cNotice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continuation
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on March 04, 2021 has been entered.


Response to Arguments
Applicant’s arguments filed March 04, 2021 have been fully considered. With regard to the previously issued double patenting rejections they are maintained. After further consideration, the prior art of record still reads on Applicant’s amendment. 

Applicant asserts the prior art of record does not suggest Applicant’s claim language.
In response, The Examiner respectfully disagrees because the combined prior art of record is relied upon to teach the authentication server (reads on the combination of the peer server receiving the request and verifying the ACL entry for the file/folder and checking with the 
.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).


Claims 1, 3 - 18 of the instant application are provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 – 20 of Patent_9847994 (U.S. Patent No 9847994, by the same inventor).

Moreover, the doctrine of double patenting seeks to prevent the unjustified extension of patent exclusivity beyond the term of a patent.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over Moore (US Pub. No. 2007/0106650 A1) in view of Bahl (US Pub. No. 2005/0177631 A1) in view of Glasser (US Patent No. 6308173 B1) in view of Fields (US Pub. No. 2006/0015945 A1).

Per claim 1, Moore suggests a URL programming interface (reads on a programming interface that allows for user data at a first URL to be received via the interface, see Moore claim 45); a server configured to receive a request from the URL programming interface (reads on the entity receiving the user data the first URL of the interface through a post method, see Moore claim 45); and a secure database connected to the server (reads on a secure database processing the user data received at a first URL interface, see Moore claims 45, 69 and 70 and para 0068 – 0069) wherein the secure database contains content (see Moore para 0068 – 0069 and 0082).


45.  A programming method, comprising: providing a programming interface;  receiving user data at a first URL of the interface through a post method;  processing the user data with a plurality of services including at least one remote, unstructured service to obtain a result;  and storing the result at a second URL of the interface, such that the result can be retrieved through a get method. 

69.  The method of claim 45 wherein the plurality of services include at least one database method supporting user access to a database. 

70.  The method of claim 69 wherein the database includes a secure database.
[0068] In another aspect, a system described herein includes a network; and a database couple in a communicating relationship with the network, the database storing one or more characteristics of a plurality of remote services, each remote service hosted at a remote location on the network, and each remote service accessible through an application programming interface, the one or more characteristics including at least a network location and a programming interface specification for each one of the plurality of remote services, the database including a web interface for structured searching of the one or more characteristics. 
[0069] The system may include a server associated with the database that provides at least one metaservice.  The system may include a server associated with the database that provides at least one core service for creating a composite service.



Bahl suggests 
a secure network ecosystem (reads on a computer networking environment incorporating multiple computer networks, see Bahl para 0037 – 0038), comprising: a server, wherein the server includes (reads on the computer is a combination of servers, see Bahl para 0037 – 0038) a file manager (reads on a file server, see Bahl para 0038), an authentication server (reads on an authentication server, see Bahl para 0038), a resource server (reads on a resource server, see Bahl para 0038), and a collaboration server (reads on a collaboration server, see Bahl para 0038); and a secure database connected to the server (reads on a database server which one of ordinary skill in the art would consider it obvious to include a database of some form, see Bahl para 0038) wherein the secure database contains content (The Examiner construes this to be an obvious limitation based on the teaching of having a secure database because it is within the scope of conventional computer science for a secure database to be comprised of content, see Bahl para 0038).

[0036] Computer networks may be premise networks, that is, private networks at particular locations.  For example, one or more connected college campus LANs may be a premise network.  Computer networks may be proximity networks, that 

be single or multi-hop and may be of an ad hoc nature, established, for example, upon coming into a classroom or deployment area. 

[0037] FIG. 2 illustrates an example computer networking environment incorporating multiple computer networks.  The example computer networking environment 200 includes several computers 202, 204, 206, 208, 210, 212, 214, 
216, 218 (e.g., each may be the computer 102 as described above with reference to FIG. 1) communicating with one another over several computer networks 220, 222, 224, 226, 228, each represented by a cloud.  Each computer network 220, 222, 224, 226, 228 may include many well-known components, such as routers, gateways, hubs, and may allow the computers 202, 204, 206, 208, 210, 212, 214, 
216, 218 to communicate via wired and/or wireless media.  When interacting with one another over computer networks 220, 222, 224, 226, 228, one or more of the computers 202, 204, 206, 208, 210, 212, 214, 216, 218 may act as clients, 
servers or peers with respect to other computers 202, 204, 206, 208, 210, 212, 214, 216, 218.  Accordingly, the various embodiments of the invention may be practiced on clients, servers, peers or combinations thereof, even though specific examples contained herein may not refer to all of these types of computers. 

