DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 16345785 filed on 03/11/2021. Claims 1 and 10 are independent claims. Claims 1-18 have been examined and are pending in this application. This Office Action is made Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/29/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 1- 18 are objected to because of the following informalities:
Regarding claim 1-18, the acronym ‘DB and ID,’ which ‘DB and ID’ are used without spelling out in full at its first occurrence in the claims.  Appropriate correction is required.  




	
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a security policy setting unit [] record” recited in claims 1-6 and 15; “a security software agent [] apply” recited in claims 1, 4, 6-7, 10, 13 and 16; “an audit log collection unit [] collect” recited in claims 1, 5 and 8; “a two-way inquiry tracking unit [] inquire, collate and track” recited in claims 1 and 5; “an application information setting unit [] record and manage” recited in claim 9; “the application information confirmation unit [] inquire” recited in claim 9. 
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-8 and 10-17 are rejected under 35 U.S.C. 103 as being unpatentable over TSURU et al. (“TSURU,” JP 2008250728, published 10/16/2008) in view of Brandt et al. (“Brandt,” US 20120290850, published on 11/15/2012)
Regarding Claim 1;
TSURU discloses a security policy and audit log two-way inquiry, collation, and tracking system comprising (page 9; policy determination is performed by comparing [i.e., two-way inquiry, collation, and tracking] the audit log collected by the log monitoring server with the security policy information read from the policy database): 
a security policy setting unit configured to record a security policy in an integrated security policy history DB by assigning unique policy identification information whenever the security policy is generated and changed (page 7; fig. 5; the security policy generation function generates the security policy information of the database server from the approved access plan information and also generates the security policy information of the database server from the application authentication information),
manage the security policy, and transmit security policy information to a security software agent (page 3; the access plan approval unit includes an access risk allowable value input unit that receives an input of an access risk allowable value related to the access plan information, and the security policy information includes the access risk allowable value; page 6; each procedure of generating information and detecting abnormal access from the actual access record of the application software with respect to the database server by referring to the security policy information is executed. In order to execute each of these procedures, the agent is installed in the database system to be monitored),
wherein the policy identification information consists of a security policy ID or the security policy ID and policy configuration information (page 3; fig. 5; the access plan approval unit includes an access risk allowable value input unit that receives an input of an access risk allowable value related to the access plan information, and the security policy information includes the access risk allowable value; page 8; an access risk table created in advance for each individual database stored in the database server is registered. The access risk table is a “risk” indicating an assumed access risk for each combination of “database name” constructed in the database server, “action name” for each database, “SQL” and “object” indicating the target object. The index is recorded);
the security software agent configured to apply the security policy received by the security policy setting unit and generate an audit log by including the unique security policy ID or the policy configuration information related to the generated log in the log information when a log complying with the security policy or a log violating the security policy is generated (page 6; each procedure of generating information and detecting abnormal access from the actual access record of the application software with respect to the database server by referring to the security policy information is executed. In order to execute each of these procedures, the agent is installed in the database system to be monitored; page 8; the agent is installed on the database system to be monitored and generates an access log every time the database server is accessed [] when the database system to be monitored is started, the process is initialized, and then the initial setting for generating the audit log for the database system is performed);
an audit log collection unit configured to collect the audit log generated by the security software agent (page 8; the agent is installed on the database system to be monitored and generates an access log every time the database server is accessed [] when the database system to be monitored is started, the process is initialized, and then the initial setting for generating the audit log for the database system is performed [] if the received command is the audit log request), the necessary audit log from the database system is obtained. the format is converted, and the audit log is transmitted to the log monitoring server),
extract the security policy ID or the policy configuration information from the audit log (page 9; the policy determination function reads the audit log related to the monitoring target database system; page 11; an audit log having the same DB user name as the DB user name of the application software that performs authentication registration is extracted from the audit log),
collected audit log (page 8; the audit log collector function receives the audit log collected by the agent);
record the audit log and policy identification information in the audit log DB (page 8; the audit log collector function receives the audit log collected by the agent and stores it in the audit log database [] analyzes the audit log recorded in the audit log database; page 9; the policy determination function reads the audit log related to the monitoring target database system); and 
a two-way inquiry tracking unit configured to inquire, collate and track the audit log related to the security policy, and inquire, collate, and track the security policy related to the audit log by comparing the policy identification information recorded in the integrated security policy history DB with the policy identification information recorded in the audit log DB to (page 9; policy determination is performed by comparing the audit log collected by the log monitoring server with the security policy information read from the policy database. Which policy judgment is used is determined by the security policy information read from the policy database. the determination designation of the database to be inspected designated by the security policy information is checked, the corresponding judgment is performed, and the policy violation information is accumulated in the audit log DB).
TSURU discloses collected audit log; record the audit log as recited above, but do not explicitly disclose map collected log to the policy identification information by setting the security policy ID or the policy configuration information as the policy identification information; record the mapped log.
However, in an analogous art, Brandt discloses data management system/method that includes:
map collected log to the policy identification information by setting the security policy ID or the policy configuration information as the policy identification information (Brandt: par 0021; virtual machine create and maintain audit logs [] as logs indicating compliance with security policies; par 0032; mapping comprise a lookup table, index, chart or other computer readable storage which identifies what full data policies are being identified with individual policy tags);
record the mapped log (Brandt: par 0032; mapping comprise a lookup table, index, chart or other computer readable storage which identifies what full data policies are being identified with individual policy tags; mapping may be provided in a memory of comparator).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Brandt with the method/system of TSURU to include map collected log to the policy identification information by setting the security policy ID or the policy configuration information as the policy identification information; record the mapped log. One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).	
	
