Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsTorsion Information Security Limited › 18524304
Last updated: April 19, 2026
Application No. 18/524,304

DIGITAL RESOURCE ACCESS CONTROL SYSTEM AND METHOD

Non-Final OA §101§102§112
Filed
Nov 30, 2023
Examiner
MILLER, DANIEL E
Art Unit
2194
Tech Center
2100 — Computer Architecture & Software
Assignee
Torsion Information Security Limited
OA Round
1 (Non-Final)
41%
Grant Probability
Moderate
1-2
OA Rounds
3y 8m
To Grant
78%
With Interview

This examiner grants 41% of cases after interview

+36.9% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 54 resolved cases, 2023–2026

Examiner Intelligence

MILLER, DANIEL E View full profile →
Grants 41% of resolved cases
41%
Career Allow Rate
22 granted / 54 resolved
-14.3% vs TC avg
Strong +37% interview lift
Without
With
+36.9%
Interview Lift
resolved cases with interview
Typical timeline
3y 8m
Avg Prosecution
10 currently pending
Career history
64
Total Applications
across all art units

Statute-Specific Performance

§101
22.3%
-17.7% vs TC avg
§103
38.7%
-1.3% vs TC avg
§102
15.7%
-24.3% vs TC avg
§112
19.6%
-20.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 54 resolved cases

Office Action

§101 §102 §112
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Information Disclosure Statement The information disclosure statement filed 3/7/2024 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed. The IDS cites a search report for GB2218039.2 mailed May 5, 2023 that is 3 pages, but the uploaded NPL is the application for GB2218039.2 itself, rather than the search report. Examiner found a 1 page search report on Global Dossier. This page has been added to prosecution history. If this is the reference that Applicant meant to provide in the IDS, no further action is necessary. If there is a more detailed search report/written opinion (i.e., a 3 page document as noted in the IDS, rather than the 1 page document located in Global Dossier), Applicant still needs to disclose that document. Drawings The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: FIG. 3 has no reference characters and no mentions in the specification. Paragraphs [0051], [0054]-[0056] refer to user interface 126. Adding reference character “126” to FIG. 3 would connect the figure to the rest of the drawings, and clarify the purpose of FIG. 3 in the specification. Additionally, some introduction to FIG. 3 should be made in one or more of paragraphs [0051], [0054]-[0056]. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance. Specification Applicant is reminded of the proper content of an abstract of the disclosure. A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art. If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps. Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length. See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts. Here, the abstract is only 43 words, not meeting the minimum requirement of 50 words. Applicant can fix this issue by including a sentence describing the output of the invention: “The system and method update an access control data structure based on a detected difference or change in attribute of a user.” Additionally, the disclosure is objected to because of the following informalities: In [0042] line 1, “Figures 1 ato3,” should read “Figures 1 to 3”. In [0045] line 5, “server 127” should read “server 106”. In [0048] line 3, “AOE 108” should read “AOE 114”. In [0049] line 6, “AOE 108” should read “AOE 114”. In [0049] line 9, “passes the passes the data” should remove the first “passes the”. Appropriate correction is required. Claim Objections Claims 8, 16-17, and 20 are objected to because of the following informalities: In claim 8, the language “by a, or the, access reporting engine” should read “by an access reporting engine” because the term has not yet been introduced. In claim 16, the language “by a, or the, user” should read “by the at least one user” because the term was introduced as such in claim 10. In claim 17, the language “by a, or the, access reporting engine” should read “by an access reporting engine” because the term has not yet been introduced. In claim 20, “an access detection engine” should read “the access detection engine” because the term is already introduced in claim 19. In claim 20, “the context change detection engine” should read “a context change detection engine” because the term has not yet been introduced. Appropriate correction is required. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: In claim 1 line 2, “an integration layer configured to determine...”; Under (A), “integration layer” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to determine...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 line 4, “an access orchestration engine configured to determine...”; Under (A), “access orchestration engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to determine...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 line 5, “context change detection engine configured to determine...”; Under (A), “context change detection engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to determine...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 line 7, “access control list automation engine configured to update...”; Under (A), “access control list automation engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to update...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 lines 9-14, “context change detection engine is configured to receive..., compare..., and to output...”; Under (A), “context change detection engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to receive..., compare..., and to output...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 lines 15-18, “access orchestration engine is configured to receive..., and determine..., and to send...”; Under (A), “access orchestration engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to receive..., determine..., and to send...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 lines 19-23, “access control list automation engine is configured to update..., and to output...”; Under (A), “access control list automation engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to update..., and to output...