2.).
Saus does not explicitly disclose
one or more external authorization services,
(b) identifying a subset of authorized data records among results of the retrieval operation; 
However, Yang et al. (US 20170344749 A1) teaches
one or more external authorization services (para [0070] FIG. 9 is a block diagram of an example processor platform 900 capable of executing the instructions of FIGS. 5-8 to implement the systems of FIGS. 1-4. Processor platform para [0052] For example, retrieved data records that have been determined to be authorized for access by the querying user.),
(b) identifying a subset of authorized data records among results of the retrieval operation (para [0051] For example, if the querying user is allowed to access data record 401 but not data record 402, based on the AND operation between bits of the security tag 420 and privilege 320, data record 401 is output as part of the query results while data record 402 is not provided as the output.); 
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of database record retrieval in step A of Saus with the method of authorizing database record retrieval in step B of Yang.
Doing so would allow for authorizing database records for retrieval at a faster rate which would improve both the security and efficiency while reducing the amount of time needed for retrieving database records of the retrieval system (para [0014] However, both whole data set scanning and tag matching are slow processes, especially when there are many groups listed in the security tags. As a result, it is a challenge to quickly filter a large data set to retrieve a subset of records. Instead, certain examples provide systems and methods to reduce tag size and enable faster filtering of records by avoiding a whole data set scanning while still supporting a reasonable number of user groups with security tags.).
Regarding Claim 2,
Saus and Yang teach the computer-implemented system of claim 1. Saus further teaches wherein: 
para [0010] A computer user interacts with a client component which receives a query request from the user. The client component is coupled to an application component which comprises a query request receiver); 
the client adapter module is configured to: 
receive a request message from one of the one or more clients, the request message indicating a request for data records (para [0038] A query request receiver component 340 within the application component 330 receives the query request that determines the data set.); and 
respond to the request message with a batch of authorized data records (para [0042] At 450 at least some of the retrieved records are presented to the user.).
Regarding Claim 5,
Saus and Yang teach the computer-implemented system of claim 1. Saus further teaches wherein the middleware subsystem comprises a retrieval control adapter through which the middleware subsystem is coupled to the learning subsystem, and wherein the retrieval control adapter is configured to: 
receive, from the learning subsystem, the retrieval operation count (para [0029] At step 240, the partition size is determined. The partition size is determined by counting the number of records within the partition defined by the partitioning value.); and 
send, to the learning subsystem, the one or more measured performance indicators (para [0035] Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms.).

Regarding Claim 6,
Saus and Yang teach the computer-implemented system of claim 1. Saus further teaches wherein the middleware subsystem is configured to: 
process and respond to requests from the one or more clients (para [0042] At 430 the query request is modified as discussed above in association with steps 220, 230, 240, and 250 of FIG. 2. At 440 a set of records is retrieved from a database using the modified query. At 450 at least some of the retrieved records are presented to the user.); 
access the one or more databases (para [0019] Embodiments of the present invention provide computerized methods and systems for retrieval and presentation of database records.).
interact with the learning subsystem (para [0038] The adaptive query modifier component 350 carries out some of the functions of steps 220, 230, 240, and 250 discussed above in conjunction with FIG. 2.); 
Yang further teaches
interact with the one or more external authorization services (para [0060] At block 708, the bit operation (e.g., binary AND, OR, XOR, NOT, etc.) is reviewed to determine whether the querying user is authorized to access the initial result.);
Regarding Claim 21,
Saus teaches a computer-implemented method comprising: 
para [0029] At step 240, the partition size is determined. The partition size is determined by counting the number of records within the partition defined by the partitioning value.) (b) and (c) for a current query (para [0037] Some embodiments determine size at step 240 by forming a query that returns a count of records rather than returning the actual records themselves; and later performing another query to return the actual records as part of step 260 before a data set is returned.); 
(b) retrieving a set of identifiers of available data records (para [0049] Still with regard to the example represented by the data in FIG. 5, at 440 the 5 records (525, 530, 535, 540, and 545) are retrieved and the first three records (525, 530, and 535) are returned to the client machine at step 260, and presented to the user at 450.), the set having cardinality equal to the retrieval operation count (Fig. 5; para [0043] Column 575 is the name field from the database. Column 580 is the I) field from the database. Examiner note: 580 is the identifiers for the available records. Para [0048] This technique incorporates the fact that the query ordered the fields in ascending order, and that in this example, there is a unique record field in the person_id field. If there is no unique field, then a number of key-fields could be assembled to obtain uniqueness.); 
 (d) by an update module, modifying the prediction module for subsequent queries based on one or more performance indicators measured for the completed retrieving operation for the current query (Para [0035] For example, if the minimum value, and maximum value are stored or estimated, then an initial value can be chosen to be a fraction of the range like 10% or 1% to minimize the likelihood of having to count the entire database. Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms. Such information could also be used as part of the decision to select a partitioning field at step 220. Estimates could also be formed of set of data, and these size estimates could be incorporated into the algorithm that determines the partitioning value), wherein the modifying the prediction module improves an accuracy of subsequent retrieval operation counts provided by the prediction module (para [0035] The method is likely to respond more quickly if estimates are more accurate. Accuracy is likely improved in light of some knowledge of the data within the field being partitioned.).
