DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 08 December 2020 have been fully considered but they are not persuasive.
In response to applicant’s arguments that the cited references do not teach “wherein the access…or more resources,” page 9, line 18-page 10, line 2, the examiner respectfully disagrees.
Jain teaches a system wherein a knowledge base and ontology-based policies are utilized to control access to data, wherein the ontology-based policies define the subjects, resources, credentials, and obligations between ontological elements.  The ontology-based policies indicate the subjects with which information may be shared, resources to be shared, e.g., (including the security level available to the agent), the credentials required by the agent, and particular types of information may only be accessed under particular terms (Para. 26, 27, 30, 37, 51, 75).  The policy may define an actor that corresponds to a particular agent, wherein the agent may be an employee or delegee (Para. 28), and an identity of the requester, an attribute of the requester (e.g., an employee identifier), a role of the requester (e.g., human resources, claims processing) may be also be mapped to/included within the ontology (Para. 73, 75).

	Therefore, the aforementioned limitations are taught by the cited reference.

Claim Interpretation
The following is an example of the examiner’s interpretation and suggestions for portions of the claims:
It should be noted that regarding the “detecting…a text change in one or more regulation texts relating to the access control” limitation of claim 7, it is unclear as to how the text change is detected and as to what the regulation texts are and how they are inputted to the system.  The examiner suggests clarifying how the system detects the text change in the regulation texts.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, the claim refers to “the resources” and “the subjects” at lines 4, 16.  It is unclear as to whether the “one or more resources” and/or “one or more subjects” are intended to be only plural.  Furthermore, it is not clear as to “the subjects” refers to the “one or more subjects” of line 2 or the “one or more subjects” of line 5.
Claim 9 includes references to “the resources” and “the subjects” as well and is similarly analyzed.
Claims 11 and 12 includes similar limitations and are similarly analyzed.
Claims 2-10 are also rejected based on their dependency on a rejected claim.

Regarding claim 10, the claim refers to “one or more resource concepts,” “the resources,” “one or more subject concepts,” “the subjects,” and “one or more policy concepts.”  It is unclear as to whether these are different than or the same as the “one or more resources” and “one or more subjects” of claim 1.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-6, 8, and 10-12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Jain et al. (US 2012/0042395).
Regarding claim 1, Jain teaches a method for controlling access to one or more resources of a computing system by one or more subjects, the method comprising: 
storing, by the computing system, e.g. a semantic framework that may be hosted on a computing device (Fig. 1, el. 112; Para 25), a knowledge base, i.e. a knowledge base (Fig. 1, el. 126), by providing a knowledge of an access control to the resources using the subjects in conformity with an access control ontology, e.g. utilizing the knowledge base and ontology-based policies to control access to data, wherein the ontology-based policies define the subjects, resources, credentials, and obligations between ontological elements (Para. 26, 27, 30, 37 , 51), 
wherein the access control ontology comprises: the one or more resources, one or more subjects, and one or more policies, and wherein the one or more resources represents types of the one or more resources to be controlled, the one or more subjects represent types of the one or more subjects involved in control of an access to the one or more resources, and the one or e.g. wherein the ontology-based policies define the subjects, resources, credentials, and obligations between ontological elements, wherein the policy indicates the subjects with which information may be shared, resources to be shared, e.g., (including the security level available to the agent), the credentials required by the agent, and particular types of information may only be accessed under particular terms (Para. 26, 27, 30, 37, 51, 75); the policy may define an actor that corresponds to a particular agent, wherein the agent may be an employee or delegee (Para. 28); an identity of the requester, an attribute of the requester (e.g., an employee identifier), a role of the requester (e.g., human resources, claims processing) may be mapped to/included within the ontology (Para. 73, 75);
receiving, by the computing system, an update request for updating the access control, e.g. receiving a request to establish an information sharing policy from an agent/entity, wherein the access level of the entity may be modified (Para. 55, 58, 59); receiving a response to a counteroffer, wherein the response indicates acceptance of one or more terms of the counteroffer and a request for information (Para. 79, 89); wherein the reciprocal permissions to access the data may be included in the request (Para. 73, 89);
converting, by the computing system, the update request into one or more update assertions for updating the knowledge base, e.g. translating between an ontology used by the requester to the domain-specific and/or sparse ontology of the system when the request is in a structured format and translating the request in an unstructured format using natural language to ontology mapping (Para. 66, 67); translating the requested access level information in the request (Para. 70-72); translating an identity of the requester, an attribute of the requester, a role of the requester, and reciprocal permissions to access data included in the request (Para. 73);
updating, by the computing system, the knowledge base according to the one or more update assertions, e.g. storing information provided by an agent during negotiation in the knowledge base (Para. 39); storing mapped and secured concepts in the knowledge base (Para. 46, 49); establishing a new policy for the requester based on the request (Para. 55, 60); negotiating the request (Para. 61); the response to the counteroffer indicates an acceptance of the terms of the counteroffer or a modification to the terms of the counteroffer (Para. 79, 89); 
receiving, by the computing system, an access request for a selected access to a selected resource of the resources by a selected subject of the subjects, e.g. receiving a request for information from a requester (Para. 55, 64, 82); 
converting, by the computing system, the access request into an access query for querying the knowledge base, e.g. translating between an ontology used by the requester to the domain-specific and/or sparse ontology of the system when the request is in a structured format and translating the request in an unstructured format using natural language to ontology mapping (Para. 66, 67); translating the requested access level information in the request (Para. 70-72); translating an identity of the requester, an attribute of the requester, a role of the requester, and reciprocal permissions to access data included in the request (Para. 73); 
determining, by the computing system, an authorization of the selected access according to a result of the access query, e.g. determining whether access to the information should be granted (Para. 61, 62, 74, 75); and 
granting, by the computing system, the selected access according to the authorization thereof, e.g. granting access to the information (Para. 61, 62, 74, 75).

