DETAILED ACTION
The following is a FINAL office action upon examination of the application number 15/097304. 
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendment
Claims 1, 2, 7-10, 15, and 16 have been amended. 
Claims 1-20 are pending in the application and have been examined on the merits discussed below. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-10, 13-16, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2008/0282318 (Rits); in view of US 2016/0344772 (Monahan); in view of US 2014/0164048 (Bourdaillet); in view of US 2012/0215578 (Swierz).

As per claim 1, Rits teaches: a computer implemented method for secure and compliant execution of processes associated with in-memory database, the method comprising: generating a workflow model for a process associated with the in-memory database, wherein  … The system memory 824 may store information and/or instructions for use in combination with processing unit 822… [0007] In general, a workflow may be considered as an operational aspect of a work procedure: how tasks are structured, who performs them, what their relative order is, how they are synchronized, how information flows to support the tasks and how tasks are being tracked. Accordingly, a composite application comprising a set of sub-applications such as Web services, loosely coupled in a service-oriented architecture may be modeled in a workflow wherein an invocation of any of the sub-applications may be represented by a sub-activity. A sub-application may be a self-contained software component (e.g. a Web service). The workflow may represent interdependencies between the sub-activities which must be considered when execution one or more of the represented sub-applications. [0079] The sub-activities 711 to 714 of the workflow 700 illustrated in FIG. 7 may model information processing tasks such as an update of the stock of medications; workflow includes tasks. [0019] By providing a consolidated workflow policy, access control (i.e. policy enforcement) may be shifted from separately enforcing single policies for each of the sub-applications comprised in a composite application to the workflow layer. That is, a single consolidated policy may be enforced instead of a plurality of single policies which may be otherwise evaluated repeatedly and thus redundantly. [0020] Full authorization denotes that users are either authorized to execute all sub-activities (i.e. the sub-applications which are represented in the workflow) of the workflow or none at all. Partial authorization denoted that a user is authorized to execute at least one execution path of the workflow, but not necessarily all possible execution paths of the workflow. [0067] … Therefore, a workflow of a composite application reveals a multi-layered security model (i.e. multi-layered policies), denoting that access control (i.e. policy enforcement) is thus iteratively performed… This may happen in particular if a user is granted the permission to execute some sub-applications but lack authorization at some later stage in the control flow of the composite application; authorization constraints)
translating the workflow model into a transition system format; ([0011] In general, a tree may be a data structure that emulates a tree structure with a set of linked nodes. Each node in a tree may have zero or more child nodes, which are below in the tree (by convention, trees grown down, not up as they do in nature). A node that has a child is called the child's parent note. Nodes having at least one child are called inner nodes or structured nodes. Nodes that do not have a child node are called leafs. With regard to a workflow, a workflow specified in BPEL may be represented by a (workflow tree) wherein its inner, i.e. structured nodes may be represented by structured activities which may represent an execution command (e.g. whether subsequent activities may be executed in sequence or in parallel) in the workflow. [0084] In one exemplary implementation of the workflow 700, i.e. the control flow of the sub-applications comprised may be specified in BPEL and the policies of the sub-applications 711 to 714 may be defined in XACML).
generating a reachability graph that includes possible workflow execution paths corresponding to the workflow model, wherein the possible workflow execution paths include nodes representing states of task execution and edges representing tasks executed by process participants ([0012] An (execution) path, for example through a workflow, may be a connected sequence of sub-activities (which are connected by structured activities) in the workflow such that the workflow is in an exemplary aspect entered at its staring point and finished at its ending point. [0013] An execution path in a workflow may be enhanced with a label, referred to as path label, which represents the positions of the sub-activities lying on the execution path in a corresponding workflow tree. In particular, each sub-activity may be labeled with information necessary to describe the position of the sub-activity in a workflow tree. [0089] Thus, the workflow 700 is executable for internists and for nurses, wherein internists are fully authorized and nurses are partially authorized. All other subjects, e.g. administrative personal can be blocked right from the beginning, as they will never succeed in reaching an ending element 702 of the workflow 700; see Fig. 7 showing a reachability graph including execution paths)
