DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Response to Amendment
The amendment filed 2022-10-17 has been entered and fully considered.

In light of applicant’s amendment, filed 2022-10-17, the 35 U.S.C. § 112(a) rejection has been partially withdrawn (withdrawn for claims 1-7 and 15-20, sustained for claims 8-14).


Response to Arguments
Applicant’s arguments, see pages 10-15, filed 2022-10-17, with respect to the rejection of claims 8-14 under 35 U.S.C. § 112(a) have been fully considered but they are not persuasive.
In particular, Applicant notes that paragraphs 0085, 0088, and 0089 provide a description of steps and an exemplary algorithm used to create the knowledge distillation model and the classification model in such a fashion that is ultimately used to determine a new security policy rule set, which allegedly “directly contradicts the Examiner’s assertion that the specification ‘does not describe any algorithm or steps by which these models can be created.’”.  The Examiner respectfully submits, however, that the rejection is not because the Specification “does not describe any algorithm or steps by which these models can be created”; rather, it is because the Specification does not describe how the new security policy rule set can be created from the any and all models as created at the level of generality as claimed.  That is, with a generic claim, “the specification must demonstrate that the applicant has made a generic invention that achieves the claimed result and do so by showing that the applicant has invented species sufficient to support a claim to the functionally-defined genus” (Ariad, 593 F.3d at 1349, 94 USPQ2d at 1171); See MPEP § 2161.01(I).
In this instance, the Examiner appreciates that the Specification describes a system that:
“based on this analysis and using the database data (e.g., database statistics, operating system statistics, and database security object definitions obtained at step 502 of FIG. 5), the security module 420 creates a machine learning model (e.g., knowledge distillation model 445 of FIG. 4) that receives first groups having a relatively smaller group size (e.g., 901a-c) and that outputs second groups having a relatively larger group size (e.g., 902a-c). The training may utilize a cost function based on the operating system statistics to model, and thus, optimize the computing performance. Paragraph 0089 further describes step 503 as determining the group size using vectorization and a vector relationship map. Paragraph 0089 continues to describe that the [knowledge distillation] model may be created using a feed forward network (FFN) to train a neural network according to algorithms 1001 and 1002”.  (Applicant’s Remarks, 2022-10-17, pp. 11-12)
The Examiner notes, however, that these features (e.g. the model structure or the feed forward network) are not recited in the claims.  Further, the Specification does not provide alternative species to fully support the entire generic claim scope of “determine a new security policy rule set using the classification model”, wherein the classification model is created by “using the second database data and an output of the knowledge distillation model”.  Thus, the Examiner respectfully submits that the rejection is proper.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


Claims 8-14 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement.  The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor at the time the application was filed, had possession of the claimed invention.
Specifically, claim 8 recites the limitations “create a knowledge distillation model using the security policies and the first database data; ... create a classification model using the second database data and an output of the knowledge distillation model; … determine a new security policy rule set using the classification model”, and the specification does not describe the algorithm or steps/procedure taken to perform the creation of the knowledge distillation model and creation of the classification model using the second database data and an output of the knowledge distillation model with sufficient detail so that one of ordinary skill in the art would understand how the inventor(s) intended the function to be performed at the generic level as claimed.   Note that original claims may lack written description when the claims define the invention in functional language specifying a desired result but the specification does not sufficiently describe how the function is performed or the result is achieved or when the original disclosure does not support the scope of the genus claimed; See MPEP § 2161.01(I).
In this instance, the Specification merely provides antecedent support for the limitations in [0078]-[0080], and a more defined embodiment in [0072]-[0074], but does not describe any algorithm or steps by which these models can be created at such a high level of generalization in the manner as claimed such that a new policy rule set can be determined from any classification model generated in the manner as claimed.  Further, the prior art discloses that those of ordinary skill in the art struggle to simply apply a trained machine learning model from one database data instance to another (e.g. Furlanetto [0002]), yet the claims casually recite the creation of a knowledge distillation model and then the creation of a classification model for second database data using the second database data and output from the knowledge distillation model from which a new security policy rule set can be determined.  Thus, the Examiner finds that the Specification does not adequately describe the algorithm required to achieve the generic scope and desired result of the limitations “creating, by the database server, a knowledge distillation model using the security policies and the first database data; ... creating, by the database server, a classification model using the second database data and an output of the knowledge distillation model; … determining, by the database server, a new security policy rule set using the classification model” as required by the written description requirement of 35 U.S.C. 112(a).
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies.  Therefore, they are rejected based on the same rationale as applied to their parent claims above


Claim Analysis - 35 USC § 101
With respect to claims 8-20, the Examiner finds that the claim term “computer readable storage media” is directed towards statutory subject matter.  In particular, the Specification explicitly defines computer readable media to exclude transitory media in [0030].  Thus, the claimed “computer readable storage media” is limited to statutory forms of non-transitory hardware media, as it does not include transitory media.


Allowable Subject Matter
Claims 1-7 and 15-20 are allowed.  Claims 8-14 would be allowable if rewritten or amended to overcome the rejection under 35 U.S.C. 112(a) set forth in this Office action.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Asif et al. (US Pre-Grant Publication No. 20220101184-A1, hereinafter “Asif”) teaches a machine learning model that is pruned (knowledge distillation), wherein the model is optimized based upon hardware specifications and/or related performance requirements.  

Eedarapalli (US Pre-Grant Publication No. 20220094715-A1, hereinafter “Eedarapalli”) teaches access control in a network model, wherein a system may create and manipulate a multi-dimensional model for security and access control policies.  That is, security and access control policies are created based upon the model.

Furlanetto et al. (US Pre-Grant Publication No. 20210350254-A1, hereinafter “Furlanetto”) teaches application of a machine learning model on multiple databases. 
 
The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention.  For example, Asif-Eedarapalli-Furlanetto in combination do not disclose “creating, by the database server, a knowledge distillation model using the security policies and the first database data; ... creating, by the database server, a classification model using the second database data and an output of the knowledge distillation model; … determining, by the database server, a new security policy rule set using the classification model”, within the context of the claimed invention as a whole, as recited in claim 1.
Although Asif discloses knowledge distillation, Asif does not disclose that the generation is based on security policies nor that a classification model generated from the knowledge distillation model is used to determine a new security policy rule set.  The Examiner notes prior art teachings, such as Eedarapalli, which teaches creation of security and access control policies using a model; however, the Examiner notes that Eedarapalli does not disclose that the model is generated using a knowledge distillation model and second database data.  The Examiner further notes that the prior art reflects on the difficulty of even applying a machine learning model on different data, e.g. Furlanetto [0002].  Thus, the Examiner finds that even though the claim elements are known in the art, the prior art does not provide sufficient motivation to be modified and combined in such a way as to render obvious the claimed feature without the usage of impermissible hindsight reasoning.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious “creating, by the database server, a knowledge distillation model using the security policies and the first database data; ... creating, by the database server, a classification model using the second database data and an output of the knowledge distillation model; … determining, by the database server, a new security policy rule set using the classification model”, within the claimed invention as a whole, without the usage of impermissible hindsight reasoning.
The Examiner appreciates and incorporates Applicant’s comments on the Reasons for Allowance – i.e. that the patentability is also for the “combination of features” recited herein (Applicant’s Remarks, 2022-10-17, p. 8).


Examiner Notes
The Examiner left a voicemail with Applicant’s Representative on 2022-10-24 with proposed language to traverse the §112(a) rejection but did not receive a response. 


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/Primary Examiner, Art Unit 2491