Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCharles River Laboratories International Inc. › 18397630
Last updated: April 19, 2026
Application No. 18/397,630

CUSTOMER ACCESS MANAGEMENT SYSTEM AND METHOD

Final Rejection §102
Filed
Dec 27, 2023
Examiner
SHEHNI, GHAZAL B
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Charles River Laboratories International Inc.
OA Round
2 (Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
2y 8m
To Grant
99%
With Interview

Interview Optional

+12.4% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 1068 resolved cases, 2023–2026

Examiner Intelligence

SHEHNI, GHAZAL B View full profile →
Grants 87% — above average
87%
Career Allow Rate
932 granted / 1068 resolved
+29.3% vs TC avg
Moderate +12% lift
Without
With
+12.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 8m
Avg Prosecution
27 currently pending
Career history
1095
Total Applications
across all art units

Statute-Specific Performance

§101
12.1%
-27.9% vs TC avg
§103
38.5%
-1.5% vs TC avg
§102
20.6%
-19.4% vs TC avg
§112
12.9%
-27.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1068 resolved cases

Office Action

§102
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following is a final office action in response to communications received 09/04/2025. Therefore, claims 1-20 are pending and addressed below. Response to Arguments Applicant’s arguments filed 09/04/2025 have been fully considered but they are not persuasive. Applicant argues that Bitterfeld does not disclose (1) each edge specifies an edge value that defines access provided to the user designated as the manager for the respective resources among the resources…(2) modifying the graph structure based on input from the user designated as the manager…. In response to argument (1), Examiner respectfully disagrees. Bitterfeld discloses generate a mapping between the first computer resource and the authentication system…the mapping may indicate that the first computing resource utilizes the authentication system to control access to the first computing resource (interpreted as defines access provided to the user)…the mapping may be visually displayed by discovery application to illustrate each of the first computing resource and the authentication system as nodes…these nodes may be connected to one another by an edge to show that access to the first computing resource is controlled by the authentication system…authentication system may include user pool(s)…user pool(s) may define a plurality of service identifiers usable to access one or more computing resources… authentication system may be configured to issue access tokens in response to receiving authentication credentials that match a record found in user pool(s)…user pool(s) may be used, for example, to provide authentication services to a software application hosted by computing resources of remote computing system…see par. 131, 162. Therefore Examiner maintains that Bitterfeld does disclose this limitation. In response to argument (2), Examiner respectfully disagrees. Bitterfeld discloses a user may manually provide the unique resource identifier of the authentication system, thus initiating discovery and mapping of the authentication system, see par. 163-165. Therefore Examiner maintains that Bitterfeld does disclose this limitation. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Bitterfeld et al (Pub. No. US 2020/0403994). As per claim 1, Bitterfeld discloses a method of controlling access to resources provided to a customer via a host (see par. 71), the method comprising: generating a graph structure defining access control to the resources, the graph structure designating a user associated with the customer as a manager, wherein the graph structure includes a user node associated with the user designated as the manager, resource nodes, each resource node associated with a respective resource among the resources, and edges, each edge extending from the user node associated with the user designated as the manager to each of the resource nodes, each edge specifies an edge value that defines access provided to the user designated as the manager for the respective resource among the resources (…based on or in response to determining that the first and second unique identifiers match, discovery application may be configured to generate a mapping between the first computing resource and the authentication system… the mapping may indicate that the first computing resource utilizes the authentication system to control access to the first computing resource…the mapping may be visually displayed by discovery application to illustrate each of the first computing resource and the authentication system as nodes…these nodes may be connected to one another by an edge to show that access to the first computing resource is controlled by the authentication system…based on or in response to generating the mapping, discovery application and persistent storage may be configured to store the mapping…see par. 131, 162), and modifying the graph structure based on input from the user designated as the manager to modify the access control to the resources (…one or more additional computing resources may be mapped to the authentication system to indicate that these additional computing resources also use authentication system for access control…similarly, further computing resources may be mapped to the first computing resource, thus generating a large map that indicates how each of the computing resources within remote computing system relate to and coordinate with one another…a user may manually provide the unique resource identifier of the authentication system, thus initiating discovery and mapping of the authentication system, see par. 163-165). As per claim 13, Bitterfeld discloses a non-transitory computer-readable medium storing instructions that, when processed by one or more processors, cause the one or more processors to implement a method of controlling access to resources provided to a customer via a host, the method comprising: generating a graph structure defining access control to the resources, the graph structure designating a user associated with the customer as a manager, wherein the graph structure includes a user node associated with the user designated as the manager, resource nodes, each resource node associated with a respective resource among the resources, and edges, each edge extending from the user node associated with the user designated as the manager to each of the resource nodes, each edge specifies an edge value that defines access provided to the user designated as the manager for the respective resource among the resources (…based on or in response to determining that the first and second unique identifiers match, discovery application may be configured