Saus does not explicitly disclose
(c) identifying a subset of authorized data records among results of the retrieving operation; and 
However, Yang teaches
(c) identifying a subset of authorized data records among results of the retrieving operation (para [0051] For example, if the querying user is allowed to access data record 401 but not data record 402, based on the AND operation between bits of the security tag 420 and privilege 320, data record 401 is output as part of the query results while data record 402 is not provided as the output.); and 

Doing so would allow for authorizing database records for retrieval at a faster rate which would improve both the security and efficiency while reducing the amount of time needed for retrieving database records of the retrieval system (para [0014] However, both whole data set scanning and tag matching are slow processes, especially when there are many groups listed in the security tags. As a result, it is a challenge to quickly filter a large data set to retrieve a subset of records. Instead, certain examples provide systems and methods to reduce tag size and enable faster filtering of records by avoiding a whole data set scanning while still supporting a reasonable number of user groups with security tags.).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1) and Konik et al. (US-20160171236-A1).
Regarding Claim 3,
Saus and Yang teach the computer-implemented system of claim 2. 
Saus and Yang do not explicitly disclose
wherein the middleware subsystem further comprises an accumulator, and is configured to: 

However, Konik et al. teaches
wherein the middleware subsystem further comprises an accumulator, and is configured to: 
form the batch of authorized data records by accumulating authorized data records in the accumulator until a count of the accumulated authorized data records is greater than or equal to a batch threshold (para [0037] As another example, a second rule may specify that the estimated number of rows returned by a query must be less than a threshold number of rows (such as 10 rows), or a threshold percentage of the table size (such as 0.05% of the table data).).
Saus and Konik et al. are in the same field of endeavor of efficient database record retrieval and are analogous.
It would have been obvious to persons’ having ordinary skill in the art before the effective filing date to combine the method of modifying a query of Saus with the method of modifying a query of Konik et al.
Doing so would allow for restricting access to a database based on a threshold. Threshold requirements for queries and their results can help prevent unwanted or unnecessary results being returned to the user, therefore saving the user time when reviewing results. In addition, restricting access allows for only authorized users to access sensitive information (para [0016] The query optimizer 114 generally attempts to determine the most efficient way to execute a given query by considering the possible query plans. The query optimizer 114 is further configured to restrict queries that target sensitive data in the database 116, even if the query is issued by a user having authority to access the sensitive data.).

Claim 4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1) and Ramamurthy et al. (US-20120330925-A1).
Regarding Claim 4,
Saus and Yang teach the computer-implemented system of claim 1. 
Saus and Yang do not explicitly disclose
the middleware subsystem comprises an authorization interface module through which the middleware subsystem is coupled to the one or more external authorization services; and  
- 34 -the authorization interface module is configured to: 
send, to one of the one or more external authorization services, a set of identifiers of available data records up to the retrieval operation count; and 
receive, from the one of the one or more external authorization services, a set of identifiers of the authorized data records, wherein the authorized data records are a subset of the available data records.