and each of the possible execution paths ends at a common root node ([0069] FIG. 1 shows an exemplary workflow 100 of an exemplary composite application, comprising one or more sub-applications A to H (111 to 118). The sub-applications A to H (111 to 118) are referred to as sub-activities A to H (111 to 118) in the workflow 100 representing and modeling, respectively the composite application. The workflow 100 is stared by a starting element 101 and finished by an ending element 102; see workflow with different possible execution paths ending at a common node)
generating a monitor by translating the reachability graph … ([0021] By enforcing the consolidated workflow policy using a security index structure, the sub-applications of the workflow may be labeled. Hence, the labels may be used to check authority, i.e. enforce the consolidated workflow policy. [0034] performing access control by means of an extended prefix check by checking whether a node label of a sub-activity of the sub-activities is a prefix of the path label of the at least one execution path of the authorization trie, wherein the sub-activity lies on the at least one execution path. [0035] By using node labels for the sub-activities (i.e. invocations of the sub-applications) and path labels for possible execution paths in a workflow, wherein the path labels may be derived from the node labels and further by organizing the path labels in an efficient (security) index structure (which represents the authorities for the sub-activities in the workflow), in one exemplary aspect in a prefix tree, referred to as authorization trie, policy enforcement of consolidated policies may be reduced to simple node label tests; sequence of activities (reachability graph) is translated-into prefixes to perform access control monitoring. [0089] Thus, the workflow 700 is executable for internists and for nurses, wherein internists are fully authorized and nurses are partially authorized. All other subjects, e.g. administrative personal can be blocked right from the beginning, as they will never succeed in reaching an ending element 702 of the workflow 700).
receiving authorization policies; ([0090] …a method may collect policies that apply to execution paths in a corresponding workflow tree 110 and evaluate them [0079] …For example, the sub-activities 711 to 714, e.g. to be realized as Web services have the following access rules, i.e. policies: [0080] Health personal with permanent employment and administrative personal are allowed to access the medical records of patients 711. This access control rule refers to the subject specification S.sub.MR, which is allowed to execute the sub-activity "query medical records" 711. [0081] Nurses of the cardiology and internists are allowed to update medical records, e.g. by inserting ECG results, i.e. the subject specification SECG comprising nurses of the cardiology and internists are allowed to execute the sub-activity "make stress electrogardiogram" 712. [0082] Internists having the subject specification S.sub.App are allowed to perform the sub-activity "apply monitoring devices" 713).
receiving, from a process participant, a request to execute one of the tasks in the workflow model of the process; and ([0071] A user (who makes a request to access the workflow 100) is authorized to execute a Sequence block 105, 106, and 107, if he/she is allowed to execute all of the succeeding sub-activities. For example, if the user is authorized to execute the first Sequence block 105 in the workflow 100, then he/she is allowed to execute the sub-activity A 111, the first Switch block 103, and the sub-activity H 118 in the workflow 100, since sub-activities A and H (111 and 118) as well as the first Switch block 103 are children of the first Sequence block 105 in a workflow tree 110 used to model and represent, respectively the workflow 100. The workflow tree 110 of the workflow 100 is shown in FIG. 1A. [0118] …Thus, the sub-activity H 118 is allowed to be executed by a request from a user having the authorization)
A user (who makes a request to access the workflow 100) is authorized to execute a Sequence block 105, 106, and 107, if he/she is allowed to execute all of the succeeding sub-activities. [0016] providing a workflow for the composite application, wherein the composite application is constructed from a set of sub-applications and wherein at least a plurality of the sub-applications have a policy; [0017] generating a consolidated workflow policy for the workflow by combining the policies of the sub-applications and by taking into account a control flow of the workflow, wherein the control flow provides an order in which the set of sub-applications are performed; and [0018] enforcing the consolidated workflow policy by providing a security index structure for the consolidated workflow policy adapted for checking authorization in the workflow. [0019] … enforcing the consolidated workflow policy by providing a security index structure, the security index structure may allow checking both partial and full authorization of a workflow in an efficient manner. The security index structure may be based on a node labeling technique labeling both the sub-applications modeled in the workflow and the possible execution paths in the workflow allowing (consolidated) policy enforcement to be reduced to fast index checks. [0034][0041] [0077] authorization of the user needs to be reevaluated when any of the Switch blocks 103, 104 of the workflow 100 is entered [0078] … employee is authorized by some sub-activity 711 but rejected by other sub-activities 712, 713, and 714 of the e-health workflow 700).
