Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant's submission filed on 10/22/2025 has been entered. Claims 1-20 are pending.
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 4, 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 10,205,631) in view of Palmer (US 2023/0156011).
Regarding claim 1, Miller discloses a computer-implemented method, comprising:
using a message processing system, receiving and digitally storing a plurality of structured service access policy definitions that correspond to data policies, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on the resource, each of the access policy definitions being associated with a first access key, each of the service access policy definitions being stored in a virtual storage instance (FIG. 1-3, Tables 1 & 2, col. 4, line 35-col. 5, line 8, col. 5, line 59-col. 6, line 40, col. 8, lines 20-24; i.e. the system receives at a node in an internet, application or cellular network, a policy file comprising access policies for resources in the network, wherein the access policies are associated with attributes of profiles, and wherein the profiles are associated with the clients);
using the message processing system, receiving a service request from a client computer, the service request comprising a second access key, and in response to the request, the message processing system accessing the virtual storage instance to read a particular service access policy corresponding to the second access key (FIG. 1-3, col. 4, line 35-col. 5, line 8, col. 8, lines 33-67; i.e. in response to receiving a request from a client including the client identifier to perform a particular operation on a particular resource on the network, the system perform a lookup includes the client identifier, the particular operation and the particular resource);
the message processing system forwarding the service request to a service instance only when the particular service access policy corresponding to the second access key of the service request allows the client computer or a user thereof to access the service instance (FIG. 1-3, col. 4, line 35-col. 5, line 8, col. 5, lines 45-50, col. 8, lines 33-67; i.e. if the client has the permission, the system allows the particular client to perform the particular operation on the particular resource on the network including forwarding to network node(s) to perform the request).
Miller does not explicitly disclose wherein each of the access policy definitions is further associated with one or more roles, the one or more roles relating to types of access to resources, and wherein one or more of the roles are associated with the first access key and one or more other access keys; wherein the first access key and the second access key are associated with an application programming interface (API) and securely generated for a particular application.
However, Palmer discloses wherein each of the access policy definitions is further associated with one or more roles, the one or more roles relating to types of access to resources, and wherein one or more of the roles are associated with the first access key and one or more other access keys (FIG. 1-3, ¶ [0032]-[0034]); wherein the first access key and the second access key are associated with an application programming interface (API) and securely generated for a particular application (FIG. 1-3, ¶ [0032]-[0038]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller and Palmer in order to provide secure delegated access to users and services using a request authorization model having separate control realms (Palmer, ¶ [0002]-[0006]).
Regarding claim 4, Miller in view of Palmer discloses the method of claim 1, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on one or more API calls, methods, functions, virtual storage instances or other resources (Miller, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 11, Miller discloses one or more non-transitory computer-readable storage media storing one or more sequences of instructions which, when executed using one or more hardware processors of a message application processor cause the message application processor to perform:
using a message processing system, receiving and digitally storing a plurality of structured service access policy definitions that correspond to data policies, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on the resource, each of the access policy definitions being associated with a first access key, each of the service access policy definitions being stored in a virtual storage instance (FIG. 1-3, Tables 1 & 2, col. 4, line 35-col. 5, line 8, col. 5, line 59-col. 6, line 40, col. 8, lines 20-24; i.e. the system receives at a node in an internet, application or cellular network, a policy file comprising access policies for resources in the network, wherein the access policies are associated with attributes of profiles, and wherein the profiles are associated with the clients);
using the message processing system, receiving a service request from a client computer, the service request comprising a second access key, and in response to the request, the message processing system accessing the virtual storage instance to read a particular service access policy corresponding to the second access key (FIG. 1-3, col. 4, line 35-col. 5, line 8, col. 8, lines 33-67; i.e. in response to receiving a request from a client including the client identifier to perform a particular operation on a particular resource on the network, the system perform a lookup includes the client identifier, the particular operation and the particular resource);
the message processing system forwarding the service request to a service instance only when the particular service access policy corresponding to the second access key of the service request allows the client computer or a user thereof to access the service instance (Miller, FIG. 1-3, col. 4, line 35-col. 5, line 8, col. 8, lines 33-67; i.e. if the client has the permission, the system allows the particular client to perform the particular operation on the particular resource on the network including forwarding to network node(s) to perform the request).
Miller does not explicitly disclose wherein each of the access policy definitions is further associated with one or more roles, the one or more roles relating to types of access to resources, and wherein one or more of the roles are associated with the first access key and one or more other access keys; wherein the first access key and the second access key are associated with an application programming interface (API) and securely generated for a particular application.
However, Palmer discloses wherein each of the access policy definitions is further associated with one or more roles, the one or more roles relating to types of access to resources, and wherein one or more of the roles are associated with the first access key and one or more other access keys (FIG. 1-3, ¶ [0032]-[0034]); wherein the first access key and the second access key are associated with an application programming interface (API) and securely generated for a particular application (FIG. 1-3, ¶ [0032]-[0038]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller and Palmer in order to provide secure delegated access to users and services using a request authorization model having separate control realms (Palmer, ¶ [0002]-[0006]).