However, Ramamurthy et al. further teaches wherein: 
the middleware subsystem comprises an authorization interface module through which the middleware subsystem is coupled to the one or more external authorization para [0080] FIG. 7 illustrates an exemplary database management system 700 that employs an authorization-aware query optimizer 702.); and  
- 34 -the authorization interface module is configured to: 
send, to one of the one or more external authorization services, a set of identifiers of available data records up to the retrieval operation count (para [0041] The surrogate (t.sub.i) can be the RID of the tuple or the key value corresponding to any clustered index on the table . Thus, authorization indexes maintain the mapping between users and the corresponding RIDs that the users are authorized to access in a table.); and 
receive, from the one of the one or more external authorization services, a set of identifiers of the authorized data records, wherein the authorized data records are a subset of the available data records (para [0041] The surrogate (t.sub.i) can be the RID of the tuple or the key value corresponding to any clustered index on the table . Thus, authorization indexes maintain the mapping between users and the corresponding RIDs that the users are authorized to access in a table.).
It would have been obvious to persons’ having ordinary skill in the art before the effective filing date to combine the method database record retrieval and authorization of Saus and Yang with the method of modifying a query of Ramamurthy et al.
Doing so would allow for rewriting the query in an optimized format in order to improve the storage efficiency and maintenance cost of the authorization system (para [0022] In general, the authorization index is built only for a subset of the users for the table. For example, certain users who are authorized to see a large fraction of the tuples can be excluded (e.g., the President of a company). This improves the storage efficiency and maintenance costs of the index.).
Regarding Claim 7,
Saus and Yang teach the computer-implemented system of claim 1. Saus further teaches wherein the middleware subsystem is configured to: 
receive, from one of the one or more clients, a request message indicating a request for a target result count of data records (para [0041] At 420 a query request for data comprised of fields is produced. The target number is the total number of records requested.); 
retrieve, from the learning subsystem, the retrieval operation count (para [0029] At step 240, the partition size is determined. The partition size is determined by counting the number of records within the partition defined by the partitioning value.); 
retrieve, from at least one of the one or more databases, a set of identifiers of available data records up to the retrieval operation count (Fig. 5; para [0043] Column 575 is the name field from the database. Column 580 is the I) field from the database. Examiner note: 580 is the identifiers for the available records. Para [0048] This technique incorporates the fact that the query ordered the fields in ascending order, and that in this example, there is a unique record field in the person_id field. If there is no unique field, then a number of key-fields could be assembled to obtain uniqueness.); 
- 35 -responsive to a count of the authorized data records being less than the target result count, decrement the target result count by the count of the authorized data para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above.).
send, to at least one of the one or more clients, the authorized data records (para [0043] The application component 330 is running on an application server 120 and communicating with a client PC 110 running a client component 310 and communicating through a browser to present medical records to the user. Row 505 contains the data set labels for the fields. The rows 510, 515, 520, 525, 530, 535, 540, 545, 550, 555, and 560 are records of data as they would be returned from Oracle if a data set was were requested for patients named Smith ordered by birth date);
send, to the learning subsystem, the one or more measured performance indicators (para [0035] Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms.).
Saus and Yang do not explicitly disclose
retrieve, from one of the one or more external authorization services, a set of identifiers of the authorized data records among the available data records
However, Ramamurthy et al. further teaches
retrieve, from one of the one or more external authorization services, a set of identifiers of the authorized data records among the available data records (para [0041] The surrogate (t.sub.i) can be the RID of the tuple or the key value corresponding to any clustered index on the table . Thus, authorization indexes maintain the mapping between users and the corresponding RIDs that the users are authorized to access in a table.); 
It would have been obvious to persons’ having ordinary skill in the art before the effective filing date to combine the method database record retrieval and authorization of Saus and Yang with the method of modifying a query of Ramamurthy et al.
Doing so would allow for rewriting the query in an optimized format in order to improve the storage efficiency and maintenance cost of the authorization system (para [0022] In general, the authorization index is built only for a subset of the users for the table. For example, certain users who are authorized to see a large fraction of the tuples can be excluded (e.g., the President of a company). This improves the storage efficiency and maintenance costs of the index.).

