DETAILED ACTION
Claims 1-10 are pending in this action.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. In claims 1 and 6, it is unclear how the first permission can be reviewed when it does not exist. Also, it is unclear if the request is for the permission to access some other data or is it for the purpose of viewing the details of the permission. In claims 2 and 7, it is unclear whether approval is determined when the first permission exists or does not exist or both. In claims 3 and 8, the permission table is maintained when the second permission is approved which leads to the conclusion that it is deleted when the second permission is not approved. However, this does not seem to be the case since only the second permission is deleted when not approved. In claims 4 and 9, it is unclear how the first permission can be “stopped from being obtained” when it has already been obtained based on its existence in the permission table. Claims 5 and 10 are rejected based on dependency to claims 1 and 6.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3 and 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Wu (US PGPUB No. 2005/0086536) in view of Miyata et al. (US PGPUB No. 2004/0260948) [hereinafter “Miyata”].
As per claim 1, Wu teaches a method of establishing application permissions, comprising utilizing a computing device to execute the following steps: requesting a first permission (Abstract and [0003], checking a permission for a user request based on user ID); determining whether the first permission exists in a plurality of application permissions in a permission table (Abstract and [0003], determining if the user has a permission); obtaining the first permission when the first permission exists in the plurality of application permissions in the permission table (Abstract and [0003], obtaining the user request permission to permit user to verify and process the request).
Wu does not explicitly teach reviewing the first permission when the first permission does not exist in the plurality of application permissions in the permission table (Examiner Note: There is a 112 rejection regarding the reviewing of first permission when it does not exists. It will be interpreted that this feature is indicating that a potential permission is reviewed while it is not currently in the permission table.). Miyata teaches reviewing the first permission when the first permission does not exist in the plurality of application permissions in the permission table ([0098], reviewing the permission settings if the user ID/name cannot be found).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wu with the teachings of Miyata, reviewing the first permission when the first permission does not exist in the plurality of application permissions in the permission table, to efficiently manage and add access permissions when being verified and requested.
As per claim 2, the combination of Wu and Miyata teaches the method of establishing application permissions of claim 1, further comprising: obtaining the first permission and adding the first permission into the plurality of application permissions in the permission table when the first permission is approved (Miyata; [0005], permission settings are approved by an admin and are also verified by the system for consistency see [0076]); and stopping obtaining the first permission when the first permission is not approved (Miyata; [0005], permissions that are not approved are not implemented into the settings and may be found contradictory to current permissions settings with an error message see [0076] and [0113]).
As per claim 3, the combination of Wu and Miyata teaches the method of establishing application permissions of claim 1, further comprising: reviewing a second permission of the plurality of application permissions in the permission table; maintaining the permission table when the second permission is approved (Miyata; [0005], permissions are approved and added by an admin and are also verified by the system for consistency see [0076]); and deleting the second permission in the permission table when the second permission is not approved (Miyata; [0005], permissions are deleted by an admin and may be found contradictory to current permissions settings with an error message see [0076] and [0113]).
As per claim 6, the substance of the claimed invention is identical to that of claim 1. Accordingly, this claim is rejected under the same rationale.
As per claim 7, the substance of the claimed invention is identical to that of claim 2. Accordingly, this claim is rejected under the same rationale.
As per claim 8, the substance of the claimed invention is identical to that of claim 3. Accordingly, this claim is rejected under the same rationale.
Claims 4 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Wu and Miyata in further view of Chen (TW-201802717-A).
As per claim 4, the combination of Wu and Miyata teaches the method of establishing application permissions of claim 3.
The combination of Wu and Miyata does not explicitly teach wherein the step of deleting the second permission in the permission table further comprises: stopping obtaining or revoking the first permission if the second permission is the same as the first permission. Chen teaches wherein the step of deleting the second permission in the permission table further comprises: stopping obtaining or revoking the first permission if the second permission is the same as the first permission (Page 5, para. 2, revoking in batches one or more permissions with the same attributes).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wu and Miyata with the teachings of Chen, wherein the step of deleting the second permission in the permission table further comprises: stopping obtaining or revoking the first permission if the second permission is the same as the first permission, to efficiently manage and remove access permissions when being verified and requested.
As per claim 9, the substance of the claimed invention is identical to that of claim 4. Accordingly, this claim is rejected under the same rationale.
Claims 5 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Wu and Miyata in further view of Hecht (US PGPUB No. 2022/0247776).
As per claim 5, the combination of Wu and Miyata teaches the method of establishing application permissions of claim 1.
The combination of Wu and Miyata does not explicitly determining whether to delete a third permission in the permission table; deleting the third permission in the permission table when the third permission is not requested after a threshold time; and maintaining the third permission in the permission table when the third permission is requested. Hecht teaches determining whether to delete a third permission in the permission table ([0067], high risk permissions may need to be removed which include unused permissions see also [0023] and [0041]); deleting the third permission in the permission table when the third permission is not requested after a threshold time ([0051], determining a permission is unused); and maintaining the third permission in the permission table when the third permission is requested ([0067], unused permissions are high risk that may be removed see also [0023] and [0041]).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Wu and Miyata with the teachings of Hecht, determining whether to delete a third permission in the permission table; deleting the third permission in the permission table when the third permission is not requested after a threshold time; and maintaining the third permission in the permission table when the third permission is requested, to efficiently manage and add access permissions when being verified and requested.
As per claim 10, the substance of the claimed invention is identical to that of claim 5. Accordingly, this claim is rejected under the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Beck et al. (US PGPUB No. 2008/0162707), Kettler, III et al. (US PGPUB No. 2003/0101341), Parks et al. (US PGPUB No. 2021/0144144), Shua et al. (US PGPUB No. 2023/0306127), Devarakonda et al. (US PGPUB No. 2024/0005023), Lai et al. ("HBase fine grained access control with extended permissions and inheritable roles," IEEE, Takamatsu, Japan, 2015, pp. 1-5, doi: 10.1109/SNPD.2015.7176198), Calciati et al. ("Automatically Granted Permissions in Android apps: An Empirical Study on their Prevalence and on the Potential Threats for Privacy," IEEE(MSR), Seoul, Korea, Republic of, 2020, pp. 114-124, doi: 10.1145/3379597.3387469), Belim et al. ("Severity Level of Permissions in Role-Based Access Control," arXiv:1812.11404, Dec. 29, 2018) and Solanki et al. ("Resource and Role Hierarchy Based Access Control for Resourceful Systems," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, 2018, pp. 480-486, doi: 10.1109/COMPSAC.2018.10280) all disclose various aspects of the claimed invention including storing permissions and validating and managing the table of permissions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PETER C SHAW/Primary Examiner, Art Unit 2493 September 11, 2025