DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments have been fully considered but they are not persuasive. 
Applicant argues that Aldred does not disclose a 1-click grant link and a 1-click deny link as recited in claim 1.   Applicant argues that Aldred teaches a multi-click operation because the owner must first select the directory and then select button 815 or 817.
The examiner respectfully disagrees.  Aldred does teach selecting the directory, and then selecting the deny or allow links (figure 8).  However, the claim requires a 1-click grant link and 1-click deny link.  Clearly, as shown in figure 8, there is a grant link and a deny link (815 and 817).  The clicking of the particular directory is the selection of the directory, not the grant or deny click.  The granting or denying of the directory is performed by clicking 815 or 817.  The claim can easily be interpreted in its broadest reasonable interpretation, as the allow or deny itself being 1-click.  In addition, even if it is argued that Aldred teaches multi-click allowance or denial, the examiner notes that combining two buttons into one is clearly obvious.  In MPEP 2144.04 V.B., the MPEP states that making separate pieces integral is an indication of obviousness.  This would be obvious to do in order to simplify and shorten the steps necessary by the user.  However, the examiner maintains the position that the particular allow/deny step can be interpreted as the 1-click required by the claim, which is performed after selection.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 8-10, and 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Aldred et al. (US 2008/0256458).
Regarding claims 1, 10, and 19, Aldred teaches a method (and corresponding system and product) for controlling authorization decisions for resource access (managing user permission to access processing system resources – see [0016]), the method comprising:
Generating, using a processor of a user device, a request signal that includes resource identification information based on a user input (User selects one or more available shared directories or folders that it is desired to access via the web page presented on workstation) – see [0019].
Transmitting, from the user device, the request signal for resource access to an authorization system (A user initiates a request for permission to access selected directory) – see [0020].
Receiving the request signal at the authorization system (Communication processor automatically communicates an email message to a user indicating that a user request is pending.  There is an access manager and communication processor in the server (i.e., authorization system).  This implies that the signal is sent from the user device to the server and is received at the server)  – see [0021], figure 1 (15, 20 and 25), and figure 2 (217)
Generating an authorization request signal based on the request signal, wherein the authorization request signal requires a single Boolean data type response in the form of either a 
Transmitting the authorization request signal to a resource access manager (The owner (i.e., resource access manager) of the share is notified that access is being requested and is given a change to approve or deny the requests) - see figure 2 (217).
Selecting and transmitting, using the resource access manager, the single Boolean data type response in the form of either the grant access reply or the deny access reply (A user enters data indicating approval or denial of the access permission request via the website, owner approves or denies request) – see [0024] and figure 2 (219).
Receiving the Boolean data type response at the authorization system (Access manager (of server) automatically reads a response entered via the website) – see [0024].
Generating at the authorization system, an authorization signal based on the Boolean data type response (If denied, communication processor automatically email a denial message to the requesting user…if approved…communication processor automatically emails the requesting user an approval message and access permission specific information) – see [0024] and figure 1 (12 and 14).
Transmitting the authorization signal from the authorization system to at least one group a group consisting of the user device and another user device (If denied, communication processor automatically email a denial message to the requesting user.  If approved, communication processor automatically emails the requesting user an approval message and access permission specific information) – see [0024] and figure 1 (12 and 14).
Wherein the resource access manager comprises a resource owner that generated the single Boolean data type response using a 1-click authorization response utilizing one or more 
Wherein the authorization request signal comprises: a 1-click grant link that when selected by the resource owner returns the grant access reply as the Boolean type data response to the authorization system and a 1-click deny link that when selected by the resource owner returns the deny access reply as the Boolean type data response to the authorization system (1-click grant link/deny link - see figure 8 (815 and 817) and uses email – see figure 2 (223 and 227)).

Regarding claims 8 and 17, Aldred teaches the message communication schemes include email, instant messaging, texting, and web based GUI (uses email – see figure 2 (223 and 227)).

Regarding claims 9 and 18, Aldred teaches that the one or more communication channels include a WAN (Internet) – see [0029].

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-4, 11-13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Aldred et al. (US 2008/0256458) in view of Canning et al. (US 2014/0337914).
The teachings of Aldred are relied upon for the reasons set forth above.
Regarding claims 2, 3, 11, 12, and 20, Aldred does not teach that the resource access manager comprises a policy engine that applies authorization logic and authorization policies to automatically process the authorization signal without manual involvement and generates the Boolean data type response based on the automatically processed authorization request signal, wherein a resource owner specifies the authorization policies which are then repeatedly used by the policy engine to make decisions. 
Canning teaches a method wherein a client requests access to resources controlled by a resource owner but hosted by a server.  The client (requesting access to an owner’s protected resource) may be granted based on one or more criteria, such as previous authorizations decisions that have been made by the resource owner.  This approach enables auto-consent (repeatedly used by policy engine) for future client access requests without requiring resource owner intervention.  If a resource owner indicates his or her decision to use the current consent grant in the future, a policy to that effect is automatically generated – see [0038], [0040], and [0042].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Aldred by providing authorization policies to automatically process an authorization request signal and using policies to make those decisions, in order to require less resources and increase speed, based upon the beneficial teachings provided by Canning.  

Regarding claims 4 and 13, Canning further teaches that the authorization policies include one or more of a grant access policy, a grant access and report policy, and report and recommend policy, and a report policy (consent grant policy) – see [0042].

Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Aldred et al. (US 2008/0256458) in view of Canning et al. (US 2014/0337914), and further in view of Gordon-Carroll et al. (US 2017/0337790) and Hawkins et al. (US 2007/0277230).
The teachings of Aldred and Canning are relied upon for the reasons set forth above.
Regarding claims 5 and 14, Aldred further teaches selecting the Boolean type response, as discussed above, and Canning teaches the automatic policy engine, as discussed above.  
Aldred and Canning do not teach overriding, by the resource owner, the automatic processing of the authorization request.
Gordon-Carroll teaches a method wherein a device is requesting access to data.  A security action is provided, and an option is given for a manual override of the automatic security action – see [0145].  
Aldred, Canning, and Gordon-Carroll do not teach calculating, whether the response selected by the resource owner is in compliance with the authorization policies in response to the resource owner overriding.
Hawkins teaches a method wherein policies determine whether a user can perform a manual override for security features of a device – see [0043].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Aldred and Canning by overriding the automatic processing of an authorization request, in order to provide the best security decision, based upon the beneficial teachings provided by Carroll.  It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Aldred, Canning, and Carroll by calculating whether an owner overriding a decision is in compliance with a policy, in order to provide the increased security to the system, based upon the beneficial teachings provided by Hawkins.   	

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LISA C LEWIS/Primary Examiner, Art Unit 2495