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 1 lines 24-29, “integration layer is configured to control..., and to update...”; Under (A), “integration layer” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to control..., and to update...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 2 lines 1-2, “integration layer is configured to interrupt, augment or modify communication...”; Under (A), “integration layer” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to interrupt, augment or modify communication...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 3 lines 1-2, “integration layer is arranged to assume control...”; Under (A), “integration layer” is a generic placeholder; under (B), the generic terminology is modified by functional language “arranged to assume control...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 4 lines 1-2, “integration layer is configured to communicate...”; Under (A), “integration layer” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to communicate...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 5 lines 1-5, “access detection engine configured to receive..., and to analyse...”; Under (A), “access detection engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to receive..., and to analyse...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 5 lines 6-8, “access detection engine further configured to output data...”; Under (A), “access detection engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to output data...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 5 lines 9-11, “access control list automation engine is configured to automate control...”; Under (A), “access control list automation engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “is configured to automate control...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 6 lines 1-2, “access control list automation engine is configured to programmatically create and/or amend...”; Under (A), “access control list automation engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to programmatically create and/or amend...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 7 lines 1-2, “access reporting engine is configured to receive...”; Under (A), “access reporting engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to receive...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 7 lines 3-6, “access reporting engine is configured to generate...”; Under (A), “access reporting engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to generate...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. In claim 9 lines 1-2, “access orchestration engine is configured to receive...”; Under (A), “access orchestration engine” is a generic placeholder; under (B), the generic terminology is modified by functional language “configured to receive...”; and under (C), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Therefore, this limitation is interpreted under 35 U.S.C. 112(f). The specification does not provide an explicit definition. Therefore, the claim term is indefinite under 35 U.S.C. 112(b). Please see the 112(b) rejection below. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 112(a) The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 19-20 are rejected under 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, because the claim purports to invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, but fails to recite a combination of elements as required by that statutory provision and thus cannot rely on the specification to provide the structure, material or acts to support the claimed function. As such, the claim recites a function that has no limits and covers every conceivable means for achieving the stated function, while the specification discloses at most only those means known to the inventor. Accordingly, the disclosure is not commensurate with the scope of the claims. Claim Rejections - 35 USC § 112(b) The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-9 and 11, 13, 16, 17, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. With respect to claims 1-9, In claim 1 line 2, “an integration layer configured to determine...” invokes 35 U.S.C. 112(f). In claim 1 line 4, “an access orchestration engine configured to determine...” invokes 35 U.S.C. 112(f). In claim 1 line 5, “context change detection engine configured to determine...” invokes 35 U.S.C. 112(f). In claim 1 line 7, “access control list automation engine configured to update...” invokes 35 U.S.C. 112(f). In claim 1 lines 9-14, “context change detection engine is configured to receive..., compare..., and to output...” invokes 35 U.S.C. 112(f). In claim 1 lines 15-18, “access orchestration engine is configured to receive..., and determine..., and to send...” invokes 35 U.S.C. 112(f). In claim 1 lines 19-23, “access control list automation engine is configured to update..., and to output...” invokes 35 U.S.C. 112(f). In claim 1 lines 24-29, “integration layer is configured to control..., and to update...” invokes 35 U.S.C. 112(f). In claim 2 lines 1-2, “integration layer is configured to interrupt, augment or modify communication...” invokes 35 U.S.C. 112(f). In claim 3 lines 1-2, “integration layer is arranged to assume control...” invokes 35 U.S.C. 112(f). In claim 4 lines 1-2, “integration layer is configured to communicate...” invokes 35 U.S.C. 112(f). In claim 5 lines 1-5, “access detection engine configured to receive..., and to analyse...” invokes 35 U.S.C. 112(f). In claim 5 lines 6-8, “access detection engine further configured to output data...” invokes 35 U.S.C. 112(f). In claim 5 lines 9-11, “access control list automation engine is configured to automate control...” invokes 35 U.S.C. 112(f). In claim 6 lines 1-2, “access control list automation engine is configured to programmatically create and/or amend...” invokes 35 U.S.C. 112(f). In claim 7 lines 1-2, “access reporting engine is configured to receive...” invokes 35 U.S.C. 112(f). In claim 7 lines 3-6, “access reporting engine is configured to generate...” invokes 35 U.S.C. 112(f). In claim 9 lines 1-2, “access orchestration engine is configured to receive...” invokes 35 U.S.C. 112(f). The claim limitations above invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The disclosure is devoid of any structure that performs the function in the claim. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph. Applicant may: (a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph; (b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)). If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: (a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181. With respect to claims 2, 5, 7, 8, 11, 13, 16, 17, and 20, these claims are rejected under 35 U.S.C.112(b) for using the term “optionally”. The MPEP gives the following advice regarding this terminology: Another alternative format which requires some analysis before concluding whether or not the language is indefinite involves the use of the term "optionally." In Ex parte Cordova, 10 USPQ2d 1949 (Bd. Pat. App. & Inter. 1989) the language "containing A, B, and optionally C" was considered acceptable alternative language because there was no ambiguity as to which alternatives are covered by the claim. A similar holding was reached with regard to the term "optionally" in Ex parte Wu, 10 USPQ2d 2031 (Bd. Pat. App. & Inter. 1989). In the instance where the list of potential alternatives can vary and ambiguity arises, then it is proper to make a rejection under 35 U.S.C. 112(b) and explain why there is confusion. (see MPEP 2173.05(h)(2)). The passage is under the section “Alternative Limitations” of the MPEP. Some ambiguity arises as to whether Applicant is claiming “either Option A or alternatively, Option B”, or “the first part of the claim is necessary for infringement and the “optionally” limitation is not necessary to infringe the claim”. For purposes of examination, the claim limitations using this phrasing will be interpreted as “the first part of the claim is necessary for infringement and the “optionally” limitation is not necessary to infringe the claim”. If this is not the intended claim scope, Applicant should amend to clarify claim scope by either using the term “alternatively” instead or removing the term “optionally” entirely, and making all limitations necessary. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to patent ineligible subject matter. Regarding claims 19-20, these claims are rejected under 35 U.S.C. 101 because they do not conform to one of the four enumerated statutory classes. The current patent eligibility test is described in the MPEP (see MPEP 2106). Under step 1, Examiner must consider whether the claim is directed to a process, machine, manufacture, composition of matter, or an improvement thereof. Here, claims 19-20 are directed to an engine with no physical parts which covers mediums such as signals including data per se and software per se (see MPEP 2106.03). Because software per se is not patent eligible under 35 U.S.C. 101, these claims are rejected under 35 U.S.C. 101 for being patent ineligible. This rejection can be overcome by adding physical components such as a processor and a non-transitory computer readable medium to the system and engine claims, (see Specification [0031]-[0033] and [0061]). Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by "A System for Centralized ABAC Policy Administration and Local ABAC Policy Decision and Enforcement in Host Systems using Access Control Lists" (Ferraiolo). With respect to claim 1, Ferraiolo teaches A digital resource access control system comprising (see FIG. 1 reprinted below with additional labels that match specific processes in the figure to claim limitations, [page 37]): PNG media_image1.png 320 434 media_image1.png Greyscale an integration layer configured to interface with an information management system (integration layer is Agent i labeled (d) in the edited reprint of FIG. 1, and the information management system is the file system of the host system i as shown in FIG. 1, [page 37]); an access orchestration engine configured to determine user access controls (Control Center labeled (b) in edited reprint of FIG. 1 copied from [page 37]; determines access controls through the policy analytics engine, "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]); a context change detection engine configured to determine a change in contextual data related to a given user (Policy and Attribute Administration Point labeled (a) in edited reprint of FIG. 1 copied from [page 37]; “When required, altering the expression of ABAC policy using the policy and attribute administration point of the centralized ABAC system and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3], where the determining/comparing function is taught by the process updating only what is "affected by the alteration"; comparison stated explicitly in the example in section 4.4, FIG. 3 is an original ABAC policy and FIG. 7 is the updated policy where "Under the updated policy, user u3 has been deleted and replaced by user u5", [page 40 col 2 paragraph 2 lines 1-2]); an access control list automation engine configured to update an access control list data structure associated with at least one digital resource (Policy Analytics Engine labeled (c) in edited reprint of FIG. 1 below copied from [page 37]; the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]; in the example in section 4.4, FIG. 8 shows the updated ACLs with u5 for the Loans-2 custom file directory which includes loan-1 file, [page 40]); wherein the context change detection engine is configured to (Policy and Attribute Administration Point labeled (a) in edited reprint of FIG. 1 copied from [page 37]; When required, altering the expression of ABAC policy using the policy and attribute administration point of the centralized ABAC system and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3], where determining refers to what is "affected by the alteration"; in the example in section 4.4, FIG. 3 is an original ABAC policy and FIG. 7 is the updated policy where "Under the updated policy, user u3 has been deleted and replaced by user u5", [page 40 col 2 paragraph 2 lines 1-2]) receive input data relating to at least one attribute associated with at one least user (see