Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 13-19 are objected to because of the following informality.
In claim 13, line 7, “a secure server” should be – the secure server --.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2 and 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Sondhi et al (U.S. Patent Publication 2017/0149837) in view of Chan et al (U.S. Patent Publication 2020/0186359).
Regarding Claim 1, Sondhi teaches a method of performing an action that includes at least one resource, comprising:
receiving a login request in a secure server (figure 2, 210) from a client device (204);
said secure server redirecting (Paragraph [0047]) the login request to an identity provider (220);
said identity provider authenticating said redirected login request (Paragraph [0047]);
said identity provider looking up permissions (Registry 224);
said identity provider generating client authorization credentials (Paragraph [0047], access credentials);
said identity provider transmitting said client authorization credentials to said client device (Paragraph [0047], “server 220 can provide the access token to client application 204”);
said secure server receiving a second login request in the secure server from the client device (Paragraph [0048], “Client application 204 can then attempt to access the particular resources on resource server 210 by presenting the access token”), the second login request comprising:
said client authorization credentials, wherein said client authorization credentials identify a source of the second login request and permission information describing a permission to perform an action on a resource, the client authorization credentials previously created and provided to the client device by the identity provider in response to the redirected login request (as described in Paragraphs [0047] and [0048]);
said secure server validating said client authorization credentials (Figure 2, 214);
said secure server receiving a request to perform an action on the resource (i.e. access a resource);
said secure server determining if the action is permitted according to the permission information of the client authorization credentials (See paragraph [0048] and description of scope of access); and
if the action is permitted, said secure server performing the action on the resource (Paragraph [0048]).
Sondhi does not show that the identity provider includes a hierarchical organization of node resources, even though it does show a resources and scope registry. Chan teaches in Figure 5 that a hierarchical organization of node resources is known in the prior art, specifically in a system for signing data. Each node resource having one or more scopes and one or more attributes, each one or more scopes associated with a scope permission, wherein each node resource is either a management node resource for maintaining the hierarchical organization of the node resources or a configuration node resource for performing an action (See Figure 5 and paragraph [0069]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide the system of Sondhi with the hierarchical organization of node resources as taught by Chan. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the system of Sondhi with the hierarchical organization of node resources as taught by Chan since it would allow the system of Sondhi to be used as a data signing system and the framework of Chan allows companies to structure their data signing permission needs as they see fit.
Regarding Claim 2, Chan teaches the method wherein: the one or more scopes of the node resources each comprise: an admin scope having an admin scope permission permitting a user to modify any scope permission of a node resource associated with the admin scope (See ¶0069: The user with the admin scope permission is authorized to define the hierarchy of the entity (node resources) as well as access and authorize access to any of the entities (node resources) and assign roles to an individual to manage a particular model entity (management node)); a manage scope having a manage scope permission permitting the user to modify a use scope permission of the node resource associated with the manage scope (See ¶0069: The user with the manage scope permission (known as the manager) is assigned to a model entity (management node) and can assign and permit other users to configuration entity (node) associated with the management node) ; the one or more scopes of the configuration node resource further comprise: a use scope having the use scope permission permitting the user to use any configuration of the configuration node resource associated with the use scope (See ¶0070: Users who have the use scope permission are permitted to use any configuration (perform an action) on a configuration entity (node) that they have access to). The reason to combine the references is the same reason used above with respect to claim 1.
Regarding Claim 11, Chan teaches that it is known for client authorization credentials to include an identifier (ID) token identifying the source of a login request (See ¶0053: A hardware crypto token (ID token) contains a certificate and is associated with a username and password. The token identifies the machine (source) of a request, when included in the request). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide the system of Sondhi with an identifier token as taught by Chan. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the system of Sondhi with an identifier token as taught by Chan since Chan teaches this is a known secure method to allow user access.
With regard to claim 12, the combination of Sandhi in view of Chan would make the secure server (Sandhi, 210) a data signing server and the action would be signing the data.
With regard to claims 13 and 14, these claims are the system claims corresponding to method claims 1 and 2 above, and are rejected for the same reasons set forth above.