Claims 8, 9, 10, 11, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1), Gurnani et al. (US-20120102062-A1), and Banister et al. (US-20170331879-A1).
Regarding Claim 8,
Saus teaches a computer-implemented method for responding to a request from a client for data records, the method comprising: at a computer system, responsive to the request: 
predicted (para [0029] At step 240, the partition size is determined. The partition size is determined by counting the number of records within the partition defined by the partitioning value.) to result in a goal number of records upon (para [0037] Some embodiments determine size at step 240 by forming a query that returns a count of records rather than returning the actual records themselves; and later performing another query to return the actual records as part of step 260 before a data set is returned.) (i) execution of a retrieval operation, specifying the retrieval operation count, for the request (para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above. The data set that is returned at step 260 includes the records that are able to be displayed comfortably within the browser.);
(b) retrieving, from a database, a first plurality of identifiers of available data records up to the retrieval operation count (Fig. 5; para [0043] Column 575 is the name field from the database. Column 580 is the I) field from the database. Examiner note: 580 is the identifiers for the available records. Para [0048] This technique incorporates the fact that the query ordered the fields in ascending order, and that in this example, there is a unique record field in the person_id field. If there is no unique field, then a number of key-fields could be assembled to obtain uniqueness.); 
the authorized data records among the first plurality of identifiers of the available data records, wherein members of the second plurality of identifiers are also members of the first plurality of identifiers (para [0045] That is, for the query results to which the access filter 150 determines the querying user has permission to access, the data retriever 160, alone or in conjunction with the data processor 120, retrieves the corresponding data records from the data storage 110 based on the ID or key 410 associated with each of the data records 401, 402. In the example of FIG. 4A, if the querying user was a member of group2 and, therefore, had access to records 401 and 402 as shown in the data table 400, the data retriever 160 would retrieve records 401, 402 from the data storage 110 using the keys 410 associated with each record 401, 402. The data retriever 160 then forms an output 165 of the retrieved data records 401, 402 to provide to the user in response to the query 145.), wherein the authorized data records are authorized to be sent to the client based on access privileges of the client, and other data records among the available data records are not authorized to be sent to the client (para [0051] For example, if the querying user is allowed to access data record 401 but not data record 402, based on the AND operation between bits of the security tag 420 and privilege 320, data record 401 is output as part of the query results while data record 402 is not provided as the output.); 
Page 4 of 13



(e) sending a performance notification to the learning module indicating a performance of one or more of executed actions (b), (c), or (d) (Para [0035] For example, if the minimum value, and maximum value are stored or estimated, then an initial value can be chosen to be a fraction of the range like 10% or 1% to minimize the likelihood of having to count the entire database. Such information could be stored as state data, estimated from prior queries, or it could be collected as a background task during idle times. In this way statistics of key useful fields could be used, perhaps including histograms. Such information could also be used as part of the decision to select a partitioning field at step 220.); and 
(f) sending the authorized data records to the client in response to the request (para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above. The data set that is returned at step 260 includes the records that are able to be displayed comfortably within the browser.).
Saus does not explicitly disclose 
(ii) identifying a subset of authorized data records among results of the retrieval operation;
(c) sending the first plurality of identifiers of the available data records to a remote authorization service, wherein the identifiers of the first plurality have a 1:1 correspondence with the available data records; 
(d) retrieving, from the remote authorization service, a second plurality of identifiers of the authorized data records among the first plurality of identifiers of the available data records, wherein members of the second plurality of identifiers are also , wherein the authorized data records are authorized to be sent to the client based on access privileges of the client, and other data records among the available data records are not authorized to be sent to the client; 
However, Yang teaches
(ii) identifying a subset of authorized data records among results of the retrieval operation (para [0051] For example, if the querying user is allowed to access data record 401 but not data record 402, based on the AND operation between bits of the security tag 420 and privilege 320, data record 401 is output as part of the query results while data record 402 is not provided as the output.);
(d) retrieving, from the remote authorization service, a second plurality of identifiers of the authorized data records among the first plurality of identifiers of the available data records (para [0045] That is, for the query results to which the access filter 150 determines the querying user has permission to access, the data retriever 160, alone or in conjunction with the data processor 120, retrieves the corresponding data records from the data storage 110 based on the ID or key 410 associated with each of the data records 401, 402. In the example of FIG. 4A, if the querying user was a member of group2 and, therefore, had access to records 401 and 402 as shown in the data table 400, the data retriever 160 would retrieve records 401, 402 from the data storage 110 using the keys 410 associated with each record 401, 402. The data retriever 160 then forms an output 165 of the retrieved data records 401, 402 to provide to the user in response to the query 145.), …, wherein the authorized data records are authorized to be sent to the client based on access privileges of the client, and other data records among the available data records are not authorized to be sent to the client (para [0051] For example, if the querying user is allowed to access data record 401 but not data record 402, based on the AND operation between bits of the security tag 420 and privilege 320, data record 401 is output as part of the query results while data record 402 is not provided as the output.); 
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of database record retrieval in step A of Saus with the method of authorizing database record retrieval in step B of Yang.