Regarding claim 2, Jain teaches wherein the method further comprising: verifying, by the computing system, a consistency of the update request with the access control ontology; and accepting, by the computing system, the update request according to the consistency thereof, e.g. checking the policy for consistency by determining whether direct or inferred conflicts exist (Jain-Para. 20); mapping the semantic data of the request to the domain-specific ontology and/or sparse ontology for the structured format (Jain-Para. 66, 71).

Regarding claim 3, Jain teaches wherein said verifying a consistency of the update request comprises: generating, by the computing system, one or more verification assertions for verifying the consistency of the update request according to the update request; and verifying, by the computing system, a consistency of the verification assertions with the access control ontology, e.g. checking the policy for consistency by determining whether direct or inferred conflicts exist (Jain-Para. 20); mapping the semantic data of the request to the domain-specific ontology and/or sparse ontology for the structured format (Jain-Para. 66, 71).

Regarding claim 4, Jain teaches wherein the method further comprising: receiving, by the computing system, the update request expressed in unstructured way, e.g. the request may be expressed in an unstructured format such as natural language (Jain-Para. 65, 67, 72).

Regarding claim 5, Jain teaches wherein said receiving the update request expressed in unstructured way comprises: receiving by the computing system the update request expressed in a natural language, e.g. the request may be expressed in an unstructured format such as natural language (Jain-Para. 65, 67, 72).

Regarding claim 6, Jain teaches wherein said receiving the update request expressed in unstructured way comprises: receiving, by the computing system, the access request being submitted manually, e.g. the request may be expressed in an unstructured format such as a natural language search (Jain-Para. 65, 67, 72); wherein the request for information may include a request to establish a policy (Jain-Para. 55).

e.g. the request may be in a structured semantic format (Jain-Para. 66, 71).

Regarding claim 10, Jain teaches wherein the method further comprising: 
storing, by the computing system, the knowledge base comprising one or more resource concepts representing corresponding types of the resources, e.g. storing the ontology and/or semantic data that includes both concepts and relationships between concepts (Jain-Para. 11); the ontology-based policies may define policy elements such as subjects, resources, credentials, and obligations between ontological elements such as between resources, properties, and values (Jain-Para. 30),
one or more subject concepts representing corresponding types of the subjects, e.g. the ontology-based policies may define policy elements such as subjects, resources, credentials, and obligations between ontological elements such as between resources, properties, and values (Jain-Para. 30),
one or more policy concepts representing corresponding types of access control policies for accessing the resources by the subjects, e.g. the ontology-based policies may define policy elements such as subjects, resources, credentials, and obligations between ontological elements such as between resources, properties, and values (Jain-Para. 30), and 
one or more relations among the resource concepts, the subject concepts and/or the policy concepts, e.g. the ontology-based policies may define policy elements such as subjects, resources, credentials, and obligations between ontological elements such as between resources, properties, and values (Jain-Para. 30); and 
updating, by the computing system, the knowledge base by updating one or more resource instances instantiating the resource concepts representing the resources, one or more subject instances instantiating the subject concepts representing the subjects, one or more policy instances instantiating the policy concepts representing the access control policies and/or one or more further relations among the resource instances, the subject instances and/or the policy instances, e.g. storing information provided by an agent during negotiation in the knowledge base (Jain-Para. 39); storing mapped and secured concepts in the knowledge base (Jain-Para. 46, 49); establishing a new policy for the requester based on the request (Jain-Para. 55, 60); negotiating the request (Jain-Para. 61); the response to the counteroffer indicates an acceptance of the terms of the counteroffer or a modification to the terms of the counteroffer (Jain-Para. 79, 89).

