DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 8/4/2022.
Claims 2-3, 9-10, 16-17 have been canceled.
Claims 1, 4, 8, 11, 15 and 18-19 have been amended.
Claims 1, 4-8, 11-15 and 18-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/14/2022 has been entered.
 

Response to Arguments
The rejection under 35 U.S.C. 112(b) of claims 1-20 has been withdrawn as the claims have been amended.  However, the amended claims raise new issues. Therefore, a new 112(b) rejection has been raised based on the amended claims filed on 8/4/2022.
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., “queries relying on data from a pre-computation phase from those relying on only data accessed during a run-time query” and “the use of pre-processing to improve speed of response to queries”) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Applicant’s arguments with respect to claim(s) 1, 4-8, 11-15 and 18-20 have been considered but are moot.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 4-8, 11-15 and 18-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 8 and 15, 
Claims 1, 8 and 15, these claims recite the limitation "the group of properties”.  There is insufficient antecedent basis for this limitation in the claims.  It is unclear if the group of properties are extracted from the access properties or from the combination of clauses.  While a broad claim may be permissible, a claim with uncertain boundaries is not.  Further clarification is required.
 Claims 1, 8 and 15, these claims recite the limitation "the evaluated clauses”.  There is insufficient antecedent basis for this limitation in the claims.  It is unclear if the evaluated clauses are referred back to the at least one evaluated clause or the at least one logical clause or both of these clauses.  Further clarification is required.
Dependent claims 1, 4-7, 11-14 and 18-20 are rejected under 35 U.S.C. 112(b) as they being dependent upon a rejected base claims 1, 8, and 15, respectively.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-8, 11-15 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over RISSANEN (US 20150220659) (hereinafter RISSANEN in view of Allen et al. (US 20070056019) (hereinafter Allen).

Regarding claim 1, RISSANEN discloses a computer-implemented method for controlling access to data by computer systems, the method comprising: 
generating an intermediate representation by integrating a combination of clauses extracted from a policy structure comprising variables and rules that govern data attributes, the data attributes including attributes per data subject, and the data itself to form the intermediate representation (RISSANEN: paragraphs 0015, 0029, 0038, 0053, 0070-0071 and 0098, “The attribute evaluating means 22 supplies attribute values [v.sub.i], which have been extracted from the query or fetched by lookup from one or more remote attribute sources, to a policy decision means 24, which has access to AC policy information P stored in a policy memory 30, which may or may not be a part of the PEP 12. The policy decision means 24 evaluates the AC policy partially and forwards the result, a simplified AC policy P', to an analyzing means 26 adapted to derive access conditions and supply these to the query modifying means 28”); 
extracting at least one logical clause from the data access rule wherein the at least one logical clause contains data access attributes only from the group of properties that are known in pre-processing time (RISSANEN: paragraphs 0038-0041, 0043-0047, 0053 and 0070, “the predetermined simplification rules”… “by parsing a predicate in a SPARQL-type query”… “the invention enables enforcement of access conditions expressed as an ABAC policy, since some embodiments thereof are able to extract a relevant portion of the policy that can be integrated into a database query”); 
compiling and evaluating the extracted at least one logical clause into at least one evaluated clause comprising at least one data-source specific expression (RISSANEN: paragraphs 0054, 0082-0085, 0088 and 0091-0094, “an access condition depending on a dynamic attribute value will require a separate preliminary database query--to be executed before the amended query is executed--for the sole purpose of converting this access condition into one that depends only on static attribute values”);
receiving a request for access to the data (RISSANEN: paragraph 0070, “The data thus provided relate to a query Q intercepted from the communication network”); rewriting the request for access to the data by evaluating the variables and the at least one evaluated clause in the data access rules to concrete values (Rissanen: paragraphs 0020, 0027, 0051, 0054, 0070, “The processing of the query includes determining the access condition(s) applicable in the context of the current database query in view of policy attribute values, e.g., the user's identity, the targeted tables and columns and/or environment information, such as time and location”... “a query modifying means 28 via a device-internal network (single lines). The data thus provided relate to a query Q intercepted from the communication network. The attribute evaluating means 22 supplies attribute values [v.sub.i], which have been extracted from the query or fetched by lookup from one or more remote attribute sources, to a policy decision means 24, which has access to AC policy information P stored in a policy memory 30, which may or may not be a part of the PEP 12. The policy decision means 24 evaluates the AC policy partially and forwards the result, a simplified AC policy P', to an analyzing means 26 adapted to derive access conditions and supply these to the query modifying means 28.”), substituting the evaluated variables and clauses into the request for access, and reducing the request for access rules based on the substitution, so as to provide access only to data allowed by the data access policy rules integrated into the intermediate representation (Rissanen: paragraphs 0070 and 0091-0095, “It is noted that the dynamic nature of the access condition is preserved, unlike a hypothetic amended query in which the access condition has been converted into static form by a preliminary database query, namely, assuming Carol's salary is 15,000: SELECT salary FROM employee WHERE salary=<15000 Assuming the original query is in conformity with the syntax of the query language, the amended query has not undergone any amendment deviating from the syntax and will therefore be executed by the database. However, if Carol had not been included in the "employee" table, the database would have returned an error or a void result, similarly to the case where the salaries of all other employees in the "employee" table had been greater than Carol's salary. Hence, the information in the "employee" table is protected from unauthorized access, as required by the ABAC policy”… “Similarly, the query modifying means 28, which is responsible for amending the database query by imposing one or more access conditions in accordance with the AC policy, may formulate these conditions in accordance with the applicable query language and insert them as an (further) entry following the reserved word "WHERE"”); and executing the rewritten request and providing only data allowed by the data access policy rules integrated into the intermediate representation (RISSANEN: paragraphs 0070-0071, 0091 and 0094, “The policy memory 30 may be supplied with new or updated policy information P from a preparation unit 32, which is aware of the policy language (shown symbolically as "XACML"), the way in which the database 14 is organized ("DB") and of the query language that it accepts (" SQL").”).
RISSANEN does not explicitly disclose the following limitations which are disclosed by Allen, generating at least one rule governing access to the data by grouping a plurality of data access policies by related data access attributes and combining and reducing the grouped data access policies to form a single logical expression (Allen: paragraphs 0033, 0044, 0047, 0056-0057 and 0083, “The request context is sent to a PDP, which determines the applicable policies, and combines the effects of the relevant rules using the appropriate combining algorithms.”… “It is possible to transform a set of "Permit" and "Deny" rules into a single rule that expresses only what is permitted. Mathematically, the result is a conjunction of a disjunction of all "Permit" rules with a negation of a disjunction of all "Deny" rules. The combined expression is reduced to disjunctive normal form (DNF)”); and generating an intermediate representation by integrating a combination of clauses extracted from the single logical expression comprising variables and rules that govern data attributes (Allen: paragraphs 0004, 0040, 0080 and 0083, “adapters 38 may generate one or more representations of the integrated policy set 36 expressed in UAL. Each representation corresponds to a target system 40. A representation may be integrated with the corresponding target system 40 to implement the policy set. In some implementations, an adapter 38 includes a library of routines for parsing UAL into a policy representation, and a target-specific set of routines to apply the representation in the corresponding target environment”).  RISSANEN and Allen are analogous art because they are from the same field of endeavor, access-control policy enforcement.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of RISSANEN and Allen before him or her, to modify the system of RISSANEN to include collecting, combining and reducing the filtered access policies to form a single rule policy set of Allen.  The suggestion/motivation for doing so would have been to controlling access by users to system resources and more particularly (but not exclusively) to implementing security requirements in systems having a plurality of dissimilar access control mechanisms (Allen: paragraph 0002).

