DETAILED ACTION

This non-final office action is in response to claims 1-20 filed September 10, 2020 for examination. Claims 1-20 are being examined and are pending. 
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings

The drawings filed on September 10, 2020 have been accepted.
Information Disclosure Statement

The information disclosure statement filed 09/10/2020 has been placed in the application file and the information referred to therein has been considered as to the merits. 
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim either is anticipated by, or would have been obvious over, the reference claim. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of non-statutory obviousness-type double patenting rejection as being unpatentable over claims 1-20 of US Patent # 10,803,192 B2 (S/N # 15/995,123). Although the conflicting claims are not identical, they are not patentably distinct from each other because the referenced US patents and the instant application are claiming common subject matter, as follows (Since all the claims recited similar limitations, examiner only shows independent claim 1 of instant application and claim 1 of US Patent # 10,803,192 B2 as example in the claim comparison table):
Instant Application
(17/017,651) 
US Pat # 10,803,192 B2
(15/995,123)
1. A method by a security system implemented by one or more electronic devices for detecting attacks on one or more databases: 
analyzing database logs of one or more databases to determine transaction characteristics of each of the one or more databases, wherein the database logs include records of transactions made against the one or more databases; 

selecting, for each of a plurality of database accesses made by database clients to the one or more databases, one or more security rules to apply to that database access, wherein different security rules are selected for different ones of the plurality of database accesses depending on the determined transaction characteristics of the database being accessed; and 
causing, for each of the plurality of database accesses, the one or more security rules selected for that database access to be applied to that database access.

analyzing database logs of one or more databases to determine transaction characteristics of each of the one or more databases, wherein the determined transaction characteristics of each of the one or more databases include whether the number of new interactive users accessing each of the one or more databases converges over time; selecting, for each of a plurality of database accesses to the one or more databases, one or more security rules to apply to that database access, wherein different security rules are selected for different ones of the plurality of database accesses depending on the determined transaction characteristics of the database being accessed; and 

causing, for each of the plurality of database accesses, the one or more security rules selected for that database access to be applied to that database access.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 8-9, and 15 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Simon et al. US 2005/0268117 A1 hereinafter “Simon”.
Regarding claim 1, Simon disclosed a method by a security system implemented by one or more electronic devices for detecting attacks on one or more databases (¶0014: a method, apparatus and computer program product for dynamic security checking of heterogeneous database environments. Para.0020.The mechanism discovers security violations.): analyzing database logs of one or more databases to determine transaction characteristics of each of the one or more databases (¶0034: Security checker 412 runs the security checks against one or more database servers 404. Security checker 412 sends data requests to database servers 404, receives data (i.e. database logs) from database servers 404, and is able to interpret (i.e. analyze) the security checks.), wherein the database logs include records of transactions made against the one or more databases (Para. 0033.Statistics or metrics may include the number of violations (i.e. transactions made against the one or more databases)); selecting, for each of a plurality of database accesses made by database clients to the one or more databases, one or more security rules to apply to that database access (¶0007: A database skin allows a database administrator to configure which security checks (i.e. security rules) are to be implemented;  ¶0021: A database administrator may configure the security mechanism locally or remotely using administrator client 108. ¶0031: Database security skin 402 allows the database administrator to configure settings for the security mechanism. For example, database security skin 402 allows the database administrator to configure which security checks are to be implemented), wherein different security rules are selected for different ones of the plurality of database accesses (¶0081: Client 108 is a database administrator workstation. In this case, the database administrator must manage the security of multiple databases, which may have different security policies (i.e. different security rules are selected for different ones of the plurality of database accesses) and administration interfaces;) depending on the determined transaction characteristics of the database being accessed (¶0042: The database servers receive data requests from the security checker and, in response, return data to the security checker (block 508). The security checker then determines the security state of the database servers (block 510).); and causing, for each of the plurality of database accesses, the one or more security rules selected for that database access to be applied to that database access (¶0019: apply new or updated security checks, which are usually executed manually, to cover the new requirements of the security policies.).
Claims 9 and 15 recite similar limitations to claim 1, mutatis mutandis, the subject matter of claims 10 and 16, which is therefore, also considered to be taught by Simon as above.
Regarding claim 8, Simon further disclosed the method of claim 1, wherein the plurality of database accesses made by the database clients to the one or more databases is monitored by a database connection monitor or a database agent (Para, 0018. The database administrator manage the security of multiple databases. Para. 0034. Security checker run the security checks (i.e. monitor).).
Allowable Subject Matter
Claims 2, 10, and 16 would be allowable if rewritten/filed terminal disclaimer to overcome the rejection(s) under double patenting, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter: 
None of the prior arts on the record taken alone or in combination would teach the following limitation if incorporated into independent claims as a whole:
Claim 2, 10, and 16: the determined transaction characteristics of each of the one or more databases include whether the number of new application database objects accessed by interactive users in each of the one or more databases converges over time.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
CN 109977689 A: The invention claims a database security audit method, using the DIP database log record database event based, real time collecting the DPI data base access log file, log analysis, obtaining SQL sentence access event, then according to preset user behaviour rule base by regular matching, obtaining the auditing result; the results for matching is not consistent determining the risk level. The preset user behaviour rule base of the invention is a historical log data according to the DIP database and/or correlation analysis to obtain the real-time log data so it can according to model behaviour of the structure change and user of the database itself to adjust the association rule, dynamic discovering user behavior and adjust the audit policy, so as to adapt the different application scene and new user behaviour, can provide effective inference decision and data support for database security, the sensitive information of the database is not to be leaked.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Shawnchoy Rahman/Primary Examiner, Art Unit 2438