DETAILED ACTION Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
2. The Amendment filed on January 12th 2026 has been entered. Claims 1 - 10 have been cancelled. Claims 11 – 20 and 22 - 31 are currently pending.
Response to Arguments
35 U.S.C. §103
3. Applicant's arguments, see Remarks pp. 5 -7, filed January 12th 2026, with
respect to the rejections of claims 11 – 20 and 22 - 31 under 35 U.S.C. §103 have been fully considered and they are persuasive.
The crux of applicant’s arguments is that the cited art does not fully disclose the applicant claimed invention. In particular the Lawrence beyond its preamble does not teach recited claimed elements. Secondly, the Galal reference was reported as not prior art since the present application is a division of Application No. 18/365,430 and claims priority from a Provisional Application No. 63/459,517
Examiner respectfully agrees
Upon consideration of applicant’s cogent arguments and an exhaustive search the following art is pertinent to applicant’s claimed invention, Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma
4. EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the change and / or additions be unacceptable to the applicant, an amendment may be filed as prided by 37 CFR 1.312.
Authorization for this examiner’s amendment was given in a telephonic correspondence with Applicant’s Representative, Jospeh Myles (Reg. No. 80,845) on 04/30/2026. Claim 26 was repeated twice with the authorization given for the second recitation of claim 26 to be amended as claim 27. The instant examiner’s amendment is directed to said entered amendment and is included as an attachment described as an office action appendix.
Claim Rejections – 35 U.S.C. §103
5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
6. The factual inquiries set forth in Graham v John Deere Co., 383 U.S. 1, 148 USPQ
459 (1966), that are applied for establishing a background for determining obviousness
under 35 U.S.C. 103 are summarized as follows:
a. Determining the scope and contents of the prior art
b. Ascertaining the differences between the prior art and the claims at issue
c. Resolving the level of ordinary skill in the pertinent art
d. Considering objective evidence present in the application indicating
obviousness or nonobviousness
Claims 11 – 15 and 22 - 26 are rejected under 35 U.S.C. 103 as being unpatentable over Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma .
Regarding claim 11 Bahrami teaches a method (ABS., method) (Figs. 5A and 5B method [0040]) ) for optimizing a security system, comprising: receiving, at a processor, (processor 610 [0062]) a request for a token; (the developer 410 may request an access token [0043]) receiving, at the processor, (processor 610 [0062]) an integration instruction (the registration may include information to authenticate the
registering party [0032]) such as “integration instruction” from a token-based security system; (Fig. 1, (100) API Provider [0012], [0013] – [0014]) such as “token-based security system”
Bahrami does not fully disclose restructuring, based on the integration instruction, an extract transform load (ETL) process; optimizing, based on the restructuring, the ETL process; and storing the optimized ETL process as executable code.
Verma teaches restructuring, (generating a user code authentication
token [0043]) such as “restructuring” based on the integration instruction, (Fig. 2, (216) At block 216, the user code 104 is authenticated with the authorization component 128 based on the user authentication credentials 130 of the user account 132 [0029]) such as “integration instruction” an extract transform load (ETL) process; (ETL process [0030]) optimizing, ((e.g., transforming the extracted data from one format to another
format), [0022]) such as “optimizing” based on the restructuring, (generating a user code authentication token [0043]) such as “restructuring” the ETL process; (ETL process [0030]) and storing (The user code, also referred to as a directed acyclic graph (DAG) herein is stored in a code repository, and permissions are stored in a database [0018]) the optimized ETL process as executable code (multiple directed acyclic graphs running in an instance of an ETL process [0019] – [0020]) such as “optimized ETL process”
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami to incorporate the teachings of Verma whereby restructuring, based on the integration instruction, an extract transform load (ETL) process; optimizing, based on the restructuring, the ETL process; and storing the optimized ETL process as executable code. By doing so context validation component 150 validates that the user code permissions 112 are the correct permissions for use with user code 104 embodied in the DAG 138 by verifying the unique identifier, validating the user authentication credentials 130 with an API call to the authorization component 128, that validates the user authentication credentials 130 with the user account 132. Varma [0025]
NOTE: Bahrami performs restructuring from an integration instruction BUT not in an ETL environment.