Doing so would allow for authorizing database records for retrieval at a faster rate which would improve both the security and efficiency while reducing the amount of time needed for retrieving database records of the retrieval system (para [0014] However, both whole data set scanning and tag matching are slow processes, especially when there are many groups listed in the security tags. As a result, it is a challenge to quickly filter a large data set to retrieve a subset of records. Instead, certain examples provide systems and methods to reduce tag size and enable faster filtering of records by avoiding a whole data set scanning while still supporting a reasonable number of user groups with security tags.).
Banister teaches
(c) sending the first plurality of identifiers of the available data records to a remote authorization service (Fig. 6; para [0044] When the source system 104 determines in step 6.02 that a request for record identifiers REC.ID.001-REC.ID.N has been received from the target system 102, the source system 104 transmits the record identifiers REC.ID.001-REC.ID.N to the target system 104 in step 6.04.), wherein the identifiers of the first plurality have a 1:1 correspondence with the available data records (para [0007] The plurality of software record identifiers is preferably associated with at least one software record, whereby the software record may be retrieved by means of its associated software record identifier within the download thread.); 
(d) … a second plurality of identifiers of authorized data records among the first plurality of identifiers of the available data records… (figure 4, para [0038] In the alternative, when the target system 102 determines in step 4.24 that there are no additional record identifiers REC.ID.001-REC.ID.N in the one-dimensional stack STACK.001-STACK.N, the target system 102 requests access to the software records REC.001-REC.N associated with the record identifiers REC.ID.001-REC.ID.N in a designated download thread THREAD.001-THREAD.N in step 4.30. The Target System (authorization service) requests “access” (authorization) to records. It is known in the art that database records contain IDs which is further evidenced by figure 6 in the Saus cited prior art.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of retrieving data records of Saus and Yang with the method of transferring record IDs of Bannister.
	Doing so would allow for the record identifiers to be asynchronously accessed by multiple concurrent threads (para [0006]). Allowing simultaneous access to record IDs by threads increases the efficiency in which the record IDs are transferred thereby allowing the record IDS to be transmitted across large sectors of users (para [0003-0004] The prior art fails, however, to provide optimal systems and methods by which the data may be transferred. Improvements on existing prior art methods for access and transfer processes for data record identifiers and data records is desirable across large sectors of user groups. 
[0004] There is therefore a long-felt need to provide a method and system that provide increased efficiencies of electronic transfers of data and transfer processes of data and data records.)
Gurnani (US 20120102062 A1) teaches 
…wherein the identifiers of the first plurality have a 1:1 correspondence with the available data records (para [0029] receiving the unique identifiers, a software module may retrieve each record identified by the unique identifiers.); 
(d) retrieving, from the remote authorization service, a second plurality of identifiers of authorized data records among the first plurality of identifiers of the available data records, wherein members of the second plurality of identifiers are also members of the first set of identifiers (fig. 10; para [0045] At step 1035, a computing device may transmit a query to search all records in a data store to determine which records match one or more selected attribute values. In response, at step 1040, a computing device may receive a unique identifier corresponding to each record having attribute values matching the selected attribute values. At step 1045, a computing device may then count (i.e., sum) the unique identifiers received at step 1040. At step 1050, a computing device may transmit the count. In response to step 1040, a computing device may also request records corresponding to the unique record identifiers at step 1065. At step 1070, records may be received in response to the request. At step 1075, the received records may be transmitted.);
(f) sending the authorized data records to the client in response to the request (fig. 10; para [0045] At step 1070, records may be received in response to the request. At step 1075, the received records may be transmitted.);
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine the method of determining a count for displaying a number of records of Saus and Yang (para [0033] Assuming this experience holds, if the number of records needed for display at the client is ten (10), then the partitioning value should be chosen such that the resulting size of the partition is in the range between ten (10) records and 110 records.) with the method of determining a count for displaying a number of records of Gurnani (para [0025] At step 255, a computing device renders the count of records in a preview area of a webpage.).
