DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-19 are pending for examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-5, 10-14 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Utilizing the process described in the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG), claims 1-5, 10-14 and 19 satisfy the Step 1 because the claims are a process, an article of manufacture and a machine respectively.
In Step 2A prong 1, the independent claims 1, 10 and 19 recite “determining a first set of access permissions”, “determining a second set of access permissions”, “comparing the first set of access permissions with the second set of access permissions” and displays in a user interface “a table including a comparison of the first set of access permissions with the second set of access permissions”. Dependent claims 2-5 and 11-14 recite “a first column, a listing of access permissions included in the first set of access permissions but not included in the second set of access permissions.”, “in a second column, a listing of access permissions included in the second set of access permissions but not included in the first set of access permissions”, “in a third column, a listing of access permissions common to both the first set of access permissions and the second set of access permissions”, “the first set of access permissions indicate associations of the first user with one or more purpose objects and/or data asset objects”. These limitations recite the abstract idea of collecting information, analyzing information, and displaying the result of the analysis, which falls within the category of mental process identified in 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG) because the steps can be practically performed in the human mind or with pen and paper. A person could review a first user’s access permission, review a second user’s permissions, determine which permissions are unique to each user, and prepare a comparison table showing the difference. Accordingly, the claim recites an abstract idea.
In Step 2A prong 2, the judicial exception is not integrated into a practical application because processors and memories are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component. The additional elements beyond the abstract idea includes: “an interactive user interface” and “a table for presenting comparison results”. These elements merely display the results of comparison and therefor constitute insignificant extra-solution activity. The claim does not recite any improvement to computer functionality, network operation, database architecture, user-interface technology, or access-control technology. The cited interactive user interface and table merely present information resulting from the comparison of permission sets and do not impose any meaningful limit on the judicial exception. Therefore, the claim as a whole does not integrate the abstract idea into a practical application.
In Step 2B, the claim do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, individually and in combination, amount to no more than a generic computer implementation of the abstract idea, Presenting information through a user interface and displaying information in a tabular form are well-understood, routine, and conventional computer functions. The claim merely use generic computer components as a tool to perform the abstract idea of evaluating and comparing access permissions and display the results.
Accordingly, Claims 1-5, 10-14 and 19 are directed to an abstract idea and does not include additional elements sufficient to amount to significant more than the abstract idea itself. Therefore, Claims 1-5, 10-14 and 19 are not directed to patent eligible subject matter under 35 U.S.C. §101.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2016/0063270 (Brock et al.).
Regarding Claim 1, Brock teaches a computer-implemented method comprising, by one or more hardware processors executing program instructions (Fig. 1, processor 17): determining a first set of access permissions associated with a first user ([¶ 0048], …identifies all of the permissions associated with the first identifiers… combine all of the permissions for the profile and permissions sets of a first user into the first comparison column. [¶ 0061], the system administrator may drag and drop user id 218A [i.e., first user] into header 208A. In response to selecting user id 218A, permission comparator 214 may download all of the permissions 216 in profile 220A and all of the permissions in permission sets 222A. For example, profile 220A and permission sets 222A [i.e., first set of access permission] may be linked to user id 218A. Permission comparator 214 identifies unique id 218A in header 208A and then makes API calls to profile 220A and permission sets 222A linked to user id 218A);
determining a second set of access permissions ([¶ 0048], …identifies all of the permissions associated with the second identifiers…combine all of the permissions for the profile and permissions sets of a second user into the second comparison column. [¶ 0065], the system administrator may drag user id 218B into header 208B. Comparator 214 may create permission group 210B from profile 220B and permission sets 222B [i.e., second set of access permissions]);
comparing the first set of access permissions with the second set of access permissions ([¶ 0050] …compare any combination of users, profiles, and/or permission sets. …combines users, profiles, and/or permission sets into a same data structure and performs direct comparisons between permissions combined together in different data containers. [¶ 0066], The system administrator may select a comparison operator that determines how permission comparator compares permission group with permission group); and
providing, via an interactive user interface and based on the comparing, a table including a comparison of the first set of access permissions with the second set of access permissions ( [¶ 0060], displays a user interface for accessing permission comparator. [¶¶ 0064-0065] the system administrator can view up to the minute permission status for any selectable user, profile, or permission set… the system administrator may drag user id 218A into header 208A and drag user id 218B into header 208B. Comparator 214 may create permission group 210A from profile 220A and permission sets 222A and create permission group 210B from profile 220B and permission sets 222B. Fig. 6 and 7 illustrates an interactive user interface that shows side-by-side comparison table of user permissions. [¶ 100] FIG. 7, shows permission comparator accumulates all of the object permissions for user John Smith into one group and accumulates all of the object permissions for user Dave Baker into a second group. …then identifies a first subgroup and …also identifies a second subgroup).