Regarding Claim 2;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 1, 
TSURU discloses wherein the security policy setting unit generates the policy configuration information that consists of the security policy ID capable of uniquely identifying the security policy or consists of the security policy ID and multiple items (TSURU: page 7; fig. 5; the security policy generation function generates the security policy information of the database server from the approved access plan information and also generates the security policy information of the database server from the application authentication information).
Brandt further discloses maps the security policy ID and the security policy or maps the policy configuration information consisting of the security policy ID and the multiple items with the security policy (Brandt: par 0026; data sets each have metadata identifying policy tags PT1-PT3, respectively; par 0031; mapping of service provider virtual environments E to the controls C provided in each environment, a mapping of policy tags PT to the associated policies P), and records the mapped security policy ID and security policy or records the mapped policy configuration information and security policy in the integrated security policy history DB (par 0038; obtains mapped controls from policy to control mapping. comparator consults mapping to identify what controls are mapped to or satisfy the particular policies P contained or tagged in the metadata that is associated with the data sets received).
One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).


Regarding Claim 3;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 2. 
TSURU discloses wherein the security policy setting unit collects the security policy without the security policy ID of the security software (TSURU: page 7; the approved access plan information includes information of “approver name”, “approver mail address”, and “access risk allowable value” input by the approver in the contents of the registered access plan information is added), sets the policy configuration information consisting of multiple items that includes subject information indicating an actor extracted from the security policy or an access path of the actor (TSURU: page 11; the application authentication information is read from the policy database. Next, only the application DB user account to be determined is extracted; page 7; the approved access plan information includes information of “approver name”, “approver mail address”, and “access risk allowable value” input by the approver in the contents of the registered access plan information is added), object information indicating a target to be accessed through the actor or the access path (TSURU: page 7; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. “access destination DB name”, “access destination host name”, “DB user name” , “IP address”, “terminal name” and “OS user name” to be accessed, “action”, “target object”), action information indicating contents to be executed with respect to the target to be accessed through the actor or the access path (TSURU: page 7; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. Target “work name”, accessor “worker name” and “affiliation”, access “work date/time zone” [] “policy expiration date”).
Brandt further discloses maps the policy configuration information consisting of the security policy ID and the multiple items to the security policy by assigning the security policy ID, and records the mapped policy configuration information and the security policy in the integrated security policy history DB (Brandt: par 0026; data sets each have metadata identifying policy tags PT1-PT3, respectively; par 0031; mapping of service provider virtual environments E to the controls C provided in each environment, a mapping of policy tags PT to the associated policies P; par 0038; obtains mapped controls from policy to control mapping. comparator consults mapping to identify what controls are mapped to or satisfy the particular policies P contained or tagged in the metadata that is associated with the data sets received).  
One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).

