Ex Parte Branson et alDownload PDFPatent Trial and Appeal BoardJun 30, 201613150651 (P.T.A.B. Jun. 30, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/150,651 06/01/2011 Michael J. Branson 46296 7590 07/05/2016 MARTIN & ASSOCIATES, LLC P.O. BOX548 CARTHAGE, MO 64836-0548 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. ROC920100118US1 3419 EXAMINER SMITH, BRANNON W ART UNIT PAPER NUMBER 2158 NOTIFICATION DATE DELIVERY MODE 07/05/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): derekm@ideaprotect.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MICHAEL J. BRANSON and JOHN M. SANTOSUOSSO Appeal2015-001362 Application 13/150,651 1 Technology Center 2100 Before KEVIN C. TROCK, MICHAEL M. BARRY, and AARON W. MOORE, Administrative Patent Judges. TROCK, Administrative Patent Judge. DECISION ON APPEAL Introduction Appellants seek review under 35 U.S.C. § 134(a) from the Examiner's Final Rejection of claims 1-7 and 14--21.2 We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 Appellants indicate the Real Party in Interest is International Business Machines Corporation. App. Br. 1. 2 Claims 8-13 are cancelled. App. Br. 2. Appeal2015-001362 Application 13/150,651 Invention The claims are directed to a security mechanism in a database management system that enforces processing restrictions stored as metadata to control how different pieces of a multi-nodal application are allowed to access database data to provide data security. Abstract. Exemplary Claim Exemplary claim 1 is reproduced below with a disputed limitation emphasized: 1. An apparatus comprising: a multi-nodal computer system comprising a plurality of compute nodes, each with a processor and a memory coupled to the processor; a plurality of execution units in the memory of the compute nodes and executed by the processors of the compute nodes; a database connected to the computer system; security restrictions metadata residing in a database table that indicate security relationships of data in the database and execution units, wherein the security relationships include an identity of an execution unit and a logical condition for the execution unit to access the data in the database; and a security mechanism that enforces security of the data in the database by restricting access to the database from the plurality of execution units of the computer system according to the security restrictions metadata. Applied Prior Art The Examiner relies on the following prior art in rejecting the claims: Bapat Cook Lim US 6,236,996B1 US 6,820,082 B 1 US 2008/0091682 Al 2 May 22, 2001 Nov. 16, 2004 Apr. 17, 2008 Appeal2015-001362 Application 13/150,651 David Dobkin, et al., Secure Databases: Protection Against User lnj?uence, 4 ACM Transactions on Database Systems, 97-106 (Mar. 1979) (hereinafter, "Dobkin"). Naser S. Barghouti & Gail E. Kaiser, Concurrency Control in Advanced Database Applications, 23 ACM Computing Surveys, 269-317 (Sept. 1991) (hereinafter, "Barghouti"). Rejections Claims 1, 2, 6, 14--16, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Cook and Bapat. Claims 3, 5, 7, 17, 19, and 21stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Cook, Bapat, and Barghouti. Claims 4 and 18 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Cook, Bapat, Lim, and Dobkin. ANALYSIS We have reviewed the Examiner's rejections and the evidence of record in light of Appellants' arguments the Examiner has erred. We disagree with Appellants' arguments and conclusions. We adopt as our own: ( 1) the findings and reasons set forth by the Examiner in the Action from which this appeal is taken; and (2) the findings and the reasons set forth in the Examiner's Answer. We concur with the conclusions reached by the Examiner and further highlight specific findings and arguments for emphasis as follows. Independent Claims 1 and 14 Appellants contend the Examiner erred in rejecting independent claims 1 and 14 because Cook fails to teach or suggest "wherein the security 3 Appeal2015-001362 Application 13/150,651 relationships include an identity of an execution unit," as recited in independent claim 1, and similarly recited in independent claim 14. App. Br. 5-8; Reply Br. 2--4. Appellants argue that a "user" as taught by Cook may be a human or another computer which is programmed to access a database, but it is not an "execution unit" as claimed, because an "execution unit" is software code that is executed. App. Br. 5, 6. We disagree. The Examiner finds, and we agree, that Cook teaches "wherein the security relationships include an identity of an execution unit." Final Act. 3 (citing Cook col. 4, 11. 55---63). The relevant portion of Cook states: It is to be understood that the user may be a human accessing the data through a computer, or another computer which has been programmed or instructed to gather information from the database. Whether the user is a human, computer, or interface port it is identifiable by a user ID. Cook col. 4, 11. 54---61. The Examiner notes, and we agree, that Appellants provide no explicit, limiting definition for the recitation "identity of an execution unit." Ans. 3. The Examiner reasons, and we agree, that in Cook it is a computer program, not a human being directly, that is permitted or denied access to a database, based upon the user ID. Ans. 4. Therefore, one of ordinary skill in the art would understand Cook to teach or suggest that the user ID relates to or identifies the human, the computer, or the software code seeking access to the information contained in a database. Accordingly, we are not persuaded by Appellants' argument that the Examiner erred in finding Cook teaches or suggests "wherein the security relationships include an identity of an execution unit," as recited in independent claim 1, and similarly recited in independent claim 14. Therefore, we sustain the Examiner's rejection of claims 1 and 14. 