arrow labeled a(i) in edited reprint of FIG. 1 copied from [page 37]; in the example in section 4.4, FIG. 3 is an original ABAC policy and FIG. 7 is the updated policy where "Under the updated policy, user u3 has been deleted and replaced by user u5", [page 40 col 2 paragraph 2 lines 1-2]; in the example, u3 has the attributes "Branch2" and "Loan Officer" in FIG. 3, [page 38] and those attributes now belong to u5 in FIG. 7, [page 40]), compare the input data to current attribute data associated with the at least one user (see arrow labeled a(ii) in edited reprint of FIG. 1 copied from [page 37]; When required, altering the expression of ABAC policy using the policy and attribute administration point of the centralized ABAC system and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3], where comparing refers to what is "affected by the alteration") and to output a trigger message comprising the input data to the access orchestration engine in response to detecting a difference between the input data and the current attribute data (see arrow labeled a(iii) in edited reprint of FIG. 1 below copied from [page 37]; and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3]; results of which would be returned to the Control Center, [page 37 col 1 paragraph 4 lines 10-11]); the access orchestration engine is configured to (Control Center labeled (b) in edited reprint of FIG. 1 copied from [page 37]) receive the trigger message (see arrow labeled b(i) in edited reprint of FIG. 1 copied from [page 37]; control center receives the trigger message, "results of which would be returned to the Control Center", [page 37 col 1 paragraph 4 lines 10-11]) and to determine access controls to digital resources based upon input data and to send an update message to the access control list automation engine (see arrow labeled b(ii) in edited reprint of FIG. 1 below copied from [page 37]; determines access controls "in accordance with the ABAC polices": see "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]); the access control list automation engine is configured to (Policy Analytics Engine labeled (c) in edited reprint of FIG. 1 below copied from [page 37]) update at least one access control data structure based upon the update message (see arrow labeled c(i) in edited reprint of FIG. 1 below copied from [page 37]; instructs the Policy Analytics Engine to re-compute ACLs and Groups for affected representations, [page 37 col 2 paragraph 4 lines 2-4]; in the example in section 4.4, the left panel of FIG. 8 shows the updated ACLs generated by the policy analytic engine, [page 40]) and to output the updated at least one access control data structure to the access orchestration engine (see arrow labeled c(ii) in edited reprint of FIG. 1 below copied from [page 37]; this is the "subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]), which is further configured to pass the access control data structure to the integration layer (see arrow labeled c(iii) in edited reprint of FIG. 1 below copied from [page 37]; The main function of Agent software is to translate centralized Control Center administrative commands to native host administrative commands. Although the commands issued to Agent software by the Control Center may be uniform across a variety of Host Systems, Agent software on Host Systems are specific to the ACL, group, and user semantics of a host, in this case, Host System i. Agent software response to the Control Center may be uniform across Host Systems, [page 37 col 2 paragraph 1 lines 4-11]; in the example in section 4.4, the arrow labeled "correspondence" in FIG. 8 shows the updated ACLs generated by the policy analytic engine is configured to pass to the local host system); and the integration layer is configured to (integration layer is Agent i labeled (d) in the edited reprint of FIG. 1 below, and the information management system is the file system of the host system i as shown in FIG. 1, [page 37]) control an access control database of the information management system (see arrow labeled d(i) in edited reprint of FIG. 1 below copied from [page 37]; "Agent software on the Host System with administrative privileges for identifying and viewing repositories and creating, deleting, and updating groups, user identities, and ACLs for repositories", [page 37 col 2 paragraph 1 lines 1-4]; the database comprises the ACLs, groups, user ids shown inside the host system FIG. 1, and the host system is the information management system) and to update the access control database in response to receiving the at least one access control data structure received from the access orchestration engine (see arrow labeled d(i) in edited reprint of FIG. 1 below copied from [page 37]; "Agent software on the Host System with administrative privileges for identifying and viewing repositories and creating, deleting, and updating groups, user identities, and ACLs for repositories", [page 37 col 2 paragraph 1 lines 1-4]; in the example in section 4.4 called "Updating Host Access Control Information", the right panel in FIG. 8 shows the final updated ACLs as they are configured on the local host system, where the logic "automatically updates ACLS on corresponding local repositories", [page 40 col 2 paragraph1 lines 3-4]), such that in use, access to data is controlled in accordance with at least one entry in the access control database (Host System normally implements a File System comprised of repositories of files and directories and normally maintains an access control system with data comprising ACLs, groups, and user identities, [page 37 col 1 paragraph 5]; An ACL is a simple mechanism that dates back to the early 1970s and remains in widespread use to protect resource repositories of varying types (e.g., files and directories). Each resource repository is associated with an ACL that stores the users and their approved access rights for the repository. The list is checked by the access control system to determine if access is granted or denied, [page 35 col 2 paragraph 3 lines 1-6]). With respect to claim 2, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches wherein, the integration layer is configured to