DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 07/19/2019. Claims 1-24 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/516,910.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over (WO2019/082142 A1) issued to LITSIOS( cited in IDS filed on 07/08/2020)  in view of US Patent No. (US2005/50010572) issued to Clark( cited in IDS filed on 07/08/2020).
Regarding claim 1, LITSIOS discloses shared program instructions between first and second database users, wherein the shared program instructions define a privacy model comprising privacy restrictions for the first and second database users, respectively, and specify an authorization model comprising a first set of authorizations that permit the first database user to manipulate a first subset of the data records consistent with the first user's privacy restrictions and a second set of authorizations that permit the second user to manipulate a second subset of the data records consistent with the second user's privacy restrictions[ Abstract, A computer system (100) for distributed shared execution of one or more shared processes, comprising: first program code for the one or more shared processes that comprises one or more shared code segments (142, 144, 146) shared between a first authorizing node (102) and a second authorizing node (104), wherein the one or more shared code segments (142, 144, 146) are executable by one or more executing nodes (102, 104, 106),  a distributed ledger (152, 154, 156) that provides a record of valid code segments of the program code; and second program code comprising instructions that, when executed by the first and/or second authorizing nodes, validates that an anticipated execution result of the one or more shared code segments (142, 144, 146)], and [¶1] The present disclosure relates to a computer system, comprising a plurality of nodes, for distributed privacy-preserving shared execution of one or more shared processes. The disclosure also relates to a computer implemented method for performing distributed privacy-preserving shared execution], and [¶6,  A computer system for distributed shared execution of one or more shared processes, comprising: first program code for the one or more shared processes that comprises one or more shared code segments shared between a first authorizing node and a second authorizing node, wherein the one or more shared code segments are executable by one or more executing nodes; a distributed ledger that provides a record of valid code segments of the program code; and second program code comprising instructions that, when executed by the first and/or second authorizing nodes, validates that an anticipated execution result of the one or more shared code segments satisfies shared authorization conditions and, if satisfied, authorizes the execution of the one or more shared code segments by the one or more executing nodes]; and 
at least a first database server including a processor configured to execute the shared program instructions, wherein the shared program instructions, when executed by the processor [¶118, the distributed ledger can provide certified and authorized data storage, data distribution, privacy, security and enable authorized transactions. In this disclosure, the distributed ledger can have a global synchronization log that stores public data associated with private data], and [¶174, the following are example sequences of operations that can be used to execute shared code segments. They are intended to describe the operations of the distributed privacy-preserving shared execution system], and [Abstract]; and 
 process a transaction submitted by the first or second database user [¶69, in one example, the first and/or second authorizing nodes, if the shared authorization conditions are satisfied, cryptographically sign a transaction payload that is configured to cause a state transition to occur on the distributed ledge]; and 

determine whether the transaction conforms to the privacy and authorization models; and [¶69, in one example, the first and/or second authorizing nodes, if the shared authorization conditions are satisfied, cryptographically sign a transaction payload that is configured to cause a state transition to occur on the distributed ledge]; and
 if the transaction passes step 2, commit the transaction and manipulate the first or second subset of data records consistent with privacy and authorization models [¶7, in this system, nodes are able to pre-agree in a verifiable manner to existing or new obligations they enter into. Shared code segments contain obligations and which may involve providing execution of code, or providing input/output to ensure code executes. Nodes are able commit data or code in a non-repudiable fashion to the distributed ledger (utilising for example Merkle proofs), while allowing the later selective revealing of that secret data or code where required. This enables system wide coordination of the execution of shared processes whereby nodes can act, and authorize, execution of shared code segments and verify execution of code], and  [¶70, in some examples of the method the implicit cryptographic authorization of the anticipated execution result of the one or more shared code segments comprises, if the shared authorization conditions are satisfied, the first and/or second authorizing nodes utilizing a delegated or committing authorization from one or more delegating or committing nodes to authorize execution of the one or more shared code segments, and [¶18].
