DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 have been examined and are pending.


Claim Rejections - 35 USC§ 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1–6, 8-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mayer et al. US 2018/0285390, hereinafter Mayer in view of Richard, US 20210191740, hereinafter Richards.

As per claim 1, A method, comprising: (Mayer discloses a step for providing a database API schema that enables consumers of database data to directly access a database (i.e., “application programming interface (API) exposable”)) determining that a database object is classified as application programming interface (API) exposable, the database object managed by an application; 
(Mayer [0015] More particularly, implementations of the present disclosure are directed to providing an application program interface (API) schema (API-schema) that enables consumers of database data to directly access a database without changing connection information (e.g., the schema name)

(Mayer in paragraph [0004] teaches accessing database via proxy objects to the API-schema resides in the database) creating an API schema for proxy access to database objects that have been identified as API exposable; 
(Mayer [0004] actions further include, in response to revising the mapping of the API-schema, adding a proxy object to the API-schema; ... and at least one proxy object of the API-schema includes a view proxy object and a projection view proxy object, respectively; and the API-schema resides in the database system.)

(Mayer teaches a step for adding/generating a proxy object to the API-schema by defining a proxy object within the API-schema (i.e., “an API object within the API schema”) in view of a respective object within an access schema) assigning the database object to the API schema; generating an API object within the API schema based on the assigning, the API object corresponding to the database object; 
(Mayer [0004] the one or more object definitions define a proxy object within the API-schema in view of a respective object within an access schema; actions further include, in response to revising the mapping of the API-schema, adding a proxy object to the API-schema)

With respect to claim 1, Mayer does not explicitly disclose a step for assigning a privilege to an object for allowing limited access to consumers.
and providing, via the API schema and independent of the application, access to the API object by a privileged consumer.  
However, Richard discloses a method of configuring API to expose a collection of permissions and their assignment to users. 
(Richard US 20210191740 [0078] In some an on-demand database service environments, an Application Programming Interface (API) may be configured to expose a collection of permissions and their assignments to users through appropriate network-based services and architectures, for instance, using Simple Object Access Protocol (SOAP) Web Service and Representational State Transfer (REST) APIs.)
Thus, one person having ordinary skill in the art to combine teachings of Richards into the combined system of Mayer for the advantageous purpose of providing enhanced security of database wherein only a user with a proper permission may be allowed to change the record.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Richards into the system of Mayer because, they are analogous art as being directed to the same field of endeavor, the system and method of managing database via API.  (See Mayer Abstract, Richards FIG. 7 and paragraph [0078]-[0080])

As per claim 2, The method of claim 1, (Mayer teaches a step for providing independent access of a first and second API schema accesses to the database) wherein the API schema is a first API schema, the API object is a first API object, the privileged consumer is a first privileged consumer, the proxy access is first proxy access, and further comprising: creating a second API schema for second proxy access to the database objects that have been identified as API exposable, 
(Mayer [0016] In some implementations, actions include providing a first access schema, through which a first version of an application accesses data in a database system, establishing an API-schema, through which at least one direct consumer accesses data in the database system, the API-schema including one or more proxy objects that are mapped to respective one or more objects of the first access schema based on metadata of the API-schema, the metadata providing a mapping and one or more object definitions, and in response to execution of a maintenance procedure: providing a second access schema, through which a second version of the application accesses data in the database system, switching to the second access schema, and revising the mapping of the API-schema, such that at least one proxy object of the API-schema maps to a respective object of the second access schema.)

With respect to claim 2, Mayer does not explicitly disclose a step for assigning a privilege to an object for allowing limited access.
the first API schema associated with a first access privilege possessed by the first privileged consumer and the second API schema associated a second access privilege possessed by a second privileged consumer; assigning the database object to the second API schema;  generating a second API object within the second API schema based on the assigning, the second API object corresponding to the database object; and providing, via the second API schema and independent of the application, access to the second API object by the second privileged consumer.  

However, Richards discloses a method of configuring API to expose a collection of permissions and their assignment to users appropriately. 
 (Richards US 20210191740 [0078] In some an on-demand database service environments, an Application Programming Interface (API) may be configured to expose a collection of permissions and their assignments to users through appropriate network-based services and architectures, for instance, using Simple Object Access Protocol (SOAP) Web Service and Representational State Transfer (REST) APIs.)
Thus, one person having ordinary skill in the art to combine teachings of Richards into the combined system of Mayer for the advantageous purpose of providing enhanced security of database wherein only a user with a proper permission may be allowed to change the record.