[0038] The computer 202 is connected to the computer network 220.  A resource server 204 is also connected to the computer network 220.  For example, the resource server 204 may be a file server, a directory server, a database 
server, a print server, a collaboration server, a DNS server, a provisioning server such as a DHCP server, an authentication server such as a RADIUS server, or combinations thereof.  A Microsoft.RTM.  Windows.RTM.  XP server is an example of a resource server. 

[0090] All references, including publications, patent applications, and patents, cited herein are hereby incorporated by reference to the same extent as if each reference were individually and specifically indicated to be incorporated by reference and were set forth in its entirety herein. 

[0091] The use of the terms "a" and "an" and "the" and similar referents in the context of describing the invention (especially in the context of the following 
claims) are to be construed to cover both the singular and the plural, unless otherwise indicated herein or clearly contradicted by context.  The terms "comprising," "having," "including," and "containing" are to be construed as 
open-ended terms (i.e., meaning "including, but not limited to,") unless otherwise noted.  Recitation of ranges of values herein are merely intended to serve as a shorthand method of referring individually to each separate value 
falling within the range, unless otherwise indicated herein, and each separate value is incorporated into the specification as if it were individually recited herein.  All methods described herein can be performed in any suitable order unless otherwise indicated herein or 
provided herein, is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention unless otherwise claimed.  No language in the specification should be construed as indicating any 
non-claimed element as essential to the practice of the invention. 

One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the server teachings of the prior art of record by integrating the server teachings of Bahl to realize the instant limitations. As in Bahl, it is within the capabilities of one of ordinary skill in the art to implement a server which includes a plurality of known in the art servers, in a system similar to that of the prior art of record, in order to realize the expected benefit of implementing known in the art technology in a known in the art manner in order to meet the technological and business needs of the organization. The motivation to combine the references applies to all claims under this heading.
Glasser suggests 
wherein when the at least one request (reads on the client can request to open for reading or writing or otherwise access a file/folder that has an associated access control list, see Glasser col. 9 lines 1 – 49 and Figure 9 block DA) is validated by the authentication server (reads on the combination of the peer server receiving the request and verifying the ACL entry for the file/folder and checking with the security provider to authenticate the remote user, see Glasser col. 9 lines 1 – 49 and Figure 9 blocks DC - DJ), 
.
[col. 7 line 52 – col. 8 line 8]
FIG. 5 is a high-level flowchart of the steps of setting access permissions of a shareable resource of peer server 120.  The shareable resource is stored on hard disk 121 and is part of a resource hierarchy.  For concreteness the resource is assumed to be a folder of hierarchy 400, for 
example folder 410.  Commands for manipulating resource access permissions are assumed to be received from user interface 125 of peer server 120.  It will be appreciated that the commands could also come from other sources, such as a script file executed by processor 122 or, in some circumstances, from another node of network 110, for example client 130, if the user of the remote node 
(e.g., a system administrator) has the necessary permissions to change permissions remotely. 

Initially, the resource for which permissions are to be established or modified is selected (step A).  Peer server 120 receives a command to change the permissions for the selected resource (step B).  If the command is null, so 
that there are no changes to be made (step C), the remaining steps of FIG. 5 are skipped.  Otherwise, peer server 120 alters the resource access permissions responsively to the received command (step D), propagates changes to the descendants of the resource in the hierarchy (step E), and records the updated permissions in registry 167 (step F). 


[col. 9 lines 1 - 49]
FIG. 9 is a flowchart of the steps for accessing from client 130 a selected folder in a resource hierarchy having associated ACLs.  At the outset, a user is assumed to be logged into system 100 from client 130.  Responsively 
to a command issued by the user, client 130 requests peer server 120 to access the folder or a file in the folder (step DA).  For example, client 130 can request to open for reading or writing or otherwise access folder 410 or file
415.  Peer server 120 receives this request (step DB) and, using components 165 and 168, checks with security provider 190 to authenticate the remote user, that is, to determine whether the user is a valid user of system 100 (step DC).  
If the user is invalid (step DD), access is denied (step DM). 

If the user is valid, peer server 120 determines whether the folder has its own ACL (step DE).  If so, peer server 120 uses this ACL (step DF); otherwise, peer server 120 searches the resource hierarchy (for example, hierarchy 400) to find the nearest ancestor having an ACL (step DG).  If an ancestor is found (step DH), its ACL is inherited (step DI); otherwise, if no ancestor of the folder (including the root of the hierarchy) has an ACL, access 
is denied (step DM).  Peer server 120 performs steps DE through DI using file security component 166, and performs step DM using component 165. 

