Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is in response to Applicant’s amendment filed on April 6, 2026.
Claims 1-20 are pending in the application.
Response to Arguments/Remarks
Claim Rejections - 35 USC § 103
Claim 1, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. US Patent Publication No. 2013/0174234 (“Yang”) in view of Magen et al. US Patent Publication No. 2023/0089407 (“Magen”).
Applicant submitted that the described request does not comprise “one or more modified access credentials as claimed,” and that at paragraph [0070], Yang describes that a record is obtained that includes the credentials to change. Applicant submitted that the modified access credential values are not part of the request, but are retrieved later from a stored record.
In response, the examiner respectfully disagrees that Yang does not teach the limitation. Paragraph [0070] of Yang describes obtaining the record comprising the prior credentials, i.e., first credentials, to change the prior credentials to the updated credentials. It does not refer to obtaining the updated credentials from the record. Paragraph [0071] further states, “the record is updated such that the first credentials in the record are updated to the second credentials.” (emphasis noted) Yang discloses a system for synchronizing credentials between first and second systems. Yang, on paragraph [0041], discloses the second system receiving changed credentials for sending second credentials to the second system.
Applicant submitted that Yang does not describe modified access credential values being added to a log of previous access credential values. The “record” described in Yang is not any sort of an event log, but merely stores the current credentials.
In response, the claims do not define the event log. The claims do not specify that the event log is a log of previous access credential values and that the new credentials are added to the log of previous credentials such that the log comprises both new and previous credentials. Yang discloses a record comprising credentials, wherein the previous credentials, i.e., “first credentials” in the record is updated to the changed credentials. While Yang uses the term “updated,” the changed credentials, “second credentials,” are still added to the record such that the record comprises the changed credentials. Therefore, Yang teaches “appending” the credentials to the record.
Applicant submitted that without the benefit of hindsight, a skilled person reading Yang would think that such a modification would be a waste of storage and computing resources, and would instead continue to implement a system where the old credentials are simply replaced with the new credentials value as described in Yang.
In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
Firstly, Yang, on paragraph [0037], discloses using records that includes more than just credentials. Secondly, Magen’s disclosure of maintaining and adding to a log of events would have provided advantages such as verification and guarantee of updates performed on a system, visibility for attestation, auditing, and analysis of events, etc. (see at least paragraphs [0034]-[0037]). As such, Magen’s disclosure of maintaining logs of events would have provided advantages over the storage of additional data.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim 1, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al. US Patent Publication No. 2013/0174234 (“Yang”) in view of Magen et al. US Patent Publication No. 2023/0089407 (“Magen”).
Regarding claim 1, Yang teaches a computer-implemented method comprising:
receiving, from an authorisation server, an access credentials modification request to modify one or more access credentials associated with a user, the access credentials modification request comprising one or more modified access credentials values (para. [0032] first system 210 may be responsible for authenticating and authorizing users. para. [0069] second system 211 may receive a request to update credentials for an entity that is mapped to the second system);
appending the one or more modified access credentials values as one or more access credentials values to a first event log (para. [0070] credentials manager 223 may find a record that matches an identifier sent by the proxy 224. para. [0071] record is updated such that the first credentials in the record are updated to the second credentials. after the credentials manager 223 finds the record, it may update the credentials as requested).
While Yang discloses appending the access credentials to the first event log, Yang does not teach creating a first event object comprising the one or more modified access credentials values as one or more access credentials values and appending the first event object to a first event log.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure of creating and appending an object, i.e., entry, to a log such that that the credentials of Yang are comprised in an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained a history of entries of events with additional data such as time.
Regarding claim 19, Yang teaches a system comprising: one or more processors; and memory comprising computer executable instructions, which when executed by the one or more processors, cause the system to perform operations including:
receiving, from an authorisation server, an access credentials modification request to modify one or more access credentials associated with a user, the access credentials modification request comprising one or more modified access credentials values (para. [0032] first system 210 may be responsible for authenticating and authorizing users. para. [0069] second system 211 may receive a request to update credentials for an entity that is mapped to the second system);
appending the one or more modified access credentials values as one or more access credentials values to a first event log (para. [0070] credentials manager 223 may find a record that matches an identifier sent by the proxy 224. para. [0071] record is updated such that the first credentials in the record are updated to the second credentials. after the credentials manager 223 finds the record, it may update the credentials as requested).
While Yang discloses appending the access credentials to the first event log, Yang does not teach creating a first event object comprising the one or more modified access credentials values as one or more access credentials values and appending the first event object to a first event log.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure creating and appending an object to a log such that that the credentials of Yang are comprised in an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained entries of events with additional data such as time.