Claim 22 corresponds to claim 11 and is rejected accordingly
Regarding claim 12 Bahrami in view of Verma teaches the method of claim 11,
Bahrami as modified further teaches wherein the restructuring (For example, the authorization information field 216 may include a token or other authentication information via which the API client may be validated by the API service
manager. [0032]) (as a further example the developer 410 may provide the
API access information (e.g., API authentication tokens, etc.) and encryption information (e.g., private key PRc and public key PKMa) as distinct components or credentials
separate from the developed software [0047]) includes performing a token-based authentication process (In these and other embodiments, the developer 410 may request an access token that may be included in a developed software program
such that when the API is invoked, the access token is utilized and/or included in requests to the API provider when the developed software program is executing. [0043])
Claim 23 corresponds to claim 12 and is rejected accordingly
Regarding claim 13 Bahrami in view of Verma teaches the method of claim 12,
Bahrami as modified further teaches wherein the token-based authentication process is performed based (In these and other embodiments, the developer 410 may request an access token that may be included in a developed software program
such that when the API is invoked, the access token is utilized and/or included in requests to the API provider when the developed software program is executing. [0043])
on an Open Authorization (OAuth) protocol (Additionally or alternatively, any other type of API authentication approach may be utilized, such as a username/password,
OAuth, 0Auth2, digest, etc. [0043])
Claim 24 corresponds to claim 13 and is rejected accordingly
Regarding claim 14 Bahrami in view of Verma teaches the method of claim 11,
Bahrami as modified further teaches includes retrieving an access token (these and other embodiments, the developer 410 may request an access token that may be included in a developed software program such that when the API is invoked, the access token is utilized and/or included in requests to the API provider when the developed software program is executing.) [0043]. from the token-based security system. (Fig. 1, (100) API Provider [0012], [0013] – [0014]) such as “token-based security system”
Bahrami does not fully disclose wherein the optimizing
Verma teaches wherein the optimizing((e.g., transforming the extracted data from one format to another format), [0022]) such as “optimizing”
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami to incorporate the teachings of Verma wherein the optimizing. By doing so one of the user ID, permissions code unique identifier, or user credential are provided to the
processing platform 120 for validation against the database 124 record associated with user code 104 embodied in the DAG 138. Verma [0035]
Claim 25 corresponds to claim 14 and is rejected accordingly
Regarding claim 15 Bahrami in view of Verma teaches the method of claim 14,
Bahrami as modified further teaches includes receiving the access token in a data response message (these and other embodiments, the developer 410 may request an access token that may be included in a developed software program such that when the API is invoked, the access token is utilized and/or included in requests to the API provider when the developed software program is executing.) [0043].
Bahrami does not fully disclose wherein the optimizing
Verma teaches wherein the optimizing((e.g., transforming the extracted data from one format to another format), [0022]) such as “optimizing”
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami to incorporate the teachings of Verma wherein the optimizing. By doing so one of the user ID, permissions code unique identifier, or user credential are provided to the
processing platform 120 for validation against the database 124 record associated with user code 104 embodied in the DAG 138. Verma [0035]
Claim 26 corresponds to claim 15 and is rejected accordingly
Claims 16 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma and in further view of Li et al., (United States Patent Publication Number 20180365305 ) hereinafter Li
Regarding claim 16 Bahrami in view of Verma teaches the method of claim 15,
Bahrami as modified does not fully disclose wherein the data response message includes a representational state transfer (REST) response message
Li teaches wherein the data response message (error message [0044]) includes a representational state transfer (REST) response message (REST responses [0018])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami in view of Verma to incorporate the teachings of Li wherein the data response message includes a representational state transfer (REST) response message. By doing so one or more representational state transfer (REST) requests based on the received one or more events, and receiving one or more REST responses. At least one of the one or more REST responses is validated. Li [0006]
Claim 27 corresponds to claim 16 and is rejected accordingly
Claims 17 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma and in further view of Sathyanarayana, et al. (United States Patent Publication Number 20240275598) hereinafter Sathyanarayana
Regarding claim 17 Bahrami in view of Verma teaches the method of claim 11,
Bahrami does not fully disclose wherein the optimizing includes providing an access token to a resource server as a header value in a data request message.
Verma teaches Optimizing((e.g., transforming the extracted data from one format to another format), [0022]) such as “optimizing”
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Verma in view of Bahrami wherein optimizing. By doing so receive request for validation of user code permissions associated with the user code, responsive to a validation request from the ETL system. Verma [0067]
Sathyanarayana teaches providing an access token to a resource server as a header value (As shown in FIG. 3, access token 301 is a JavaScript Object Notation ("JSON") Web Token with a header, payload, and the encrypted signature. The header
identifies the signing algorithm, the access token type (e.g., JWT), and the client identifier token key identifier. [0048])in a data request message. (HTTP request [0021])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami in view of Verma to incorporate the teachings of Sathyanarayana wherein the processor receives the token as a header value in a data request message. By doing so The unique user identifier is generated by stream service provider 101 based on the provided (at 308) login credentials and/or a combination of header values in the messaging received from client device 105. Sathyanarayana [0045]
Claim 28 corresponds to claim 17 and is rejected accordingly
Claims 18 and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma in view of Sathyanarayana, et al. (United States Patent Publication Number 20240275598) hereinafter Sathyanarayana and in further view of Li et al., (United States Patent Publication Number 20180365305 ) hereinafter Li
Regarding claim 18 Bahrami in view of Verma and Sathyanarayana teaches the method of claim 17,
Bahrami as modified does not fully disclose wherein the data request message includes a REST request message.