Once the appropriate ACL has been determined, peer server 120 uses file security component 166 in conjunction with component 168 to compute the user's permissions for the selected folder in the ACL (step DJ).  If the user is not 
listed by name in the ACL, but the ACL contains one or more group names, a list of user groups previously stored by component 168 can be used to determine the user's group membership; if the user is not among the locally stored groups, a further check can be made with security provider 190 to see whether the user has recently been added to any groups.  If the user has permission for the requested access (step DK), access is granted (step DL); otherwise, access is denied (step DM).  Peer server 120 can perform step DK using either or both of components 165 and 168, and performs steps DL and DM using component 165. 

The system and method of the invention are readily adaptable to use in systems, such as system 100, that contain nonhierarchical shareable resources such as printer 141.  For nonhierarchical resources, no inheritance or 
propagation are performed.  However, the user interface for setting resource permissions, in particular dialog box 600, remains substantially the same.  This is a further advantage of insulating the user from the details of 
inheritance according to the invention. 

[col. 10 line 60 – col. 11 line 23]
As another example, the remote administration aspect of the invention wherein resource access permissions stored by the server can be modified remotely from a client node as well as locally at the server, can readily be extended to embodiments in which the permissions list is stored by yet another node of the network.  In such embodiments, the user interface for manipulating and administering resource access permissions, the stored permissions themselves, the resource, and the list of users (which is stored by the 


Moreover, even the resource and the server can be decoupled, as in the case of a pooled resource such as a distributed collection of printers each capable of producing the same kinds of output and each capable of being driven by any one a distributed collection of server nodes. 

Still further, the invention can be used to administer access permissions for many different kinds of resources besides file systems and printers.  One such resource is a modem controlled by a dial-up server and used by off-site users to establish access to the network. Another possible resourceis the registry of any computer in the network.  A system administrator can be given the necessary permissions to provide remote access to the registry of any or all nodes in the system, whereas other users can be denied such access.  In this example, even a node that is ordinarily considered a client can act for limited purposes as a server with respect to a resource that it controls, 
namely the configuration database of its registry.  A registry, like a file system, can be a hierarchical resource, so that the inheritance and propagation 
aspects of the invention come into play in this example. 



    PNG
    media_image1.png
    958
    761
    media_image1.png
    Greyscale




Fields suggests 
wherein filenames (reads on the data objects that comprise the file names are protected with an encryption shell, see Fields para 0164) and extensions associated with the content (reads on the data objects that comprise the file extensions of the content file are protected with an encryption shell, see Fields para 0164) are encrypted (reads on the FileName data object is protected with a symmetric or asymmetric encryption algorithm/shell and the file extensions/FileExtension is protected with an encryption shell/algorithm, see Fields para 0164. The Examiner asserts one of ordinary skill in the 
[0164] FIG. 4 is a schematic describing a data structure 400, including domains and attributes, populated with records from a hypothetical file titled "EXAMPLE.PDF".  The aforementioned shredding process 303 shreds files into 
Header Data table 305 with the following table columns.  In some embodiments, a FileID 401 table column is depicted that contains a value automatically generated by the application to assign a unique value to the digital content to be shredded, encrypted and stored.  In the present example, an integer value of one (1) has been assigned.  In some embodiments, a Description 402 table column 
is disclosed that contains a string value reflecting the file name and extension.  Here, the string "EXAMPLE.PDF" has been stored.  In some embodiments, the column titled Date 403 holds a date type, as is common to many database applications, relating to the date on which the file was shredded, encrypted and stored.  In some embodiments, a string, CLOB or some other data type known in the art can be used in lieu of the date data type.  In the present example, the date 2005 May 24 is the date the file was created.  In some embodiments, a Size 404 is implemented whereby data relating to the size of the file to be shredded, encrypted and stored is stored.  In some embodiments, this field will use data of a type integer, double, float or some other type well known in the art.  This example depicts a file size of 8.18, where this size is measured in kilobytes (kB).  In some embodiments, the unit of size will be kilobytes (kB), whereas in other embodiments the unit of size will be megabytes (MB), gigabytes (GB), or terabytes (TB), or some other size 
known in the art.  In some embodiments, a FileName 405 field is used whereby a string data type is implemented to represent the name of the file.  In the present case, the string "EXAMPLE" is stored into the table.  In still further embodiments, a FileExtension 406 field is created, whereby a value of type string is stored reflecting the extension type of the file be this a PDF, JPEG, MPEG or the like.  Here, a "PDF" file extension is stored.  In some 
embodiments, a ChunkCount 407 is used to save the number of chunks into which a file is to be divided.  In some embodiments, this value is represented as an integer, or some other data type known in the art.  This ChunkCount value is, in some embodiments, derived from the above described ChunkCount formula.  The present example uses a ChunkCount of three (3).  In some embodiments, a 
ContentCount 408 is utilized whereby the number of chunks within each record can be determined.  Specifically, it is possible to have more than one (1) chunks within each record such that each record for a chunk could contain more 
than one chunk.  The present example has only one (1) chunk for each record.  In some embodiments, a Content 409 field is implemented that contains the actual file content.  In some embodiments, this field is of type BLOB, CLOB or 
some other type well known in the art.  In some embodiments, this field will contain the actual digital content represented as an object with associated attributes these data objects will be protected with an encryption shell.  In some embodiments, this encrypted shell will be created using symmetric or asymmetric encryption algorithms and techniques as is described below.  In the present example, a portion of the EXAMPLE.PDF file is stored as a BLOB data object.  In some embodiments, a ChunkSize 410 field is utilized to determine the size of each chunk into which the file is divided.  In some embodiments, ChunkSize 410 will use a field of type integer, double, float, or some data type known in the art to store data.  Moreover, in some embodiments, the value in the ChunkSize will represent kilobytes (kB) of digital content, whereas, in other embodiments, the value 
will represent megabytes (MB), gigabytes (GB), terabytes (TB), or some other size known in the art.  In the present example, a double value of 2.73 is used, where this value is in kilobytes (kB).  In this example, the first record 11 is placed into the Header table 305.