LITSIOS does not explicitly disclose, however, Clark discloses a database system comprising: a database system memory storing a database of data records [Abstract, the disclosure is directed to a multi-user database system. The multi-user database system includes at least one processor, at least one network interface coupled to the processor, an event table, an 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of LITSIOS with the teaching of Clark in order to implement a multi-user database systems and methods for resource usage tracking [Clark, ¶1].
Regarding claim 2 LITSIOS  discloses , further comprising program instructions stored with the memory that, when executed, validate that the transaction includes a cryptographic authorization from the first or second user consistent with the authorization model[¶30, in yet a further example of the computer system, the first and/or second authorizing nodes, as part of the second program code if the shared authorization conditions are satisfied, cryptographically sign a transaction payload that is configured to cause a state transition to occur on the distributed ledger].
Regarding claim 3 LITSIOS discloses, wherein the cryptographic authorization comprises the transaction being cryptographically signed by the first or second database user
Regarding claim 4, LITSIOS does not explicitly disclose, however, Clark discloses, further comprising an evidence log and program instructions stored in the memory that, when executed by the processor: record an execution history of the shared program instructions;  38 record a request to submit the transaction; and/or record any cryptographic authorizations submitted along with the transaction [¶19, FIGS. 2-A, 2-B, and 2-C depict a data flow useful in accumulating information from an accounting table 204, an event log table 206, and a sessions information table 254 to create a session table 240 and a request table 246. As shown in FIG. 2-A, a history table 202 may be queried with the accounting table 204 to determine which entries in the accounting table 204 have not been previously processed. The history table 202 may include a listing of those entries within the accounting table 204 that have been previously processed. The accounting table 204 may be periodically purged. If the periodic purging occurs less frequently than the processing of the transaction data, the history table 202 provides a listing of those transactions in the accounting table 204 that had been previously processed. The history table 202 may be purged at the same time as the accounting table 204. The query is performed as shown in transaction 212 to select the current transactions and store them in the current transactions accounting table 214. Once the current accounting transactions table 214 has been used in the process below, the history table 202 may be updated with an update history transaction 210].
Regarding claim 5, LITSIOS does not explicitly disclose, however, Clark discloses,, further comprising an execution engine including program instructions that, when executed by the processor: validate that the privacy restrictions for the first or second database user and the first or second set of authorizations conform to respective global rules for the database system; and record evidence of validation of the privacy restrictions and authorizations in the evidence log [¶19, FIGS. 2-A, 2-B, and 2-C depict a data flow useful in accumulating information from an accounting table 204, an event log table 206, and a sessions information table 254 to create a session table 240 and a request table 246. As shown in FIG. 2-A, a history table 202 may be queried with the accounting table 204 to determine which entries in the accounting table 204 have not been previously processed. The history table 202 may include a listing of those entries within the accounting table 204 that have been previously processed. The accounting table 204 may be periodically purged. If the periodic purging occurs less frequently than the processing of the transaction data, the history table 202 provides a listing of those transactions in the accounting table 204 that had been previously processed. The history table 202 may be purged at the same time as the accounting table 204. The query is performed as shown in transaction 212 to select the current transactions and store them in the current transactions accounting table 214. Once the current accounting transactions table 214 has been used in the process below, the history table 202 may be updated with an update history transaction 210].
Regarding claim 6, LITSIOS does not explicitly disclose, however, Clark discloses,, further comprising a transaction and concurrency engine having program instructions that, when executed by the processor, use a concurrency control protocol to process concurrent transactions submitted to the database system [¶27, with the summaries, session tables and request tables may be updated or new entries may be added. As shown in step 314, the session table may be updated with sessions that were previously opened and have new data. As shown in step 316, new sessions that were opened since the previous processing may be inserted into the sessions table. Similarly, the request table may updated as shown in step 318 or new requests may be inserted in the request table as shown in step 320. These steps, 314, 316, 318 
Regarding claim 7, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the shared program instructions are, at least in part, stored procedures stored in the memory, and the system further comprises a procedural handler configured to: determine, from the transaction submitted by the first or second database user, one or more stored procedures suitable to process the transaction; and process, at least in part, the transaction by executing the one or more stored procedures [¶13] FIG. 1 depicts an exemplary embodiment of an enterprise data warehouse 100. The enterprise data warehouse 100 may have one or more processors 102, network interfaces 104, programs 106, an accounting database 108, an event log database 116, a session information database 112, a sessions database 114, a history database 116, a request database 118, and various temporary databases 120. A processor or multiple processors 102 may interpret and perform transactions with the various databases and tables. Multiple processors may allow parallel processing and faster performance].
