METHOD AND SYSTEM FOR PERMISSION MANAGEMENT

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the Amendment filed on 12/16/2025. In the instant Amendment, claims 1-2, 5, 13, 23 and 39 were amended; claims 4, 6-12, 14-16, 22, 24-25, 28, 30-31, 33-38 and 40-49 were cancelled; claims 1, 50 and 51 are independent claims. Claims 1-3, 5, 13, 17-21, 23, 26-27, 29, 32, 39 and 50-51 are pending in this application. THIS ACTION IS MADE FINAL. Response to Arguments The claim objection to claim 39 has been withdrawn as per applicant’s amendment on 12/16/2025. Applicant’s arguments filed 12/16/2025 have been fully considered but they are not persuasive. Applicant argues (on pages 6-8) that Holtzman allegedly teaches only revocation of a single permission and therefore cannot meet the amended limitation requiring “plurality of permissions” and “revoking a subset of permissions.” The Examiner respectfully disagrees with the applicant. Zhang discloses “rights” as permissions (See Zhang, [0059], [0065], [0046]-[0047]). Holtzman describes that an Access Control Record (ACR) includes a permissions control record (PCR) showing “the granted actions the user can execute once authenticated,” which includes multiple categories and multiple partition/key permissions and privileges. Holtzman further explains that once the entity is logged into an ACR, its permissions, its rights-to use SSA commands are defined in the PCR. Holtzman discloses permit/record data that includes a plurality of permissions as required. Holtzman discloses revocation of permissions as follows: an authenticated entity “requests the deletion of a target ACR or the permission in a target ACR,” and if authorized “the PCR of the target ACR is altered to delete such permission.” Deleting a permission from among multiple permissions in the PCR constitutes revoking “at least a subset of permissions,” as recited. Even revoking a single permission is a subset of a plurality of permissions (See Holtzman, [0182], [0155]-[0156], [0092], [0143]). Applicant argues (on pages 6-8) that Holtzman does not teach that the request comprises “an indicator as to the subset of permissions to be revoked,” and asserts that the amendment requires a “single indicator,” that “collectively represents multiple permissions.” The Examiner respectfully disagrees with the applicant. This argument is not persuasive because the claim only requires an indication as to the subset of permissions to be revoked, not a specific “collective encoding,” format or a particular number of permissions revoked. Holtzman discloses a request to delete “the permission in a target ACR.” Such a request necessarily identifies the permission(s) to be deleted to permit the system to “alter [],” the PCR to delete the identified permission. Thus, Holtzman teaches the required indication/indicator of the permission(s) to be revoked, (See Holtzman, [0182], [0155]-[0156], [0092], [0143]). Zhang discloses a hierarchy of licenses with family ID/parent attributes and a tree structure, where rights may be modified or revoked and where each license is digitally signed and validated based on a certificate chain and/or parent license public key. Thus, Zhang provides support for hierarchical permit structures and cryptographic validation logic (See Zhang, [0046], [0048] and [0052]-[0053]). Applicant argues (on page 7): that the 35 U.S.C. 101 rejection should be withdrawn because claim 51 was cancelled. The Examiner respectfully disagrees with the applicant. The 35 U.S.C. 101 rejection to claim 51 has been maintained. Applicant states the claim was cancelled, but in the amendment filed 12/16/2025 the claim was not cancelled. Applicant's arguments (page 10): Additionally, as to the dependent claims 2-3, 5, 13, 17-21, 23, 26-27, 29, 32 and 39 the Applicant argues that the claims are dependent directly or indirectly from a respective one of claims of independent claims 1, 50 and 51 and are therefore distinguished from the cited art at least by virtue OR allowable at least based on of their additionally recited patentable subject matter. The Examiner disagrees with the Applicant. The Examiner respectfully submits that dependent claims 2-3, 5, 13, 17-21, 23, 26-27, 29, 32 and 39 are rejected at least based on the rationale and resource presented to the argument for their respective based claims, and the reference applied to the dependent claims 2-3, 5, 13, 17-21, 23, 26-27, 29, 32 and 39. Therefore, in view of the above reasons, the Examiner maintains the rejection with the cited prior art references. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 51 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim does not fall within at least one of the four categories of patent eligible subject matter because the claimed computer program is directed to software per se and therefore does not positively recite any hardware embodiments. Claim 51 is directed to a computer program. As the body of the claim does not positively recite any hardware embodiment, the claims are directed to non-statutory subject matter. The nominal recitation of computer in the preamble with an absence of a hardware embodiment in the body of the claim fails to make the claim statutory under 35 U.S.C. 101. See Am. Med. Sys. Inc v. Biolitec, Inc. 618 F. 3d 1354, 1358 (Fed. Cir. 2010). The Examiner respectfully suggests the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4, 13, 17-19, 29, 32, 50 and 51 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) and further in view of Holtzman et al (“Holtzman,” US 20080010458). Regarding claim 1, Zhang discloses a computer-implemented method for revoking at least one permission, comprising the steps: receiving a request comprising a first permit identifier, wherein the first permit