Doing so would allow for previewing the amount of records in a display area. This would allow the user to determine whether the appropriate number of records are displayed and to adjust the number of records displayed according to the user’s preference before retrieving the actual records for the webpage. Additionally, this provides time saving opportunities for the user (para [0043] for example the process shown in FIG. 2, may be performed causing the webpage to display the count of records, and, after the webpage displays the count of records in preview area 130)
Regarding Claim 9,

(g) decrementing the target result count by a count of the authorized data records at action (d) (para [0034] At this point the method returns a data set for display to the user at step 260, and if a request is received from the user for more records at step 270, the method proceeds to step 230 to determine a new partitioning value in a fashion similar to that indicated above.); and 
iterating actions (b)-(e) and (g) until the count of the authorized data records at action (d) is greater than or equal to the target result count (Fig. 2; para [0033] The determination of "close" is a trade-off between the penalty for returning a data set at step 260 based on a set which is a little too large, weighed against the penalty of performing further iterations in the loop from steps 230 to 240, from steps 240 to 250 and from step 250 back to step 230).
Regarding Claim 10,
Saus, Yang, Gurnani, and Banister teach the method of claim 9. Saus further teaches further comprising, at the computer system: initializing the target result count to a maximum number of data records that fit on a display page of the client, prior to action (a) (Para [0033] Practical experience indicates that one hundred (100) total records above the desired page size gives good performance when the determination of partition size at step 240 is made by counting records, but not receiving the actual records from the database.).
Regarding Claim 11,

performing action (f) after action (d) and before action (g), in each iteration for which the count of authorized data records at action (d) is at least one (para [0037] Some embodiments determine size at step 240 by forming a query that returns a count of records rather than returning the actual records themselves; and later performing another query to return the actual records as part of step 260 before a data set is returned. Other embodiments retrieve the records themselves at step 240, and then merely select some subset of the records to be returned at step 260.).
Regarding Claim 14,
Saus, Yangl, Gurnani, and Banister teach the method of claim 8. Saus  further teaches wherein the learning module is locally accessible as part of the computer system (para [0022] The basic problem exists that queries defining large data sets clog the system in various ways, and prior solutions introduce or depend upon stale data. For example, consider a query that defines a data set consisting of 5000 records. The database management system (DBMS) on the database server 130 is burdened with searching for this large set and assembling all these records into memory).
Regarding Claim 18,
Saus, Yang, Banister, and Gurnani teach the method of claim 8. Saus further teaches wherein the retrieving, from the database, the set of identifiers of available data records further comprises: 
para [0049] Still with regard to the example represented by the data in FIG. 5, at 440 the 5 records (525, 530, 535, 540, and 545) are retrieved and the first three records (525, 530, and 535) are returned to the client machine at step 260, and presented to the user at 450.).

Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1), Gurnani et al. (US-20120102062-A1), Banister et al. (US-20170331879-A1) and Konik et al. (US-20160171236-A1).
Regarding Claim 12,
Saus, Yang, Banister, and Gurnani teach the method of claim 9.
Saus, Yang, Banister, and Gurnani do not explicitly disclose
further comprising, at the computer system: performing action (e) responsive to an accumulated count of the authorized data records being at least equal to a threshold number.
However, Konik et al. teaches
further comprising, at the computer system: performing action (e) responsive to an accumulated count of the authorized data records being at least equal to a threshold number (para [0037] As another example, a second rule may specify that the estimated number of rows returned by a query must be less than a threshold number of rows (such as 10 rows), or a threshold percentage of the table size (such as 0.05% of the table data).).