4 Appeal2015-001362 Application 13/150,651 Dependent Claims 6 and 20 Appellants contend the Examiner erred in rejecting dependent claims 6 and 20 because Cook fails to teach or suggest 11 a query to some database data is restricted when an execution unit has a specific value in the query being processed, 11 as recited in dependent claim 6, and similarly recited in dependent claim 20. App. Br. 9; Reply Br. 4, 5. Appellants argue that restriction of the query deals with access, while Cook deals with controlling changes made by a user. App. Br. 9; Reply Br. 5. The Examiner finds, however, and we agree, that Cook teaches "a security mechanism that enforces security of the data in the database by restricting access to the database" where "a rule engine has rules, requirements, and triggers, and controls access to data requested by the user based on the security metadata." Final Act. 3, 4 (citing Cook col. 5, 11. 40- 55) (emphasis added). Contrary to Appellants' argument, Cook's disclosure of controlling access teaches or suggests restricting a query's access to the data residing in the database based on a value in the query. See also Cook, col. 6, 11. 12-30. Accordingly, we are not persuaded by Appellants' argument that the Examiner erred in finding Cook teaches or suggests 11 a query to some database data is restricted when an execution unit has a specific value in the query being processed, 11 as recited in dependent claim 6, and similarly recited in dependent claim 20. Therefore, we sustain the Examiner's rejection of claims 6 and 20. Dependent Claims 3 and 17 Appellants contend the Examiner erred in rejecting dependent claims 3 5 Appeal2015-001362 Application 13/150,651 and 1 7 because Barghouti fails to teach or suggest "wherein the security restrictions metadata specifies that a first execution unit cannot run concurrently with a second execution unit," as recited in dependent claim 3, and similarly recited in dependent claim 17. App. Br. 10, 11; Reply Br. 6, 7. Appellants argue that Barghouti does not teach a security restriction but, instead, merely maintaining data consistency when two users access the same data. App. Br. 10. Appellants argue Barghouti, at best, teaches to insure that the data is correct when two processing units concurrently access the data but teaches nothing about restricting concurrent access. App. Br. 11. Appellants also argue that "transactions," as used by the references, are not "execution units." Id. The Examiner finds, however, and we agree, that "Barghouti teaches concurrency control policies in a database system that utilizes transactions to ensure that an execution unit of one transaction does not run at the same time as another transaction." Final Act. 7. The Examiner finds, and we agree, Barghouti expressly states, the "mechanism forces a transaction T 1 requesting to access a data item x that is being held by another transaction T2 to wait until T2 terminates." Ans. 6 (quoting Barghouti, p. 276). Barghouti thus teaches that a first transaction (T 1 - a query) must wait, and therefore cannot run, until a second transaction (T2) terminates. The Specification explains that an execution unit includes at least one query. See Ans. 6, 7; Spec. i-f 18 ("The execution unit 123 includes at least one query 124 that queries a database 125"). Therefore, Appellants' argument that the Examiner erred because "transactions" are not "execution units" is unpersuasive. Accordingly, we are not persuaded by Appellants' argument that the 6 Appeal2015-001362 Application 13/150,651 Examiner erred in finding Barghouti teaches or suggests "wherein the security restrictions metadata specifies that a first execution unit cannot run concurrently with a second execution unit," as recited in dependent claim 3, and similarly recited in dependent claim 17. Therefore, we sustain the Examiner's rejection of claims 3 and 17. Dependent Claims 5 and 19 Appellants contend the Examiner erred in rejecting dependent claims 5 and 19 because Barghouti fails to teach or suggest "a query to some database data is restricted when a specified number of execution units accessing the first database table exceeds a specified threshold number of execution units," as recited in dependent claim 5, and similarly recited in dependent claim 19. App. Br. 12; Reply Br. 7, 8. Appellants argue that nothing in Barghouti teaches or suggests a threshold number of execution units (App. Br. 12) and that the default threshold number of "one" taught in Barghouti is not a specified number of execution units as claimed (Reply Br. 7). The Examiner finds, however, and we agree, that Barghouti teaches limiting access to a single transaction at a time (Barghouti, p. 276), and therefore, that Barghouti teaches a "threshold number" of one. Ans. 7. Contrary to Appellants' argument, a single transaction (one) is a specified number within the meaning of claims 5 and 19. Accordingly, we are not persuaded by Appellants' argument that the Examiner erred in finding Barghouti teaches or suggests "a query to some database data is restricted when a specified number of execution units accessing the first database table exceeds a specified threshold number of 7 Appeal2015-001362 Application 13/150,651 