Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Verzun et al. (US Pub. 2019/0386969, hereinafter “Verzun”) in view of Li, Yue at al. (CN 106973096, hereinafter “Li”).

Regarding claim 1, Verzun discloses a computing platform, comprising: at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform (Fig. 1) to: 
receive, via the communication interface, from a database-level interceptor associated with a target database, a first account-change message, wherein the first account-change message comprises information identifying a first target account as a database-level source account and identifying a second target account associated with one or more target databases, and wherein the first target account is associated with a target application configured to access the target database (¶¶ [0056]-[0057], some transactions are account changes identified and intercepts for making pirate transactions to a database); 
determine, based on a failure to detect a source account associated with the first target account, an account lineage chain associated with the first account-change message is incomplete (¶ [0094], revoking transaction – as incomplete; ¶ [0492], ¶ [0495] lineage chain); 
generate, based on the determining, one or more commands directing a database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], Many apps however, offer limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity); and 
send, via the communication interface, to the database computing platform associated with the target database, the one or more commands directing the database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], offering limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity).
While Verzun discloses source and target data being affected, Verzun does not explicitly discloses first target account and second target database; however, Li discloses first target account and second target database (abstract and first 2 paragraphs of description).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Li into Verzun to effectively pushing the data for completion of transaction made to databases once allowed.

Regarding claim 15, Verzun discloses a method, comprising: at a computing platform comprising at least one processor, a communication interface, and memory (Fig. 1): 
receiving, via the communication interface, from a database-level interceptor associated with a target database, a first account-change message, wherein the first account-change message comprises information identifying a first target account as a database-level source account and identifying a second target account associated with one or more target databases, and wherein the first target account is associated with a target application configured to access the target database (¶¶ [0056]-[0057], some transactions are account changes identified and intercepts for making pirate transactions to a database);; 
determining, based on a failure to detect a source account associated with the first target account, an account lineage chain associated with the first account-change message is incomplete (¶ [0094], revoking transaction – as incomplete; ¶ [0492], ¶ [0495] lineage chain);
 generating, based on the determining, one or more commands directing a database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], Many apps however, offer limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity); and
 sending, via the communication interface, to the database computing platform associated with the target database, the one or more commands directing the database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], offering limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity).
While Verzun discloses source and target data being affected, Verzun does not explicitly discloses first target account and second target database; however, Li discloses first target account and second target database (abstract and first 2 paragraphs of description).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Li into Verzun to effectively pushing the data for completion of transaction made to databases once allowed.

Regarding claim 20, Verzun discloses one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform (Fig. 1) to: 
receive, via the communication interface, from a database-level interceptor associated with a target database, a first account-change message, wherein the first account-change message comprises information identifying a first target account as a database-level source account and identifying a second target account associated with one or more target databases, and wherein the first target account is associated with a target application configured to access the target database (¶¶ [0056]-[0057], some transactions are account changes identified and intercepts for making pirate transactions to a database); 
determine, based on a failure to detect a source account associated with the first target account, an account lineage chain associated with the first account-change message is incomplete (¶ [0094], revoking transaction – as incomplete; ¶ [0492], ¶ [0495] lineage chain); 
generate, based on the determining, one or more commands directing a database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], Many apps however, offer limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity); and
 send, via the communication interface, to the database computing platform associated with the target database, the one or more commands directing the database computing platform associated with the target database to limit access of the first target account to the target database (¶ [0050], offering limited or no security provisions, instead relying wholly on the TCP/IP protocol stack to protect their content and integrity).
While Verzun discloses source and target data being affected, Verzun does not explicitly discloses first target account and second target database; however, Li discloses first target account and second target database (abstract and first 2 paragraphs of description).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Li into Verzun to effectively pushing the data for completion of transaction made to databases once allowed.

Regarding claim 2, Verzun in view of Li discloses the computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: determine a first timestamp comprised in the first account-change message, wherein the first timestamp indicates a time of requesting an account change from the first target account to the second target account (¶ [0082], times tamped of changes); 
determine a second timestamp indicating a time of accessing the target database by the first target account (¶¶ [0532]-[0533]); and 
track, based on a comparison of the first timestamp and the second timestamp, the source account associated with the first target account (¶ [0042], transactions tracked).

Regarding claim 3, Verzun in view of Li discloses the computing platform of claim 2, wherein tracking the source account associated with the first target account comprises: identifying a network identifier associated with the source account (¶¶ [0041]-[0042], identifiers, network, and information are identified); 
causing a first computing device associated with the network identifier to install a source- level interceptor (¶¶ [0041]-[0042]; intercepting information); and 
identifying, based on a communication from the installed source-level interceptor, the source account (¶¶ [0041]-[0042]; intercepting information).

Regarding claim 4, Verzun in view of Li discloses the computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: identify a first computing device accessing the first target account; cause the first computing device to install a source-level interceptor (¶¶ [0041]-[0042], identifiers, network, and information are identified); and receive, via the communication interface, from the source-level interceptor, a second account-change message, wherein the second account-change message comprises information identifying the source account and identifying the first target account (¶¶ [0041]-[0042], information is intercepted).

Regarding claim 5, Verzun in view of Li discloses the computing platform of claim 4, wherein the second account-change message further comprises device information of the first computing device, one or more commands associated with the source account, and one or more timestamps (¶ [0082], times tamped of changes); and wherein the first account-change message further comprises database information of the target database, one or more commands associated with the target database, and one or more timestamps (¶ [0082], times tamped of changes).

