Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is based on the application’s response to restriction requirement filed on 11/18/2025, which claims 1-17 have been elected and presented for examination.
Election/Restrictions
Applicant’s election without traverse of Invention l, claims 1-17, in the reply filed on 10/07/2025 is acknowledged.
Status of Claim
Claims 1-19 are pending in the application. Claims 18 and 9 have been withdrawn in view of applicant’s election.
Priority
This application claims the benefit of priority of U.S. Provisional Patent Application No. 63/406,802, filed September 15, 2022.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/24/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Objections
Claims 1-19 are objected to because of the following informalities:
Applicant is advised to replace all upper case letters in claims with low case letters except for trademarks or trade names.
Claim 1:
Lines 24-25, “the Policy-Set Interface” lacks proper antecedent basis.
Lines 29-30, “the dynamically configurable implementations” lacks proper antecedent basis.
Claim 5:
Line 1, “the step” lacks proper antecedent basis.
Claim 6:
Line 1, “the limit” lacks proper antecedent.
Line 2, replace “a policy” with --the policy--.
Claim 7:
Lines 1-2, “the one or more identities” lacks proper antecedent.
Claim 8:
Line 1, delete “one or more”.
Claims 2-8:
Line 1, replace “A” before “system” with --The--, respectively.
Claim 9:
“the Resource Action inventory Interface” (lines 3-4 and 6), “the Data-Source Integration Interface” (lines 7-8), “the Policy Set Interface” (lines 12-13), and “the Permission Interface” (line 15)lack proper antecedent basis.
Claim 13:
Lines 1-2, “the one or more identities” lacks proper antecedent. Further, line 2, “the one and attributes” should have been --the one or more attributes--and “a” before “policy” should have been --the--.
Claim 14:
Lines 1-2, “the one or more identities” lacks proper antecedent. Further, line 2, “the one and attributes” should have been --the one or more attributes--.
Claim 15:
Line 1, delete “one or more”.
Claims 10-17:
Line 1, replace “A” before “method” with --The--, respectively.
Claim 18:
Line 8, delete parenthesis.
Lines 8, 10, and 11, “the attribute ‘role’” lacks proper antecedent basis.
Line 13, “the layout” and “the application” lack proper antecedent basis.
Claim 19:
Line 1, replace “A” before “method” with --The--.
Appropriate correction is required.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a Resource Action Inventory Interface, configured to receive”, “a Data-Source Integration Interface, configured to receive”, “a Policy-Sets Interface, configured receive” and “a Permissions Interface, configured to receive” in claim 1.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1:
Line 17, “the application” is unclear whether it refers to “an application” in line 5 or 15 of the claim. For the examination purposes, “an application” in line 15 will be treated as --the application--.
Line 21, “the one or more data resources” is unclear whether it refers to “one or more data resources” in lines 6-7 or in line 19 of the claim. For the examination purposes, “one or more data resources” in line 19 will be treated as --the one or more data resources--.
Line 23, “the policy-sets interface” is unclear whether it refers to “a Policy-Sets Interface” in line 8 or in line 22 of the claim. For the examination purposes, “a Policy-Sets Interface” in line 22 will be treated as --the Policy-Sets Interface--.
Claims 2-8 depend on the rejected claim and inherit the same issues.
Allowable Subject Matter
Claim 1 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action.
Claims 2-8 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
Claims 9-19 are allowed.
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with. See 37 CFR 1.111(b) and MPEP § 707.07(a).
Examiner’s Statement of Reason for Allowance
The following is an examiner’s statement of reasons for allowance:
Nguyen et al. (US Pub. No. 2022/0086189 A1 – herein after Nguyen). Nguyen discloses policy monitor 144, Fig. 1, an account is registered with each cloud 128, 132 or 136, and particular cloud-specific APIs are used by policy monitor 144 to retrieve the desired information for monitoring – See paragraphs [0035-0036]. A UI 30 provides a user interface and an API 32 provides an application programmer interface to system 16 resident processes to users and/or developers at user systems 12 – See paragraphs [0061-0062]. Policy input 116 can be in the form of a network design or layout and can be in various formats such as JSON or YAML, which can be used to declare network design attributes as further described and illustrated herein – See paragraphs [0024-0026]. Input parser and converter 104 can be configured to include two sub-components: input parser 104a and common policy builder 104b. In this example, input parser 104a receives and reads policy input 116 in any of a number of available formats – See paragraph [0029]. Policy builder 108 generates cloud-specific policy sets 124 from internal representation 120, and each cloud-specific policy set can be applied to a specific cloud platform such as AWS, GCP or Microsoft Azure – See paragraphs [0028-0030]. Nguyen does not discloses the claim invention.
Lang et al. (US Pub. No. 2015/0269383 A1 – herein after Lang). Lang discloses Policy rules and attributes are parts of ABAC. In ABAC, policy is the representation of rules or relationships that define (by comparing fetched attributes values with values stated in the policy, based on a calculation function) the set of allowable operations (actions) a subject may perform upon an object in permitted environment conditions. Policy rules specify which combinations of calculation results of attributes (types and values) of subjects, objects, operations (actions) and context will result in granting or denying a subject to execute an operation on an object in the given context. An operation (action) is the execution of a function at the request of a subject upon an object (e.g. invoke, read, write, edit, delete, author – See paragraphs [0013-0016]. Low-level policies often include individual policy rules, which are made up of rule elements that are combined (using e.g. AND, OR), and if the entire rule evaluates "TRUE", the stated action is carried out (e.g. ALLOW, DENY, LOG). Attributes used to express low-level policies are called low-level attributes – See paragraphs [0217]. Whenever a participant (e.g. Protected SoS node, user, application) wants to obtain permission for a request, it contacts the ZBAC server to obtain an authorization token, maybe providing the attributes associated with the request (e.g. requesting user, requested resource, context, etc.) – See paragraph [0702]. Lang does not disclose the claim invention.