Li teaches wherein the data request message (data the REST request body is loaded [0043]) includes a REST request message (ABS., REST request) (REST request [0018])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami in view of Verma and Sathyanarayana to incorporate the teachings of Li wherein the data request message includes a REST request message. By doing so one or more representational state transfer (REST) requests based on the received one or more events, and receiving one or more REST responses. At least one of the one or more REST responses is validated. Li [0006]
Claim 29 corresponds to claim 18 and is rejected accordingly
Claims 19, 20, 30 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Bahrami et al., (United States Patent Publication Number 2021/0067337) hereinafter Bahrami and Verma et al., (United States Patent Publication Number 2023/0169085) hereinafter Verma and in further view of Harris et al. (United States Patent Publication Number 20210083873) hereinafter Harris
Regarding claim 19 Bahrami in view of Verma teaches the method of claim 11,
Bahrami teaches includes sending a token request (the developer 410 may request an access token that may be included in a developed software program
such that when the API is invoked [0043]) to the token-based security system, (Fig. 1, (100) API Provider [0012], [0013] – [0014]) such as “token-based security system”
Bahrami does not fully disclose wherein the optimizing includes the token request including a client identifier and a secret value.
Verma teaches wherein the optimizing((e.g., transforming the extracted data from one format to another format), [0022]) such as “optimizing”
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami to incorporate the teachings of Verma wherein the optimizing. By doing so one of the user ID, permissions code unique identifier, or user credential are provided to the
processing platform 120 for validation against the database 124 record associated with user code 104 embodied in the DAG 138. Verma [0035]
Harris teaches including a client identifier (client identifier [0072]]) and the secret value (secret value [0033])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami in view of Verma to incorporate the teachings of Harris wherein including a client identifier and the secret value. By doing so the resource server 108B may transmit a verification request to the authorization server 106B to validate the second bearer token 122 while comparing the identifier of the protected resource 126 obtained from access key 116 and the resource request 124 to validate that the identifier of the protected resource 126 obtained from each location matches. Harris [0034]
Claim 30 corresponds to claim 19 and is rejected accordingly
Regarding claim 20 Bahrami in view of Verma and Harris teaches the method of claim 19,
Bahrami as modified does not fully disclose wherein the secret value is received from the token- based security system prior to sending the token request.
Harris teaches wherein the secret value (secret value [0033]) is received from the token- based security system (Authorization Server []) such as “token- based security system” prior to sending the token request (In one example, a cryptography service utilizes one or more non-secret parameters (e.g., bearer tokens, client identifiers, or resource identifiers) to derive one or more cryptographic keys from a common secret value. Furthermore, the common secret value may be shared
with the client device 102B so that the client device is capable of generating the one or more cryptographic keys) [0033])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bahrami in view of Verma to incorporate the teachings of Harris wherein the secret value is received from the token- based security system prior to sending the token request. By doing so a Key Derivation Function (KDF) or similar algorithm may be used to generate cryptographic keys based at least in part on information described in the present disclosure such as the bearer tokens, client identifiers, resource identifiers, and/or combinations
thereof. Harris [0033]
Claim 31 corresponds to claim 20 and is rejected accordingly
Conclusion
7. The prior art made of record and not relied upon is considered pertinent to
applicant's disclosure.
Lores et al., (United States Patent Publication Number 2019/0306157) teaches “Fig. 3, authenticating and authorizing users with jwt and tokenization [0030])
8. Any inquiry concerning this communication or earlier communications from the
examiner should be directed to Kweku Halm whose telephone number is (469) 295-
9144. The examiner can normally be reached on 7:30AM - 5:30PM Mon - Thur. If
attempts to reach the examiner by telephone are unsuccessful, the examiner's
supervisor, Sanjiv Shah can be reached on (571) 272-4098. The fax phone
number for the organization where this application or proceeding is assigned is 571-273-
8300.
Information regarding the status of an application may be obtained from the
Patent Application Information Retrieval (PAIR) system. Status information for published
applications may be obtained from either Private PAIR or Public PAIR. Status information
for unpublished applications is available through Private PAIR only. For more
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have
questions on access to the Private PAIR system, contact the Electronic Business Center
(EBC) at 866-217-9197 (toll-free).
/KWEKU WILLIAM HALM/Examiner, Art Unit 2166
/SANJIV SHAH/Supervisory Patent Examiner, Art Unit 2166