DETAILED ACTION
This Office action is in response to amendments and remarks filed by Applicant on 2/5/2026.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant presents amendments to claims 1–2, 5–7, 10–12, 15 and cancels claims 4, 9, and 14. All amendments have been fully considered.
Applicant’s cancellation of claims 4, 9, and 14 make the previous rejection under 35 U.S.C. 112(b) moot. Applicant’s incorporation of canceled claims 4, 9, and 14 into independent claims 1, 6, and 11 change the scope of the previous claims 4, 9, and 14, which result in a new interpretation of the subject matter and a new search.
Applicant’s amendments to the independent claims are sufficient to overcome the previously cited combination of references serving as the basis for the rejection under 35 U.S.C. 103. Therefore, a new search was conducted to identify prior art upon which the claimed subject matter reads. A new rejection is presented below.
Response to Arguments
Applicant presents arguments with respect to independent claims 1, 6, and 11. All arguments have been fully considered.
As mentioned above, Applicant’s subject matter introduced into independent claims 1, 6, and 11 are not found in the previously cited combination of references and while Applicant argues that the previous art does not teach the subject matter of the previously rejected claim 4, 9, and 14, the indefinites rejection under 35 U.S.C. 112(b) made the application of prior art to those claims subject to the subject matter as could best be understood at the time of examination. Because Applicant changed the scope of the cancelled subject matter in order to clarify the indefiniteness and incorporate the subject matter into the independent claims, Applicant’s arguments are moot. A new search was conducted based upon the new interpretation of the definite language of the amended independent claims and a new rejection is presented below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 6, 11 rejected under 35 U.S.C. 103 as being unpatentable over Engberg (US 6,993,658 B1, issued Jan. 31, 2006) in view of Ahmed (US 8,291,490 B1, issued Oct. 16, 2012) in view of Lin (US 2016/0337321 A1, published Nov. 17, 2016).
Regarding claims 1, 6, and 11, Engberg discloses: a data processing apparatus comprising: at least one memory storing instructions; and at least one processor configured to execute the instructions to: manage an identification code for identifying the user for which the login authentication succeeded and the authentication code in association with each other (authentication module stores user ID and password (or passcode and token data) for reference during authentication activities. Engberg 5:10–21.); determine, when a request for access to data is made, based on whether there is an authentication code corresponding to the identification code of the user who made the request for access, whether the user corresponding to the authentication code has authorization to use the data (access to the system by a requesting user is based on a user ID, a passcode, and a token, all of which are referenced by the authentication module and database. Engberg 2:1115 and 5:10–21.); and permit in response to that the user has been granted use authorization, processing of the data by the user (confirmation of identity details results in allowing access to the user. Engberg 5:10–21.).
Engberg does not disclose: acquire, when login authentication of a user who has performed a login operation succeeds, an authentication code associated with the user; set, when the login authentication of the user succeeds, the identification code for the user, and, when the user for which the identification code is set requests execution of an application program, execute the application program, wherein specify, when execution of the application program is requested, the identification code of the user who made the request, acquire the authentication code corresponding to the specified identification code, and determine whether the user associated with the authentication code has authorization to use the data to be processed by the application program.
However, Lin does disclose: acquire, when login authentication of a user who has performed a login operation succeeds, an authentication code associated with the user (assigning a token for the client after identity authentication for the client succeeds. Lin ¶ 6.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the user ID and token-based authentication of a user access request of Engberg with the issuance of an authentication code associated with a user upon successful login of the user based upon the teachings of Lin. The motivation being to improve security of communication between the client and the server. Lin ¶ 3.
Engberg in view of Lin does not disclose: set, when the login authentication of the user succeeds, the identification code for the user, and, when the user for which the identification code is set requests execution of an application program, execute the application program, wherein specify, when execution of the application program is requested, the identification code of the user who made the request, acquire the authentication code corresponding to the specified identification code, and determine whether the user associated with the authentication code has authorization to use the data to be processed by the application program.