Sharma (US Pub. No. 2023/0122504 A1 – herein after Sharma). Sharma discloses providing common identity and access management of applications based on role-based access control (RBAC) model and access-based control (ABAC) model. A common model based on the ABAC model is implemented to support RBAC workflows and ABAC workflows. An RBAC management user interface receives the RBAC workflows which are converted to an ABAC model structure and implemented by the common model. An ABAC management user interface receives the ABAC workflows and is implemented by the common model – See Abstract. A set of policies 224 specified in terms of the attributes and conditions (i.e., environment conditions 222). Attributes are defined as characteristics of the subjects 218, objects 220, or environment conditions 222 – See col. 4, lines 19-26. Policies 224 represent rules or relationships that allow for to determine if a requested access by a subject 218 is allowed, considering the values of the attributes of the subject 218, object 220, and environment conditions 222 – See col. 4, lines 27-40. Sharma does not disclose the claim invention.
Gilpin et al. (US Pub. No. 2018/0316676 A1 – herein after Gilpin). Gilpin discloses dynamically providing access control in a network environment, e.g., environments 100, 200, or 300, as discussed above. At step 901, the access control system, e.g., access control system 121, 220, 320, may receive an access notification identifying a request by an identity for access to an access-protected network resource – See paragraph [0130]. Policy is the representation of rules or relationships that define (by comparing fetched attributes values with values stated in the policy, based on a calculation function) the set of allowable operations (actions) a subject may perform upon an object in permitted environment conditions. Policy rules specify which combinations of calculation results of attributes (types and values) of subjects, objects, operations (actions) and context will result in granting or denying a subject to execute an operation on an object in the given context – See paragraph [0015]. Gilpin does not disclose the claim invention.
Regarding claims 1 and 9, the prior art of record when viewed individually or in combination does not render obvious the features/steps of claims 1 and 9:
receiving one or more layout elements for an application from an author at the Resource Action Inventory Interface;
mapping a layout of the application from the one or more layout elements received at the Resource Action Inventory Interface;
receiving one or more data sources from the author at the Data-Source Integration Interface;
identifying one or more attributes in data present in the one or more data sources;
generating a Policy-Sets Interface based on the identified one or more attributes;
receiving one or more rules from the author at the policy-sets interface;
creating one or more policy sets from the one or more rules received at the Policy- Set Interface;
receiving an assignment of dynamically configurable implementations from the author for the one or more policy sets at the Permissions Interface;
evaluating the one or more policy sets using the dynamically configurable implementations to identify one or more dynamically permitted policy sets;
applying the one or more dynamically permitted policy sets to the layout of the application at the Permissions Interface; and
generating a dynamic authorization implementation.
Such combination/render obvious features are allowed over prior art of record.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hinrichs et al. (US Patent No. 11,853,463 B1) discloses enforcing policies for authorizing API (Application Programming Interface) calls to an application operating on a host machine. The method receives a request to authenticate a client attempting to gain access to the application, and authenticates the client based on a first set of parameters associated with the request. Using a second set of parameters associated with the request, the method evaluates a set of one or more policies associated with a set of one or more API calls to the application. Based on the evaluated policies, the method defines a third set of one or more authentication field parameters that control the API calls that the client is authorized to make to the application. The method sends an authentication reply message with the defined third set of authentication field parameters in order to control the API calls that the client is authorized to make – See Abstract and specification for more details.
Sandall et al. (US Pub. No. 2021/0365571 A1) discloses evaluating a policy for authorizing an API (Application Programming Interface) call to an application. Based on a first set of parameters available before receiving the API call, the method evaluates only a portion of the policy to produce a partially evaluated policy. The method stores the partially evaluated policy in a cache. The method then receives an API call to authorize, and determines whether the API call should be authorized by fully evaluating the policy, using the partially evaluated policy retrieved from the cache first storage, and a second set of parameters associated with the API call. The method responds to the API call with a policy decision based on the fully evaluated authorization policy – See Abstract and specification for more details.
Sabrina Sicari (Dynamic Policies in Internet of Things: Enforcement and Synchronization, 2017) discloses adequate policies must be correctly distributed and applied to the information made available by the IoT network to secure the data themselves and to regulate the access to the managed resources over the whole IoT system. Policies mainly involve the access to resources and are usually established by system administrators in accordance with the rules of each specific domain – See Abstract and specification for more details.
Bill Tarr (Isolating SaaS Tenants with Dynamically Generated IAM policies) discloses how dynamic policy generation creates a more scalable and manageable isolation experience. This post focuses on the foundations of this experience, illustrating techniques for introducing the mechanisms needed to support dynamic policy generation – See page1.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONGBAO NGUYEN whose telephone number is (571)270-7180. The examiner can normally be reached Monday-Friday 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached at 571-272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MONGBAO NGUYEN/ Examiner, Art Unit 2192