Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to communication filed 11/23/20.

Response to Amendment
The examiner acknowledges the amendment of claims 1 and 18.
Response to Arguments
Regarding applicant’s argument with respect to the reference of Rumble, Rumble teaches a server (cloud server) storing a database of static permissions (period of time that a user is allowed to access a particular location), the static permissions linked to individual user credentials, the server configured to execute a policy extraction algorithm to derive policies from the database of static permissions (user identification such as biometric information stored on the server is used for authenticating the user, and uses rules and unique data that applies to a particular location to determine user authentication, paragraph 026-029).

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-7, 9-10, 15-22, 24 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rumble US Patent Application Publication 20170076523.

             Regarding claim 1, Rumble teaches a physical access control system for protecting a resource, comprising:

a credential including information regarding a user stored thereon, the credential presented to request access to a resource protected by an access point (paragraph 020);



a controller executing a set of access control rules , the rules based on policies extracted from a database of static permissions for the user, the policies defining requirements for permitting access of the user to the resource based on the at least one attribute, the controller configured to permit access to the resource (paragraph 029-30). Rumble teaches a server (cloud server) storing a database of static permissions, the static permissions linked to individual user credentials, the server configured to execute a policy extraction algorithm to derive policies from the database of static permissions (user identification such as biometric information stored on the server is used for authenticating the user, and uses rules and unique data that applies to a particular location to determine user authentication, paragraph 026-029).

Regarding claim 2,  Rumble teaches the controller receiving context based information from at least one of the reader, a door controller, another controller, and an administrator (access is granted only for schedule based location access, schedule shift, paragraph 047).

Regarding claim 3, Rumble teaches the executing is based on the context based information (access is granted only for schedule based location access, schedule shift, paragraph 047).
.

Regarding claim 4, Rumble teaches the context based information includes information regarding attributes specific to or associated with access to the resource (paragraph 047).

Regarding claim 5, Rumble teaches the context based information includes a time based constraint (access is granted only for schedule based location access, schedule shift, paragraph 047).


Regarding claim 6, Rumble teaches the credential is a mobile device (paragraph 021).



Regarding claim 7, Rumble teaches the attribute is specific to the user (paragraph 026).
Regarding claim 9, Rumble teaches the attribute is at least one of a user’s credential ID (paragraph 031). 
Regarding claim 10, Rumble teaches the controller executes the policy on controller using at least one of a standard Attribute-Based Access Control policy execution mechanisms and an IF-CONDITION-THEN-ACTION rule, wherein each condition of the rule is a logical relationship over user and resource attribute values and action of the rule is to permit or deny access to the resource (paragraph 047).
Regarding claim 15, Rumble teaches the policies are extracted based on decision tree (policy is created by extracting data from different sources, paragraph 034-035).
Regarding claim 16, Rumble teaches the reader and controller are integrated (paragraph 058).
Regarding claim 17, Rumble teaches a door controller operatively coupled to the controller, the door controller disposed at the door and responsive to commands from the controller to control access to the resource (paragraph 058).
Regarding claim 18, Rumble teaches a method of encoding of static permissions for real time access control, the method comprising:

extracting a policy from a set of static permissions (paragraph 025);



receiving a user information from the credential, wherein the user information includes at least one attribute (paragraph 034);

executing a set of access control rules, the rules based on the policies extracted from the set of static permissions, the rules defining requirements for permitting access of the user to the resource based on the at least one attribute and permitting access to the resource if the rules are satisfied, otherwise denying access (paragraph 035,043-044). Rumble teaches a server (cloud server) storing a database of static permissions, the static permissions linked to individual user credentials, the server configured to execute a policy extraction algorithm to derive policies from the database of static permissions (user identification such as biometric information stored on the server is used for authenticating the user, and uses rules and unique data that applies to a particular location to determine user authentication, paragraph 026-029).


Regarding claim 19,  Rumble teaches the controller receiving context based information from at least one of the reader, a door controller, another controller, and an administrator (access is granted only for schedule based location access, schedule shift, paragraph 047).
Regarding claim 20, Rumble teaches the executing is based further on the context based information (paragraph 047).
Regarding claim 21, Rumble teaches the context based information includes information regarding constraints specific to or associated with access to the resource (access is granted only for schedule based location access, schedule shift, paragraph 047).


Regarding claim 22, Rumble teaches the controller executes the policy on controller using at least one of a standard Attribute-Based Access Control policy execution mechanisms and an IF-CONDITION-THEN-ACTION rule, wherein each condition of the rule is a logical relationship over user and resource attribute values and action of the rule is to permit or deny access to the resource (paragraph 047).

Regarding claim 24, Rumble teaches the policies are extracted based on decision tree (policy is created by extracting data from different sources, paragraph 034-035).




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rumble US Patent Application Publication 20170076523 in view of  Florentino et al. US Patent 10430594.

Regarding claim 8, Rumble is silent on teaching the attribute is generic to a group of users. Florentino et al. in an analogous art teaches the attribute is generic to a group of users (col. 9 lines 28-31).
. 

Claim 11 and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rumble US Patent Application Publication 20170076523 in view of Baron et al. US Patent Application Publication 20060064486.
Regarding claims 11 and 23, Rumble is silent on teaching the controller executes the rules in a compiled knowledge representation format using graphical traversal algorithms. Baron in an analogous art teaches the controller executes the rules in a compiled knowledge representation format using graphical traversal algorithms. (paragraph 0331-0332).
It would have been obvious to one of ordinary skill in the art to modify the system of Rumble as disclosed by Baron because such modification provide for a more adaptable access control system for a facility that requires various access control rules. 



Claim 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rumble US Patent Application Publication 20170076523 in view of McClintock et al. US Patent 9923927.
Regarding claim claims 12-14, Rumble is silent on teaching the system computes a derived attribute for an attribute to enable formulation of compact rules with “compressed derived attribute value checking” in the format of IF-CONDITION-THEN-ACTION rules, wherein the logical condition involves checking whether the derived attribute value is available in a set of derived attribute values. McClintock et al. in an analogous art teaches the system computes a derived attribute for an attribute to enable formulation of compact rules with “compressed derived attribute value checking in the format of 
It would have been obvious to one of ordinary skill in the art to modify the system of Rumble as disclosed by McClintock et al. because such modification provide for a more flexible and adaptable access control system in the creation and modification of access control credential. 


Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VERNAL U BROWN whose telephone number is (571)272-3060.  The examiner can normally be reached on Monday-Friday, 8AM-5PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VERNAL U BROWN/Primary Examiner, Art Unit 2683