interrupt, augment or modify communication between an access control list user interface of the information management system and the access control database of the information management system (To accomplish these functions administrators use administrative commands through calls to the API of the Control Center, [page 37 col 1 paragraph 3 lines 5-8]; and then The main function of Agent software is to translate centralized Control Center administrative commands to native host administrative commands, [page 37 col 2 paragraph 1 lines 4-6) and wherein, optionally, the integration layer is configured to replace, modify or augment an input from the access control list user interface of the information management system to the access control database of the information management system with the at least one access control data structure (To accomplish these functions administrators use administrative commands through calls to the API of the Control Center, [page 37 col 1 paragraph 3 lines 5-8]; and then The main function of Agent software is to translate centralized Control Center administrative commands to native host administrative commands, [page 37 col 2 paragraph 1 lines 4-6; note the data is modified/transformed through three formats, the data is originally input as ABAC policies, which are tuples of access rights as described in section 4.1, [page 38], and eventually transformed into ACLs for each local host as described in sections 4.3 and 4.4, [page 40]). With respect to claim 3, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches wherein, the integration layer is arranged to assume control of the access control database of the information management system (assume control through administrative privileges: “the method implements Agent software on the Host System with administrative privileges for identifying and viewing repositories and creating, deleting, and updating groups, user identities, and ACLs for repositories, [page 37 col 1 paragraph 1 lines 1-4]). With respect to claim 4, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches wherein, the integration layer is configured to communicate with at least one application programming interface (API) of the information management system (the API is the “native host administrative commands”: “The main function of Agent software is to translate centralized Control Center administrative commands to native host administrative commands”, [page 37 col 2 paragraph 1 lines 4-6]). With respect to claim 5, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches comprising an access detection engine configured to (access control system, [page 35 col 2 paragraph 3 line 6]) receive access permissions data from the information management system (see section 4.3 “Creating Host Access Control Data” and FIGS. 5 and 6, [page 40 col 1 paragraphs 2-3] and to analyse the access permissions data to determine if data access corresponds to a user's allowed data access based upon reasons for access provided by the data owner and the attribute data associated with the user (the list is checked by the access control system, [page 35 col 2 paragraph 3 lines 1-7]; a more specific example is given in section 5 shown in FIG. 9, where host user attempts to access host system 1, and “decisions are computed and policy enforced”, [page 41 col 1 paragraph 1 lines 1-3]; summarizing that the ABAC policy which comprises user attributes, access rights, and object attributes is enforce, [page 38 col 1 paragraph 4 lines 1-5] by implementation through ACLs such as the one shown on the right side of FIG. 8, [page 40], which gives the file ‘loan-1’, the group ‘gr-1’, and the permission ‘r’) and wherein, optionally, the access detection engine is further configured to output data detailing access which should not be permitted wherein the attribute data associated with the user and reasons for access provided by the user indicates that said access is impermissible (access is denied, [page 35 col 2 paragraph 3 line 7]) and wherein, optionally, the access control list automation engine is configured to automate control of the access control database of the information management system (the stated purpose of the system, “As the ABAC policy configuration changes, the method updates the ACLs on affected representations and automatically updates corresponding ACLs on local repositories, [Abstract] lines 17-20). With respect to claim 6, Ferraiolo teaches all of the limitations of claim 5, as noted above. Ferraiolo further teaches the access control list automation engine is configured to (Policy Analytics Engine labeled (c) in edited reprint of FIG. 1 copied from [page 37]) programmatically create and/or amend permissions within the access control database (see arrow labeled c(i) in edited reprint of FIG. 1 copied from [page 37]; instructs the Policy Analytics Engine to re-compute ACLs and Groups for affected representations, [page 37 col 2 paragraph 4 lines 2-4]; in the example in section 4.4, the left panel of FIG. 8 shows the updated ACLs generated by the policy analytic engine, [page 40]) in response to messaging from the access orchestration engine (see the arrows between control center and policy engine: "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]). With respect to claim 7, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches an access reporting engine configured to receive a notification from the access detection engine when impermissible access is detected (the Agent receiving “return arrows” in FIG. 1 from the host access control system: “Agent commands to the File System and commands to the host access control system are host-specific. Similarly, status and data returned to the Agent from the File System and access control system status information returned to the Agent are also host specific, [page 37 col 2 paragraph 1 lines 13-16]; situation where access is denied, [page 35 col 2 paragraph 3 line 7]; example shown in FIG. 9, [page 41]) and wherein, optionally, the access reporting engine is configured to generate at least one report detailing at least one of the following: user access permissions, user activity, attribute context, temporal variations in user