Regarding Claim 4;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 3, 
Brandt discloses wherein the security policy setting unit assigns the security policy ID to the security policy of the security software to which the security policy ID is able to be applied (Brandt: par 0026; data sets each have metadata identifying policy tags PT1-PT3, respectively; par 0031; mapping of service provider virtual environments E to the controls C provided in each environment, a mapping of policy tags PT to the associated policies P), records the security policy and the assigned security policy ID in the integrated security policy history DB (Brandt: par 0038; obtains mapped controls from policy to control mapping. comparator consults mapping to identify what controls are mapped to or satisfy the particular policies P contained or tagged in the metadata that is associated with the data sets received), transmits the security policy information including the security policy ID to the security software agent (Brandt: par 0028; policies may be directly included in the metadata and directly attached to the data sets such as with data sets D1-D3. Other policies may be identified or tagged using policy tags PT, such as tags PT1-PT3. Such policy tags PT are included in the metadata and identify or address the actual policies which are stored or provided externally. Once created, each of the data sets and associated metadata is transmitted to comparator), sets the policy configuration information with respect to the security policy of the security software to which the security policy ID is not able to be applied, assigns the security policy ID (Brandt: par 0034; guidance provide a listing of virtual environments or service providers which best satisfy the policy requirements for each data set, including those virtual environments or service providers that satisfy the policy requirements as well as the virtual environments or service providers that may not completely satisfied all of the policy requirements; par 0035; guidance indicate that no current service provider virtual environment satisfies the policy requirements for a particular data set D), records the policy configuration information, the security policy, and the assigned security policy ID in the integrated security policy history DB (Brandt: par 0035; guidance indicate that no current service provider virtual environment satisfies the policy requirements for a particular data set D; par 0036; comparator receives the data sets D and their associated metadata including policies P or policy tags PT), and transmits only the security policy information in which the security policy ID is not included to the security software agent (Brandt: par 0035; guidance indicate that no current service provider virtual environment satisfies the policy requirements for a particular data set D; par 0037; comparator have a prestored lookup table from which comparator retrieves the policies associated with any policy tags in the received data sets. In another implementation, comparator may retrieve from an external source just those policies corresponding to the specific policy tags of the received data sets).
One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).



Regarding Claim 5;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 4, 
Brandt discloses wherein the security policy setting unit maps the security system ID to each security policy for the security software (Brandt: par 0026; data sets each have metadata identifying policy tags PT1-PT3, respectively; par 0031; mapping of service provider virtual environments E to the controls C provided in each environment, a mapping of policy tags PT to the associated policies P), and records the mapped security policy and security system ID in the integrated security policy history DB (Brandt: par 0038; obtains mapped controls from policy to control mapping. comparator consults mapping to identify what controls are mapped to or satisfy the particular policies P contained or tagged in the metadata that is associated with the data sets received), the audit log collection unit maps a security system ID for each audit log, and records the mapped audit log and security system ID in the audit log DB (Brandt: par 0021; virtual machine create and maintain audit logs [] as logs indicating compliance with security policies; par 0032; mapping comprise a lookup table, index, chart or other computer readable storage which identifies what full data policies are being identified with individual policy tags). 
One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).
TSURU further discloses the audit log DB (TSURU: page 8; the audit log collector function receives the audit log collected by the agent and stores it in the audit log database [] analyzes the audit log recorded in the audit log database; page 9; the policy determination function reads the audit log related to the monitoring target database system); the two-way inquiry tracking unit performs a two-way inquiry, collation and tracking between the security policy and the audit log by comparing the security system ID recorded in the integrated security policy history DB with the security system ID recorded in the audit log DB (TSURU: page 9; policy determination is performed by comparing the audit log collected by the log monitoring server with the security policy information read from the policy database. Which policy judgment is used is determined by the security policy information read from the policy database. the determination designation of the database to be inspected designated by the security policy information is checked, the corresponding judgment is performed, and the policy violation information is accumulated in the audit log DB).

