Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4-6, 11, 12 and 15 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 6 recites "a system comprising" and lists a series of steps.  The claim does not recite any components of the system.  It's not clear 
The phrase or term “and/or” in claims 4, 5, 11, 12 and 15 render the claims ambiguous recited as follows: In claim 4: reciters “comprise a name and/or a type of the requested storage source”; In claim 5: recites “include at least the timestamp, an originating Internet Protocol (IP) address, and/or a destination IP address of the requested storage resource”; In claim 11: recites “computing instance include a name and/or type of the requested computing instance”; In claim 12: recites “include at least the timestamp, an originating Internet Protocol (IP) address, and/or the network address of the requested computing instance”; and in claim 15: recites “granted for a predetermined amount of time and/or granted with limited access to the web service”. In all the occurrences, the term “and/or” renders the claimed limitations ambiguous and the limitations fail to clearly set whether to consider combining the elements with “and” or whether to consider the elements in alternative with “or” in order to appraise boundary and scope of the claims. Therefore, claims 4, 5, 11, 12 and 15 are rendered indefinite. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 6-12 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter for the following reason. Claim 6 recites “A system comprising" are rejected under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al. (US. Pub. No.: 2015/0135258) in view of Mankovskii (US Pub. No.: 20160112397).

As per claim 1:
Smith discloses a computer-implemented method comprising:

as a result of determining that the request is authorized, determining whether one or more conditions are applicable to the request (0025:determine applicable criterion of context to access the requested resource);
performing an operation to determine whether fulfillment of the request is allowable, where the operation includes determining whether information from the one or more conditions satisfies a set of context-based rules (0016: context-based access and resource access policy; 0019: collection and/or monitoring of context-aware data may be performed continuously, periodically (e.g., upon reaching a predetermined time period), and/or upon detecting an event );
determining that fulfillment of the request is allowable as a result of the one or more conditions satisfying the set of context-based rules (0030:  provisioning of context-aware access credentials may be performed on-demand; 0034;  0043: context-aware authorization policy for the requested resource) and
providing, by the web server, access to the storage resource to satisfy the request based at least in part on fulfillment of the request being allowable (0034; 0043; 0049: 0053).

Smith suggests in [¶0019: The collection and/or monitoring of context-aware data may be performed continuously, periodically (e.g., upon reaching a predetermined time period), 
Mankovskii, in analogous art however, discloses wherein satisfaction of the one or more conditions depends, at least in part, on a timestamp of the request for access control in [¶0020: An access control system acquire a request for access to a protected resource within a computing environment, identify a username associated with the request, authenticate the username, acquire contextual information associated with the request for access (the contextual information comprise an identification of the device making the request, an identification of the operating system used by the device making the request, a location of the device making the request, a time of day associated with the location of the device making the request, or whether a particular cookie is stored on the device making the request), acquire a baseline set of rules for the username (e.g., determined based on a prior history of access requests made by the username), detect a deviation from the baseline set of rules based on the contextual information (e.g., a deviation may comprise a known device requesting access to the protected resource from a new location or from a new network), acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information. ¶0037: ¶0043: An access control application acquire contextual information associated with an access request by extracting the contextual information from an HTTP header transmitted from a computing device; the access control application derive the time of day associated with the location of the 
Mankovskii, further discloses in [¶0047: The contextual information is stored and an identification of the deviation is outputted in response to detecting the deviation, the contextual information tagged or indexed with an identification of the request for access (e.g., identified using a unique access request number or a time stamp for when the access request was received). ¶0060: The baseline set of rules may be updated to include a new web browser from which an access request has occurred or to include a new time of day during which an access request has occurred; the baseline set of rules may be updated only if an intrusion or attack to an access control system or application managing access to the protected resource has not been detected within a threshold period of time subsequent to access to the protected resource being authorized. In one example, the baseline set of rules may be updated if no intrusion or attack has been detected within a threshold time period (e.g., within 24 hours) from access being authorized]. 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify features of the claimed limitations disclosed by Smith to include wherein satisfaction of the one or more conditions depends, at least in part, on a timestamp of the request for access control. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide an improved technique of managing access to protected resources (e.g., networks, servers, processors, storage devices, databases, files, and computing applications) and for 

As per claim 2:
Smith discloses wherein the one or more conditions comprise one or more statements, wherein each of the one or more statements expresses an attribute-based control rule that is compared with the set of context-based rules to determine whether fulfillment of the request is allowable (0019; 0025).

As per claim 3:
Smith discloses wherein the one or more conditions applicable to the request are based at least in part on the storage resource or information related to the request (0083).

As per claim 4:
Mankovskii discloses wherein the one or more conditions that are based at least in part on the storage resource further comprise a name and/or type of the requested storage resource (0021; 0037; 0041).

As per claim 5:
Mankovskii discloses wherein the one or more conditions that are based at least in part on the information related to the request include at least the timestamp, an originating Internet 

As per claim 6:
Claim 6 is directed to a system having substantially similar claimed features as corresponding method claim 1 and therefore claim 6 is rejected with the same rationale given above to reject features of claim 1.

