Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or
composition of matter, or any new and useful improvement thereof, may obtain a patent
therefore, subject to the conditions and requirements of this title.

Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter. Claim 15, line 5 recites “wherein the sandbox environment is a virtual database environment and the dataset is stored in a database associated with a data access system” and based on ¶5 and ¶64 the specification of this application states “ ¶5: Providing sufficient access to data while maintaining data security and mitigating risk is a well-known challenge for data access systems having multiple storage systems and multiple application systems; ¶64: Examples of storage media include random access memory, read only memory, magnetic disks, optical disks, optical media, flash memory, virtual memory”, a virtual memory cannot be patented as it fall under the category of a 35 USC §101 software per se’ rejection. Therefore, applicant is advised to amend the claims to recite a hardware memory or positively recite a hardware component associated with the apparatus. Dependent claims 16-20 fail to cure the deficiency and thus are rejected for the same reason.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 19, and 20 and are rejected under 35 U.S.C as be unpatentable over US 2020/026710 A1 (hereinafter ‘Wang’), and in further view of US 2020/0151346 (hereinafter ‘Smyth’).
Regarding Claim 1
Wang discloses:
	A method of operating a data access system, the method comprising: receiving a user request from a sandbox environment to access a dataset, wherein the sandbox environment is a virtual database environment and the dataset is stored in a database associated with the data access system; retrieving at least a portion of the dataset from the database (¶238: “Sandbox 2130 and self-serve data components 2131 may be configured to offer users an ability to request and receive raw or semi-processed data from Netezza or Hadoop data lake into a private area and be able to use other advanced analytics tools to transform the data and prepare data models. The sandbox may be configured to provide business data-glossary, enabling self-serve provisioning of data sandboxes, including data and tools, self-serve model- and data-promotion to production. In some embodiments, sandbox 2130 may provide model development/validation, data discovery or data verification/validation that is not for production use. Sandboxes may be created and maintained in IDP (Netezza, Hadoop, Datameer Server, R/Python Server, SpotFire Server) to ensure end to end control over security and privacy of data and lineage and cost efficiency.”); 
	Wang does not disclose the following limitation “identifying at least one sandbox access policy associated with the user request and the dataset; and generating a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy”
	Smyth discloses: 
identifying at least one sandbox access policy associated with the user request and the dataset; and generating a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy (¶31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 2 
Wang does not disclose the following limitation “further comprising, upon identifying the at least one sandbox access policy, enabling one or more elements of the dataset in the view” 
Smyth discloses:
The method of claim 1, further comprising, upon identifying the at least one sandbox access policy, enabling one or more elements of the dataset in the view (¶31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 5 
Wang does not disclose the following limitation “wherein: the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements”
Smyth discloses:
The method of claim 1, wherein: the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements (¶31 “User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 6 
Wang does not disclose the following limitation “wherein: identifying the at least one sandbox access policy is performed by a metadata service within the data access system; and generating the view of the dataset in the sandbox environment is performed by the metadata service”
Smyth discloses:
The method of claim 1, wherein: identifying the at least one sandbox access policy is performed by a metadata service within the data access system; and generating the view of the dataset in the sandbox environment is performed by the metadata service (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 7 
Wang does not disclose the following limitation “wherein the metadata service provides the sandbox environment with one or more dataset tools, wherein the one or more dataset tools are associated with the dataset and based on the at least one sandbox access policy”
Smyth discloses:
The method of claim 6, wherein the metadata service provides the sandbox environment with one or more dataset tools, wherein the one or more dataset tools are associated with the dataset and based on the at least one sandbox access policy (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 8 
Wang discloses:
A computing apparatus comprising: one or more computer-readable storage media; a processing system operatively coupled with the one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when read and executed by the processing system, direct the processing system to at least: receive a user request from a sandbox environment to access a dataset, wherein the sandbox environment is a virtual database environment and the dataset is stored in a database; retrieve at least a portion of the dataset from the database (“Sandbox 2130 and self-serve data components 2131 may be configured to offer users an ability to request and receive raw or semi-processed data from Netezza or Hadoop data lake into a private area and be able to use other advanced analytics tools to transform the data and prepare data models. The sandbox may be configured to provide business data-glossary, enabling self-serve provisioning of data sandboxes, including data and tools, self-serve model- and data-promotion to production. In some embodiments, sandbox 2130 may provide model development/validation, data discovery or data verification/validation that is not for production use. Sandboxes may be created and maintained in IDP (Netezza, Hadoop, Datameer Server, R/Python Server, SpotFire Server) to ensure end to end control over security and privacy of data and lineage and cost efficiency.”); 
Wang does not disclose the following limitation “identify at least one sandbox access policy associated with the user request and the dataset; and generate a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy”
	Smyth discloses: 
identify at least one sandbox access policy associated with the user request and the dataset; and generate a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 9
Wang does not disclose the following limitation “wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to enable one or more elements of the dataset in the view”
Smyth discloses:
The computing apparatus of claim 8, wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to enable one or more elements of the dataset in the view (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 12
Wang does not disclose the following limitation “wherein: the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements”.