Regarding Claim 6;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 1, 
TSURU discloses wherein the security software agent searches for the corresponding log from the security policy information received by the security policy setting unit when the log complying with the security policy or the log violating the security policy is generated (page 5; the agent provides the actual access information of the database server to which the information leakage monitoring system is subject to abnormal access detection based on the information leakage monitoring; the agent is installed on the database system to be monitored and generates an access log every time the database server is accessed, and includes an audit log setting function, an audit log A collection function, an audit log transmission function, and a command processing function are provided).
Brandt further discloses in a case in which the corresponding security policy ID of the log is present, the security software agent records the audit log by including the security policy ID in the log, and in a case in which the corresponding security policy ID of the log is not present in the security policy information as a result of the search, the security software agent records the audit log by including the policy configuration information in the log (Brandt: par 0035; guidance indicate that no current service provider virtual environment satisfies the policy requirements for a particular data set D; par 0036; comparator receives the data sets D and their associated metadata including policies P or policy tags PT; par 0037; comparator have a prestored lookup table from which comparator retrieves the policies associated with any policy tags in the received data sets. In another implementation, comparator may retrieve from an external source just those policies corresponding to the specific policy tags of the received data sets; par 0038; obtains mapped controls from policy to control mapping. comparator consults mapping to identify what controls are mapped to or satisfy the particular policies P contained or tagged in the metadata that is associated with the data sets received).
  One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).

Regarding Claim 7;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 6, 
Brandt discloses wherein, in a case in which the security software agent is not able to include the security policy ID in the log (Brandt: par 0034; guidance provide a listing of virtual environments or service providers which best satisfy the policy requirements for each data set, including those virtual environments or service providers that satisfy the policy requirements as well as the virtual environments or service providers that may not completely satisfied all of the policy requirements; par 0035; guidance indicate that no current service provider virtual environment satisfies the policy requirements for a particular data set D),
One would have been motivated to define or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified (Brandt: abstract).
TSURU further discloses the security software agent records the audit log by including the policy configuration information that contains subject information indicating an actor extracted from the security policy or an access path of the actor (TSURU: page 8; the audit log collector function receives the audit log collected by the agent and stores it in the audit log database [] analyzes the audit log recorded in the audit log database; page 9; the policy determination function reads the audit log related to the monitoring target database system; page 11; the application authentication information is read from the policy database. Next, only the application DB user account to be determined is extracted; page 7; the approved access plan information includes information of “approver name”, “approver mail address”, and “access risk allowable value” input by the approver in the contents of the registered access plan information is added), object information indicating a target to be accessed through the actor or the access path (TSURU: page 7; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. “access destination DB name”, “access destination host name”, “DB user name” , “IP address”, “terminal name” and “OS user name” to be accessed, “action”, “target object”),  action information indicating contents to be executed with respect to the target to be accessed through the actor or the access path (TSURU: page 7; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. Target “work name”, accessor “worker name” and “affiliation”, access “work date/time zone” [] “policy expiration date”), and permission/denial information indicating whether to permit or deny contents to be executed with respect to the target to be accessed (TSURU: pages 12-13; monitors the audit log database, and when a new incident occurs, the related information is acquired from the audit log database and displayed on the monitoring terminal. The supervisor who has received the audit report determines that an emergency response is made when there is a problem with the reporter, and blocks the connection from the terminal of the accessor who created the cause of the alert, Implement the setting to deny subsequent access using the monitoring function).

Regarding Claim 8;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 1, 
TSURU discloses wherein, in a case in which the security policy ID is recorded in the collected audit log (TSURU: page 8; the audit log collector function receives the audit log collected by the agent and stores it in the audit log database [] analyzes the audit log recorded in the audit log database; page 9; the policy determination function reads the audit log related to the monitoring target database system), the audit log collection unit extracts the security policy ID and uses the security policy ID as the policy identification information (TSURU: page 9; the policy determination function reads the audit log related to the monitoring target database system; page 11; an audit log having the same DB user name as the DB user name of the application software that performs authentication registration is extracted from the audit log), and in a case in which the security policy ID is not recorded in the collected audit log (TSURU: page 11; detected from the specific log for each classified session. The execution order of the SQL statements after the start marker and the time interval are compared, and whether or not the access is from an authenticated application is determined based on the similarity. If the similarity cannot be confirmed), the audit log collection unit extracts the policy configuration information, inquires the integrated security policy history DB by using the policy configuration information, obtains the security policy ID, and uses the security policy ID as the policy identification information (TSURU: page 9; the policy determination function reads the audit log related to the monitoring target database system; page 11; an audit log having the same DB user name as the DB user name of the application software that performs authentication registration is extracted from the audit log; page 7; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. “access destination DB name”, “access destination host name”, “DB user name” , “IP address”, “terminal name” and “OS user name” to be accessed, “action”, “target object”).