access permissions, impermissible access (Similarly, status and data returned to the Agent from the File System and access control system status information returned to the Agent are also host specific, [page 37 col 2 paragraph 1 lines 13-16]). With respect to claim 8, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches comprising a user interface arranged to receive user input corresponding to the at least one reason why a user should have access to data (see Host User accessing Host System in Fig. 9, [page 41]; explained as “Host users attempt to access repositories in local host systems as they normally would, and ABAC policies are enforced in those systems in terms of host ACLs managed by the method”, [page 40 col 2 paragraph 4 lines 1-3]; which is through the Windows Operating system, [page 41 col 2 paragraph 3 line 3], which uses a windows to interface with files; the “reason why” is whether the user has permission: the ACL stores the users, and the list is checked, when a file or directory is accessed, [page 3 col 2 paragraph 3]) and wherein, optionally, the user interface is configured to output the at least one report generated by a, or the, access reporting engine (access reporting engine is the file system that returns the status: “Similarly, status and data returned to the Agent from the File System and access control system status information returned to the Agent are also host specific”, [page 37 col 2 paragraph 1 lines 15-18]). With respect to claim 9, Ferraiolo teaches all of the limitations of claim 1, as noted above. Ferraiolo further teaches wherein the access orchestration engine (Control Center labeled (b) in edited reprint of FIG. 1 copied from [page 37]) is configured to receive input data from at least one of the following to determine access controls to digital resources based upon said input data: access detection engine (access control system of the host system, this data passes through the agent from the host system (i.e. “Agent software response”, [page 37 col 2 paragraph 1 line 10]), context change detection engine (see return arrow between Policy and Attribute administration point and Control Center), access control list automation engine (see return arrow between Policy Analytics Engine and Control Center), access reporting engine (file system of the host system, this data passes through the agent from the host system (i.e. “Agent software response”, [page 37 col 2 paragraph 1 line 10]), user interface (see “Administrator” in FIG 1 making commands through the API to the Control Center, [page 37 col 1 paragraph 3 line 5-7]), integration layer (“Agent software response”, [page 37 col 2 paragraph 1 line 10]). With respect to claim 10, Ferraiolo teaches A computer implemented method of controlling access to a digital resource in an information management system by a digital resource access control system comprising the steps of (see FIG. 1 reprinted below with additional labels that match specific processes in the figure to claim limitations, [page 37]; the method includes the steps performed by the system, which includes the processes within each component, and the data passed between components as shown with arrows): PNG media_image1.png 320 434 media_image1.png Greyscale ): Regarding the rest of claim 10, incorporating the rejection of claim 1, claim 10 is rejected for a substantially similar rationale. With respect to claim 11, incorporating the rejections of claim 10 and claim 2, claim 11 is rejected for a substantially similar rationale. With respect to claim 12, incorporating the rejections of claim 10 and claim 4, claim 12 is rejected for a substantially similar rationale. With respect to claim 13, Ferraiolo teaches all of the limitations of claim 10, as noted above. Ferraiolo further teaches analysing the state of the access control database of the information management system, to determine if a user's data access corresponds to a user's allowed data access based upon the attribute data associated with the user (the list is checked by the access control system, [page 35 col 2 paragraph 3 lines 1-7]; a more specific example is given in section 5 shown in FIG. 9, where host user attempts to access host system 1, and “decisions are computed and policy enforced”, [page 41 col 1 paragraph 1 lines 1-3]; summarizing that the ABAC policy which comprises user attributes, access rights, and object attributes is enforce, [page 38 col 1 paragraph 4 lines 1-5] by implementation through ACLs such as the one shown on the right side of FIG. 8, [page 40], which gives the file ‘loan-1’, the group ‘gr-1’, and the permission ‘r’) and optionally further comprising outputting a message to the access orchestration engine detailing the differences between a user's data access and a user's allowed data access, which may include data access which should not be permitted (the Agent receiving “return arrows” in FIG. 1 from the host access control system: “Agent commands to the File System and commands to the host access control system are host-specific. Similarly, status and data returned to the Agent from the File System and access control system status information returned to the Agent are also host specific, [page 37 col 2 paragraph 1 lines 13-16]; situation where access is denied, [page 35 col 2 paragraph 3 line 7]; example shown in FIG. 9, [page 41]). With respect to claim 14, Ferraiolo teaches all of the limitations of claim 10, as noted above. Ferraiolo further teaches automating control of the access control database of the information management system (the stated purpose of the system, “As the ABAC policy configuration changes, the method updates the ACLs on affected representations and automatically updates corresponding ACLs on local repositories, [Abstract] lines 17-20]; see FIG. 1, the File System is the information management system, [page 37 col 1 paragraph 5 lines 1-4]). With respect to claim 15, incorporating the rejections of claim 10 and claim 6, claim 15 is rejected for a substantially similar rationale. With respect to claim 16, Ferraiolo teaches all of the limitations of claim 10, as noted above. Ferraiolo further teaches receiving user input corresponding to the