Smyth discloses:
The computing apparatus of claim 8, wherein: the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements (¶238: “User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 13
Wang does not disclose the following limitation “identifying the at least one sandbox access policy is performed in a metadata service within a data access system; and generating the view of the dataset in the sandbox environment is performed in the metadata service”
Smyth discloses:
The computing apparatus of claim 8, wherein: identifying the at least one sandbox access policy is performed in a metadata service within a data access system; and generating the view of the dataset in the sandbox environment is performed in the metadata service (¶31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 14
Wang does not disclose the following limitation “wherein the metadata service provides the sandbox environment with one or more dataset tools, wherein the one or more dataset tools are associated with the dataset and based on the at least one sandbox access policy”
Smyth discloses:
The computing apparatus of claim 13, wherein the metadata service provides the sandbox environment with one or more dataset tools, wherein the one or more dataset tools are associated with the dataset and based on the at least one sandbox access policy (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 15
Wang discloses:
One or more computer-readable storage media having program instructions stored thereon to facilitate data access environments comprising multiple application services and multiple storage services that, when read and executed by a processing system, direct the processing system to at least: receive a user request from a sandbox environment to access a dataset, wherein the sandbox environment is a virtual database environment and the dataset is stored in a database associated with a data access system; retrieve at least a portion of the dataset from the database; identify at least one sandbox access policy associated with the user request and the dataset (¶238: “Sandbox 2130 and self-serve data components 2131 may be configured to offer users an ability to request and receive raw or semi-processed data from Netezza or Hadoop data lake into a private area and be able to use other advanced analytics tools to transform the data and prepare data models. The sandbox may be configured to provide business data-glossary, enabling self-serve provisioning of data sandboxes, including data and tools, self-serve model- and data-promotion to production. In some embodiments, sandbox 2130 may provide model development/validation, data discovery or data verification/validation that is not for production use. Sandboxes may be created and maintained in IDP (Netezza, Hadoop, Datameer Server, R/Python Server, SpotFire Server) to ensure end to end control over security and privacy of data and lineage and cost efficiency.”); 
Wang does not disclose the following limitation “and generate a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy”
Smyth discloses:
and generate a view of the dataset in the sandbox environment, wherein the view displays one or more enabled elements of the dataset based on the at least one sandbox access policy (¶31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 16
Wang does not disclose the following limitation “wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to enable one or more elements of the dataset in the view”
Smyth discloses:
The one or more computer-readable storage media of claim 15, wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to enable one or more elements of the dataset in the view (31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Regarding Claim 19
Wang does not disclose the following limitation “the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements”
Smyth discloses:
The one or more computer-readable storage media of claim 15, wherein: the user request indicates a number of requested dataset elements; and generating the view of the dataset in the sandbox environment is based on the number of requested dataset elements (¶31 “User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31). 