identifier identifies a first permit; and (Zhang, FIG’s 3-4; [0055]; [0062]-[0063]; [0074] describes receiving a request comprising a first permit identifier, wherein the first permit identifier identifies a first permit; also see [0046], [0048] and [0052]-[0053]) obtaining a first permit data based on the first permit identifier wherein the first permit data comprises data indicative of a plurality of permissions and wherein the plurality of permissions provides an indication of one or more actions a holder of the first permit can take and/or what the holder of the first permit is allowed to do, (Zhang, [0059], [0065], [0046]-[0047] describes obtaining a first permit data based on the first permit identifier wherein the first permit data comprises data indicative of a plurality of rights [permissions] and wherein the rights [plurality of permissions] provides an indication of one or more actions a holder of the first permit can take and/or what the holder of the first permit is allowed to do; also see [0046], [0048] and [0052]-[0053]) Zhang fails to explicitly disclose wherein the request is a request to revoke at least a subset of permissions of the first permit data and the method further comprises the step of revoking the subset of permissions, wherein the request further comprises an indicator of the subset of permissions to be revoked. However, in an analogous art, Holtzman discloses wherein the request is a request to revoke at least a subset of permissions of the first permit data and the method further comprises the step of revoking a subset of permissions, (Holtzman, [0173], [0182] describes wherein the request is a request to revoke at least a subset of permissions of the first permit data and the method further comprises the step of revoking a subset of permissions; also see [0155]-[0156], [0092], [0143]) wherein the request further comprises an indicator of the subset of permissions to be revoked, (Holtzman, [0173], [0182] describes wherein the request is a request to revoke at least a subset of permissions of the first permit data and the method further comprises the step of revoking a subset of permissions; also see [0155]-[0156], [0092], [0143]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Holtzman with Zhang to include wherein the request is a request to revoke at least a subset of permissions of the first permit data and the method further comprises the step of revoking a subset of permissions; wherein the request further comprises an indicator of the subset of permissions to be revoked. One would have been motivated to provide license provisioning (Holtzman, [0388]). Regarding claim 13, Zhang and Holtzman disclose the computer-implemented according to claim 1. Zhang further discloses wherein the method comprises determining the validity of the request and wherein determining the validity of the request comprises: verifying that a sender of the request is a process associated with a parent of the first permit or sent by the holder of the parent of the first permit, (Zhang describes wherein the method comprises determining the validity of the request [0048] and wherein determining the validity of the request comprises: [0048] verifying that a sender of the request is a process [0038] associated with a parent of the first permit [0070], or sent by the holder of the parent of the first permit; also see [0052]-[0053], [0046]). Regarding claim 17, Zhang and Holtzman disclose the computer-implemented method according to claim 13. Zhang further discloses wherein verifying that the sender of the request is the process associated with a parent of the first permit or sent by the holder of the parent of the first permit comprises: (Zhang describes wherein the method comprises determining the validity of the request [0048] and wherein determining the validity of the request comprises: [0048] verifying that a sender of the request is a process [0038] associated with a parent of the first permit [0070], or sent by the holder of the parent of the first permit; also see [0052]-[0053], [0046]). validating a cryptographic signature of the request, (Zhang, [0054] describes validating a cryptographic signature of the request, [0033], [0038]; also see [0052]-[0053], [0046]) Regarding claim 18, Zhang and Holtzman disclose the computer-implemented method according to claim 17. Zhang further discloses wherein validating a cryptographic signature (Zhang, [0054] describes validating a cryptographic signature of the request, [0033], [0038]; also see [0052]-[0053], [0046]) comprises validating that the signature was signed by the holder of the parent permit, (Zhang, [0054] describes validating a cryptographic signature was signed by the child of the parent license as described in [0072], [0076]; also see [0052]-[0053], [0046]) Regarding claim 19, Zhang and Holtzman disclose the computer-implemented method according to claim 13. Zhang further discloses wherein determining the validity of the request, (Zhang describes wherein the method comprises determining the validity of the request [0048] and wherein determining the validity of the request comprises: [0048] verifying that a sender of the request is a process [0038] associated with a parent of the first permit [0070], or sent by the holder of the parent of the first permit; also see [0052]-[0053], [0046]). further comprises determining if a permit identifier comprised in the request matches a parent permit identifier stored on the first permit data, (Zhang describes [0075], [0059], [0065] determines determining if a license identifier [permit identifier] comprised in the request matches a parent license identifier [parent permit identifier] stored on the first license data [first permit data]; also see [0052]-[0053], [0046]) Regarding