Doing so would allow for restricting access to a database based on a threshold. Threshold requirements for queries and their results can help prevent unwanted or unnecessary results being returned to the user, therefore saving the user time when reviewing results. In addition, restricting access allows for only authorized users to access sensitive information (para [0016] The query optimizer 114 generally attempts to determine the most efficient way to execute a given query by considering the possible query plans. The query optimizer 114 is further configured to restrict queries that target sensitive data in the database 116, even if the query is issued by a user having authority to access the sensitive data.).
Regarding Claim 13,
Saus, Yang, Banister, Gurnani and Konik et al. teach the method of claim 12. Saus further teaches wherein the threshold number equals a maximum number of data records that fit on a display page of the client (para [0037] The measure of size may be a count of the number of records, or it may be line count, or it may be an estimate of the amount of display space needed by a browser.).

Claims 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1), Gurnani et al. (US-20120102062-A1), Banister et al. (US-20170331879-A1) and Gopal et al. (US-20170063986-A1).
Regarding Claim 16,
Saus, Yang, Banister, and Gurnani teach the method of claim 15.
Saus, Yang, Banister, and Gurnani do not explicitly disclose wherein the applying the update procedure comprises: 
configuring the learning module to provide a retrieval operation count proportional to a processing rate of the remote authorization service.
However, Gopal et al. teaches
configuring the learning module to provide a retrieval operation count proportional to a processing rate of the remote authorization service (para [0058] In some aspects, the retrieval engine performs retrieve operations at a rate that is determined based at least in part on the operating conditions of the server farm. For example, the retrieval engine may operate at a slower or faster data transfer rate depending on the current operating conditions of the server farm (e.g., the retrieval engine may specify a data rate in a request for synchronization data or may specify a number of records to retrieve).).
Saus and Gopal et al. are in the same field of endeavor of efficient database record retrieval and are analogous. 
It would have been obvious to persons’ having ordinary skill in the art before the effective filing date to combine the method of retrieving records of Saus, Yang, Gurnani, and Banister with the method of retrieving records of Gopal et al.
Doing so would allow for determining resources needed to execute a data retrieval. This would ensure that appropriate resources are allocated to jobs with high priority thereby improving the efficiency of the system (para [0018] Some aspects prioritize jobs (e.g., the tables may also include priority values for the jobs) and determining the workload of the server farm may comprise determining the resources required to perform the currently executing, queued, and scheduled jobs that have a higher priority than the synchronization operation.).
Regarding Claim 17,
Saus, Yang, Banister, and Gurnani teach the method of claim 15.
	Saus, Yang, Banister, and Gurnani do not explicitly disclose 
wherein the applying the update procedure comprises: 
configuring the learning module to provide a retrieval operation count that is a function of one or more of: a processing rate of the remote authorization service, a round-trip count required to service the request from the client, or a ratio of a count of authorized data records to a count of corresponding retrieved data records.
However, Gopal et al. teaches
determining a retrieval operation count that is a function of one or more of: a processing rate of the remote authorization service, a round-trip count required to service the request from the client, or a ratio of a count of authorized data records to a count of corresponding retrieved data records (para [0058] In some aspects, the retrieval engine performs retrieve operations at a rate that is determined based at least in part on the operating conditions of the server farm. For example, the retrieval engine may operate at a slower or faster data transfer rate depending on the current operating conditions of the server farm (e.g., the retrieval engine may specify a data rate in a request for synchronization data or may specify a number of records to retrieve).).

Doing so would allow for determining resources needed to execute a data retrieval. This would ensure that appropriate resources are allocated to jobs with high priority thereby improving the efficiency of the system (para [0018] Some aspects prioritize jobs (e.g., the tables may also include priority values for the jobs) and determining the workload of the server farm may comprise determining the resources required to perform the currently executing, queued, and scheduled jobs that have a higher priority than the synchronization operation.).

Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Saus (US-20080104013-A1) in view of Yang et al. (US-20170344749-A1), Gurnani et al. (US-20120102062-A1), Banister et al. (US-20170331879-A1) and Ghazal et al. (US-20140181079-A1).