Regarding Claim 2, Brock teaches the computer-implemented method of Claim 1, wherein the table includes, in a first column, a listing of access permissions included in the first set of access permissions but not included in the second set of access permissions ([Abstract]The permission management system performs selectable comparisons on the different groups of permissions, such as unique permissions. The permission management system also may identify permissions in a first permission group that do not exist in a second permission group. [¶¶ 0099-0100] FIG. 7 shows an example of the user interface according to some implementations. The permission comparator identifies a first subgroup of object permissions 210A assigned to John Smith but not assigned to Dave Baker. [¶ 0101] Permission group 210A shows [displays in the first column, see Fig. 7] that John Smith has read, edit, create, and delete permission for an asset object and that user Dave Baker has no read, edit, create, or delete permissions for the asset object. Permissions 210A also show that John Smith has read permission for a contacts object and that user Dave Baker has no read permission for the contacts object).
Regarding Claim 3, Brock teaches the computer-implemented method of Claim 2, wherein the table further includes, in a second column, a listing of access permissions included in the second set of access permissions but not included in the first set of access permissions ([Abstract]The permission management system performs selectable comparisons on the different groups of permissions, such as unique permissions. [¶¶ 0099-0100] FIG. 7 shows permission unique to the second user in a different column. accumulates all of the object permissions for user Dave Baker into a second group. The permission comparator …identifies a second subgroup of object permissions 210B assigned to Dave Baker but not assigned to John Smith. [¶ 0102] Permission group 210B shows [displays in the second column, see Fig. 7] that Dave Baker has edit, create, and delete permissions for an account object and that user John Smith has no edit, create, or delete permission for the account object. Permissions 210B also show that user Dave Baker has read and edit permission for a customer object and that user John Smith has no read or edit permission for the customer object) .
Regarding Claim 4, Brock teaches the computer-implemented method of Claim 3, wherein the table further includes, in a third column, a listing of access permissions common to both the first set of access permissions and the second set of access permissions ([¶ 0049] The permission management system then may identify common permissions for both the first and second user. [¶¶ 0075-0076] Permission management system 200 may identify common permissions 224B between different selected identifiers 240. For example, the system administrator may want to identify the common permissions between user 218A and user 218B. The system administrator enters user ids 240A and 240B for users 218A and 218B into headers 208A and 208B, respectively. The system administrator then selects a common comparison operator 206 that directs permission comparator 214 to identify the common permissions for users 218A and 218B. Permission comparator 214 creates permission groups for user 218A and 218B and displays common permissions 224B. For example, user 218A and user 218B may both have the same access permission for a same application. The application permission is displayed in common permissions 244B. Note: Although Brock does not explicitly depict a third column listing common permissions, Brock teaches identifying “common permissions, unique permission, and differing permissions”. Fig. 7 shows first column shows unique permissions for first user and second column shows unique permissions for second user, accordingly adding a third column for common permissions would have been an obvious design choice).
Regarding Claim 5, Brock teaches the computer-implemented method of Claim 1, wherein the first set of access permissions indicate associations of the first user with one or more purpose objects and/or data asset objects ([Fig. 7, ¶ 0101] Permission group 210A shows that John Smith has read, edit, create, and delete permission for an asset object. Permissions 210A also show that John Smith has read permission for a contacts object).
Regarding Claim 6, Brock teaches The computer-implemented method of Claim 1 further comprising, by the one or more hardware processors executing program instructions: receiving a user input via the interactive user interface ([¶¶ 0061, 0066] the system administrator may drag and drop user id 218A into header 208A. The system administrator may select a comparison operator 206 that determines how permission comparator 214 compares permission group 210A with permission group 210B.These are explicit example of user input received via the interactive user interface); and in response to the user input, updating the first set of access permissions to include at least a portion of the second set of access permissions ([Abstract] identify permissions in a first permission group that do not exist in a second permission group and assign the identified permissions to the second permission group. [¶¶ 0081-0082] permission comparator 214 identifies permissions in profile 220A and permission sets 222A associated with user 218A that do not exist in profile 220B and permission sets 222B associated with user 218B. Permission comparator 214 then may generate a new permission set 222C that includes the identified permissions [i.e., a portion of the set of access permissions] for user 218A and assign permission set 222C to user 218B. New permission set 222C provides user 218B with the access rights of user 218A. [¶ 0104] In another example, a user 218 may move to a new sales territory. The system administrator may create a new profile 220 for the sales territory and assign the new profile to the user. The system administrator may user interface 204 to compare the new profile with the previous profile for the user and ensure the user retains permissions for both previous and new job assignments. FIGS. 6 and 7 are just a few examples of how the permission management system generates and compares permission groups for different selectable permission categories.).