Regarding claim 8, LITSIOS discloses, further comprising an execution engine configured to execute the shared program instructions and enforce the privacy and authorization models [¶18, any one of the authorizing nodes or executing nodes, of a specified shared code segment can query the system to identify executing nodes, required to commit as committing node(s), to execute the specified shared code segment.].
Regarding claim 9, LITSIOS discloses, wherein the execution engine is configured to limit access to the data records in a manner consistent with the privacy model [¶82,  In some examples, the method further comprises determining all explicit and implicit cryptographic authorizations required for authorized execution of the one or more shared code segments and, if 
Regarding claim 10, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the execution engine is configured to execute the shared program instructions and, if specified by the shared program instructions, alter the privacy and authorization models consistent with the shared program instructions [¶43,  In one example of the computer system, the second program code further comprises program instructions that, when executed, determines all explicit and implicit cryptographic authorizations required for authorized execution of the one or more shared code segments and, if not all explicit and implicit cryptographic authorizations are present, does not authorize execution of the one or more shared code segments
Regarding claim 11, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the transaction is submitted by the second database user and the shared program instructions, when executed by the processor, change at least the first database user's access to the first subset of the data records [¶43,  In one example of the computer system, the second program code further comprises program instructions that, when executed, determines all explicit and implicit cryptographic authorizations required for authorized execution of the one or more shared code segments and, if not all explicit and implicit cryptographic authorizations are present, does not authorize execution of the one or more shared code segments].
Regarding claim 12, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the transaction is submitted by the second database user and the shared program instructions, when executed by the processor, change at least the first database user's first set of authorizations that permit the first database user to manipulate the first subset of the data records [¶43,  In one example of the computer system, the second program code further comprises program instructions that, when executed, determines all explicit and implicit cryptographic authorizations required for authorized execution of the one or more shared code segments and, if not all explicit and implicit cryptographic authorizations are present, does not authorize execution of the one or more shared code segments].
Regarding claim 13, LITSIOS does not explicitly disclose, however, Clark discloses further comprising an evidence log and program instructions stored in the memory that, when executed by the processor: record an execution history of the shared program instructions; record a request to submit the transaction; and/or record any cryptographic authorizations submitted along with the transaction, wherein the shared program instructions, when executed by the processor, alter the privacy and authorization models only if certain data is present or not present in the evidence log or the transaction [¶25,  As shown in step 302, a current set of accounting transactions may be determined. The current set of accounting transactions may include transactions not previously processed. In one exemplary embodiment, the current set of transactions may be determined by comparing an accounting database with a history table]; and
Regarding claim 14, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the shared program instructions, when executed by the processor, perform step 3 of claim 1 and commit the transaction only if certain data is present or not present in the evidence log or the transaction itself [¶25, As shown in step 302, a current set of accounting transactions may be determined. The current set of accounting transactions may include transactions not previously processed. In one exemplary embodiment, the current set of transactions may be determined by comparing an accounting database with a history table].

Regarding claim 15, LITSIOS discloses, wherein the shared program instructions, when executed by the processor, commit both the transaction and evidence of its privacy and authorization validity simultaneously [¶7, in this system, nodes are able to pre-agree in a verifiable manner to existing or new obligations they enter into. Shared code segments contain obligations and which may involve providing execution of code, or providing input/output to ensure code executes. Nodes are able commit data or code in a non-repudiable fashion to the distributed ledger (utilising for example Merkle proofs), while allowing the later selective revealing of that secret data or code where required. This enables system wide coordination of the execution of shared processes whereby nodes can act, and authorize, execution of shared code segments and verify execution of code], and [¶18, any one of the authorizing nodes or executing nodes, of a specified shared code segment can query the system to identify executing nodes, required to commit as committing node(s), to execute the specified shared code segment ], and  [¶70, in some examples of the method the implicit cryptographic authorization of the anticipated execution result of the one or more shared code segments comprises, if the shared authorization conditions are satisfied, the first and/or second authorizing nodes utilizing a delegated or committing authorization from one or more delegating or committing nodes to authorize execution of the one or more shared code segments].