the task-specific authorization constraints are at least one of: 1. a separation of duty constraint that enforces conflict of interest constraints and 2. a binding of duty constraint that enforces a constraint of: a. a process participant executes associated tasks or b. a given task is executable by any process participant with a given role; ([0020] Full authorization denotes that users are either authorized to execute all sub-activities (i.e. the sub-applications which are represented in the workflow) of the workflow or none at all. Partial authorization denoted that a user is authorized to execute at least one execution path of the workflow, but not necessarily all possible execution paths of the workflow. Using the security index structure, partial authorizations may be quickly and efficiently performed. [0034] performing access control by means of an extended prefix check by checking whether a node label of a sub-activity of the sub-activities is a prefix of the path label of the at least one execution path of the authorization trie, wherein the sub-activity lies on the at least one execution path. [0035] By using node labels for the sub-activities (i.e. invocations of the sub-applications) and path labels for possible execution paths in a workflow, wherein the path labels may be derived from the node labels and further by organizing the path labels in an efficient (security) index structure (which represents the authorities for the sub-activities in the workflow), in one exemplary aspect in a prefix tree, referred to as authorization trie, policy enforcement of consolidated policies may be reduced to simple node label tests. [0046][0074]-[0077])
based on the reachability graph generated, enabling the monitor during run-time to enforce task-specific authorization constraints and authorization policies to provide request grant or deny to execute the requested task ([0071] A user (who makes a request to access the workflow 100) is authorized to execute a Sequence block 105, 106, and 107, if he/she is allowed to execute all of the succeeding sub-activities. For example, if the user is authorized to execute the first Sequence block 105 in the workflow 100, then he/she is allowed to execute the sub-activity A 111, the first Switch block 103, and the sub-activity H 118 in the workflow 100, since sub-activities A and H (111 and 118) as well as the first Switch block 103 are children of the first Sequence block 105 in a workflow tree 110 used to model and represent, respectively the workflow 100. The workflow tree 110 of the workflow 100 is shown in FIG. 1A.  [0089] Thus, the workflow 700 is executable for internists and for nurses, wherein internists are fully authorized and nurses are partially authorized. All other subjects, e.g. administrative personal can be blocked right from the beginning, as they will never succeed in reaching an ending element 702 of the workflow 700. [0080] Health personal with permanent employment and administrative personal are allowed to access the medical records of patients 711. This access control rule refers to the subject specification S.sub.MR, which is allowed to execute the sub-activity "query medical records" 711. [0081] Nurses of the cardiology and internists are allowed to update medical records, e.g. by inserting ECG results, i.e. the subject specification SECG comprising nurses of the cardiology and internists are allowed to execute the sub-activity "make stress electrogardiogram" 712. [0082] Internists having the subject specification S.sub.App are allowed to perform the sub-activity "apply monitoring devices" 713. [0113] [0114] [0118] …Thus, the sub-activity H 118 is allowed to be executed by a request from a user having the authorization).
	Although not explicitly taught by Rits, Monahan teaches: monitor by translating the reachability graph in a database query format; ([0025] The model comprising a database of object oriented elements representing the nodes, and the method having the step of searching the database for logical paths through the model, which match given constraints. [0059] A database having a model of at least some of a network, the model having nodes … [0077] The model can comprise a database of object oriented elements representing the nodes, and the method can have the step of searching the database for logical paths through the model, which match given constraints. [0187] Path queries that show that two sets of nodes are linked together by paths satisfying certain constraints. This kind of query naturally involves reachability over the graph of associations).