As per claim 3, The method of claim 2, further comprising: denying, via the second API schema and independent of the application, access to the second API object by the first privileged consumer. 
Claim 3 is analogous to claim 2 because configuring “access permissions” offers users with a discriminative right to modify/create/delete the given resources. Thus, claim 3 is rejected under the same rationale as indicated above. 

As per claim 4, The method of claim 1, further comprising: receiving a modification request associated with the database object; and (Mayer does not explicitly disclose) denying the modification request based at least in part on the database object being classified as API exposable.  
(Richards in paragraph [0078]-[0079] indicates a method of using REST API which allows access to the exposed database contents and may be modified with a proper user access permission. Furthermore, Richard teaches that REST (API) may be configured to expose a collection of permissions and their assignments to users. 
(Richards [0079] This allows a given permission set to scale to millions of permissions for a user while allowing a developer to take advantage of joins across the API objects to query, insert, update, and delete any permission across the millions of possible choices. This makes the API highly scalable, reliable, and efficient for developers to use.)

Thus, one person having ordinary skill in the art to combine teachings of Richards into the combined system of Mayer for the advantageous purpose of providing a feature for updating contents/records in the database where a user with a proper permission to change the record.

As per claim 5, The method of claim 4, wherein the database object is a first database object, and the modification request includes at least one of: a request to modify or delete a parameter associated with the first database object, (Mayer in paragraph [0032] teaches updating the mapping information (i.e., “ ..a relationship to.. ”) to replace existing access to the data objects) a database field associated with the first database object, a relationship to a second database object, or a data type associated with the first database object. 
 (Mayer [0032] The ADI of the present disclosure updates the mapping information to replace Access_X with Access_Y, the ADI determining the objects using the mapping information and re-deploying the objects. Further, synonym objects (N′) are defined in the API-schema.)

As per claim 6, The method of claim 1, wherein generating the API object within the API schema further comprises (Mayer in paragraph [0005] and [0034]) generating a projection view, a database view, a database procedure, or a database function based on the database object.  
(Mayer [0005] “.. for example, keeping the existing version stable, and adding a new version of an interface (e.g., a set of new database views). In some examples, temporary inconsistencies are hidden during lifecycle management events..”
Mayer [0034] “In some implementations, a synonym object can be any kind of proxy object, and can include a configurable destination. Example configurable destinations can include, without limitations, views, synonyms, projection views (PVs))


Claims 7 is rejected under 35 U.S.C. 103 as being unpatentable over Mayer in view of Richards and further in view of Bagga US 2020/0004847, hereinafter Bagga.

As per claim 7, The method of claim 1, wherein the API object is a first API object, and further comprising: (Mayer does not explicitly disclose) generating a custom schema associated with the API schema; and providing, via the custom schema and independent of the application, access to a custom object, the custom object based on a second API object within the API schema.  
However, Bagga discloses a method of constructing a custom data schema to retrieve data from database and then deploy the data schema, via the APIs to retrieve the first unstructured data (i.e., “providing, via the custom schema and independent of the application, access to a custom object”) from the first database
(Bagga US 2020/0004847 [0055] “The system may construct a custom data schema (e.g., an XML schema) structured for selectively retrieving the first unstructured data of the data element stored at the first database location and the second unstructured data of the data element stored at the second database location. The system may then deploy the data schema, via the APIs to retrieve the first unstructured data from the first database location and the second unstructured data from the second database location, without retrieving unrequested data.”)
Thus, one person having ordinary skill in the art to combine teachings of Bagga into the combined system of Mayer for the advantageous purpose of providing a flexibility to customize configuring database schema to access a database offering extended and scalable database services to users.

As per claim 8, The method of claim 1, (Mayer in paragraph [0005]) wherein the database object includes at least one of a database table, a database view, a database table function, a database hierarchy, or a database procedure.  
(Mayer [0037] Accordingly, in the depicted example, the API-schema 230 includes a procedure proxy object 232, a view proxy object 234, and a table proxy object 236. Metadata 240 is provided for the API-schema 230, and includes mapping data 242, and synonym definition data 244. In some examples, the metadata 240 is provided as a configuration file for the API-schema 230.).

As per claim 9,  A non-transitory computer-readable device having instructions stored thereon that, when executed by at least one computing device, cause the at least one computing device to perform operations comprising: determining that a database object is classified as application programming interface (API) exposable, the database object managed by an application;  creating an API schema for proxy access to database objects that have been identified as API exposable; assigning the database object to the API schema; generating an API object within the API schema based on the assigning, the API object corresponding to the database object; and providing, via the API schema and independent of the application, access to the API object by a privileged consumer.  