Regarding Claim 7, Brock teaches the computer-implemented method of Claim 1 further comprising, by the one or more hardware processors executing program instructions: receiving a user input via the interactive user interface ([¶¶ 0061, 0066]the system administrator may drag and drop user id 218A into header 208A. The system administrator may select a comparison operator 206 that determines how permission comparator 214 compares permission group 210A with permission group 210B.These are explicit example of user input received via the interactive user interface); and in response to the user input, updating the first set of access permissions to include all of the second set of access permissions [¶¶ 0081-0082] permission comparator 214 identifies all of the permissions in profile 220A and permission sets 222A associated with user 218A that do not exist in profile 220B and permission sets 222B associated with user 218B. Permission comparator 214 then may generate a new permission set 222C that includes the identified permissions for user 218A and assign permission set 222C to user 218B. New permission set 222C provides user 218B with the access rights of user 218A).
Regarding Claim 8, Brock teaches the computer-implemented method of Claim 7 further comprising, by the one or more hardware processors executing program instructions: in response to updating the first set of access permissions, associating the first user with all of one or more purpose objects with which the second set of access permissions are associated ([¶ 0051] The permission management system may generate new permission sets that include the permissions for a first permission group that do not exist in a second permission group. For example, a first user may need the same access settings as a second user. The system administrator simply drags and drops identifiers for the first and second user into the headers. The permission management system identifies a set of permissions for the second user that do not exist for the first user. The permission management system then assigns the identified set of permissions to the first user. [¶¶ 0081-0082] permission comparator 214 identifies all of the permissions in profile 220A and permission sets 222A associated with user 218A that do not exist in profile 220B and permission sets 222B associated with user 218B. Permission comparator 214 then may generate a new permission set 222C that includes the identified permissions for user 218A and assign permission set 222C to user 218B. New permission set 222C provides user 218B with the access rights of user 218A. [¶ 0068], Object permission 230 may identify permissions associated with different types of objects, such as accounts, reports, clients, customers, assets, audit, contacts, custom objects, etc. [¶ 0101] Permission group 210A shows that John Smith has read, edit, create, and delete permission for an asset object and that user Dave Baker has no read, edit, create, or delete permissions for the asset object. Permissions 210A also show that John Smith has read permission for a contacts object and that user Dave Baker has no read permission for the contacts object. Note: Since, Brock teaches updating one user’s permissions to include permission possessed by another user and further teaches the permissions associated with different types of objects, such as accounts, reports, clients, customers, assets, audit, contacts, custom objects, etc. Therefore, when the identified permissions are assigned to the user, the user necessarily becomes associated with the same objects to which those permission pertain).
Regarding Claim 9, Brock teaches the computer-implemented method of Claim 8 further comprising, by the one or more hardware processors executing program instructions: further in response to updating the first set of access permissions, enabling the first user to access all data assets associated with the one or more purpose objects ([¶ 0051] The permission management system may generate new permission sets that include the permissions for a first permission group that do not exist in a second permission group. For example, a first user may need the same access settings as a second user. The system administrator simply drags and drops identifiers for the first and second user into the headers. The permission management system identifies a set of permissions for the second user that do not exist for the first user. The permission management system then assigns the identified set of permissions to the first user. [¶ 0068], Object permission 230 may identify permissions associated with different types of objects, such as accounts, reports, clients, customers, assets, audit, contacts, custom objects, etc. Since the assigned permissions includes. [¶ 0101] Permission group 210A shows that John Smith has read, edit, create, and delete permission for an asset object. Because the assigned permissions includes read, edit, create, and delete permission for an asset object, therefore, in response to updating the set of access permissions, Brock enables the user to access data assets associated with the object to which the permission relate).
Regarding Claim 10, the claim limitations are identical and/or equivalent in scope to claim 1, therefore, rejected under the same rationale. Examiner further notes, Brock also teaches one or more computer readable storage mediums storing program instructions; and one or more processors configured to execute the program instructions (See Fig. 1, ¶¶ 0023-0026).
Regarding Claims 11-18, the claim limitations are identical and/or equivalent in scope to claims 2-9, respectively, therefore, Claims 11-18 are rejected under the same rationale as Claims 2-9.
Regarding Claim 19, the claim limitations are identical and/or equivalent in scope to claim 1, therefore, rejected under the same rationale. Examiner further notes, Brock also teaches a computer program product comprising one or more computer-readable storage mediums, the one or more computer-readable storage mediums storing program instructions,… (¶ 0034).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 9am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ARIO ETIENNE can be reached at 571-272-4001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2457
/ARIO ETIENNE/Supervisory Patent Examiner, Art Unit 2457