It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned teachings of Monahan with the motivation of identifying reachability paths between nodes in a 
Although not explicitly taught by Rits, Bourdaillet teaches: wherein multiple nodes represent a same incomplete or complete state of execution of a single task… ([0067] With reference to FIG. 2, instantiating an abstract workflow into a concrete workflow includes deciding: a) which service instance will be chosen for each abstract service, and b) which data center will be selected to host/execute a service instance. For example, the data centers may be a remote server, cloud, etc. [0068] As shown in FIG. 2, abstract services S1 can be performed by any one of service instances S1.sub.1, S1.sub.2, S1.sub.3 and S1.sub.4. For example, abstract service S1 could be a translation service, and S1.sub.1, S1.sub.2, S1.sub.3 and S1.sub.4 represent providers; describes a translation service S1 (task) . [0074] As shown in FIG. 3, initially the abstract graph AW is expanded into the search space of concrete graphs CW that describe all possible paths of service instances and data centers. This is done by expanding each abstract service node Si of AW into a set of nodes [Si.sub.j,d] that is the Cartesian product between all the possible service instances [Si.sub.j] and data centers [d]; shows multiple incomplete state nodes for a translation task for a single translation service task (S11A, S11B, S11C, S12A, S12B, S13D, and S14E) and complete state nodes (S21C, S21E, S22A, S22B, S22D, S23A, and S25B). [0075] With continuing reference to FIG. 3, each of the expanded nodes Si.sub.j,d instantiating a service Si is linked to every expanded node Si+1.sub.j',d' instantiating the service Si+1. The source node is linked to every expanded node S1.sub.j,d, and every expanded node Sn.sub.j,d is linked to the end node).
…wherein there are multiple different starting nodes for the possible execution paths that end at the common root node (([0067] With reference to FIG. 2, instantiating an abstract workflow into a concrete workflow includes deciding: a) which service instance will be chosen for each abstract service, and b) which data center will be selected to host/execute a service instance. For example, the data centers may be a remote server, cloud, etc. [0068] As shown in FIG. 2, abstract services S1 can be performed by any one of service instances S1.sub.1, S1.sub.2, S1.sub.3 and S1.sub.4. For example, abstract service S1 could be a translation service, and S1.sub.1, S1.sub.2, S1.sub.3 and S1.sub.4 represent providers [0074] As shown in FIG. 3, initially the abstract graph AW is expanded into the search space of concrete graphs CW that describe all possible paths of service instances and data centers. This is done by expanding each abstract service node Si of AW into a set of nodes [Si.sub.j,d] that is the Cartesian product between all the possible service instances [Si.sub.j] and data centers [d]; shows workflow with multiple starting nodes (S11, S12, S13, and S14) for possible paths that end at a common node).
It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned teachings of Bourdaillet with the motivation of generating a business process workflow (Bourdaillet [0003]). Further, one of ordinary skill in the art would have recognized that applying the teachings of Bourdaillet to the system of Rits would have yielded predictable results and doing so would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow for the modeling of workflows with multiple starting nodes and a single end node.
Although not explicitly taught by Rits, Swierz teaches: wherein a number of process participants required to execute the tasks is dependent on a number of task-specific authorization constraints ([0046] When a task is to be assigned, certain task information is to be collected. Such task information includes the name of the client, nature of the work, complexity of the work, the volume or anticipated volume of the work, applicable deadlines, conflicts of interest, ability to pay, the industry, whether the industry is heavily regulated, forms to be used, priority of the assignment, etc. The first user then enters the task information collected into the database….The software application processes the information and synthesizes the data into a report or other work product to automatically suggest employees to whom a task should be assigned. In an alternative embodiment, the software application may be used to automatically or semi-automatically schedule employees; conflict of interest constraints associated with tasks affect number of participants required).
 It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned teachings of Swierz with the motivation of determining employees suitable to complete a task (Swierz [Abstract]). Further, one of ordinary skill in the art would have recognized that applying the teachings of Swierz to the system of Rits would have yielded predictable results and doing so would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow for resource assignment to account for task specific constraints.
	