to generate a mapping between the first computing resource and the authentication system… the mapping may indicate that the first computing resource utilizes the authentication system to control access to the first computing resource…the mapping may be visually displayed by discovery application to illustrate each of the first computing resource and the authentication system as nodes…these nodes may be connected to one another by an edge to show that access to the first computing resource is controlled by the authentication system…based on or in response to generating the mapping, discovery application and persistent storage may be configured to store the mapping…see par. 131, 162), and modifying the graph structure based on input from the user designated as the manager to modify the access control to the resources (…one or more additional computing resources may be mapped to the authentication system to indicate that these additional computing resources also use authentication system for access control…similarly, further computing resources may be mapped to the first computing resource, thus generating a large map that indicates how each of the computing resources within remote computing system relate to and coordinate with one another…a user may manually provide the unique resource identifier of the authentication system, thus initiating discovery and mapping of the authentication system, see par. 163-165). As per claim 2, Bitterfeld discloses wherein the generating the graph structure includes each edge specifying the edge value to define that the user designated as the manager is permitted to add one or more other user nodes and corresponding edges (see par. 126-127). As per claim 3, Bitterfeld discloses wherein the modifying the graph structure includes adding an additional user node corresponding to an additional user associated with the customer (see par. 164). As per claim 4, Bitterfeld discloses wherein the modifying the graph structure includes obtaining input from the user designated as the manager and adding one or more edges from the additional user node to one or more of the resources and specifying an edge value for each of the one or more edges (see par. 162). As per claims 5, 15, Bitterfeld discloses assigning a token to the additional user associated with the customer when the additional user associated with the customer logs in to access the resources (see par. 139). As per claim 6, Bitterfeld discloses wherein the token is a JavaScript Object Notation (JSON) web token (JWT) (see par. 135). As per claims 7, 16, Bitterfeld discloses wherein the token includes a unique identifier for the additional user associated with the customer and a specification of user interface features available to the additional user associated with the customer (see par. 147). As per claims 8, 17, Bitterfeld discloses obtaining additional input from the user designated as the manager and further modifying the graph structure based on further input from the user designated as the manager (see par. 162-163). As per claim 9, Bitterfeld discloses wherein the further modifying the graph structure includes changing the edge value for one of the one or more edges from the additional user node to one of the one or more resources (see par. 104-105). As per claim 10, Bitterfeld discloses wherein the further modifying the graph structure includes removing the additional user node and the one or more edges from the additional user node (see par. 104-105). As per claims 11, 19, Bitterfeld discloses removing the user node associated with the user designated as the manager from the graph structure to prevent modifying the graph structure based on input from the user designated as the manager (see par. 104-107). As per claims 12, 20, Bitterfeld discloses implementing a Merkel tree to provide decentralized access control to the resources shared by two or more customers, wherein the implementing the Merkel tree provides access control to the resources to one of the two or more customers through an encrypted graph structure not modified by others of the two or more customers (see par. 60, 162-163). As per claim 14, Bitterfeld discloses wherein: the generating the graph structure includes each edge specifying the edge value to define that the user designated as the manager is permitted to add one or more other user nodes and corresponding edges, the modifying the graph structure includes adding an additional user node corresponding to an additional user associated with the customer, and the modifying the graph structure also includes obtaining input from the user designated as the manager and adding one or more edges from the additional user node to one or more of the resources and specifying an edge value for each of the one or more edges (see par. 126-127, 162-164). As per claim 18, Bitterfeld discloses wherein the method further comprises: further modifying the graph structure by changing the edge value for one of the one or more edges from the additional user node to one of the one or more resources, or further modifying the graph structure by removing the additional user node and the one or more edges from the additional user node (see par. 104-105). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892). The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to access management via a graphical specification. Ravizza et al (Pub. No. US 20190251272); “Dynamic Access Control for Knowledge Graph”; -Teaches managing a knowledge graph and more specifically, to a method for dynamic access control to a node in a knowledge graph…see par. 1. Campagna et al (Pub. No. US 2018/0181756); “Amazon Technologies”; -Teaches producing signed attestations as evidence of the integrity of a virtual computing environment…see par. 18. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Dec 27, 2023
Application Filed
Jun 04, 2025
Non-Final Rejection — §102
Sep 04, 2025
Response Filed
Dec 02, 2025
Final Rejection — §102 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/539,533
Patent 12602479
MEASURING CONTAINERS
2y 5m to grant Granted Apr 14, 2026
18/520,830
Patent 12596810
AUTOMATED APPLICATION PROGRAMMING INTERFACE (API) TESTING
2y 5m to grant Granted Apr 07, 2026
17/871,839
Patent 12591682
AUTOMOTIVE SECURE BOOT WITH SHUTDOWN MEASURE
2y 5m to grant Granted Mar 31, 2026
18/154,334
Patent 12591660
DEVICE SECURITY MANAGER ARCHITECTURE FOR TRUSTED EXECUTION ENVIRONMENT INPUT/OUTPUT (TEE-IO) CAPABLE SYSTEM-ON-A-CHIP INTEGRATED DEVICES
2y 5m to grant Granted Mar 31, 2026
18/677,622
Patent 12585741
PASSWORD PROMPT FOR SECURE CAMERA ACTIVATION
2y 5m to grant Granted Mar 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+12.4%)
2y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 1068 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month