Regarding claim 11, the claim is analyzed with respect to claim 1.  Jain further teaches a computer program product for controlling access to one or more resources of a computing system by one or more subjects, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a control computing machine to cause the control computing machine to perform e.g. executing instructions stored on a memory by a processor (Jain-Para. 92-94).

Regarding claim 12, Jain teaches a control computing machine, e.g. a semantic framework that may be hosted on a computing device (Fig. 1, el. 112; Para 25), for controlling access to one or more resources of a computing system by one or more subjects, wherein the control computing machine comprises: 
a circuitry, i.e. a data, ontology, and rules layer (Fig. 1, el. 120; Para. 25), for storing a knowledge base, i.e. a knowledge base (Fig. 1, el. 126), providing a knowledge of an access control to the resources by the subjects in conformity with an access control ontology, e.g. utilizing the knowledge base and ontology-based policies to control access to data, wherein the ontology-based policies define the subjects, resources, credentials, and obligations between ontological elements (Para. 26, 27, 30, 37, 51),
wherein the access control ontology comprises: the one or more resources, one or more subjects, and one or more policies, and wherein the one or more resources represents types of the one or more resources to be controlled, the one or more subjects represent types of the one or more subjects involved in control of an access to the one or more resources, and the one or more policies represent types of the access the one or more subjects have to the one or more resources, e.g. wherein the ontology-based policies define the subjects, resources, credentials, and obligations between ontological elements, wherein the policy indicates the subjects with which information may be shared, resources to be shared, e.g., (including the security level available to the agent), the credentials required by the agent, and particular types of information may only be accessed under particular terms (Para. 26, 27, 30, 37, 51, 75); the policy may define an actor that corresponds to a particular agent, wherein the agent may be an employee or delegee (Para. 28); an identity of the requester, an attribute of the requester (e.g., an employee identifier), a role of the requester (e.g., human resources, claims processing) may be mapped to/included within the ontology (Para. 73, 75);
a circuitry, e.g. a communications interface (Para. 23), for receiving an update request for updating the access control, e.g. receiving a request to establish an information sharing policy from an agent/entity, wherein the access level of the entity may be modified (Para. 55, 58, 59); receiving a response to a counteroffer, wherein the response indicates acceptance of one or more terms of the counteroffer and a request for information (Para. 79, 89); wherein the reciprocal permissions to access the data may be included in the request (Para. 73, 89); 
a circuitry, e.g. a schema inspector (Fig. 1, el. 142), for converting the update request into one or more update assertions for updating the access control ontology, e.g. translating between an ontology used by the requester to the domain-specific and/or sparse ontology of the system when the request is in a structured format and translating the request in an unstructured format using natural language to ontology mapping (Para. 66, 67); translating the requested access level information in the request (Para. 70-72); translating an identity of the requester, an attribute of the requester, a role of the requester, and reciprocal permissions to access data included in the request (Para. 73); 
a circuitry, e.g. a security mappings and rules module (Fig. 1, el. 146), for updating the access control ontology according to the one or more update assertions, e.g. storing information provided by an agent during negotiation in the knowledge base (Para. 39); storing mapped and secured concepts in the knowledge base (Para. 46, 49); establishing a new policy for the requester based on the request (Para. 55, 60); negotiating the request (Para. 61); the response to the counteroffer indicates an acceptance of the terms of the counteroffer or a modification to the terms of the counteroffer (Para. 79, 89); 
a circuitry, e.g. the communications interface (Para. 23), for receiving an access request for a selected access to a selected resource of the resources by a selected subject of the subjects, e.g. receiving a request for information from a requester (Para. 55, 64, 82); 
a circuitry, e.g. the schema inspector (Fig. 1, el. 142), for converting the access request into an access query for querying the access control ontology, e.g. translating between an ontology used by the requester to the domain-specific and/or sparse ontology of the system when the request is in a structured format and translating the request in an unstructured format using natural language to ontology mapping (Para. 66, 67); translating the requested access level information in the request (Para. 70-72); translating an identity of the requester, an attribute of the requester, a role of the requester, and reciprocal permissions to access data included in the request (Para. 73); 
e.g. an evaluation module (Fig. 1, el. 134), for determining an authorization of the selected access according to a result of the access query, e.g. determining whether access to the information should be granted (Para. 61, 62, 74, 75); and 
a circuitry, e.g. the evaluation module (Fig. 1, el. 134), for granting the selected access according to the authorization thereof, e.g. granting access to the information (Para. 61, 62, 74, 75).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 7 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Jain in view of Hosabettu (US 2018/0189413).
Regarding claim 7, Jain teaches all elements of claims 1 and 4.
Jain does not clearly teach wherein said receiving the update request expressed in unstructured way comprises: detecting, by the computing system, a text change in one or more regulation texts relating to the access control; and generating, by the computing system, the update request according to the text change.
 e.g. receiving and analyzing security policy and/or job descriptor documents using natural language processing and creating an ontology by extracting the semantic information (Para. 25, 33); extracting contextual terms associated with one or more roles, responsibilities, authority, or restrictions (Para. 34); generating a plurality of information access rules based on contextual terms and annotation tags, wherein the rules are automatically updated and revised in order to be in conformance with the new role definitions and enterprise policies (Para. 35, 36).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jain to include wherein said receiving the update request expressed in unstructured way comprises: detecting, by the computing system, a text change in one or more regulation texts relating to the access control; and generating, by the computing system, the update request according to the text change, using the known method of receiving and analyzing security policy and/or job descriptor documents using natural language processing and creating an ontology by extracting the semantic information, extracting contextual terms associated with one or more roles, responsibilities, authority, or restrictions, and generating a plurality of information access rules based on contextual terms and annotation tags, wherein the rules are automatically updated and revised in order to be in 