at least one attribute associated with a, or the, user (see arrow labeled a(i) in edited reprint of FIG. 1 copied from [page 37]; in the example in section 4.4, FIG. 3 is an original ABAC policy and FIG. 7 is the updated policy where "Under the updated policy, user u3 has been deleted and replaced by user u5", [page 40 col 2 paragraph 2 lines 1-2]; in the example, u3 has the attributes "Branch2" and "Loan Officer" in FIG. 3, [page 38] and those attributes now belong to u5 in FIG. 7, [page 40]) and optionally comprising receiving user input describing the at least one reason why a user may be permitted to have access to a digital resource (see Host User accessing Host System in Fig. 9, [page 41]; explained as “Host users attempt to access repositories in local host systems as they normally would, and ABAC policies are enforced in those systems in terms of host ACLs managed by the method”, [page 40 col 2 paragraph 4 lines 1-3]; which is through the Windows Operating system, [page 41 col 2 paragraph 3 line 3], which uses a windows to interface with files; the “reason why” is whether the user has permission: the ACL stores the users, and the list is checked, when a file or directory is accessed, [page 3 col 2 paragraph 3]). With respect to claim 17, incorporating the rejections of claim 10 and claim 8, claim 17 is rejected for a substantially similar rationale. With respect to claim 18, incorporating the rejections of claim 10 and claim 9, claim 18 is rejected for a substantially similar rationale. With respect to claim 19, Ferraiolo teaches An access orchestration engine configured to ( PNG media_image1.png 320 434 media_image1.png Greyscale Control Center labeled (b) in edited reprint of FIG. 1 below copied from [page 37]; control center receives the trigger message, "results of which would be returned to the Control Center", [page 37 col 1 paragraph 4 lines 10-11]; and determines access controls through the policy analytics engine, "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]) determine user access controls for at least one digital resource stored in an information management system (determines access controls through the policy analytics engine, "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]) based upon the output of an access detection engine (Policy and Attribute Administration Point labeled (a) in edited reprint of FIG. 1 below copied from [page 37]; When required, altering the expression of ABAC policy using the policy and attribute administration point of the centralized ABAC system and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3], where determining refers to what is "affected by the alteration"; in the example in section 4.4, FIG. 3 is an original ABAC policy and FIG. 7 is the updated policy where "Under the updated policy, user u3 has been deleted and replaced by user u5", [page 40 col 2 paragraph 2 lines 1-2]) which is arranged to compare input data to current attribute data associated with at least one user (see arrow labeled a(ii) in edited reprint of FIG. 1 below copied from [page 37]; When required, altering the expression of ABAC policy using the policy and attribute administration point of the centralized ABAC system and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3], where comparing refers to what is "affected by the alteration") and to output a trigger message comprising the input data to the access orchestration engine in response to detecting a difference between the input data and the current attribute data (see arrow labeled a(iii) in edited reprint of FIG. 1 below copied from [page 37]; and mandating the update of ACLs of each representation affected by the alteration, [page 37 col 1 paragraph 1 bullet 3]; results of which would be returned to the Control Center, [page 37 col 1 paragraph 4 lines 10-11]), and being further configured to pass an access control data structure reflective of the user access controls to an access control database of the information management system (All of the other commands that can performed such as viewing and reading the ABAC policies: “The Policy and Attribute Administration Point implements administrative routines that, when executed, create and delete information stored in the database. These administrative routines may pertain to viewing or reading database information, the results of which would be returned to the Control Center, [page 37 col 1 paragraph 4 lines 6-11]). With respect to claim 20, Ferraiolo teaches all of the limitations of claim 19, as noted above. Ferraiolo further teaches configured to provide instructions to an access control list automation engine configured to (see arrow labeled b(ii) in edited reprint of FIG. 1 below copied from [page 37]; determines access controls "in accordance with the ABAC polices": see "The Control Center, through the Policy Analytics Engine, computes ACLs with required groups for representations in accordance with ABAC Policies and Attributes stored in the database and subsequently creates ACLs for corresponding repositories, creates groups", [page 37 col 2 paragraph 3 lines 1-5]) programmatically create and/or amend entries within the access control database in response to messaging from the access orchestration engine (see arrow labeled c(i) in edited reprint of FIG. 1 below copied from [page 37]; instructs the Policy Analytics Engine to re-compute ACLs and Groups for affected representations, [page 37 col 2 paragraph 4 lines 2-4]; in the example in section 4.4, the left panel of FIG. 8 shows the updated ACLs generated by the policy analytic engine, [page 40]) and... Regarding the rest of claim 20, incorporating the rejection of claim 19 and claim 9, the rest of claim 20 is rejected for a substantially similar rationale. