DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 22 October 2022 has been considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 26-27, 30-32 and 40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,657,282. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a slight broadening of the subject matter of the claims of the ‘282 Patent and on that basis, the claims of the ‘282 Patent anticipate the claims of the instant application.
As to claims 21, 32 and 40, the ‘282 Patent discloses a method/system/device comprising (Claim 1: A method for controlling access to one or more nodes in a relational graph, comprising): 
receiving a graph query including a security context for accessing nodes in a relational graph (Claim 1: receiving a graph query including a subject security context); 
determining a first node representing the security context denies access to a second node in the relational graph by determining at least one of (Claim 1: determining whether a node in the relational graph denies access to the node, the determining including determining at least one of): 
a deny filter denies access to the second node (Claim 1: (a) whether a deny Approximate Membership Query (AMQ) filter denies access to the node); or 
a query deny list denies access to the second node (Clam 1: b) whether a query deny list denies access to the node); and 
denying access to the second node (Claim 1: denying access to the node if it is determined that the node denies the access). 
As to claim 26, the ‘282 Patent discloses the method of claim 21, wherein a schema for the first node indicates that access to the second node is determined based on whether data in the security context corresponds to an entry in the deny filter or the query deny list (Claim 5: The method of claim 3, whether determining whether the permit Approximate Membership Query (AMQ) filter permits access to the node includes querying the permit AMQ filter with the subject security context, the permit AMQ filter including security contexts that grant access to the node as permitting members).  
As to claim 27, the ‘282 Patent discloses the method of claim 21, wherein the deny filter is an Approximate Member Query (AMQ) filter (Claim 1: (a) whether a deny Approximate Membership Query (AMQ) filter denies access to the node).
As to claim 30, the ‘282 Patent discloses the method of claim 21, wherein the query deny list comprises a plurality of security contexts (Clam 8: The method of claim 1, wherein determining whether the query deny list denies access to the node includes querying the deny list with the subject security context, the deny list including security contexts that deny access to the node).
As to claim 31, the ‘282 Patent discloses the method of claim 30, wherein the plurality of security contexts are denied access to the second node (Claim 8: The method of claim 1, wherein determining whether the query deny list denies access to the node includes querying the deny list with the subject security context, the deny list including security contexts that deny access to the node).  