As per claim 2, Rits teaches: wherein the number of process participants required to execute the task is less than equal to the numbers tasks in the workflow model ([0080] Health personal with permanent employment and administrative personal are allowed to access the medical records of patients 711. This access control rule refers to the subject specification S.sub.MR, which is allowed to execute the sub-activity "query medical records" 711. [0081] Nurses of the cardiology and internists are allowed to update medical records, e.g. by inserting ECG results, i.e. the subject specification SECG comprising nurses of the cardiology and internists are allowed to execute the sub-activity "make stress electrogardiogram" 712. [0082] Internists having the subject specification S.sub.App are allowed to perform the sub-activity "apply monitoring devices" 713). Examiner notes that claim scope is not limited by language that suggests or wherein the number of process participants required to execute the task is less than equal to the numbers tasks in the workflow model is not found to limit the claim scope.

As per claim 5, Rits teaches: wherein the request is received from a process participant to execute the one of the tasks in the workflow model of the process ([0009] … An access control rule may substantially comprise a condition, which must be fulfilled by a subject or an identity such as a requester in view of a requested application and/or service. [0068] … The WFMS may then supervise the state of executions and blocks requests in case workflow branches are entered that are not permitted for the corresponding request context. [0071] A user (who makes a request to access the workflow 100) is authorized to execute a Sequence block 105, 106, and 107, if he/she is allowed to execute all of the succeeding sub-activities. For example, if the user is authorized to execute the first Sequence block 105 in the workflow 100, then he/she is allowed to execute the sub-activity A 111, the first Switch block 103, and the sub-activity H 118 in the workflow 100, since sub-activities A and H (111 and 118) as well as the first Switch block 103 are children of the first Sequence block 105 in a workflow tree 110 used to model and represent, respectively the workflow 100).

