DETAILED ACTION
This office action is in response to the RCE filed 12/31/2025. Claims 1-20 are examined and pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/31/2025 has been entered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-12, 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Koch in view of Cavalcanti et al. (U.S. 2016/0203444 A1, hereinafter “Cavalcanti”) in further view of Frank et al. (U.S. 2016/0203444 A1, hereinafter “Frank”).
As to claims 1, 11 and 18, Koch discloses a data processing system comprising: a processor; and a memory in communication with the processor, the memory comprising executable instructions that, when executed by the processor alone or in combination with other processors, cause the data processing system to perform functions of:
generating, via a group management system, a group in a collaborative environment provided in an application by generating a group instance for the group, the group instance allowing different roles to be assigned to different members within the group (para. [0022]; discloses cloud platform application can create and assign roles to user groups), different roles having different access rights associated therewith, the access rights controlling access to resources in the collaborative environment (para. [0022] discloses custom roles being defined in the cloud platform and can be associated with an object or artifact type privilege . For example a role can define a privilege of accessing message trace artifacts, attachments or some other type of artifact);
the different roles assigned to members within the group providing different access rights to the one or more resources of the group connected resource instance (para. [0041]; discloses assigning different role to the CPI users that are granted access based on the access policy ); and
retrieving one or more roles and one or more access rights associated with the one or more roles from an application manifest of the application (para. [0047]-[0048]; discloses role assignments for the first user are retrieved from a cloud platform and the role assignments grant permission to the application artifact type to the user );
storing the retrieved one or more roles and the one or more access rights associated with the one or more roles into an access control list for the group instance (para. [0024]; discloses correlate the access policy 110 to the custom role 108, to configure the role to apply to certain artifact instances of a given type. Accordingly, the access policy 110 can be used for instance-based authorizations. The access policy 110 can store a list of permissions 114 that can be used to guard access to artifact instances and associated data. For example, the access policy 110 can have multiple entries, and each entry can represent permissions 114 associated with an artifact instance 116 or resulting data of an integration flow);
storing the one or more roles and one or more access rights associated with the one or more roles for the group connected resource instance into an access control list for the group connected resource instance (para. [0024]; discloses storing a list of permissions that include access policy that can have multiple entries and can have permissions associated with an artifact instance that correlates access policy to the custom role).
However, Koch does not disclose the system wherein generating a group connected resource instance for the group instance based on the application manifest, the group connected resource instance connecting one or more resources in a cloud of the collaborative environment to the group.
In analogous art, Cavalcanti discloses generating a group connected resource instance (application instance) for the group instance (organization) based on the application manifest (para. [0117]; discloses application instances associated with an organization in an application management system based on centralized access permissions management), the group connected resource instance connecting one or more resources in a cloud of the collaborative environment to the group (para,. [0120]; discloses application instance identifier for each application instance associated with domain),
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Koch by incorporating generating application instances that are associated with the domain as taught by Cavalcanti in order to reduce computing resource consumption by the product access configuration server by generating a domain permissions profile and enabling role-based domain access permissions at the organization level. (Cavalcanti, para. [0049])
As to claim 2, Koch- Cavalcanti discloses the data processing system of claim 1, wherein the application manifest stores a configuration change for the application that identifies the application as utilizing roster scoped roles for groups created by the application (Koch, para. [0041]; disclose configuring a rule that when applied allows only users with the role to access integration flow instances that been developed for HR data for the German line of business can be saved in the access policy).
As to claim 3, Koch-Cavalcanti discloses the data processing system of claim 1, wherein an application manifest stores a list of roles and their associated access rights for roles supported by the application (Koch, para. [0024]; discloses the application administrator can correlate the access policy to the custom role , to configure the role to apply to certain artifact instances of a given type. The access policy can store a list of permissions that can be used to guard access to artifact instances and associated data. For example, the access policy can have multiple entries, and each entry can represent permissions associated with an artifact instance or resulting data of an integration flow).
As to claim 4, Koch- Cavalcanti discloses the data processing system of claim 1, wherein at least one of the access control list for the group instance and the access control list for the group connected resource instance are stored in a directory (Cavalcanti, para. [0011]; discloses receive an access application instance request associated with an application instance, the application instance associated with an organization and the access application instance request comprising a user email address identifier associated with a user; parse the user email address identifier for an email domain; query a permissions repository for a domain permissions profile based on the parsed email domain).
As to claim 5, Koch- Cavalcanti discloses the data processing system of claim 1, wherein the executable instructions when executed by the processor alone or in combination with other processors, cause the data processing system to further perform functions of: receiving a request from a user to access the group instance; retrieving the one or more roles and the one or more access rights associated with the one or more roles from the access control list for the group instance; retrieving one or more roles assigned to the user from one or more user group links; authorizing the user's access to the group instance when it is determined that at least one of the one or more roles assigned to the user have an access right required for the access (Koch, para. [0024]; discloses administrator can correlate the access policy to the custom role , to configure the role to apply to certain artifact instances of a given type. Accordingly, the access policy can be used for instance-based authorizations. The access policy can store a list of permissions that can be used to guard access to artifact instances and associated data. For example, the access policy can have multiple entries, and each entry can represent permissions associated with an artifact instance or resulting data of an integration flow. ).