Regarding claim 6, Verzun in view of Li discloses the computing platform of claim 4, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: generate, based on the first account-change message and the second account-change message, a notification comprising information associated with an account lineage between the source account and the second target account (¶ [0057], which instead forwards a stolen or falsified SSL CA certificate to client browser. The CA certificate describes how information is to be encoded by client browser when communicating with the HTTPS server); and send, via the communication interface, to an administrator user computing device, the notification comprising the information associated with the account lineage between the source account and the second target account (¶ [0057]).

Regarding claim 7, Verzun in view of Li discloses the computing platform of claim 4, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: determine, based on the second account-change message, that the source account is not an originating account and is associated with a second source account of a second computing device and cause the second computing device to install a second source-level interceptor (̬¶ [0066], the target knows immediately of the infection because of overt system failures or messages).

Regarding claim 8, Verzun in view of Li discloses the computing platform of claim 7, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, via the communication interface, from the second source-level interceptor, a third account-change message, wherein the third account-change message comprises information identifying the second source account and identifying the source account (¶ [0042], the resulting data packet 451e lacks the full content of its ancestral lineage (packet 451d) because some of the fragmented pieces are diverted onto different paths through the meshed network. Unrelated data or junk data are represented in the figure by empty squares in the text); determine, based on the third account-change message, that the second source account is an originating account; generate, based on determining that the second source account is an originating account, information indicating a complete account lineage between the second source account and the second target account; and store the information indicating the complete account lineage between the second source account and the second target account (¶[0042]).

Regarding claim 9, Verzun in view of Li discloses the computing platform of claim 8, wherein the information indicating the complete account lineage between the second source account and the second target account indicates: a first account lineage segment between the second source account and the source account; a second account lineage segment between the source account and the first target account; and a third account lineage segment between the first target account and the second target account (¶ [0492], leaf certificates may use pseudonymous identities to further protect user privacy. In addition to protecting personal privacy, CA-certificates also prevent fraud. All derivative CA-certificates sharing a common lineage from a parental certificate are useful only to the parent certificate owner's accounts and devices) .

Regarding claim 10, Verzun in view of Li discloses the computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: based on an incomplete account lineage chain associated with the first account-change message, cause a denial of an account-change from the first target account to the second target account (¶ [0094], revoking or denying transactions).

Regarding claim 11, Verzun in view of Li discloses the computing platform of claim 1, wherein the second target account has one or more rights associated with the target database that are unavailable to the first target account (¶ [0053], access to system using admin rights).

Regarding claim 12, Verzun in view of Li discloses the computing platform of claim 1, wherein the source account is associated with a first computing device, and wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: receive, via the communication interface, from a source-level interceptor associated with a second computing device, a second account-change message, wherein the second account-change message comprises information identifying a second source account associated with the second computing device and identifying the source account associated with the first computing device; and determine, based on the first account-change message and the second account- change message, that an account lineage chain is incomplete at the first computing device (¶ [0042], the resulting data packet 451e lacks the full content of its ancestral lineage (packet 451d) because some of the fragmented pieces are diverted onto different paths through the meshed network).

Regarding claim 13, Verzun in view of Li discloses the computing platform of claim 12, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: based on determining that the account lineage chain is incomplete at the first computing device, cause the first computing device to install a second source-level interceptor (¶ [0492].

Regarding claim 14, Verzun in view of Li discloses the computing platform of claim 12, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: based on determining that the account lineage chain is incomplete at the first computing device, generate information indicating an incomplete account lineage between the source account and the first target account (¶ [0492]; and send, via the communication interface, to an administrator user computing device, a notification comprising the information indicating the incomplete account lineage between the source account and the first target account (¶ [0492].

Regarding claim 16, Verzun in view of Li discloses the method of claim 15, further comprising: determining a first timestamp comprised in the first account-change message, wherein the first timestamp indicates a time of requesting an account change from the first target account to the second target account (¶ [0082], times tamped of changes); and determining a second timestamp indicating a time of accessing the target database by the first target account (¶¶ [0532]-[0533]); and tracking, based on a comparison of the first timestamp and the second timestamp, the source account associated with the first target account (¶ [0042], transactions/movements tracked).

Regarding claim 17, Verzun in view of Li discloses the method of claim 16, wherein tracking the source account associated with the first target account comprises: identifying a network identifier associated with the source account (¶¶ [0041]-[0042], identifiers, network, and information are identified); causing a first computing device associated with the network identifier to install a source- level interceptor (¶¶ [0041]-[0042]; intercepting information); and identifying, based on a communication from the installed source-level interceptor, the source account (¶¶ [0041]-[0042]; intercepting information).

Regarding claim 18, Verzun in view of Li discloses the method of claim 15, further comprising: identifying a first computing device accessing the first target account; causing the first computing device to install a source-level interceptor (¶¶ [0041]-[0042], identifiers, network, and information are identified); and receiving, via the communication interface, from the source-level interceptor, a second account-change message, wherein the second account-change message comprises information identifying the source account and identifying the first target account (¶¶ [0041]-[0042], information is intercepted).

Regarding claim 19, Verzun in view of Li discloses the method of claim 18, wherein the second account-change message further comprises device information of the first computing device, one or more commands associated with the source account, and one or more timestamps (¶ [0082], times tamped of changes); and wherein the first account-change message further comprises database information of the target database, one or more commands associated with the target database, and one or more timestamps (¶ [0082], times tamped of changes).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TUANKHANH D PHAN whose telephone number is (571)270-3047.  The examiner can normally be reached on Mon-Fri, 10:00am-18:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached on 571-272-3978.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 or 571-272-1000.
/TUANKHANH D PHAN/               Examiner, Art Unit 2154