However, Ahmed does disclose: set, when the login authentication of the user succeeds, the identification code for the user, and, when the user for which the identification code is set requests execution of an application program, execute the application program, wherein specify, when execution of the application program is requested, the identification code of the user who made the request, acquire the authentication code corresponding to the specified identification code, and determine whether the user associated with the authentication code has authorization to use the data to be processed by the application program (manages user identifiers and generates access tokens according to user roles, which in response to requests for access to application-specific capabilities, tokens are issued after authentication is confirmed for enabling access to applications. Ahmed 2:16–62, 9:10–20, and 10:35–38.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the user ID and token-based authentication of a user access request of Engberg with authenticating user for access to application-specific capabilities by issuing tokens associated with permissions and user roles based upon the teachings of Ahmed. The motivation being to granular management of application functions across multiple user identities. Ahmed 2:16–48.
Claims 2, 5, 7, 10, 12, 15 rejected under 35 U.S.C. 103 as being unpatentable over Engberg in view of Ahmed in view of Lin in view of Wilson (US 2016/0182471 A1, published Jun. 23, 2016).
Regarding claims 2, 7, and 12, Engberg in view of Ahmed in view of Lin discloses the limitations of claims 1, 6, and 11, respectively. Engberg in view of Ahmed in view of Lin does not disclose: wherein the data is encrypted, further at least one processor configured to execute the instructions to: manage for each piece of data, a decryption key for decrypting the data and a user who is able to use the data in association with each other, and acquire in response to that the user has been granted use authorization, the decryption key corresponding to the user and decrypt the data with the decryption key.
However, Wilson does disclose: wherein the data is encrypted, further at least one processor configured to execute the instructions to: manage for each piece of data, a decryption key for decrypting the data and a user who is able to use the data in association with each other, and acquire in response to that the user has been granted use authorization, the decryption key corresponding to the user and decrypt the data with the decryption key (authentication of users by an authentication service to determine validity of user identities and map identities (user roles and privileges) to security parameters, where security parameters are used to manage encryption and decryption keys of stored encrypted data based upon security levels also included in security parameters. Wilson ¶ 42.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the user ID and token-based authentication of a user access request of Engberg with managing decryption keys and users with permissions to access and use of the data based upon the teachings of Wilson. The motivation being to manage properties that define how data is stored. Wilson ¶ 41.
Regarding claims 5, 10, and 15, Engberg in view of Ahmed in view of Lin in view of Wilson discloses the limitations of claims 1, 6, and 11, respectively, further at least one processor configured to execute the instructions to: manage a correspondence relationship between identification information of the data and the user who has authorization to use the data, and determine whether the user associated with the authentication code has authorization to use the data to be processed by the application program, based on the correspondence relationship (authentication of users by an authentication service to determine validity of user identities and map identities (user roles and privileges) to security parameters. Wilson ¶ 42.).
Claims 3, 8, 13 rejected under 35 U.S.C. 103 as being unpatentable over Engberg in view of Ahmed in view of Lin in view of von Krogh (US 2008/0168543 A1, published Jul. 10, 2008).
Regarding claims 3, 8, and 13, Engberg in view of Ahmed in view of Lin discloses the limitations of claims 1, 6, and 11, respectively. Engberg in view of Ahmed in view of Lin does not disclose: wherein the acquired authentication code is generated at a predetermined time interval.
However, von Krogh does disclose: wherein the acquired authentication code is generated at a predetermined time interval (generating token values based upon a set time interval or cycle. Von Krogh ¶ 50.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the user ID and token-based authentication of a user access request of Engberg with generating an authentication code at a predetermined time interval based upon the teachings of von Krogh. The motivation being established parameters to the one-time token to assist in verification of the authentication code.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE LITTLE whose telephone number is (571)270-0408. The examiner can normally be reached Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VANCE M LITTLE/Primary Examiner, Art Unit 2494