As per claim 6, Rits teaches: wherein the transition format is a graphical representation of the workflow model that represents the tasks as transitions. ([0011] … With regard to a workflow, a workflow specified in BPEL may be represented by a (workflow tree) wherein its inner, i.e. structured nodes may be represented by structured activities which may represent an execution command (e.g. whether subsequent activities may be executed in sequence or in parallel) in the workflow. [0074] … A path in the workflow 100 is a sequence of sub-activities 111 to 118, Sequence blocks 105, 106, 107, and/or Switch blocks 103, 104 such that the path is entered at the workflow's starting element 101 and finished at the ending element 102. Furthermore, from each of the sub-activities 111 to 118, Sequence blocks 105, 106, 107, and/or Switch blocks 103, 104 there exists an edge to the next sub-activity 111 to 118, Sequence block 105, 106, 107, and/or Switch block 103, 104 in the corresponding workflow tree 110).

As per claim 7, Rits teaches: enabling the monitor to query the reachability graph based on task-specific authorization constraints and authorization policies to provide request grant or deny to execute the requested task ([0071] A user (who makes a request to access the workflow 100) is authorized to execute a Sequence block 105, 106, and 107, if he/she is allowed to execute all of the succeeding sub-activities. For example, if the user is authorized to execute the first Sequence block 105 in the workflow 100, then he/she is allowed to execute the sub-activity A 111, the first Switch block 103, and the sub-activity H 118 in the workflow 100, since sub-activities A and H (111 and 118) as well as the first Switch block 103 are children of the first Sequence block 105 in a workflow tree 110 used to model and represent, respectively the workflow 100. The workflow tree 110 of the workflow 100 is shown in FIG. 1A.  [0089] Thus, the workflow 700 is executable for internists and for nurses, wherein internists are fully authorized and nurses are partially authorized. All other subjects, e.g. administrative personal can be blocked right from the beginning, as they will never succeed in reaching an ending element 702 of the workflow 700. [0080] Health personal with permanent employment and administrative personal are allowed to access the medical records of patients 711. This access control rule refers to the subject specification S.sub.MR, which is allowed to execute the sub-activity "query medical records" 711. [0081] Nurses of the cardiology and internists are allowed to update medical records, e.g. by inserting ECG results, i.e. the subject specification SECG comprising nurses of the cardiology and internists are allowed to execute the sub-activity "make stress electrogardiogram" 712. [0082] Internists having the subject specification S.sub.App are allowed to perform the sub-activity "apply monitoring devices" 713. [0113] [0114] [0118] …Thus, the sub-activity H 118 is allowed to be executed by a request from a user having the authorization).
	Although not explicitly taught by Rits, Monahan teaches: based on the database query format of the monitor, enabling the monitor to query the reachability graph based on … constraints … ([0025] The model comprising a database of object oriented elements representing the nodes, and the method having the step of searching the database for logical paths through the model, which match given constraints. [0059] A database having a model of at least some of a network, the model having nodes …, and having links to represent how the nodes influence each other… [0077] The model can comprise a database of object oriented elements representing the nodes, and the method can have the step of searching the database for logical paths through the model, which match given constraints. [0187] Path queries that show that two sets of nodes are linked together by paths satisfying certain constraints. This kind of query naturally involves reachability over the graph of associations).
It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned teachings of Monahan with the motivation of identifying reachability paths between nodes in a graph (Monahan [0187]). Further, one of ordinary skill in the art would have recognized that applying the teachings of Monahan to the system of Rits would have yielded predictable results and doing so would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow for the querying of a reachability graph.



As per claim 9, this claim recites limitations substantially similar to those addressed by the rejection of claim 1, above; therefore, the same rejection applies.

As per claim 10, this claim recites limitations substantially similar to those addressed by the rejection of claim 2, above; therefore, the same rejection applies.

As per claim 13, this claim recites limitations substantially similar to those addressed by the rejection of claim 5, above; therefore, the same rejection applies.

As per claim 14, this claim recites limitations substantially similar to those addressed by the rejection of claim 6, above; therefore, the same rejection applies.

As per claim 15, this claim recites limitations substantially similar to those addressed by the rejection of claim 1, above; therefore, the same rejection applies. Additionally Rits teaches: a non-transitory computer readable medium to store instructions, which when executed by a computer, causes the computer to perform operations ([0121] With reference to FIG. 8, an exemplary system for implementing the invention includes a general purpose computing device in the form of a conventional computing environment 820 (e.g. personal computer), including a processing unit 822, a system memory 824, and a system bus 826, that couples various system components including the system memory 824 to the processing unit 822. The processing unit 822 may perform arithmetic, logic and/or control operations by accessing system memory 824. The system memory 824 may store information and/or instructions for use in combination with processing unit 822).

As per claim 16, this claim recites limitations substantially similar to those addressed by the rejection of claim 2, above; therefore, the same rejection applies.

As per claim 19, this claim recites limitations substantially similar to those addressed by the rejection of claim 5, above; therefore, the same rejection applies.

As per claim 20, this claim recites limitations substantially similar to those addressed by the rejection of claim 6, above; therefore, the same rejection applies.

Claims 3, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 2008/0282318 (Rits); in view of US 2016/0344772 (Monahan); in view of US 2014/0164048 (Bourdaillet); in view of US 2012/0215578 (Swierz); in view of US 2004/0162741 (Flaxer).