As to claim 6, Koch-Cavalcanti discloses the data processing system of claim 5, wherein authorization is provided by using at least one of forward links or backward links (Cavalcanti, para. [0175]; discloses the product access configuration server causes redirection of the user to a URL to provide the user's login credentials (e.g., login.atlassian.com). In certain embodiments, after receiving and authenticating the user's login credentials, the product access configuration server redirects the authenticated user back to the selected application instance URL).
As to claim 7, Koch-Cavalcanti discloses the data processing system of claim 5, wherein the request for access to the group instance includes at least one of a request to add another user or a request to assign a role to one or more users (Koch, para. [0041]; access policy may be associated with a role such as a role assigned to HR users).
As to claim 8, Koch-Cavalcanti discloses the data processing system of claim 1, wherein the executable instructions when executed by the processor alone or in combination with other processors, cause the data processing system to further perform functions of: receiving a request from a user to access the group connected resource instance; retrieving the one or more roles and the one or more access rights associated with the one or more roles from the access control list for the group connected resource instance; retrieving one or more roles assigned to the user from one or more user group links; authorizing the user's access to the group connected resource instance when it is determined that at least one of the one or more roles assigned to the user have an access right required for the access (Koch, para. [0024]; discloses administrator can correlate the access policy to the custom role , to configure the role to apply to certain artifact instances of a given type. Accordingly, the access policy can be used for instance-based authorizations. The access policy can store a list of permissions that can be used to guard access to artifact instances and associated data. For example, the access policy can have multiple entries, and each entry can represent permissions associated with an artifact instance or resulting data of an integration flow. ).
As to claim 9, Koch-Cavalcanti discloses the data processing system of claim 8, wherein authorization is provided by using at least one of forward links or backward links (Cavalcanti, para.[0130]; discloses rendering of a link by the configuration server).
As to claim 10, Koch-Cavalcanti discloses the data processing system of claim 1, wherein the group connected resource instance is for at least one of a calendar instance or a file management system instance (Koch, para. [0006]; discloses a customer can use a single tenant for cloud platform integration for multiple lines of business while defining access rules for object instances for different user groups).
As to claim 12, Koch-Cavalcanti discloses the method of claim 11, wherein the group connected resources include application resources and data resources (Koch, para. [0006]; discloses a customer can use a single tenant for cloud platform integration for multiple lines of business while defining access rules for object instances for different user groups).
As to claim 15, Koch-Cavalcanti discloses the method of claim 11, wherein access to the one or more resources is provided based on at least one of access rights in the group connected resource instance access rights list instance and user group links associated with a user requesting access (Koch, para. [0024]; discloses administrator can correlate the access policy to the custom role , to configure the role to apply to certain artifact instances of a given type. Accordingly, the access policy can be used for instance-based authorizations. The access policy can store a list of permissions that can be used to guard access to artifact instances and associated data. For example, the access policy can have multiple entries, and each entry can represent permissions associated with an artifact instance or resulting data of an integration flow. ).
As to claim 16, Koch-Cavalcanti discloses the method of claim 11, wherein the group management system stores a list of group members and their associated roles to user group links (Koch, para. [0024]; discloses the application administrator can correlate the access policy to the custom role , to configure the role to apply to certain artifact instances of a given type. The access policy can store a list of permissions that can be used to guard access to artifact instances and associated data. For example, the access policy can have multiple entries, and each entry can represent permissions associated with an artifact instance or resulting data of an integration flow).
As to claim 17, Koch-Cavalcanti discloses the method of claim 16, wherein the user group links are stored in a directory (Cavalcanti, para. [0011]; discloses receive an access application instance request associated with an application instance, the application instance associated with an organization and the access application instance request comprising a user email address identifier associated with a user; parse the user email address identifier for an email domain; query a permissions repository for a domain permissions profile based on the parsed email domain).
Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Koch in view of Cavalcanti in further view of Frank et al.(U.S. 2016/0203444A1, hereinafter “Frank”).
As to claim 13, Koch-Cavalcanti discloses the method of claim 12, wherein the application resources include the data resources includes include a file management site associated with the group (Koch, para. [0006]; discloses a customer can use a single tenant for cloud platform integration for multiple lines of business while defining access rules for object instances for different user groups) however Koch-Cavalcanti does not explicitly disclose the application resources include a calendar instance associated with the group.
In an analogous art, Frank discloses the application resources include a calendar instance associated with the group (para. [0087]; discloses instance of Share ID may be associated with one or more calendar events to create a unique calendar group that can be shared with any calendar group).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Koch-Cavalcanti by incorporating a calendar instance that can be shared with group accessing the same calendar as taught by Frank in order to easily manage different authorization levels of users receiving the calendar data.(Frank, para. [0042])
As to claim 14, Koch-Cavalcanti-Frank discloses the method of claim 13, wherein the calendar instance includes one or more events associated with the group (Frank, para.[0087]).
Allowable Subject Matter
Claims 19 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hen et al. (U.S. 2023/0110080 A1) discloses detection of identity misconfiguration that involve collecting identity/role binding and role/access rules data from multiple clusters supported by a computing resource system. Access rules for identities are extracted from the collected data and an access rule prediction model created to predict access rules for identities. An identity definition request for a tenant is received having a requested identity and a role assigned to the identity. A set of access rules is obtained for the role assigned to the identity and a predicted set of access rules is obtained for the requested identity from the prediction model.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOE CHACKO whose telephone number is (571)270-3318. The examiner can normally be reached Monday-Friday 7am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached at 5712724001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOE CHACKO/Primary Examiner, Art Unit 2457