DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. 


Response to Remarks

Applicant has amended Claims 1, 10, and 19, Claims 1-20 are pending, with claims 1, 10, and 19 being independent. Claims 1, 7, 10, 19 are Currently Amended. After entering amendment pending claims of 1-20 have been fully considered but were not found to be persuasive.

In responses to Applicant’s argument filed on 07/14/2022 on page 12-13, Applicant made remark recites: “Neither of the cited references, either alone or in combination, teaches or suggests all the above features either explicitly or implicitly. For example, as recited in the claims and in view of the Specification, the access control list is an ordered list of access control entities, each entity on the list being associated with an authority and a permission group. Specification, para. 0017. Access control lists may be associated with nodes in a content management system. Specification para. 0017. An access control list may specify whether it should inherit access control entities from a parent node in the content management system. Specification, para. 0017. That is, access control lists are a technical device for handling and inheriting permissions relative to access control entities in a content management system.”

With respect to the amendment made to the claims, the new combination of references was necessitated by the change to the scope of invention in the currently presented claims. Accordingly, this office action is based on a new ground of rejection and therefore, Applicant is advised to refer to the explanation provided herein below.  This office action made final.


Claim Rejections - 35 USC§ 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 10-17, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ferrari et al., US 2013/0339311, hereinafter Ferrari, in view of Carino, Jr. et al.., US 5,864,843, hereinafter Carino.

As per claim 1, (Currently Amended) A computer-implemented method comprising: receiving, a query and an access control list associated with a user submitting the query for processing to a search engine, (Ferrari [0172] “For example, metadata associated with a data object (native or virtual) can be extended include: units of measure for attribute values, security associations such as access control lists for objects, attributes, and dimensions, and version/update control information to identify data freshness, provenance, and history, as well as any one or more of the extended metadata attributes in various combination.”)

the access control list being assigned to the query by a content management system to authenticate the user, the query including a request to access content managed by the content management system; (Ferrari in paragraph [0164] discloses global attribute groups may be restricted by other filters, permission, or access restrictions. Ferrari [0164] “In some settings, global attribute groups may be restricted by other filters, permission, or access restrictions. Attribute groups can also be defined within the scope of an application 1878 used to access data on an information retrieval system.”)

using the execution plan to search a search index and return a result set of documents, in response to receiving the query (Ferrari [0193] “In one embodiment, the operations that define sub-attribute computation and/or sub-attribute comparison operations can be subsume or optimized into an overall execution plan for query execution.”)

constraining, results returned from the query using a content index of a plurality of content items maintained in a repository of the content management system, (Ferrari [0049] “In another example, filter operations can be configured to optionally refine the query response set by retaining or discarding records further associated with other particular attributes and/or values. Some embodiments implement index structures on attribute sets to expedite search or filtering by attribute and value.”)

the constraining comprising limiting a content item of the plurality of content items from being added to a permissions-filtered results set based on the access control list assigned to the query, the access control list identifying the user as not having permission to access the content item; aggregating, based on the execution plan, the permissions-filtered results set; and returning, the aggregated permissions-filtered results set.  (Ferrari [0164] “In some settings, global attribute groups may be restricted by other filters, permission, or access restrictions. Attribute groups can also be defined within the scope of an application 1878 used to access data on an information retrieval system.”)

(With respect to claim 1, Ferrari does not explicitly disclose) generating, an execution plan for the search engine to process the query, the execution plan being generated by at least a SQL parser using a virtual database schema; 
However, Carino disclose that parse tree information comprises a database schema for the relational database management system and the parse tree nodes are being used to derive an optimized execution plan.
(Carino, col. 16 lines 66- col.17 line 6: “the parse tree information comprising a database schema for the relational database management system, transforming the database query into a parse tree based upon the database schema, the parse tree defining a plurality of command sets” Carino, col. 13 line 67- col. 14 line 6: “After the derived costs are calculated 528, they are bound to the parse tree nodes 530, and by iteration, these parse tree nodes are used to derive an optimized execution plan 532. This optimized plan is then used to generate the query plan, which comprises RDBMS 210 SQL commands and M-Step execution plans for the object server 212.”)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Carino into the system of Ferrari because optimized execution plan from the parsed tree information of a database schema would improve the overall query performance of the relational database.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine teachings of Carino into the system of Ferrari because, they are analogous art as being directed to the same field of endeavor, the system and method of implementing a secure database management system using semantic data modeling. (See Ferrari FIG. 18B, Paragraph [0029] [0032] and Carino col.4, lines 20-25, 60-63, col,10, lines 50-55)