Claims 9 is analogous to Claim 1 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 10,  The non-transitory computer-readable device of claim 9, wherein the API schema is a first API schema, the API object is a first API object, the privileged consumer is a first privileged consumer, the proxy access is first proxy access, and the operations further comprising: creating a second API schema for second proxy access to the database objects that have been identified as API exposable, the first API schema associated with a first access privilege possessed by the first privileged consumer and the second API schema associated a second access privilege possessed by a second privileged consumer; assigning the database object to the second API schema; generating a second API object within the second API schema based on the assigning, the second API object corresponding to the database object; and providing, via the second API schema and independent of the application, access to the second API object by the second privileged consumer.  

Claims 10 is analogous to Claim 2 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 11, The non-transitory computer-readable device of claim 10, the operations further comprising: denying, via the second API schema and independent of the application, access to the second API object by the first privileged consumer.  

Claims 11 is analogous to Claim 3 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 12, The non-transitory computer-readable device of claim 9, wherein generating the API object within the API schema further comprises: generating a projection view, a database view, a database procedure, or a database function based on the database object.  

Claims 12 is analogous to Claim 5 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.


As per claim 13, The non-transitory computer-readable device of claim 9, the operations further comprising: receiving a modification request associated with the database object; and denying the modification request based at least in part on the database object being classified as API exposable.  

Claims 13 is analogous to Claim 4 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 14, The non-transitory computer-readable device of claim 9, wherein the database object includes one of a database table, a database view, a database table function, a database hierarchy, or a database procedure.  

Claims 14 is analogous to Claim 8 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 15,  A system, comprising: a memory including a database object managed by an application; and one or more processors and/or circuits coupled to the memory and configured to: determine that the database object is classified as application programming interface (API) exposable; create an API schema for proxy access to database objects that have been identified as API exposable; assign the database object to the API schema; generate an API object within the API schema based on the assigning, the API object corresponding to the database object; and provide, via the API schema and independent of the application, access to the API object by a privileged consumer.  

Claims 15 is analogous to Claim 1 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 16, The system of claim 15, wherein the API schema is a first API schema, the API object is a first API object, the privileged consumer is a first privileged consumer, the proxy access is first proxy access, and the one or more processors and/or circuits are configured to: create a second API schema for second proxy access to the database objects that have been identified as API exposable, the first API schema associated with a first access privilege possessed by the first privileged consumer and the second API schema associated a second access privilege possessed by a second privileged consumer; assign the database object to the second API schema;   generate a second API object within the second API schema based on the assigning, the second API object corresponding to the database object; and provide, via the second API schema and independent of the application, access to the second API object by the second privileged consumer.  

Claims 16 is analogous to Claim 2 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 17, The system of claim 16, wherein the one or more processors and/or circuits are configured to deny, via the second API schema and independent of the application, access to the second API object by the first privileged consumer. 

Claims 17 is analogous to Claim 3 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.
 
As per claim 18, The system of claim 15, wherein the one or more processors and/or circuits are configured to: receive a modification request associated with the database object; and deny the modification request based at least in part on the database object being classified as API exposable. 

Claims 18 is analogous to Claim 4 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.
 
As per claim 19, The system of claim 15, wherein the database object includes one of a database table, a database view, a database table function, a database hierarchy, or a database procedure.  

Claims 19 is analogous to Claim 8 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 20, The system of claim 15, wherein to generate the API object within the API schema, the one or more processors and/or circuits are configured to generate a projection view, a database view, a database procedure, or a database function based on the database object.  

Claims 20 is analogous to Claim 6 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

Pertinent Prior Art
The following are prior art references made of record but not currently relied upon:

SERVER SESSION MANAGEMENT APPLICATION PROGRAM INTERFACE AND SCHEMA (Nalla et al., US 2007 /0220155) - Application program interfaces (APis), schemas and procedures manage multiple sessions within a server system has a create session request call for establishing a session between a client and a server within the server system.


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHONGSUH PARK whose telephone number is (408) 918-7574.  The examiner can normally be reached on Monday - Friday 8:00-5:30 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached on (571)272-3978 EST.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHONGSUH PARK/Examiner, Art Unit 2154                                                                                                                                                                                                        
/HOSAIN T ALAM/Supervisory Patent Examiner, Art Unit 2154