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 2006/0136999 A1 (Kreyscher) - Methods and apparatus, including computer program products, for automatically assigning permissions in a portal system. One or more trusted attribute values associated with a first user of a portal are detected. The detected trusted attribute values associated with the first user are then compared with one or more trusted attribute values associated with a second user of the portal in accordance with a trusted attributes configuration to determine a trust based relationship status. One or more permissions associated with the first user are then assigned, based on the determined trust based relationship status. The portal can be an external facing portal that permits one or more users of an organization to collaborate with one or more users from outside of the organization. Access to information available in the portal and the ability to see other portal users is based on one or more of the permissions assigned to a user, [Abstract]. US 20080022362 A1 (Hinton) - A computer-implemented method for providing synchronized control in a Web services environment, comprising: associating an object in a first object space with an object in a second object space, wherein the first object space is associated with a Web service representation and the second object space is associated with a resource required to implement the Web service; monitoring the first object space for changes to object attributes; upon detecting a change to an object attribute, determining whether the change is associated with the object in the first object space; if the change is associated with the object in the first object space, propagating the change to the object in the second object space so that the first and second object spaces remain synchronized, [claim 16]. US 2019/0312872 A1 (Hydell) - The event trigger engine 44 is invoked by detection of new security events, such as a request to add a user or group to a list of privileged groups. The event trigger engine utilizes event details to identify changes in security settings. Upon identification of changes, the event trigger engine 44 updates a local cache and uploads changes to the to the access control database. For security event triggers, any changes to the attributes specified above are gathered and forwarded by the event trigger engine 44 to the access control database. Each event may also include: (1) time created; (2) SubjectUserSID (Reduced to RID for local accounts); (3) SubjectUserName; and (4) SubjectDomain Name, [0048]. US 2011/0321117 A1 (Nestler) - A method and system for dynamically managing access to assets such as an electronic document or a hardware component, using policies that comprise one or more dynamic access controls, which are linked to data sources such as databases or web services. The access controls are dynamic because, each time the policy is invoked, the policy and its component access controls must be evaluated with respect to the current information in the linked data sources, [Abstract]. US 2013/0091562 A1 (Matsuzawa) - It is an object of the present invention to provide a technique for managing, in a file system that stores past images of a data file, access right to the past images. A computer according to the present invention includes a past access control list in which access right of a user to past images and a period in which the access right is applied are described and validates accessibility to the past images using the past access control list (see FIG. 5), [Abstract]. US 2014/0380417 A1 (Cucinotta) - Access to distributed resources of a network may be controlled by access control data structures that may be customized for a given user or application by taking into consideration a plurality of factors, such as the users and applications seeking access, and the status of a given user or application session. A combination of such parameters may dictate a strict or lenient authentication process, [Abstract]. “Enabling Context-Aware and Privacy-Conscious User Data Sharing” (2004-Hull) - This paper provides detail on two key components of the Houdini framework under development at Bell Labs, that enable context-aware and privacy-conscious user data sharing appropriate for mobile and/or ubiquitous computing. The framework includes an approach for integrating data from diverse sources, for gathering user preferences for what data to share and when to share it, and a policy management infrastructure in the network for enforcing those preferences. The current paper focuses on two components of this infrastructure that are essential for mobile and ubiquitous computing, namely the framework to support self-provisioning of preferences, and the performance of the underlying rules engine, [Abstract]; PNG media_image2.png 390 570 media_image2.png Greyscale , [page 4]. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL MILLER whose telephone number is (408) 918-7548. The examiner can normally be reached on Monday-Friday from 11am to 5pm (PT). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Young, can be reached at telephone number (571) 270-3180. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR to authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /D.M./Examiner, Art Unit 2187 /KEVIN L YOUNG/ Supervisory Patent Examiner, Art Unit 2194
Read full office action

Prosecution Timeline

Nov 30, 2023
Application Filed
Mar 20, 2026
Non-Final Rejection — §101, §102, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/691,096
Patent 12421143
COOPERATIVE OPTIMAL CONTROL METHOD AND SYSTEM FOR WASTEWATER TREATMENT PROCESS
2y 5m to grant Granted Sep 23, 2025
17/307,474
Patent 12406113
COMPUTER-AIDED ENGINEERING TOOLKIT FOR SIMULATED TESTING OF PRESSURE-CONTROLLING COMPONENT DESIGNS
2y 5m to grant Granted Sep 02, 2025
16/278,767
Patent 12204835
STORAGE MEDIUM WHICH STORES INSTRUCTIONS FOR A SIMULATION METHOD IN A SEMICONDUCTOR DESIGN PROCESS, SEMICONDUCTOR DESIGN SYSTEM THAT PERFORMS THE SIMULATION METHOD IN THE SEMICONDUCTOR DESIGN PROCESS, AND SIMULATION METHOD IN THE SEMICONDUCTOR DESIGN PROCESS
2y 5m to grant Granted Jan 21, 2025
18/056,857
Patent 12154663
METHOD OF IDENTIFYING PROPERTIES OF MOLECULES UNDER OPEN BOUNDARY CONDITIONS
2y 5m to grant Granted Nov 26, 2024
16/274,403
Patent 12118279
Lattice Boltzmann Based Solver for High Speed Flows
2y 5m to grant Granted Oct 15, 2024
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
41%
Grant Probability
78%
With Interview (+36.9%)
3y 8m
Median Time to Grant
Low
PTA Risk
Based on 54 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month