As per claim 7:
Smith discloses wherein access to the computing instance is provided on a temporary basis or with usage limitations on the computing instance (0025: context  necessary or minimally required for grant of access to one or more resources; policy decision point evaluate the request such that the context received with or within the request matched against the relevant policy for the requested resource to be accessed; comparing the user/device contexts with one or more policies to determine with the request meets the minimum criteria of contexts to access the requested resource). 

As per claim 8:
Smith discloses wherein the contextual information comprises one or more statements, wherein the system compares each of the one or more statements to the set of context-based policies to determine whether fulfillment of the request is allowable (0019: The collection and/or monitoring of context-aware data performed continuously, periodically (e.g., upon reaching a 

As per claim 9:
Smith discloses wherein fulfillment of the access request is allowable if one or more statements, when evaluated against the set of context-based policies, indicate an approval (0025-0026).

As per claim 10:
Smith discloses wherein the contextual information comprises attributes that are either based at least in part on the requested computing instance or information related to the access request (0019; 0083).

As per claim 11:
 discloses wherein the attributes based at least in part on the requested computing instance include a name and/or type of the requested computing instance (0021; 0037; 0041).

As per claim 12:
Mankovskii discloses wherein the attributes based at least in part on the information related to the access request include at least a timestamp, an originating Internet Protocol (IP) address, and/or the network address of the requested computing instance (0021; 0037; 0043-0044).

As per claim 13:
Mankovskii discloses wherein the timestamp indicates a time that the access request is generated for the requested computing instance (0020-0021; 0037; 0043; 0047).

As per claim 14:
Smith discloses a non-transitory computer-readable storage medium comprising executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
receive a request generated by an authenticated user to access a web service (0012: user identification and/or authentication, device identification and/or authentication, seeking access to a resource; 0018: resource requestor);

determine one or more conditions associated with the request, wherein the one or more conditions comprises one or more attributes to be checked against a set of context-based policies (0016: context-based access and resource access policy; 0019: collection and/or monitoring of context-aware data may be performed continuously, periodically (e.g., upon reaching a predetermined time period), and/or upon detecting an event; 0030:  provisioning of context-aware access credentials may be performed on-demand; 0034;  0043: context-aware authorization policy for the requested resource);
generate an indication that fulfillment of the request is allowable as a result of checking the one or more attributes against the set of context-based policies (0026: decision/return logic ; 0039: the rejection and the minimum policy are returned to the user); and
grant access to the web service  based at least in part on the indication (0041: in case of the acceptance of the request, the requested resource 356 is returned 352 to resource requestor 246 to be communicated on to the user; 0053: where the resource is a server, a server array or server farm, a web server, a network server, an Internet server, a work station, a mini-computer, a main frame computer, a supercomputer, a network appliance, a web appliance, a distributed computing system).

Smith does not explicitly disclose wherein the one or more attributes includes an identifier for the web service. Mankovskii, in analogous art however, discloses wherein the one 
Mankovskii further discloses (¶0037: Contextual information derived from data embedded within a message header or an HTTP header received from a computing device requesting access to a protected resource, The HTTP protocol used for fetching webpages and other files (e.g., text, software, images, video, audio, and other multimedia files) over the Internet. HTTP comprises a stateless request-response protocol that provides a structure for the message requests sent from clients to servers, and the message responses sent from servers to clients; Client may be a web browser and a server may be an application running on a computing device hosting a web site; The client may submit an HTTP request to the server identified by a particular IP address, which in turn sends an HTTP response message back to the client;  An end user of the HTTP client initiates an HTTP request by typing in a Uniform Resource Locator (URL) 

Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify features of the claimed limitations disclosed by Smith to include wherein the one or more attributes includes an identifier for the web service. 

As per claim 15:
Mankovskii discloses wherein access to the web service is granted for a predetermined amount of time and/or granted with limited access to the web service (00037; 0043).

As per claim 16:
Smith discloses wherein each of the one or more conditions comprise a title, a description, and an expression (0037; 0041).

As per claim 17:
Smith discloses wherein the expression comprises one or more statements, wherein each of the one or more statements expresses an attribute-based control rule that is compared with the set of context-based policies to determine whether fulfillment of the is allowable (0019; 025).

As per claim 18:
Mankovskii discloses wherein the expression comprises a timestamp applicable to a time the request was generated by the authenticated user (0020-0021; 0037; 0043; 0047).

As per claim 19:
Smith discloses wherein the context-based policies are obtained from policies determined by the authenticated user (0025-0026).

As per claim 20:
Smith discloses wherein the user is determined to be an authenticated user by at least submitting an identity associated with the request to an authentication service and receiving a result that the user is authenticated (0037; 0041).


BRI (Broadest Reasonable Interpretation)
The above claims under examination have been given their BRI consistent with the applicant’s disclosure as it would be interpreted by one of ordinary skill in the art and the following claim words or terms or phrases or languages have been given to them the following reasonable BRI considerations in view of the applicant’s disclosure in order to construe boundary and scope of the claimed limitations. For example, for the following claim words or terms or phrases or languages, the examiner’s BRI considerations from the applicant’s disclosure as follows:
Conditions; Satisfactions; Statement; Expressions; Attribute-Based; Policies and Timestamp are given their literal meaning as it would be understood by one of ordinary skill in the art in the context of the applicant’s disclosure. 

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784.  The examiner can normally be reached on 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-





/TECHANE GERGISO/Primary Examiner, Art Unit 2494