execution units," as recited in dependent claim 5, and similarly recited in dependent claim 19. Therefore, we sustain the Examiner's rejection of claims 5 and 19. Dependent Claims 7 and 21 Appellants contend the Examiner erred in rejecting dependent claims 7 and 21 because Barghouti fails to teach or suggest "when a specified connection of an execution unit to a resource is open," as recited in dependent claim 7, and similarly recited in dependent claim 21. App. Br. 13; Reply Br. 8. Appellants argue that nothing in the cited art teaches or suggests the recited limitation (App. Br. 13) and that simple access, such as read/write access, may be a one-time event and does not necessarily require a specified connection (Reply Br. 8). The Examiner finds, however, and we agree, that Barghouti teaches excluding access to other transactions when the resource is open (for writing and/or reading) by a transaction. Ans. 7, 8. The Examiner explains that it is common in the art to refer to accessing data as "opening" the data resource. Ans. 7. Accordingly, we are not persuaded by Appellants' argument that the Examiner erred in finding Barghouti teaches or suggests "when a specified connection of an execution unit to a resource is open," as recited in dependent claim 7, and similarly recited in dependent claim 21. Therefore, we sustain the Examiner's rejection of claims 7 and 21. Dependent Claims 4 and 18 Appellants contend the Examiner erred in rejecting dependent claims 4 8 Appeal2015-001362 Application 13/150,651 and 18 because the combination of Lim and Dobkin fails to teach or suggest "wherein the security restrictions metadata specifies that a query to a first table is restricted when an execution unit has accessed a second table within a specified time period," as recited in dependent claim 4, and similarly recited in dependent claim 18. App. Br. 14, 15; Reply Br. 9, 10. Appellants argue that accessing more than a threshold number of times (Lim) combined with a number of allowed queries over a period of time (Dobkin) does not teach or suggest the recited limitation. App. Br. 14. Appellants also argue the Examiner improperly assumes, without support in the references, that accessing a single table teaches access to different database tables. Id. The Examiner finds, however, and we agree, that Lim teaches determining whether a user has accessed a table more than a certain number of times within a specified time period. Dobkin teaches "In a database, a decision must be made whether the entire query should be permitted in the first place. This decision depends not only on the relationship of data elements being interrogated but also on the query history, the information that has already been divulged to the user" (Dobkin: Page 98). Dobkin, at a minimum, teaches deciding whether to permit a query to the database at all, based upon prior actions of the querying user. One having ordinary skill in the art is therefore confronted with two teachings: 1) a security system that detects if a user is trying to access data too often within a time period, and 2) that prior accesses of data may indicate blocking a future query. Data accesses to a database are made to tables. Therefore, in combination, Lim and Dobkin teach blocking a query (which would be directed to accessing a table) based upon having accessed other data within a specified time period. The claim does not specify whether the first and second tables are different tables. Ans. 8, 9. 9 Appeal2015-001362 Application 13/150,651 Although not expressly relied upon by the Examiner as a basis for the rejection, Cook teaches, as is very well known, that conventional database systems utilize a plurality of tables to store information. See, e.g., Cook col 1, 11. 10-12, 16-18 ("Conventional database systems utilize a plurality of tables to store information such as users, relationship of users, and access privileges of users." "For example, a user retrieves information from tables by entering input that is converted to queries by an application server"). Whether or not the recited first and second tables are the same table, or different tables as Appellants argue, the use of more than one table in a database would not render the claim nonobvious in light of Cook's teaching of the use of a plurality of tables in conventional database systems. [I]f a technique [(e.g. use of more than one table)] has been used to improve one device, and a person of ordinary skill in the art would recognize that it would improve similar devices in the same way, using the technique is obvious unless its actual application is beyond his or her skill. KSR Int'! Co. v. Teleflex Inc., 550 U.S. 398, 417 (2007) (internal citation omitted). Accordingly, we are not persuaded by Appellants' arguments that the Examiner erred in finding the combination of Lim and Dobkin teaches or suggests "wherein the security restrictions metadata specifies that a query to a first table is restricted when an execution unit has accessed a second table within a specified time period," as recited in dependent claim 4, and similarly recited in dependent claim 18. Remaining Claims Appellants have not presented separate, substantive arguments with respect to claims 2, 15, and 16. Accordingly, we sustain the Examiner's 10 Appeal2015-001362 Application 13/150,651 rejection of these claims. See 37 C.F.R. § 41.37(c)(l)(iv). DECISION We AFFIRM the Examiner's rejections of claims 1-7 and 14--21. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 11 Copy with citationCopy as parenthetical citation