As per claim 2. (Original) The method as in claim 1, further comprising: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity.  (Ferrari [0102] “In some embodiments, processing can occur in a semantic access layer prior to execution of process 500. In one embodiment, virtual group objects can constrain the data accessed by, for example, a user based on permissions, security privileges, public/private designations for data objects and/or attributes.”)

As per claim 3. (Original) The method as in claim 2, wherein the user permissions index comprises an access control list index maintained by the content management system.  (Ferrari [0049] “Some embodiments implement index structures on attribute sets to expedite search or filtering by attribute and value. Other embodiments can implement additional implicit filtering operations within query processing to, as examples, return particular types of records and maintain access control security.”)

As per claim 4. (Original) The method as in claim 3, wherein the evaluating of the user permissions comprises searching an access control list index for access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.  (Ferrari [0102] “In one embodiment, virtual group objects can constrain the data accessed by, for example, a user based on permissions, security privileges, public/private designations for data objects and/or attributes. In another embodiment, the virtual group objects can be resolved by the semantic access layer to define a subset of the collection of information that can be accessed by a user's information access requests. The subset of the collection of information can define the view of the data for that particular user.”)

As per claim 5. (Original) The method as in claim 1, wherein the query comprises a string of characters entered by the user into a user interface.  (Ferrari [0039] “The synthetic data object can be defined and accessed in response to information requests on, for example, recent television sales. An information request can include queries entered into a user interface and/or navigation selections made on data displays, including selections of data attributes.”)

As per claim 6. (Original) The method as in claim 5, wherein the returning the aggregated permissions-filtered results set comprises providing the aggregated permissions-filtered results set to the user interface.  (Ferrari [0196] “Further, the views provided by the operations defined by any entity or virtual object can be configured to constrain the data that is accessed by subsequent query, filtering, and/or aggregation operations such that record count operations return consistent results within a given virtual view.”)

As per claim 7. (Original) The method as in claim 1, wherein the generating is based on a virtual field included in the virtual database schema to specify different behaviors in generating the execution plan by the SQL parser, wherein the virtual field value is automatically calculated using other existing field values in the virtual database schema, wherein at least one of the other existing field values is not assessable to a user.  (Ferrari [0082] “In another embodiment, entity definition can include virtual and native data, referenced by the collection of the specific list of fields, or the description of the characteristics of fields defined by any combination of filters, range filters, and computational language statements.” Ferrari [0185] “The virtual attribute can store information about who (e.g., users, entities, applications, etc.) can access particular fields of data.”)

As per claim 8. (Original) The method of claim 7, wherein the virtual field comprises time series data. (Ferrari [0003] “Indeed, the update-in-place operations that facilitate transactional efficiency in a RDBMS tend to thwart, for example, long term trend analysis by overwriting historical data with updated data, requiring coarser-grained time series solutions such as snapshots and external data marts to be applied.”)

Claims 9, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ferrari et al., US 2013/0339311, hereinafter Ferrari, in view of Carino, Jr. et al.., US 5,864,843, hereinafter Carino and further in view of Cao et al., US 2014/0280159 hereinafter, Cao.

As per claim 9. (Original) The method of claim 7, wherein the virtual field specifies a machine learning operation.  
Cao discloses a method of driving machine learning models based on statistical data which may be comprising input data sets such as tuple, historical information (e.g., “timestamps) 
(Cao [0059] “it can be statistics-driven, by using machine learning models with statistics about the input data sets (e.g., tuple size, cardinality) and historical information about prior query executions (e.g., execution time).”)

Thus, one having ordinary skill in the art before the effective filing date of the claimed invention would have motivated to combine the teachings of Cao, a method of driving machine learning models based on statistics about the input data sets (e.g., tuple size, cardinality) and historical information about prior query executions (e.g., execution time) because statistical data enhances machine learning that improves efficiency of query process.