claim 29, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang further discloses wherein the first permit is part of a hierarchy of permits, (Zhang describes [0059] wherein the first permit is part of a hierarchy of permits) Regarding claim 32, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang further discloses wherein the first permit data comprises at least one of: an indication as to whether further permits may be generated that are children of the first permit; (Zhang describes [0070] wherein the first permit data comprises at least one of: [0067], [0073], [0080] describes an indication as to whether further permits may be generated that are children of the first permit) at least one namespace, wherein each namespace defines part of a permission a child of the first permit can have; an indication as to a maximum depth of descendants that the first permit can have; a maximum number of children permits that the first permit can have; an array to indicate a maximum number of descendent permits that the first permit can have at different depths; or a time that indicates when the permit is valid from or until. Regarding claim 50, claim 50 is directed to a non-transitory computer-readable storage medium. Claim 50 is similar in scope to claim 1 and is therefore rejected under the same rationale. Regarding claim 51, claim 51 is directed to a computer program. Claim 51 is similar in scope to claim 1 and is therefore rejected under the same rationale. Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) in view of Holtzman et al (“Holtzman,” US 20080010458) and further in view of Chin et al (“Chin,” US 20220337602). Regarding claim 2, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang and Holtzman fail to explicitly disclose wherein the step of revoking the subset of permissions is a step of revoking all the permissions. However, in an analogous art, Chin discloses wherein the step of revoking the subset of permissions is a step of revoking all the permissions, (Chin describes [0036] wherein the step of revoking the subset of permissions is a step of revoking all the permissions). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with Zhang and Holtzman to include wherein the step of revoking the subset of permissions is a step of revoking all the permissions. One would have been motivated to detect and remove faults in blockchain-based accountable distributed computing systems (Chin, [0001]). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532), Holtzman et al (“Holtzman,” US 20080010458) in view of Chin et al (“Chin,” US 20220337602) and further in view of Rutan et al (“Rutan,” US 20050192905). Regarding claim 3, Zhang, Holtzman and Chin disclose the computer-implemented method according to claim 2. Chin further discloses wherein the step of revoking all the permissions (Chin describes [0036] wherein the step of revoking a subset of permissions is a step of revoking all the permissions). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with Zhang and Holtzman to include wherein the step of revoking a subset of permissions is a step of revoking all the permissions. One would have been motivated to detect and remove faults in blockchain-based accountable distributed computing systems (Chin, [0001]). Zhang, Holtzman and Chin fail to explicitly disclose wherein the step of revoking all the permissions comprises revoking the first permit. However, in an analogous art, Rutan discloses wherein the step of revoking all the permissions comprises revoking the first permit, (Rutan, [0014] describes revoking the first permit). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rutan with Zhang, Holtzman and Chin to include wherein the step of revoking all the permissions comprises revoking the first permit. One would have been motivated to distribute and license an electronic file (Rutan, [0001]). Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) in view of Holtzman et al (“Holtzman,” US 20080010458) and further in view of Moran et al (“Moran,” US 20030088786). Regarding claim 5, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang and Holtzman fail to explicitly disclose wherein the indicator as to the subset of permissions is a string. However, in an analogous art, Moran discloses wherein the indicator as to the subset of permissions is a string, (Moran, [0093] describes wherein the indicator as to the subset of permissions is a string) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Moran with Zhang and Holtzman to include wherein the indicator as to the subset of permissions is a string. One would have been motivated to allow for extensions to and grouping of permitted actions to protected objects (Moran, [0002]). Claims 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) in view of Holtzman et al (“Holtzman,” US 20080010458) and further in view of Patel et al (“Patel,” US 20190228406). Regarding claim 20, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang and Holtzman fail to explicitly disclose wherein the method further comprises: revoking all descendants of the first permit. However, in an analogous art, Patel discloses wherein the method further comprises: revoking all descendants of the first permit, (Patel describes [0008], [0026], [0085] wherein the method further comprises: revoking all child decentralized identifiers [descendants] of the first permission [permit]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Patel with Zhang and Holtzman to include wherein the method further comprises: revoking all descendants of the first permit. One would have been motivated to create and manage linked decentralized identifiers for an entity, (Patel, [0005]). Regarding claim 21, Zhang, Holtzman and Patel disclose the computer-implemented method