Regarding claim 8, claim 8 discloses a system claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons.   

Regarding claim 15, claim 15 discloses a product claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claims 4, 11 and 18, RISSANEN as modified further discloses wherein the intermediate representation is generated remotely from storage of the data to be accessed, and the generated intermediate representation is stored close to the data to be accessed (RISSANEN: paragraphs 0024 and 0086, “policy decision means 24 may during partial evaluation fetch the role and org-unit of the subject through the context handler from a remote policy information point (PIP), and the target matches and the condition can be simplified”); and the method further comprises: storing the at least one evaluated clause in a compressed form (RISSANEN: paragraph 0023, “the invention can be easily integrated into an existing database system, such as by routing database queries via a unit for intercepting queries, wherein both the user interface and the database can be utilized without further modifications since the access control policy, despite being encoded with an attribute-based language, is enforced by modifying code in the query language for which the user interface and database are adapted”).

Regarding claims 5, 12 and 19, RISSANEN as modified further discloses further comprising: including in the generated intermediate representation a masking function for masking at least some field values from data to be accessed (RISSANEN: paragraphs 0052 and 0086, “the query may be amended to the effect that any values of columns to which access is denied are replaced by null values. For instance, the column may be filtered out. This way, the query submitter obtains a masked view of the database contents” … “XACML encoding format”).

Regarding claims 6 and 13, RISSANEN as modified further discloses wherein the intermediate representation is generated in a pre-computation phase, and the request for access to data is rewritten and executed in a runtime phase (RISSANEN: paragraphs 0020 and 0070, “in cases where the policy contains attributes which are necessary for evaluation and whose values cannot be determined using information stored in the database, the partial evaluation may serve to eliminate those policy attributes before the access condition is determined and included into the query that is to be handed over to the database. After an access condition has been derived, it is included into the query by amending the latter in conformity with the syntactic rules of the query language and the names used for referencing tables, columns etc. in the database”).

Regarding claims 7 and 14, RISSANEN as modified further discloses wherein the intermediate representation is generated, and the request for access to data is rewritten and executed, in a single phase (RISSANEN: paragraphs 0024, 0031, 0051 and 0070, “the different access conditions may be combined and then imposed by a single amendment operation”).

Regarding claim 20, RISSANEN as modified further discloses wherein the intermediate representation is generated in a pre-computation phase, and the request for access to data is rewritten and executed in a runtime phase… (RISSANEN: paragraphs 0020, 0024, 0038 and 0070, “in cases where the policy contains attributes which are necessary for evaluation and whose values cannot be determined using information stored in the database, the partial evaluation may serve to eliminate those policy attributes before the access condition is determined and included into the query that is to be handed over to the database. After an access condition has been derived, it is included into the query by amending the latter in conformity with the syntactic rules of the query language and the names used for referencing tables, columns etc. in the database””).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed, such as, Jacod (US 10452975); Litoiu (US 20150288669); and Firestone (US 9224006).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/
Primary Examiner, Art Unit 2431