Regarding claim 16, this claim is interpreted and rejected for the same rational set forth in claim 1.
Regarding claim 17, this claim is interpreted and rejected for the same rational set forth in claim 2.


Regarding claim 18, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the transaction includes a request to manipulate, consistent with the first set of authorizations, the first subset of data records in response to a condition, wherein step 16.b) comprises verifying occurrence of the condition and manipulating the first subset of data records consistent with the privacy and authorization models [¶25, As shown in step 302, a current set of accounting transactions may be determined. The current set of accounting transactions may include transactions not previously processed. In one exemplary embodiment, the current set of transactions may be determined by comparing an accounting database with a history table].
Regarding claim 19, LITSIOS does not explicitly disclose, however, Clark discloses wherein the condition includes determining whether a status of another transaction or a subset of the data records meets certain criteria [¶25, As shown in step 302, a current set of accounting transactions may be determined. The current set of accounting transactions may include transactions not previously processed. In one exemplary embodiment, the current set of transactions may be determined by comparing an accounting database with a history table].
Regarding claim 20, LITSIOS discloses, wherein the privacy model and/or authorization model specify one or more anticipated actions or results, as part of the submitted transaction[¶6,  A computer system for distributed shared execution of one or more shared processes, comprising: first program code for the one or more shared processes that comprises one or more shared code segments shared between a first authorizing node and a second authorizing node, wherein the one or more shared code segments are executable by one or more executing nodes; a distributed ledger that provides a record of valid code segments of 
Regarding claim 21, LITSIOS does not explicitly disclose, however, Clark discloses, wherein the database system further comprises an evidence log, the method further comprising: a) recording an execution history of the shared program instructions; b) recording a request to submit the transaction, and/or c) recording any cryptographic authorizations submitted along with the transaction
Regarding claim 22, LITSIOS does not explicitly disclose, however, Clark discloses validating that the privacy restrictions for the first or second database users in the privacy model and the first or second set of authorizations in the authorization model conform to respective global rules for the database system; and recording evidence of validation of the privacy restrictions and authorizations in the evidence log[¶19, FIGS. 2-A, 2-B, and 2-C depict a data flow useful in accumulating information from an accounting table 204, an event log table 206, and a sessions information table 254 to create a session table 240 and a request table 246. As shown in FIG. 2-A, a history table 202 may be queried with the accounting table 204 to determine which entries in the accounting table 204 have not been previously processed. The history table 202 may include a listing of those entries within the accounting table 204 that have been previously processed. The accounting table 204 may be periodically purged. If the periodic purging occurs less frequently than the processing of the transaction data, the history table 202 provides a listing of those transactions in the accounting table 204 that had been previously processed. The history table 202 may be purged at the same time as the accounting table 204. The query is performed as shown in transaction 212 to select the current transactions and store them in the current transactions accounting table 214. Once the current accounting transactions table 214 has been used in the process below, the history table 202 may be updated with an update history transaction 210].
Regarding claim 23, this claim is interpreted and rejected for the same rational set forth in claim 6.
Regarding claim 24, this claim is interpreted and rejected for the same rational set forth in claim 7.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
WO2014/025809 [COMPUTERIZED METHOD AND SYSTEM FOR MANAGING SECURE CONTENT SHARING IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT].
Agrawal (US7243097) [Extending Relational Database Systems To Automatically Enforce Privacy Policies].
Shirole (US2019/0108361) [SECURE ACCESS TO MULTI-TENANT RELATIONAL DATA].
Maier(US2015/0256520)[ PROCESSING OF RESTRICTED DATA].
CN1647062A[ Application Program Sharing Security].
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496