DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/5/2022 has been entered.
As per instant Amendment, claims 1, 9 and 17 are independent claims. Claims 1-20 have been examined and are pending. This Office Action is made Non-Final.

Response to Arguments
Applicant’s arguments in the Amendment, filed on 7/5/2022 with respect to the 35 U.S.C. 103 rejection, have been considered but are moot in view of new grounds of rejection.  








Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 4, 6, 9, 10, 12, 14, 17, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2004/0044655 A1) in view of Dutta et al. (US 2005/0177570 A1) and Bromwich et al. (US 7,558,796 B1).

Regarding Claim 1;
Cotner discloses method for protecting data stored at a database server (Abstract ) the method comprising: 
collecting information associated with ... [a] database request ..., the database request including a parameter (FIG. 7A-B and [0072] – A request with the user's query is prepared in operation 76 by a client, for example, in a client/server system. The request includes, in addition to the query, a user security label encoded with the user's security level and security categories. The request is sent in operation 78 to the DBMS. and [0073] – Referring to FIG. 7B, the DBMS receives the user's request in operation 80. In operation 82 the DBMS, through the query processor and data manager, processes the query and scans the requested tables to find rows that satisfy the user's query predicates);
comparing the collected information and the database parameter with reference information and a constraint to identify a deny action that prevents the computing device from receiving data associated with the database request based on a condition associated with the reference information, the constraint, and the action (FIG. 7A-B – Does the DB Table containing a security label column → Deny and [0073] – Security_Label (i.e., database parameter));
preventing the database request ... when: 
the collected information matches the reference information (FIG. 7A-B – Process the query and read a DB table finding rows that meet query predicates and [0072]-[0073]);
the constraint matches the database parameter (FIG. 7A-B – Security Label); and 
the condition corresponds to the reference information and the constraint (FIG. 7A-B).
the action is the deny action that prevents the computing device from receiving the data associated with the database request (FIG. 7B – Deny)
Cotner fails to explicitly disclose 
receiving user input from a computing device;
allowing a database request to be generated based on the received user input;
collecting information associated with the generation of [a] database request when the database request is generated...
preventing the database request from being sent to the database server when...
However, in an analogous art, Dutta teaches method for protecting data stored at a database server (Dutta, Abstract and FIG. 4) the method comprising: 
receiving user input from a computing device (Dutta, FIG. 1 and FIG. 4 and [0027] – The input component 110 receives queries. Such queries can be initiated from essentially any database programming language such as SQL, for example, and directed over a data repository that includes one or more databases, tables, contextual information, etc.);
allowing a database request to be generated based on the received user input (Dutta, FIG. 1 and FIG. 4 and [0028] - The query manager 120 can augment a received query to incorporate data security therein);
collecting information associated with the generation of the database request when the database request is generated... (Dutta, FIG. 1 and FIG. 4 and [0028] - The query manager 120 can augment a received query to incorporate data security therein and [0034] – The output content can provide the augmented queries for further processing or querying over data).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Dutta to the protecting data stored at a database server of Cotner and Dutta to include features of receiving user input from a computing; allowing a database request to be generated based on the received user input; collecting information associated with the generation of the database request when the database request is generated...
One would have been motivated to combine the teachings of Dutta to Cotner to do so as it provides / allows augment[ing] queries with row-level security expressions to optimize performance and mitigate data leaks (Dutta, [0003]).
	However, in an analogous art, Bromwich teaches preventing the database request from being sent to the database server when [conditions are met] (Bromwich, FIG. 5 and col. 1, lines 51-57 - The DIDS is usually located between the enterprise application and the database so that it has visibility to the database queries and results. Typically, the DIDS is trained to recognize legitimate queries. If the DIDS recognizes an anomalous query, it logs the query and may perform other actions, such as triggering an alert to an administrator or blocking execution of the query and col. 5, lines 1-7 – the DIDIS is connected to the network 14 at another location... and col.9, lines 55-60).  As reasonably constructed as the DIDS is located between an enterprise application and a database, the DIDS blocks the query from executing thus preventing it to be sent to the database.  
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Bromwich to the preventing the database request of Cotner and Dutta to include preventing the database request from being sent to the database server when [conditions are met]  
One would have been motivated to combine the teachings of Bromwich to Cotner and Dutta to do so as it provides / allows to determine an origin of an anomalous query.... to track down an attacker who is submitting malicious database queries (Bromwich, col. 1, lines 7-10).