Regarding claim 20, Yang teaches a non-transient computer-readable storage medium storing instructions that, when executed by a computer, cause the computer to perform operations including:
receiving, from an authorisation server, an access credentials modification request to modify one or more access credentials associated with a user, the access credentials modification request comprising one or more modified access credentials values (para. [0032] first system 210 may be responsible for authenticating and authorizing users. para. [0069] second system 211 may receive a request to update credentials for an entity that is mapped to the second system);
appending the one or more modified access credentials values as one or more access credentials values to a first event log (para. [0070] credentials manager 223 may find a record that matches an identifier sent by the proxy 224. para. [0071] record is updated such that the first credentials in the record are updated to the second credentials. after the credentials manager 223 finds the record, it may update the credentials as requested).
While Yang discloses appending the access credentials to the first event log, Yang does not teach creating a first event object comprising the one or more modified access credentials values as one or more access credentials values and appending the first event object to a first event log.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure creating and appending an object to a log such that that the credentials of Yang are comprised in an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained entries of events with additional data such as time.
Claim 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Yang in view of Magen and Rouland et al. US Patent Publication No. 2025/0244997 (“Rouland”).
Regarding claim 5, Yang does not teach the method of claim 1, further comprising: responsive to receiving a failure notification indicative of a failed attempt to modify the one or more access credential values: creating a third event object indicative of the failed attempt; and appending the third event object to a second event log associated with the user.
Rouland discloses responsive to receiving a failure notification indicative of a failed attempt to modify one or more access credential values: creating a third event object indicative of the failed attempt (para. [0104] management system 103 stores the record of failure to change credentials). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang and Magen with Rouland’s disclosure. One of ordinary skill in the art would have been motivated to do so in order to have maintained records of different types of events.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure creating and appending an object to a log such that the object as disclosed by Rouland is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly maintained a history of entries of events with additional data
Regarding claim 6, Yang does not teach the method of claim 5, wherein the second event log is the first event log.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure creating and appending an object to a log such the failed attempt to modify the one or more access credential values as disclosed by Rouland is logged as an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained entries of events.
Claim 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Yang in view of Magen and Fan et al. US Patent Publication No. 2017/0155641 (“Fan”).
Regarding claim 13, Yang does not teach the method of claim 1, further comprising: receiving, from the authorisation server, an access credentials read request associated with a user, the access credentials read request comprising one or more access credential identifiers; traversing the first event log associated with the user to determine one or more access credential values for the respective access credential identifiers in the first event log; transmitting, to the authorisation server, the one or more access credential values; creating a second event object for recording an occurrence of the access credentials read request; and appending the second event object to a second event log.
Fan discloses receiving, from a server, an access credentials read request associated with a user, the access credentials read request comprising one or more access credential identifiers; traversing the first event log associated with the user to determine one or more access credential values for the respective access credential identifiers in the first event log; transmitting, to the server, the one or more access credential values (para. [0074] device service management system 306 includes a credential return engine 314, a credential datastore credential return engine 314 functions to return user credentials to the credential retrieval engine 308. credential return engine 314 can return user credentials stored in the credential datastore 316 to the credential retrieval engine 308 based on a user credential query message received from the credential retrieval engine 308). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Fan’s disclosure. One of ordinary skill in the art would have been motivated to do so in order to have provided capability to determine and retrieve stored access credentials.
Magen discloses creating a second event object; and appending the second event object to a second event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure of creating and appending an object to a log such that that the event disclosed by Fan, access credential read request, is comprised in an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained entries of events with additional data.
Regarding claim 14, Yang does not teach the method of claim 13, wherein the second event log is the first event log.
Magen discloses creating a first event object and appending the first event object to a first event log (para. [0064] generate an entry including an event identifier…, a recorded time, a received time, and event data included in the received message. control adds the entry to an event logging database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yang with Magen’s disclosure creating and appending an object to a log such the failed attempt to modify the one or more access credential values as disclosed by Rouland is logged as an object that is added to the log. One of ordinary skill in the art would have been motivated to do so in order to have similarly logged events including maintained entries of events with additional data such as time.
Allowable Subject Matter
Claims 2-4, 7-12, 15-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Joshua Joo whose telephone number is (571)272-3966. The examiner can normally be reached Monday-Friday 7am-3pm.
Examiner interviews are available via telephone, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached at 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSHUA JOO/Primary Examiner, Art Unit 2445