Regarding claim 14, Miller in view of Palmer discloses the one or more non-transitory computer-readable storage media of claim 11, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on one or more API calls, methods, functions, virtual storage instances or other resources (Miller, Tables 1 & 2, col. 8, lines 11-16).
Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 10,205,631) in view of Palmer (US 2023/0156011) and further in view of Golan et al. (US 2020/0099721 hereinafter Golan).
Regarding claim 2, Miller in view of Palmer discloses the method of claim 1, further comprising storing the plurality of structured service access policy definitions in a first global hash map storage (Miller, Tables 1 & 2, col. 2, lines 3-5, col. 7, lines 24-50).
Miller in view of Palmer does not explicitly disclose said storing in storage layer of the virtual storage instance.
However, Golan discloses storing global policies in the storage layer of the virtual storage instance (FIG. 1-3, ¶ [0052]-[0056]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer and Golan in order to improve systems and techniques for policy enforcement techniques that are not so easily bypassed, are cost-effective, and allow an organization to recoup its investment spent developing agent-level security policies (Golan, ¶ [0002]-[0006]).
Regarding claim 12, Miller in view of Palmer discloses the one or more non-transitory computer-readable storage media of claim 11, further comprising sequences of instructions which, when executed using one or more hardware processors of a message application processor cause the message application processor to perform storing the plurality of structured service access policy definitions in a first global hash map storage (Miller, Tables 1 & 2, col. 2, lines 3-5, col. 7, lines 24-50).
Miller in view of Palmer does not explicitly disclose said storing in storage layer of the virtual storage instance.
However, Golan discloses storing global policies in the storage layer of the virtual storage instance (FIG. 1-3, ¶ [0052]-[0056]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer and Golan in order to improve systems and techniques for policy enforcement techniques that are not so easily bypassed, are cost-effective, and allow an organization to recoup its investment spent developing agent-level security policies (Golan, ¶ [0002]-[0006]).
Claims 3, 5-7, 13 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 10,205,631) in view of Palmer (US 2023/0156011), Golan et al. (US 2020/0099721 hereinafter Golan) and further in view of Jain et al. (US 2014/0376367 hereinafter Jain).
Regarding claim 3, Miller in view of Palmer and Golan discloses the method of claim 2, the message processing system comprising at least an edge processor, a public application load balancer that is communicatively coupled to the edge processor and to a plurality of service instances, each of the service instances being hosted or executed using a virtual compute instance, each of the service instances being communicatively coupled to a second global hash map storage layer and a local hash map storage layer, the first global hash map storage layer being communicatively coupled to the edge processor (Miller, FIG. 1, col. 5, lines 1-57, col. 6, lines 1-48); the method further comprising: receiving the service request from the client computer at the edge processor (Miller, FIG. 1-3, col. 5, lines 1-57, col. 8, lines 33-67); the edge processor reading the particular service access policy corresponding to the access second key from the first global hash map storage layer (Miller, FIG. 1-3, Tables 1-2, col. 5, lines 1-57, col. 8, lines 33-67).
Miller in view of Palmer and Golan does not explicitly disclose the edge processor forwarding the service request to the public application load balancer with a new header comprising the particular service access policy corresponding to the second access key.
However, Jain discloses the edge processor forwarding the service request to the public application load balancer with a new header comprising the particular service access policy corresponding to the second workspace identifier (FIG. 4A-B, ¶ [0014]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer, Golan and Jain in order to improve the network flow (Jain, ¶ [0001]).
Regarding claim 5, Miller in view of Palmer, Golan and Jain discloses the method of claim 3, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on one or more API calls, methods, functions, virtual storage instances or other resources (Miller, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 6, Miller in view of Palmer, Golan and Jain discloses the method of claim 5, further comprising a first service instance among the plurality of service instances executing one or more functions, services, data read operations and/or data write operations associated with the request using only API calls, methods, functions, virtual storage instances or other resources that the client computer or a user thereof is allowed to access based on the particular service access policy (Miller, FIG. 1, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 7, Miller in view of Palmer, Golan and Jain discloses the method of claim 5, further comprising a first service instance among the plurality of service instances forwarding the request to a second service instance among the plurality of service instances, as a forwarded request, only when the particular service access policy corresponding to the second access key of the service request allows the client computer or a user thereof to access the second service instance, and including the particular service access policy in the forwarded request (Miller, FIG. 1, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 13, Miller in view of Palmer and Golan discloses the one or more non-transitory computer-readable storage media of claim 12, the message processing system comprising at least an edge processor, a public application load balancer that is communicatively coupled to the edge processor and to a plurality of service instances, each of the service instances being hosted or executed using a virtual compute instance, each of the service instances being communicatively coupled to a second global hash map storage layer and a local hash map storage layer, the first global hash map storage layer being communicatively coupled to the edge processor (Miller, FIG. 1, col. 5, lines 1-57, col. 6, lines 1-48); the method further comprising sequences of instructions which, when executed using one or more hardware processors of a message application processor cause the message application processor to perform: receiving the service request from the client computer at the edge processor (Miller, FIG. 1-3, col. 5, lines 1-57, col. 8, lines 33-67); the edge processor reading the particular service access policy corresponding to the second access key from the first global hash map storage layer (Miller, FIG. 1-3, Tables 1-2, col. 5, lines 1-57, col. 8, lines 33-67).