As per claim 3, Rits teaches: the reachability graph is able to trace the possible workflow execution path from an initial state to a final state ([0074] …A path in the workflow 100 is a sequence of sub-activities 111 to 118, Sequence blocks 105, 106, 107, and/or Switch blocks 103, 104 such that the path is entered at the workflow's starting element 101 and finished at the ending element 102. [0089] Thus, the workflow 700 is executable for internists and for nurses, wherein internists are fully authorized and nurses are partially authorized. All other subjects, e.g. administrative personal can be blocked right from the beginning, as they will never succeed in reaching an ending element 702 of the workflow 700).
	Although not explicitly taught by Rits, Flaxer teaches: wherein generating the reachability graph is based on incremental backward reachability procedures that begin with the root node and then generate a set of nodes, wherein the backward reachability procedure applies to all  Initially, the target task 810 is the sole task in the PLM-flow. Based on rule inference, the system dynamically adds tasks (backward chain tasks 830 based on backward chain rules 835 and forward chain tasks 840 based on forward chain rules 845) and related pre-condition data 870 (based on backward chain rules 875) into the PLM-flow to compose the projected execution path from start to finish [0260] An example of backward-chain inference is illustrated in FIG. 11. In this example, the target task is Create New Part 1110. Based on backward-chain rule rb1 1115 Clash Analysis 1120 and BOM Rollup 1130 are added into the PLM-flow as backward-chain tasks. Since Clash Analysis also has a backward-chain rule rb2 1125, Clash Design 1140 is added into the PLM-flow as the backward-chain task of Clash Analysis 1120).
It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned teachings of Flaxer with the motivation of dynamically adding tasks required to achieve a target (Flaxer [0153]). Further, one of ordinary skill in the art would have recognized that applying the teachings of Flaxer to the system of Rits would have yielded predictable results and doing so would have been recognized by those of ordinary skill in the art as resulting in an improved system that would allow for the use of backward inference in generating a reachability graph.

As per claim 11, this claim recites limitations substantially similar to those addressed by the rejection of claim 3, above; therefore, the same rejection applies.

As per claim 17, this claim recites limitations substantially similar to those addressed by the rejection of claim 3, above; therefore, the same rejection applies.

Claims 4, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 2008/0282318 (Rits); in view of US 2016/0344772 (Monahan); in view of US 2014/0164048 (Bourdaillet); in view of US 2012/0215578 (Swierz); in view of US 2017/0093952 (Kumar).

As per claim 4, Rits teaches:  authorization policies ([0019] By providing a consolidated workflow policy, access control (i.e. policy enforcement) may be shifted from separately enforcing single policies for each of the sub-applications comprised in a composite application to the workflow layer. That is, a single consolidated policy may be enforced instead of a plurality of single policies which may be otherwise evaluated repeatedly and thus redundantly. [0020] Full authorization denotes that users are either authorized to execute all sub-activities (i.e. the sub-applications which are represented in the workflow) of the workflow or none at all. Partial authorization denoted that a user is authorized to execute at least one execution path of the workflow, but not necessarily all possible execution paths of the workflow. [0067])
Although not explicitly taught by Rits, Kumar teaches: authorization policies comprises assignment of process participants to execute a task of the workflow model ([0133] For example, a workforce management system may assign a task to user and communicates that task via the API to the observation platform. The observation platform uses inference and policy to determine the best person to assign the task based on user identity, user role, recent user activities and user location. [0134] For example, the task management system might request a reorganization of a part of the enterprise or retail floor. The observation platform then uses context, policy and inference to assign this task to set of users defined by their location, their prior and current motions, there engaged/available status, their role and their responsiveness to the request).
It would have been obvious, before the effective filing date of the claimed invention, for one of ordinary skill in the art to have modified the teachings of Rits with the aforementioned 

As per claim 12, this claim recites limitations substantially similar to those addressed by the rejection of claim 4, above; therefore, the same rejection applies.
	
As per claim 18, this claim recites limitations substantially similar to those addressed by the rejection of claim 4, above; therefore, the same rejection applies.