Regarding claim 9, Jain teaches all elements of claims 1, 4, and 8.
Jain further teaches the access control rules comprising an indication of one or more roles each having one or more permissions to access the resources and an indication of one or more of the roles assigned to each of the subjects, e.g. including security labels within the policy, wherein a label may state that information may only be available to particular requesters, such as an entity having a particular role (Jain-Para. 51, 73, 75).
Jain does not clearly teach wherein said receiving the update request expressed in structured way comprises: detecting, by the computing system, a rule change in one or more access control rules for accessing the resources by the subjects; and generating, by the computing system, the update request according to the rule change.
Hosabettu teaches detecting, by a computing system, a rule change in one or more access control rules for accessing resources by subjects, e.g. receiving and analyzing security policy and/or job descriptor documents using natural language processing and creating an ontology by extracting the semantic information (Para. 25, 33); extracting contextual terms associated with one or more roles, responsibilities, authority, or restrictions (Para. 34); generating a plurality of information access rules based on contextual terms and annotation tags, wherein the rules are automatically updated and revised in order to be in conformance with the new role definitions and enterprise policies (Para. 35, 36),
the access control rules comprising an indication of one or more roles each having one or more permissions to access the resources and an indication of one or more of the roles assigned to each of the subjects, e.g. wherein the access rules define how and when users would be allowed to access information, such as HR and managers (Para. 28, 36); and 
generating, by the computing system, the update request according to the rule change, e.g. receiving and analyzing security policy and/or job descriptor documents using natural language processing and creating an ontology by extracting the semantic information (Para. 25, 33); extracting contextual terms associated with one or more roles, responsibilities, authority, or restrictions (Para. 34); generating a plurality of information access rules based on contextual terms and annotation tags, wherein the rules are automatically updated and revised in order to be in conformance with the new role definitions and enterprise policies (Para. 35, 36).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jain to include wherein said receiving the update request expressed in structured way comprises: detecting, by the computing system, a rule change in one or more access control rules for accessing the resources by the subjects; and generating, by the computing system, the update request according to the rule change, using .

Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Glazier et al. (US 2009/0320093 A1) – Glazier discloses a system wherein utilizing an ontology to determine the resource the user is attempting to access, the subjects, i.e. the user that is attempting to get access, actions the user wishes to take (e.g., read, write, delete, etc.), and whether the user is onsite or logged in remotely (Para. 12).

Tonkin et al. (US 2019/0311003 A1) – Tonkin discloses a system that builds a knowledge model base utilizing ontologies.  For each document type, the structure of the document can be broadly defined in terms of the roles of the 

Byron et al. (US 2014/0289173 A1)—Byron discloses a system generates an ontology and axioms from a business-process model.  The system may identify a process that is represented by a triple, wherein the triple is associated with a subject that is of a type of entity class and an object that is of a type of entity class (Para. 109).

Kuriakose et al. (US 2014/0379755 A1)—Kuriakose discloses an ontology that has a plurality of subject types and subtypes (Fig. 6; Para. 45).

Vahid Karimi, et al.—“A uniform approach for access control and business models with explicit rule realization”—(April 2016).  This document discloses utilizing an ontology for access control and a plurality of resource types and subject/agent types (Para. 153-154).

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643.  The examiner can normally be reached on Monday - Friday, 6:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





04 February 2021
/Jeremy S Duffield/           Primary Examiner, Art Unit 2498