Claims 3, 4, 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Sondhi in view of Chan as applied to claims 2 and 14 above, and further in view of Aziz et al. (U.S. Patent Publication 2021/0141930). Regarding Claims 3 and 15, Sondhi in view of Chan does not disclose the details of the edit and view scopes. Aziz teaches wherein the one or more scopes of the node resources each further comprise: an edit scope having an edit scope permission permitting the user to edit attributes of the node resource associated with the edit scope (See paragraph 0048: A scope of permission can include allowing users to edit resources); and a view scope having a view scope permission permitting the user to view information defined for node resources associated with the view scope (See paragraph 0048: A scope of permission can include allowing users to view resources).
Therefore, given the teachings as a whole, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide the system of Sondhi in view of Chan with the edit and view scopes as taught by Aziz in order to efficiently assign users with roles and permissions to perform actions, and access resources, when needed/allowed and remove others when they are not needed/allowed.
Regarding Claims 4 and 16, Sondhi teaches determining, in the secure server, if the client authorization credentials are valid (See paragraph [0048] and description of scope of access); and receiving the request in the secure server to perform the action on the resource only if the client authorization credentials are valid, otherwise denying the request (See paragraph [0048] and description of scope of access).
Claims 5-8, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sondhi in view of Chan and Aziz as applied to claims 3 and 15 above, and further in view of Mathew et al. (U.S. Patent Publication 2006/0168186).
Regarding Claims 5, 7 and 17, Sondhi in view of Chan and Aziz does not disclose the details of the administrator. Mathew teaches that if an action is not permitted: accepting, from an administrator, a request to change the permission to permit the action (See paragraph [0009]: The administrator receives a redirected request from a computer that receives a user’s request to perform the blocked (not permitted) action. The administrator verifies the user’s request to perform the action by determining if the user permissions can be changed (the user’s actions can be whitelisted or remain blocked); determining if the requested change of permission is authorized (See paragraph [0010]: Determines if the administrator accepts the user’s request); and if the requested change of permission is authorized, transmitting a request to change the permission to permit the action (See paragraphs [0053]-[0055]: If the administrator accepts (authorize) the request, the server receives a request from the administrator to change/update the permission of the user to allow the user to perform the blocked action).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide the system of Sondhi in view of Chan and Aziz with the administrator features as taught by Mathew; the motivation being to be able to control access permissions to said resources with the usage of role hierarchy authorization.
Regarding Claims 6, 8 and 18, after the permissions are changed, the next login request of Sondhi in view of Chan, Aziz and Mathew (i.e. the third login request) will include authorization credentials identifying a source of the request (i.e. user 202) and the updated permission information to perform an action according to the request to change permission.
Claims 9, 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Sondhi in view of Chan and Aziz as applied to claims 3 and 15 above, and further in view of Noe et al. (U.S. Patent 10,380,369).
Regarding Claims 9, 10 and 19, Sondhi in view of Chan and Aziz does not disclose the details of the parent node and permission inheritance. Noe teaches a parent attribute specifying a parent node (See Col. 11, lines 10-20: Each organization (node resource) has a parent_id (parent attribute) that defines the parent organization (node resource) if present); and a permission inheritance attribute specifying whether a scope permission of the node resource extends to subordinate node resources (See Col.2, lines 5-15: A child organization (node resource) automatically inherits all the privileges of the parent organization (node resource)). Noe further teaches a null parent attribute indicates a hierarchically topmost node (See Col. 11, lines 15-20: The GlobalOrganization (management node resource) is the highest level organization (hierarchically topmost node resource) and thus has a null parent_id (null parent attribute)).
Therefore, given the teachings as a whole, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to provide the system of Sondhi in view of Chan and Aziz with the parent and permission inheritance features as taught by Noe since it is an effective method to assign permissions to node resources.
Response to Arguments
Applicant’s arguments with respect to claims 1-19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM R KORZUCH whose telephone number is (571)272-7589. The examiner can normally be reached Mon.-Fri. 8:00-4:00.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491
Prosecution Insights