Regarding Claim 10;
This Claim recites a method that perform the same steps as system of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  



Regarding Claim 11;
This Claim recites a method that perform the same steps as system of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 12;
This Claim recites a method that perform the same steps as system of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 13;
This Claim recites a method that perform the same steps as system of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  

Regarding Claim 14;
This Claim recites a method that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  




Regarding Claim 15;
This Claim recites a method that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  

Regarding Claim 16;
This Claim recites a method that perform the same steps as system of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 17;
This Claim recites a method that perform the same steps as system of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over TSURU et al. (JP 2008250728) in view of Brandt et al. (US 20120290850) and further in view of Giles et al. (“Giles,” US 9,559,800, published on 01/31/2017)


Regarding Claim 9;
The combination of TSURU and Brandt disclose the security policy and audit log two-way inquiry, collation, and tracking system of claim 1, 
an application information setting unit configured to record and manage information including an application ID, applicant information of the security policy, and security policy application contents in an application information DB (TSURU: page 7; fig. 5; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. “access destination DB name”, “access destination host name”, “DB user name” , “IP address”, “terminal name” and “OS user name” to be accessed, “action”, “target object [] the security policy generation function generates the security policy information of the database server from the approved access plan information and also generates the security policy information of the database server from the application authentication information), wherein the corresponding application ID applying the security policy is assigned to each security policy in the integrated security policy history DB (TSURU: page 7; fig. 5; access plan information is for an access person to input plan information regarding the access prior to accessing the database system. “access destination DB name”, “access destination host name”, “DB user name” , “IP address”, “terminal name” and “OS user name” to be accessed, “action”, “target object [] the security policy generation function generates the security policy information of the database server from the approved access plan information and also generates the security policy information of the database server from the application authentication information), and wherein the security policy and audit log two-way inquiry, collation, and tracking system further comprises an application information confirmation unit configured to inquire the corresponding application information for the security policy by searching the application information DB based on the application ID in the integrated security policy history DB, or inquire the corresponding application information for the security policy by searching the application information DB based on the application ID after confirming the corresponding application ID for the security policy by searching for the integrated security policy history DB based on the security policy IDs assigned to each audit log in the audit log DB (TSURU: page 7; fig. 5; access plan information is for an access person to input plan information regarding the access prior to accessing the database system [] the security policy generation function generates the security policy information of the database server from the approved access plan information and also generates the security policy information of the database server from the application authentication information; page 9; policy determination is performed by comparing the audit log collected by the log monitoring server with the security policy information read from the policy database. Which policy judgment is used is determined by the security policy information read from the policy database. the determination designation of the database to be inspected designated by the security policy information is checked, the corresponding judgment is performed, and the policy violation information is accumulated in the audit log DB).
The combination of TSURU and Brandt disclose application authentication information as recited above, but do not explicitly disclose application ID.
However, in an analogous art, Giles discloses packet filtering system/method that includes:
application ID (Giles: Col 5, lines 52-55; The process will uniquely identify the application. This application ID is used to look up relevant filter policy that would be stored in a policy table with application ID as the key).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giles with the method/system of TSURU and Brandt to include application ID. One would have been motivated to receive raw packets from the network switch, and apply a filter function to each packet. Configured to dynamically identify the traffic as to which network application it is related, detect any policy against such applications, and then download the related filters (Giles: Col 4, line 63 – Col 5, line 1).
	
Regarding Claim 18;
This Claim recites a method that perform the same steps as system of Claim 9, and has limitations that are similar to Claim 9, thus are rejected with the same rationale applied against claim 9.  


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.W./Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439