As per claim 10. (Currently Amended) A system comprising: at least one data processor; and at least one memory storing instructions which, when executed by the at least one data processor, result in operations comprising: receiving a query and an access control list associated with a user submitting the query for processing to a search engine, the access control list being assigned to the query by a content management system to authenticate the user, the query including a request to access content managed by the content management system; generating an execution plan for the search engine to process the query, the execution plan being generated by at least a SQL parser using a virtual database schema; using the execution plan to search a search index and return a result set of documents, in response to receiving the query; constraining results returned from the query using a content index of a plurality of content items maintained in a repository of the content management system, the constraining comprising limiting a content item of the plurality of content items from being added to a permissions-filtered results set based on the access control list assigned to the query, the access control list identifying the user as not having permission to access the content item; aggregating based on the execution plan, the permissions-filtered results set; and returning the aggregated permissions-filtered results set. 

Claims 10 is analogous to claim 1 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 11. (Original) The system as in claim 10, wherein the operations further comprise: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity.  

Claims 11 is analogous to claim 2 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 12. (Original) The system as in claim 11, wherein the user permissions index comprises an access control list index maintained by the content management system.  

Claims 12 is analogous to claim 3 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 13. (Original) The system as in claim 12, wherein the evaluating of the user permissions comprises searching an access control list index for access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.  

Claims 13 is analogous to claim 4 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 14. (Original) The system as in claim 10, wherein the query comprises a string of characters entered by the user into a user interface.  

Claims 14 is analogous to claim 5 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 15. (Original) The method as in claim 14, wherein the returning the aggregated permissions-filtered results set comprises providing the aggregated permissions-filtered results set to the user interface.  

Claims 15 is analogous to claim 6 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 16. (Original) The method as in claim 10, wherein the generating is based on a virtual field. 

Claims 16 is analogous to claim 7 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.
 
As per claim 17. (Original) The method of claim 16, wherein the virtual field comprises time series data. 

Claims 17 is analogous to claim 8 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.
 
As per claim 18. (Original) The method of claim 16, wherein the virtual field specifies a machine learning operation. 

Claims 18 is analogous to claim 9 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.
 
As per claim 19. (Currently Amended) A non-transitory computer program product storing instructions which, when executed by at least one data processor, causes operations comprising: receiving a query and an access control list associated with a user submitting the query for processing to a search engine, the access control list being assigned to the query by a content management system to authenticate the user, the query including a request to access content managed by the content management system; generating an execution plan for the search engine to process the query, the execution plan being generated by at least a SQL parser using a virtual database schema; using the execution plan to search a search index and return a result set of documents, in response to receiving the query; constraining results returned from the query using a content index of a plurality of content items maintained in a repository of the content management system, the constraining comprising limiting a content item of the plurality of content items from being added to a permissions-filtered results set based on the access control list assigned to the query, the access control list identifying the user as not having permission to access the content item; aggregating based on the execution plan, the permissions-filtered results set; and returning the aggregated permissions-filtered results set, the generating is based on a virtual field included in the virtual database schema to specify different behaviors in generating the execution plan by the SQL parser, wherein the virtual field value is automatically calculated using other existing field values in the virtual database schema, wherein at least one of the other existing field values is not assessable to a user.

Claims 19 is analogous to claim 1 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

As per claim 20. (Original) The non-transitory computer program product of claim 19, wherein the operations further comprise: evaluating user permissions based on a user identity of the user, the evaluating comprising searching a user permissions index for permissions granted to the user based on the user identity, wherein the user permissions index comprises an access control list index maintained by the content management system, and wherein the evaluating of the user permissions comprises searching an access control list index for access control lists designating the user identity as having a sufficient level of access to content items assigned to the access control lists.  

Claims 20 is analogous to claim 4 except that it is directed to an apparatus or system and is rejected under the same rationale as indicated above.

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHONGSUH PARK whose telephone number is (408) 918-7574.  The examiner can normally be reached on Monday - Friday 8:00-5:30 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached on (571)272-3978 EST.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHONGSUH PARK/Examiner, Art Unit 2154                                                                                                                                                                                                        

/HOSAIN T ALAM/Supervisory Patent Examiner, Art Unit 2154