Response to Arguments
Applicant's arguments filed 12/3/2020 have been fully considered but they are not persuasive. 
With respect to the rejection under 35 USC 103, Applicant argues that the art of record does not disclose the claimed features.
Examiner respectfully disagrees. Rits teaches task-specific authorization constraints are at least one of: 1. a separation of duty constraint that enforces conflict of interest constraints and 2. a binding of duty constraint that enforces a constraint of: a. a process participant executes associated tasks or b. a given task is executable by any process participant with a given role ([0020] Full authorization denotes that users are either authorized to execute all sub-activities (i.e. the sub-applications which are represented in the workflow) of the workflow or none at all. Partial authorization denoted that a user is authorized to execute at least one execution path of the workflow, but not necessarily all possible execution paths of the workflow. Using the security index structure, partial authorizations may be quickly and efficiently performed. [0034] performing access control by means of an extended prefix check by checking whether a node label of a sub-activity of the sub-activities is a prefix of the path label of the at least one execution path of the authorization trie, wherein the sub-activity lies on the at least one execution path. [0035] By using node labels for the sub-activities (i.e. invocations of the sub-applications) and path labels for possible execution paths in a workflow, wherein the path labels may be derived from the node labels and further by organizing the path labels in an efficient (security) index structure (which represents the authorities for the sub-activities in the workflow), in one exemplary aspect in a prefix tree, referred to as authorization trie, policy enforcement of consolidated policies may be reduced to simple node label tests. [0046][0074]-[0077])
With respect to the claimed wherein there are multiple different starting nodes for the possible execution paths that end at the common root node, Paragraph 40 and 41 of the Specification describe Fig. 4B and the nodes that represent states of tasks executed by participants. These nodes representing task execution by participants/resources are the claimed multiple different starting nodes for the possible execution paths that end at a common node. The Bourdaillet reference discloses a set of nodes that represent task execution by multiple participants/resources (see Bourdaillet [Fig. 3] S11A, S11B, S11C, S12A, S12B, S13D, and S14E). Examiner finds that the disclosed S11A, S11B, S11C, S12A, S12B, S13D, and S14E are multiple different starting nodes for possible execution paths ending at a common node. 
Examiner maintains that Flaxer discloses generating the reachability graph is based on incremental backward reachability procedures that begin with the root node and then generate a set of nodes, wherein the backward reachability procedure applies to all possible transitions in the generation of the reachability graph ([0153] … Initially, the target task 810 is the sole task in the PLM-flow. Based on rule inference, the system dynamically adds tasks (backward chain tasks 830 based on backward chain rules 835 and forward chain tasks 840 based on forward chain rules 845) and related pre-condition data 870 (based on backward chain rules 875) into the PLM-flow to compose the projected execution path from start to finish [0260] An example of backward-chain inference is illustrated in FIG. 11. In this example, the target task is Create New Part 1110. Based on backward-chain rule rb1 1115 Clash Analysis 1120 and BOM Rollup 1130 are added into the PLM-flow as backward-chain tasks. Since Clash Analysis also has a backward-chain rule rb2 1125, Clash Design 1140 is added into the PLM-flow as the backward-chain task of Clash Analysis 1120). Examiner notes that this claim is related to the generation of a reachability graph through backward reachability procedures and the claim language does not set forth any limitations related to a number of possible execution paths. Thus, although not required by the claim language, Examiner notes that the backward inference disclosed by Flaxer generates a reachability graph with multiple execution paths (see Flaxer [Fig. 11][0265] Using the results of backward-chaining shown in FIG. 11 as a template, application of the forward-chain algorithm is shown in FIG. 13. Forward-chain rule rf.sub.1 1315 from the Clash Analysis task 1120 generates a Cost Audit task 1310. Forward-chain rule rf.sub.2 from the BOM Rollup task 1130 generates a Purchase Audit task 1320).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN TORRICO-LOPEZ whose telephone number is (571)272-3247.  The examiner can normally be reached on M-F 10AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric W. Stamber can be reached on (571)272-6724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALAN TORRICO-LOPEZ/Examiner, Art Unit 3683                                                                                                                                                                                                        

/ERIC W STAMBER/Supervisory Patent Examiner, Art Unit 3683