according to claim 20. Patel further discloses wherein the step of revoking all descendants of the first permit comprises: (Patel describes [0008], [0026], [0085] wherein the method further comprises: revoking all child decentralized identifiers [descendants] of the first permission [permit]). obtaining a list of child permits from the first permit data; (Patel describes [0069]-[0071] obtaining a list of child permits from the first permit data) and transmitting a revoke request to a child permit process, such that the child permit revokes all of its descendants, (Patel describes [0008], [0026], [0085] transmitting a revoke request to a child permit process, such that the child permit revokes all of its descendants) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Patel with Zhang and Holtzman to include wherein the step of revoking all descendants of the first permit comprises: obtaining a list of child permits from the first permit data; and transmitting a revoke request to a child permit process, such that the child permit revokes all of its descendants. One would have been motivated to create and manage linked decentralized identifiers for an entity, (Patel, [0005]). Claim 23 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532), Holtzman et al (“Holtzman,” US 20080010458) and further in view of Lin et al (“Lin,” US 20080168528). Regarding claim 23, Zhang and Holtzman disclose the computer-implemented method according to claim 1. Zhang and Holtzman fail to explicitly disclose wherein the data indicative of the plurality of permissions is an object comprising at least one name-value pair. However, in an analogous art, Lin discloses wherein the data indicative of the plurality of permissions is an object comprising at least one name-value pair, (Lin describes in [0012], [0033] wherein the data indicative of the plurality of permissions is an object comprising at least one name-value pair) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lin with Zhang and Holtzman to include wherein the data indicative of the plurality of permissions is an object comprising at least one name-value pair. One would have been motivated to facilitate access to shared resources in a distributed computer environment (Lin, [0003]). Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532), Holtzman et al (“Holtzman,” US 20080010458) in view of Lin et al (“Lin,” US 20080168528) and further in view of Sarukkai et al (“Sarukkai,” US 20080184336). Regarding claim 26, Zhang, Holtzman and Lin disclose the computer-implemented method according to claim 23. Zhang, Holtzman and Lin fail to explicitly disclose wherein a value of the name-value pair is arbitrary and/or user generated. However, in an analogous art, Sarukkai discloses wherein a value of the name-value pair is arbitrary and/or user generated, (Sarukkai, [0091] describes wherein a value of the name-value pair is arbitrary and/or user generated) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sarukkai with Zhang, Holtzman and Lin to include wherein a value of the name-value pair is arbitrary and/or user generated. One would have been motivated to provide policy-based management of access by application programs to networked computer resources (Sarukkai, [0002]). Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) in view of Holtzman et al (“Holtzman,” US 20080010458) and further in view of Pulier et al (“Pulier,” US 20190288956). Regarding claim 27, Zhang and Holtzman disclose the computer-implemented method according to claim 1, Zhang and Holtzman fail to explicitly disclose wherein the request is received via an API that is only provided to computing modules belonging to a secure computing environment. However, in an analogous art, Pulier discloses wherein the request is received via an API that is only provided to computing modules belonging to a secure computing environment, (Pulier describes wherein the request is received via an API [0063] that is only provided to computing modules [0088] belonging to a secure computing environment [0013]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pulier with Zhang and Holtzman to include wherein the request is received via an API that is only provided to computing modules belonging to a secure computing environment. One would have been motivated to securing, controlling and managing cloud infrastructure (Pulier, [0002]). Claim 39 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang et al (“Zhang,” US 20070016532) in view of Holtzman et al (“Holtzman,” US 20080010458) and further in view of Lof et al (“Lof,” US 20140310779). Regarding claim 39, Zhang and Holtzman disclose the computer-implemented method according claim 1. Zhang and Holtzman fail to explicitly disclose wherein the first permit identifier oblivates the identity of the holder of the first permit or is a pseudo-randomly generated string of characters. However, in an analogous art, Lof discloses wherein the first permit identifier oblivates the identity of the holder of the first permit or is a pseudo-randomly generated string of characters, (Lof describes wherein the first permit identifier [0022] oblivates the identity of the holder of the first permit or is a pseudo-randomly generated string of characters [0124]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lof with Zhang and Holtzman to include wherein the first permit identifier oblivates the identity of the holder of the first permit or is a pseudo-randomly generated string of characters. One would have been motivated to provide temporary anonymous access to media content and asynchronously determining limits on media consumption (Lof, [0002]). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES J WILCOX/Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439