Miller in view of Palmer and Golan does not explicitly disclose the edge processor forwarding the service request to the public application load balancer with a new header comprising the particular service access policy corresponding to the second access key.
However, Jain discloses the edge processor forwarding the service request to the public application load balancer with a new header comprising the particular service access policy corresponding to the second access key (FIG. 4A-B, ¶ [0014]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer, Golan and Jain in order to improve the network flow (Jain, ¶ [0001]).
Regarding claim 15, Miller in view of Palmer, Golan and Jain discloses the one or more non-transitory computer-readable storage media of claim 13, each of the service access policy definitions comprising at least a policy name, a resource identifier, and an action that is allowed or disallowed on one or more API calls, methods, functions, virtual storage instances or other resources (Miller, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 16, Miller in view of Palmer, Golan and Jain discloses the one or more non-transitory computer-readable storage media of claim 15, further comprising sequences of instructions which, when executed using one or more hardware processors of a message application processor cause the message application processor to perform a first service instance among the plurality of service instances executing one or more functions, services, data read operations and/or data write operations associated with the request using only API calls, methods, functions, virtual storage instances or other resources that the client computer or a user thereof is allowed to access based on the particular service access policy (Miller, FIG. 1, Tables 1 & 2, col. 8, lines 11-16).
Regarding claim 17, Miller in view of Palmer, Golan and Jain discloses the one or more non-transitory computer-readable storage media of claim 15, further comprising sequences of instructions which, when executed using one or more hardware processors of a message application processor cause the message application processor to perform a first service instance among the plurality of service instances forwarding the request to a second service instance among the plurality of service instances, as a forwarded request, only when the particular service access policy corresponding to the second access key of the service request allows the client computer or a user thereof to access the second service instance, and including the particular service access policy in the forwarded request (Miller, FIG. 1, Tables 1 & 2, col. 8, lines 11-16).
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 10,205,631) in view of Palmer (US 2023/0156011), Golan et al. (US 2020/0099721 hereinafter Golan), Jain et al. (US 2014/0376367 hereinafter Jain) and further in view of Gasnier et al. (US 2019/0379748 hereinafter Gasnier).
Regarding claim 8, Miller in view of Palmer, Golan and Jain discloses the method of claim 7.
Miller in view of Palmer, Golan and Jain does not explicitly disclose the message processing system selecting, from the particular service access policy, a particular region identifier of a particular geographic region based on a priority value of the particular geographic region.
However, Gasnier discloses the message processing system selecting, from the particular service access policy, a particular region identifier of the particular geographic region based on a priority value of the particular geographic region (¶ [0007], [0055]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer, Golan, Jain and Gasnier in order to enable a highly-efficient customized information exchange based on an information requester’s geographic location (Gasnier, ¶ [0002]-[0003], [0010]).
Regarding claim 18, see claim 8 above for the same reasons of rejections.
Claims 9-10 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Miller (US 10,205,631) in view of Palmer (US 2023/0156011), Golan et al. (US 2020/0099721 hereinafter Golan), Jain et al. (US 2014/0376367 hereinafter Jain) and further in view of Shetty et al. (US 2023/0419126 hereinafter Shetty).
Regarding claim 9, Miller in view of Palmer, Golan and Jain discloses the method of claim 6.
Miller in view of Palmer, Golan and Jain does not explicitly disclose as part of the executing, selecting a particular communication channel among a plurality of different communication channels, and transmitting a request to the particular communication channel to transmit a message using the particular communication channel.
However, Shetty discloses as part of the executing, selecting a particular communication channel among a plurality of different communication channels, and transmitting a request to the particular communication channel to transmit a message using the particular communication channel (¶ [0009], [0026]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to combine Miller, Palmer, Golan, Jain and Shetty in order to provide fast and efficient communication channel to users by determining an optimal communication channel in an enterprise setting (Shetty, ¶ [0002], [0008]).
Regarding claim 10, Miller in view of Palmer, Golan, Jain and Shetty discloses the method of claim 9, the plurality of different communication channels comprising two or more of SMS; MMS; WHATSAPP; FACEBOOK MESSENGER; WEIXIN/WECHAT; QQ; TELEGRAM; SNAPCHAT; SLACK; SIGNAL; SKYPE; DISCORD; VIBER (Shetty, ¶ [0009], [0026]).
Regarding claim 19, see claim 9 above for the same reasons of rejections.
Regarding claim 20, see claim 10 above for the same reasons of rejections.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311. The examiner can normally be reached Monday-Friday 9-5 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached at (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.D.N/Examiner, Art Unit 2435
/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435