Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 18/909,031 has a total 20 claims pending in the application; there are 3 independent claims and 17 dependent claims all of which are ready for examination by the Examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1, 9 and 17 appear to be directed to an abstract idea without reciting additional limitations that tie it to a practical application or without reciting additional limitations that amount to significantly more than the abstract idea. One can mentally generate graph with nodes for spaces in a building as well as assets that are contained within those spaces. Then one can also mentally associate and classify senor readings and generate relationships between spaces, assets and sensors. The additional limitations are receiving data. These additional limitations are mere data gathering which are insignificant extra solution activities under step 2A prong II and well understood routine and conventional under step 2B (For Berkhiemer See MPEP 2106.05(d)(II) Versata.)
Step 2A, Prong One: Mathematical Concepts
Independent claims 1, 9, and 17 are directed to determining effective access permission defined by security policies.
identifying, a first policy statement associated with the principal, wherein the first policy statement specifies that members of a first identity set including the principal are allowed to access a first system resource set of the IAM system; identifying, a second policy statement, wherein the second policy statement specifies that members of a second identity set are denied access to a second system resource set of the IAM system; determining, whether or not there is a shared system resource belonging to both the first system resource set and the second system resource set, and whether or not the second identity set includes the principal; determining, that the second policy statement overlaps with the first policy statement for the principal when the shared system resource belongs to the first system resource set and the second system resource set, and the second identity set includes the principal; placing, when the second policy statement is determined to overlap with the first policy statement, the second policy statement into a list of deny policy statements associated with the first policy statement. As such, these steps can perform mentally.
generating, a set of effective access permissions of the first policy statement for the principal using the list of deny policy statements associated with the first policy statement; and determining an over-privileged access permission for the principal based on the set of effective access permissions without the IAM system receiving a request for accessing the first system resource set or the second system resource set of the IAM system. Evaluating permissions using rules and logic to determine access scope, nothing in the language ties the steps to specific improvement. These steps are a mental process.
Step 2A Prong Two and Step 2B
Use of processors to identifying, determining, generating classify would constitute use of a generic computer used as tool to implement the abstract idea discussed above.
The step of receiving data associated with a building constitutes an insignificant extra-solution activity in the form of mere data gather, see MPEP 2106.05(g)
i. Performing clinical tests on individuals to obtain input for an equation, In re Grams, 888 F.2d 835, 839-40; 12 USPQ2d 1824, 1827-28 (Fed. Cir. 1989);
Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no specific data structure, no indication that the combination of elements the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation.
Claims 2-8, 10-16 and 18-20 depend from claims 1, 9, and 17 and therefore includes all of the limitation of claim 1, 9 and 17, which is directed to an abstract idea as discussed above. The claims do not recite that the additional limitation is performed in non-conventional manner or results in a technical improvement.
Accordingly, claims 1-20 are found to be directed to a patent ineligible abstract idea.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,155,666. Although the claims at issue are not identical, they are not patentably distinct from each other because they disclose an effective access permissions defined by security policies associated with a principal managed by an identity and access management system.
18/909,031
12,155,666
Claim 1. A computer-implemented method for determining effective access permissions defined by security policies associated with a principal managed by an identity and access management (IAM) system, the method comprising:
identifying, by a policy engine, a first policy statement associated with the principal, wherein the first policy statement specifies that members of a first identity set including the principal are allowed to access a first system resource set of the IAM system;
identifying, by the policy engine, a second policy statement, wherein the second policy statement specifies that members of a second identity set are denied access to a second system resource set of the IAM system;
determining, by the policy engine, whether or not there is a shared system resource belonging to both the first system resource set and the second system resource set, and whether or not the second identity set includes the principal;
determining, by the policy engine, that the second policy statement overlaps with the first policy statement for the principal when the shared system resource belongs to the first system resource set and the second system resource set, and the second identity set includes the principal;
placing, by the policy engine, when the second policy statement is determined to overlap with the first policy statement, the second policy statement into a list of deny policy statements associated with the first policy statement;
generating, by the policy engine, a set of effective access permissions of the first policy statement for the principal using the list of deny policy statements associated with the first policy statement; and
determining an over-privileged access permission for the principal based on the set of effective access permissions without the IAM system receiving a request for accessing the first system resource set or the second system resource set of the IAM system.
Claims 2-20.
Claim 1, A computer-implemented method for determining effective access permissions defined by security policies associated with a principal managed by an identity and access management (IAM) system, the method comprising:
identifying, by a policy engine, a first policy statement associated with the principal, wherein the first policy statement specifies that members of a first identity set including the principal are allowed to access a first system resource set of the IAM system; identifying, by the policy engine, a second policy statement, wherein the second policy statement specifies that members of a second identity set are denied access to a second system resource set of the IAM system;
determining, by the policy engine, whether or not there is a shared system resource belonging to both the first system resource set and the second system resource set, and whether or not the second identity set includes the principal;
determining, by the policy engine, that the second policy statement overlaps with the first policy statement for the principal when the shared system resource belongs to the first system resource set and the second system resource set, and the second identity set includes the principal, wherein the effective access permissions associated with the principal are defined by a system resource included in the first system resource set but not included in the second system resource set;
placing, by the policy engine, when the second policy statement is determined to overlap with the first policy statement, the second policy statement into a list of policy statements associated with the first policy statement;
generating, by the policy engine, a set of effective access permissions for the principal based on the first policy statement and the list of policy statements associated with the first policy statement; and
determining an over-privileged access permission for the principal based on the set of effective access permissions without the IAM system receiving a request for accessing the first system resource set or the second system resource set of the IAM system.
Claims 2-20.
Allowable Subject Matter
Claims 1-20 in the condition for allowance. However, applicant representative required to file TD to overcome the double patenting rejection.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THU N NGUYEN whose telephone number is (571)270-1765. The examiner can normally be reached Monday to Friday from 9:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at 571-272-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
January 20, 2026
/THU N NGUYEN/Examiner, Art Unit 2154