Regarding Claim 20
Wang does not disclose the following limitation “wherein: Identifying the at least one sandbox access policy is performed in a metadata service within the data access system; and generating the view of the dataset in the sandbox environment is performed in the metadata service”
Smyth discloses:
The one or more computer-readable storage media of claim 15, wherein: Identifying the at least one sandbox access policy is performed in a metadata service within the data access system; and generating the view of the dataset in the sandbox environment is performed in the metadata service (¶31: “As shown in FIG. 2, User 202 may submit a request at 210, which may include discovery portal access, discovery personal and/or shared sandbox roles, Hadoop access roles, object storage access roles, etc., as shown by 212. System Access Manager may facilitate the request, approval, fulfillment (e.g., automated and manual) and processes of access to resources, such as database, active-directory groups, LDAP groups, server access, etc. A user may also request a personal sandbox (at 214) or a shared sandbox and further create Hadoop Distributed File System (HDFS), Hive/Impala Schemas, Hive/Impala Tables, Ranger or Cloud-platform specific access Policies, etc., as represented by 222 and 224. As shown in FIG. 2, User 202 may access Discovery Portal 216 to request a personal sandbox. Discovery Portal 216 may access Sandbox Application Program Interface (API) 218 and Sandbox Orchestration 220. MS represents a messaging service or it may be an API. From Sandbox Orchestration 220, API for cloud services may be initiated at 222 (e.g., Hadoop API) and/or at 226 (e.g., Cloud Services API). Hadoop API 222 may access a set of tools represented by Distributed Data Platform 224. Hadoop API 222 may create HDFS, Hive Schema, Ranger Policies, etc. Cloud Services API 226 may enable a user to create a bucket folder and perform other actions in a cloud services platform. Through Channel 228 and Active Directory 230, Cloud Services Platform 240 may be accessed. Cloud Services Platform 240 may include Connection/Gateway, Storage and Identify and Access Management (IAM) components and services. Active Directory may represent a directory service that authenticates and authorizes users and computers in a domain type network by assigning and enforcing security policies.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang in order to include a feature where a sandbox system can be configured to identify an access policy (configured by the System Access Manager) and display a dataset based (Hadoop Distributed File System (HDFS)) on an access policy as taught by Smyth. One of ordinary skill in the art would have been motivated to do so because Smyth recognizes that by implementing an access policy a sandbox environment ensures that a user has a certain authentication level in order to access to certain data base within the sandbox environment (¶31).
Claims 3, 4, 10, 11, 17 and 18 are rejected under 35 U.S.C as be unpatentable over US 2020/026710 A1 (hereinafter ‘Wang’), in view of US 2020/0151346 (hereinafter ‘Smyth’), and in further view of CN 109,218,296 A (hereinafter ‘Huang’). 
Regarding Claim 3 
Wang and Smyth do not disclose the following limitation “upon identifying the at least one sandbox access policy, disabling one or more elements of the dataset in the view”.
Huang discloses:
The method of claim 1, further comprising, upon identifying the at least one sandbox access policy, disabling one or more elements of the dataset in the view (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to disable one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment. 
Regarding Claim 4 
Wang and Smyth do not disclose the following limitation “wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy”.
Huang discloses:
The method of claim 1, wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to protect one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment (Claim 2).
Regarding Claim 10
Wang and Smyth do not disclose the following limitation “wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to disable one or more elements of the dataset in the view”
 Huang discloses:
The computing apparatus of claim 8, wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to disable one or more elements of the dataset in the view (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to disable one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment (Claim 2).
Regarding Claim 11
Wang and Smyth do not disclose the following limitation “wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy”
 Huang discloses:
The computing apparatus of claim 8, wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to protect one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment (Claim 2).
Regarding Claim 17
Wang and Smyth do not disclose the following limitation “wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to disable one or more elements of the dataset in the view”.
Huang discloses:
The one or more computer-readable storage media of claim 15, wherein, upon identifying the at least one sandbox access policy, the program instructions further direct the processing system to disable one or more elements of the dataset in the view (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to disable one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment (Claim 2).
Regarding Claim 18
Wang and Smyth do not disclose the following limitation “wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy”.
Huang discloses:
The one or more computer-readable storage media of claim 15, wherein a portion of the dataset is anonymized in the view of the dataset based on the at least one sandbox access policy (Claim 2: “The method according to claim 1 the improved CSP policy-based XSS defense system, wherein the security policy specifically comprises: 1) the sandbox policy: by adding a policy instructions "eval": false to disable use of Javascript function eval; 2) element policy for limiting the source of page, other DOM elements by marking the script tag, and contains event monitor event-handler of the position of the element, to generate a white list policy; 3) data policies for protecting important data in the DOM document to not be attacker reading and writing, the data comprising a password input frame form the form of value, cookie attribute of the object, the local Storage attribute of the window object.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Wang and Smyth in order to include a feature where a sandbox system can be configured to protect one or more elements of the dataset based off an access policy (configured by the System Access Manager) as taught by Huang. One of ordinary skill in the art would have been motivated to do so because Huang recognizes that by implementing this feature a user (such as a hacker) will not be able to access certain datasets within a sandbox environment (Claim 2).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is 571-272-1531. The examiner can normally be reached on Monday-Friday 9am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, LYNN FIELD can be reached on 571-272-2092.
Information regarding the status of an application may be obtained from the Patent Application Information
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like
assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-
786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/
Examiner, Art Unit 2431                                                                                                                                                                                          
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431