Regarding Claim 19,
Saus, Yang, Banister, and Gurnani teach the method of claim 8. 
	Saus, Yang, Banister, and Gurnani do not explicitly disclose
	wherein the performance notification comprises one or more of: a count of the authorized data records; a ratio of the count of the authorized data records to the retrieval operation count; a ratio of the count of the authorized data records to a target result count of data records required to satisfy the request from the client; a first performance measure of communications with the database; a second performance 
However, Ghazal further teaches wherein the performance notification comprises one or more of: 
a count of the authorized data records; 
a ratio of the count of the authorized data records to the retrieval operation count; 
a ratio of the count of the authorized data records to a target result count of data records required to satisfy the request from the client;  - 37 -RR1/mjc 8880-98397-01 04/25/17 I61079 ISO I [Tll) VIA EFS ON APRIL 25, 2017 
a first performance measure of communications with the database; 
a second performance measure of communications with the remote authorization server; 
a third performance measure of the remote authorization service; 
a latency; 
a total response time (para [0007] One important objective of databases, and in particular a DBMS, is to optimize the performance of queries for access and manipulation of data stored in the database. Given a target environment, an "optimal" query plan can be selected as the best option by a database optimizer (or optimizer). Ideally, an optimal query plan is a plan with the lowest cost (e.g., lowest response time, lowest CPU and/or I/O processing cost, lowest network processing cost). The response time can be the amount of time it takes to complete the execution of a database operation, including a database request (e.g., a database query) in a given system.); 
a measure of resource congestion; 
a filter included within the request, or a user identifier associated with the request.
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Saus, Yang, Banister, and Gurnani’s method of retrieving database records with Ghazal’s method of retrieving database records.
	Doing so would allow for selecting a query that provides the most optimal performance based on the environment. The ability to select the most optimal query allows for adaptive implementations the best solution across multiple platforms with different environments (para [0007] One important objective of databases, and in particular a DBMS, is to optimize the performance of queries for access and manipulation of data stored in the database. Given a target environment, an "optimal" query plan can be selected as the best option by a database optimizer (or optimizer).).
Regarding Claim 20,
Saus, Yang, Banister, and Gurnani teach the method of claim 19. 
Saus, Yang, Banister, and Gurnani do not explicitly disclose
wherein the performance notification comprises at least one of the first and second performance measures, and the at least one performance measure comprises one or more of: an elapsed time of the corresponding communications; a charged time 
However, Ghazal further teaches wherein the performance notification comprises at least one of the first and second performance measures, and the at least one performance measure comprises one or more of: 
an elapsed time of the corresponding communications (para [0007] The response time can be the amount of time it takes to complete the execution of a database operation, including a database request (e.g., a database query) in a given system.); 
a charged time of the corresponding communications (para [0007] The response time can be the amount of time it takes to complete the execution of a database operation, including a database request (e.g., a database query) in a given system.); 
a cost of the corresponding communications (para [0007] Ideally, an optimal query plan is a plan with the lowest cost (e.g., lowest response time, lowest CPU and/or I/O processing cost, lowest network processing cost).); or 
a filtering rate of the corresponding communications.
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Saus, Yang, Banister, and Gurnani’s method of retrieving database records with Ghazal’s method of retrieving database records.
	Doing so would allow for selecting a query that provides the most optimal performance based on the environment. The ability to select the most optimal query allows for adaptive implementations the best solution across multiple platforms with para [0007] One important objective of databases, and in particular a DBMS, is to optimize the performance of queries for access and manipulation of data stored in the database. Given a target environment, an "optimal" query plan can be selected as the best option by a database optimizer (or optimizer).).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Koch et al. (US-20170186084-A1) – discloses a method for authorizing requests for database record retrieval.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY K NGUYEN whose telephone number is (571)272-0217. The examiner can normally be reached Mon - Fri 7:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Li B Zhen can be reached on 5712723768. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 




/H.N./Examiner, Art Unit 2121                                                                                                                                                                                                        
/NICHOLAS KLICOS/Primary Examiner, Art Unit 2145