Regarding Claim 2;
Cotner and Dutta and Bromwich disclose the method to Claim 1.
Dutta further discloses further comprising identifying a program code location where a function associated with generating the database request is initiated (Dutta, [0069] - Upon receiving a query, a source of the query can be determined. In many instance, the source is associated with a user name, address, network, sub-network, domain, group, project, job description, workgroup, division, department, status, etc. that can be utilized to identify the user, wherein individual users can be associated with different privileges. It is noted that users within a similar delineation can be associated with similar or different privileges).
Regarding Claim 4;
Cotner and Dutta and Bromwich disclose the method to Claim 1.
	Dutta further comprising identify a function that is associated with generating the database request (Dutta, [0046]-[0047] – Security expressions can be created via the SQL programming language. For example, the SQL CREATE utility can be utilized to create a named expression for a table, wherein the named expression specifies a Boolean expression that must be satisfied by the data to gain access to the data. Such expressions can be linked to particular requesters and/or groups of requesters in order to utilize data security. For example, when utilizing SQL, data administrators can link a security expression for a particular source of data to a user and/or group of users via the GRANT, REVOKE and DENY utilities and/or remove a security expression via the DROP utility, as describe in detail below... The query manager 210 can augment a query by grafting an expression composed of the disjunction of Boolean expressions that are granted, wherein respective expressions are conjugated with an associated security principal to whom the grant is made, and conjuncting the resultant disjunction with the conjunction of the complement of respective Boolean expressions denied, wherein respective expressions are conjuncted with a security principal to whom the deny is made. In other words, the query manager can augment a query such that data can satisfy the query when at least one granted expression is satisfied and no deny expressions are satisfied.) and [0049] and [0051] and [0054]).




Regarding Claim 6;
Cotner and Dutta and Bromwich disclose the method to Claim 1.
	Dutta further teaches further comprising collecting information that identifies the computing device form which the user input was received (Dutta, [0036] - For example, a received query may include a unique identifier associated with the requester (e.g., a user, an application . . . ) or the machine that transmitted the request. In another instance, the query may be prefaced and/or followed by such information. In still other instances, intelligence can be employed to determine the requester and/or a suitable set of security expressions. The retrieved security expression(s) for a request can be employed while searching the data repository).

Regarding Claim(s) 9, 10, 12, and 14; claim(s) 9, 10, 12, and 14 is/are directed to a/an medium associated with the method claimed in claim(s) 1, 2, 4, and 6.  Claim(s) 9, 10, 12, and 14 is/are similar in scope to claim(s) 1, 2, 4, and 6, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 17, 18, and 20; claim(s) 17, 18, and 20 is/are directed to a/an apparatus associated with the method claimed in claim(s) 1, 2, and 4.  Claim(s) 17, 18, and 20 is/are similar in scope to claim(s) 1, 2, and 4, and is/are therefore rejected under similar rationale.




Claim(s) 3, 5, 11, 13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2004/0044655 A1) in view of Dutta et al. (US 2005/0177570 A1) and Bromwich et al. (US 7,558,796 B1) and further in view of Rafiq et al. (US 2010/0036846 A1).

Regarding Claim 3; 
Cotner and Dutta and Bromwich disclose the method to Claim 2.
Dutta further discloses further comprising ...program code location as data... (Dutta, [0069] - Upon receiving a query, a source of the query can be determined. In many instances, the source is associated with a user name, address, network, sub-network, domain, group, project, job description, workgroup, division, department, status, etc. that can be utilized to identify the user, wherein individual users can be associated with different privileges. It is noted that users within a similar delineation can be associated with similar or different privileges).
Cotner and Dutta and Bromwich fail to explicitly disclose ...storing [information] in an access control list
However, in an analogous art, Rafiq teaches storing [information] as data in an access control list (Rafiq, [0029] and [0042] - In particular, the security context may correspond to session information associated with a request, a user associated with the request, and/or a role of the user. As a result, access privileges to objects in object repository 148 may be specified for individual users and/or roles of one or more users through the ACLs and ACEs within the ACLs.).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Rafiq to the program code location as data of Cotner and Dutta and Bromwich to include ...storing such [information] (e.g., the program code location as data) in an access control list.
One would have been motivated to combine the teachings of Rafiq to Cotner and Dutta and Bromwich to do so as it provides / allows optimizing row level security in the database (Rafiq, [0028]).