Claims 21, 26-27, 30-32 and 40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,242,223. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a slight broadening of the subject matter of the claims of the ‘223 Patent and on that basis, the claims of the ‘223 Patent anticipate the claims of the instant application.
As to claims 21, 32 and 40, the ‘883 Patent discloses a method comprising (Claim 1: A method for controlling access to one or more nodes in a relational graph, the method comprising): 
receiving a graph query including a security context for accessing nodes in a relational graph (Claim 1: receiving a graph query including a subject security context); 
determining a first node representing the security context denies access to a second node in the relational graph by determining at least one of (Clam 1: determining whether a node in the relational graph permits access to the node, the determining including determining at least one of): 
a deny filter denies access to the second node (Claim 1: (a) whether a permit Approximate Membership Query (AMQ) filter permits access to the node); or 
a query deny list denies access to the second node (Claim 1: (b) whether a query permit list permits access to the node); and 
denying access to the second node (Claim 1: and permitting access to the node if it is determined that the node permits the access and Claim 2: The method of claim 1, further comprising denying access to the node if it is determined that the node does not permit the access).
As to claim 26, the ‘883 Patent discloses the method of claim 21, wherein a schema for the first node indicates that access to the second node is determined based on whether data in the security context corresponds to an entry in the deny filter or the query deny list (Claim 5: The method of claim 1, further comprising: determining whether the node in the relational graph denies access to the node, the determining including determining at least one of (a) whether a deny Approximate Membership Query (AMQ) filter denies access to the node, or (b) whether a query deny list denies access to the node; and denying access to the node if it is determined that the node denies the access).
As to claim 27, the ‘883 Patent discloses the method of claim 21, wherein the deny filter is an Approximate Member Query (AMQ) filter (Claim 1: (a) whether a permit Approximate Membership Query (AMQ) filter permits access to the node). 
As to claim 30, the ‘883 Patent discloses the method of claim 21, wherein the query deny list comprises a plurality of security contexts (Claim 8: The method of claim 5, wherein determining whether the query deny list denies access to the node includes querying the query deny list with the subject security context, the query deny list including security contexts that deny access to the node).
As to claim 31, the ‘883 Patent discloses the method of claim 30, wherein the plurality of security contexts are denied access to the second node (Claim 8: The method of claim 5, wherein determining whether the query deny list denies access to the node includes querying the query deny list with the subject security context, the query deny list including security contexts that deny access to the node).  
Claims 21-24, 27, 30-37 and 39-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,242,223. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application represent a slight broadening of the subject matter of the claims of the ‘223 Patent and on that basis, the claims of the ‘223 Patent anticipate the claims of the instant application.
As to claims 21, 32 and 40, the ‘223 Patent discloses a method comprising (Claim 1: A method for controlling access to nodes in a relational graph at query time, comprising): 
receiving a graph query including a security context for accessing nodes in a relational graph (Claim 1: receiving a graph query from a subject, including a subject security context, to span the nodes of the relational graph); 
determining a first node representing the security context denies access to a second node in the relational graph (Claim 1: determining whether the access controlled node denies access to the subject based on the subject security context) by determining at least one of: 
a deny filter denies access to the second node (Claim 1: querying a deny Approximate Membership Query (AMQ) filter of the access controlled node with the subject security context, the deny AMQ filter including security contexts that deny access to the access controlled node as denying members); or 
a query deny list denies access to the second node (Claim 1: querying a deny list of the access controlled node with the subject security context, the deny list including the security contexts that deny access to the access controlled node); and 
denying access to the second node (Claim 1: and in response to the deny list indicating that the subject security context is present, denying access to the access controlled node while spanning the relational graph according to the graph query).
As to claim 22, the ‘223 Patent discloses the method of claim 21, wherein the security context corresponds to a personal security context for a user, the personal security context indicating one or more security groups to which the user belongs (Claim 5:  The method of claim 1, wherein the subject security context includes a plurality of security contexts including: personal security contexts, based on a user and user groups of the subject). 
As to claim 23, the ‘223 Patent discloses the method of claim 21, wherein the security context corresponds to a machine security context, the machine security context indicating a device or type of device (Claim 5: The method of claim 1, wherein the subject security context includes a plurality of security contexts including: personal security contexts, based on a user and user groups of the subject; machine security contexts, based on a computing device and software settings of the subject; and access point security contexts, based on a location and connection type of the subject.).
As to claim 24, the ‘223 Patent discloses the method of claim 21, wherein the security context corresponds to an access security context, the access security context indicating a geographic location, a network, or network settings (Claim 5: The method of claim 1, wherein the subject security context includes a plurality of security contexts including: personal security contexts, based on a user and user groups of the subject; machine security contexts, based on a computing device and software settings of the subject; and access point security contexts, based on a location and connection type of the subject).  
As to claim 27, the ‘223 Patent discloses the method of claim 21, wherein the deny filter is an Approximate Member Query (AMQ) filter (Claim 1: querying a deny Approximate Membership Query (AMQ) filter of the access controlled node with the subject security context, the deny AMQ filter including security contexts that deny access to the access controlled node as denying members).  
As to claim 30, the ‘223 Patent discloses the method of claim 21, wherein the query deny list comprises a plurality of security contexts (Claim 1: querying a deny Approximate Membership Query (AMQ) filter of the access controlled node with the subject security context, the deny AMQ filter including security contexts that deny access to the access controlled node as denying members).  
As to claim 31, the ‘223 Patent discloses the method of claim 30, wherein the plurality of security contexts are denied access to the second node (Claim 1: querying a deny Approximate Membership Query (AMQ) filter of the access controlled node with the subject security context, the deny AMQ filter including security contexts that deny access to the access controlled node as denying members).
As to claim 33, the ‘223 Patent discloses the system of claim 32, wherein determining the first node denies access to the second node comprises: querying the deny filter to determine whether the security context is a member of the deny filter; and if it is determined that the security context is a member of the deny filter, querying the query deny list to determine whether the security context is a member of the query deny list (Claim 1:  in response to the deny AMQ filter indicating that the subject security context is not present in the denying members, determining whether the subject security context grants access to the access controlled node; in response to the deny AMQ filter indicating that the subject security context is present in the denying members, querying a deny list of the access controlled node with the subject security context).
As to claim 34, the ‘223 Patent discloses the system of claim 33, wherein determining the first node denies access to the second node further comprises: if it is determined that the security context is not a member of the deny filter, determining whether the first node is associated with a permit filter for the second node (Claim 2: The method of claim 1, wherein determining whether the subject security context grants access to the access controlled node further comprises: querying a permit AMQ filter of the access controlled node with the subject security context, the permit AMQ filter including security contexts that grant access to the access controlled node as permitting members).
As to claim 35, the ‘223 Patent discloses the system of claim 34, wherein: in response to determining that the first node is associated with the permit filter for the second node, querying the permit filter to determine whether the security context is a member of the permit filter (Claim 2: The method of claim 1, wherein determining whether the subject security context grants access to the access controlled node further comprises: querying a permit AMQ filter of the access controlled node with the subject security context, the permit AMQ filter including security contexts that grant access to the access controlled node as permitting members).
As to claim 36, the ‘223 Patent discloses the system of claim 35, wherein: in response to determining that the security context is a member of the permit filter, denying access to the second node (Claim 2: The method of claim 1, wherein determining whether the subject security context grants access to the access controlled node further comprises: querying a permit AMQ filter of the access controlled node with the subject security context, the permit AMQ filter including security contexts that grant access to the access controlled node as permitting members; in response to the permit AMQ filter indicating that the subject security context is not present in the permitting members, denying access to the access controlled node while spanning the relational graph according to the graph query; in response to the permit AMQ filter indicating that the subject security context is present in the permitting members, querying a permit list of the access controlled node with the subject security context, the permit list including the security contexts that grant access to the access controlled node; in response to the permit list indicating that the subject security context is not present, denying access to the access controlled node while spanning the relational graph according to the graph query; and in response to the permit list indicating that the subject security context is present, spanning the access controlled node as part of spanning the relational graph according to the graph query).
As to claim 37, the ‘223 Patent discloses the system of claim 32, wherein: after denying access to the second node, the graph query continues to attempt to span the relational graph without accessing the second node (Claim 1: and in response to the deny list indicating that the subject security context is present, denying access to the access controlled node while spanning the relational graph according to the graph query).
As to claim 39, the ‘223 Patent discloses the system of claim 32, wherein the security context comprises at least two of: a personal security context for a user; a machine security context indicating; or an access security context (Claim 5: The method of claim 1, wherein the subject security context includes a plurality of security contexts including: personal security contexts, based on a user and user groups of the subject; machine security contexts, based on a computing device and software settings of the subject; and access point security contexts, based on a location and connection type of the subject.  
Allowable Subject Matter
Claims 25, 28-29 and 38 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Priority
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Application Publication No. 2013/0246454 by Menten discloses controlling access to nodes in a graph using queries

Conclusion




Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL S MCNALLY whose telephone number is (571)270-1599. The examiner can normally be reached Monday-Friday, 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MICHAEL S. MCNALLY
Primary Examiner
Art Unit 2432



/Michael S McNally/Primary Examiner, Art Unit 2432