Regarding Claim 5; 
Cotner and Dutta and Bromwich disclose the method to Claim 4.
Dutta further discloses further comprising ... information that identifies the function... (Dutta, [0046]-[0047] – Security expressions can be created via the SQL programming language. For example, the SQL CREATE utility can be utilized to create a named expression for a table, wherein the named expression specifies a Boolean expression that must be satisfied by the data to gain access to the data. Such expressions can be linked to particular requesters and/or groups of requesters in order to utilize data security. For example, when utilizing SQL, data administrators can link a security expression for a particular source of data to a user and/or group of users via the GRANT, REVOKE and DENY utilities and/or remove a security expression via the DROP utility, as describe in detail below... The query manager 210 can augment a query by grafting an expression composed of the disjunction of Boolean expressions that are granted, wherein respective expressions are conjugated with an associated security principal to whom the grant is made, and conjuncting the resultant disjunction with the conjunction of the complement of respective Boolean expressions denied, wherein respective expressions are conjuncted with a security principal to whom the deny is made. In other words, the query manager can augment a query such that data can satisfy the query when at least one granted expression is satisfied and no deny expressions are satisfied.).
Cotner and Dutta and Bromwich fail to explicitly disclose ...storing [information] in an access control list.
However, in an analogous art, Rafiq teaches...storing [information] in an access control list... (Rafiq, [0029] and [0042] - In particular, the security context may correspond to session information associated with a request, a user associated with the request, and/or a role of the user. As a result, access privileges to objects in object repository 148 may be specified for individual users and/or roles of one or more users through the ACLs and ACEs within the ACLs.). 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Rafiq to the program code location as data of Cotner and Dutta and Bromwich to include ...storing such [information] (e.g., information that identifies the function) in an access control list.
One would have been motivated to combine the teachings of Rafiq to Cotner and Dutta and Bromwich to do so as it provides / allows optimizing row level security in the database (Rafiq, [0028]).

Regarding Claim(s) 11 and 13; claim(s) 11 and 13 is/are directed to a/an medium associated with the method claimed in claim(s) 3 and 5.  Claim(s) 11 and 13 is/are similar in scope to claim(s) 3 and 5, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 19; claim(s) 19 is/are directed to a/an apparatus associated with the method claimed in claim(s) 3.  Claim(s) 19 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale.


Claim(s) 7, 8, 15, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cotner et al. (US 2004/0044655 A1) in view of Dutta et al. (US 2005/0177570 A1) and Bromwich et al. (US 7,558,796 B1) and further in view of Zhao et al. (US 2016/0088676 A1).

Regarding Claim 7;
Cotner and Dutta and Bromwich disclose the method to Claim 6.
Dutta further teaches concepts of the computing device identifying information ([0036] - For example, a received query may include a unique identifier associated with the requester (e.g., a user, an application . . . ) or the machine that transmitted the request. In another instance, the query may be prefaced and/or followed by such information. In still other instances, intelligence can be employed to determine the requester and/or a suitable set of security expressions. The retrieved security expression(s) for a request can be employed while searching the data repository) and second user input (Dutta, FIG. 1 and [0027] - queries).
Cotner and Dutta and Bromwich fail to explicitly disclose further comprising: storing the computing device identifying information in a memory with information that identifies that the computing device is a suspicious device; receiving a second user input; and identifying that the suspicious device provided the second user input.
However, in an analogous art, Zhao teaches concepts of further comprising: storing the computing device identifying information in a memory with information that identifies that the computing device is a suspicious device (Zhao, [0064] - The cellular carrier may determine whether to provide a service to the UE based on the device identifier of the UE. For example, if the UE is stolen, a user of the UE may report to the UE's cellular carrier that the UE is stolen. Subsequently, the cellular carrier blacklists a device identifier for the stolen UE. If a device identifier of a UE is on a black list (e.g., blacklisted), then the cellular carrier does not provide a service to the UE associated with the blacklisted device identifier); receiving a second ... input ([0064] - In particular, when the UE connects to the core network (e.g., EPC 730) via LTE, the core network sends the UE a request for the device identifier of the UE. In response, the UE sends the device identifier to the core network. If the core network determines that the device identifier is blacklisted, the core network does not provide a service to the UE associated with the blacklisted device identifier); and identifying that the suspicious device provided the second ... input ([0064] - In particular, when the UE connects to the core network (e.g., EPC 730) via LTE, the core network sends the UE a request for the device identifier of the UE. In response, the UE sends the device identifier to the core network. If the core network determines that the device identifier is blacklisted, the core network does not provide a service to the UE associated with the blacklisted device identifier).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Zhao to the second user input of Cotner and Dutta and Bromwich to include concepts of further comprising: storing the computing device identifying information in a memory with information that identifies that the computing device is a suspicious device; receiving a second ... input; and identifying that the suspicious device provided the second ... input.
One would have been motivated to combine the teachings of Zhao to Cotner and Dutta and Bromwich to do so as it provides / allows preventing “access” based on the device identifier of the UE (Zhao, [0007]).

Regarding Claim 8;
Cotner and Dutta and Bromwich and Zhao disclose the method to Claim 7.
	Dutta teaches concepts of ...a second database request ... being generated based on the identification that the ... device provided the second user input (Dutta, FIG. 1 and [0027] - queries).
Zhao further teaches further comprising preventing ... from [providing service] based on the identification that the suspicious device provided the second ... input (Zhao, [0064]).

Regarding Claim(s) 15 and 16; claim(s) 15 and 16 is/are directed to a/an medium associated with the method claimed in claim(s) 7 and 8.  Claim(s) 15 and 16 is/are similar in scope to claim(s) 7 and 8, and is/are therefore rejected under similar rationale.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439