One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the database teachings of the prior art of record by integrating the database/table and teachings of Fields to realize the instant limitations. As in Fields, it is within the capabilities of one of ordinary skill in the art to store file content, file names and file extensions in an encrypted manner, in a system similar to that of the prior art of record, in order to realize the expected benefit of implementing known in the art technology in a known in the art manner in order to meet the technological and business needs of the organization. The motivation to combine the references applies to all claims under this heading.

Per claim 3, the prior art of record further suggests further comprising an application program interface configured to authenticate a token generated by the authentication server.
Per claim 4, the prior art of record further suggests wherein the request is an HTTP communication (reads on a HTTP get/post programming interface, see Moore para 0064).
Per claim 5, the prior art of record further suggests wherein the request is an FTP communication (The Examiner construes this to be an obvious limitation of the teachings of the prior art of record because one of ordinary skill in the art would consider it obvious to implement a request in any known in the art Internet technology, including FTP, without undue experimentation, in a system similar to that of the prior art of record, in order to implement the system via a technology that satisfies the needs of the business, see Moore para 0064).
Per claim 6, the prior art of record further suggests a second secure network ecosystem, wherein the second secure network ecosystem comprises:a second URL programming interface (reads on a second remote programming interface on a network, see Moore para 0072); a second server (The Examiner construes this to be an obvious limitation of the teachings of the prior art of record because one of ordinary skill in the art would consider it obvious to have any number of known in the art servers in a known in the art system  in order to satisfy the business and technological needs of the organization, see Moore claim 45 and see Bahl para 0037 – 0038); and a second secure database connected to the second server (The Examiner construes this to be an obvious 
Per claim 7, the prior art of record further suggests wherein the second server determines whether the request is authorized based on a token generated by the authentication server (The Examiner construes this to be an obvious limitation of the teachings of the prior art of record because one of ordinary skill in the art would consider it obvious to have any number of known in the art servers in a known in the art system  in order to satisfy the business and technological needs of the organization, see Moore claim 45 and see Bahl para 0037 – 0038).
Per claims  8 – 9, the prior art of record further suggests wherein the token has a lifetime of less than two minutes (The Examiner construes this to be an obvious limitation of the teachings of the prior art of record because one of ordinary skill in the art would consider it obvious to have a credential/token of any arbitrary limited duration in order to ensure each authenticated session lasts for only a limited timeframe in order to 
Per claim 10, the prior art of record further suggests wherein the resource server includes a central repository of metadata (The Examiner construes this to be an obvious limitation of utilizing a metadata search because there would be no reason to search metadata if there were not some central repository from which to pull results for the search, see Moore para 0065).
Per claim 11, the prior art of record further suggests wherein the metadata is publicly available (reads on the metaservice may provide a searchable database, see Moore para 0065).
Per claim 12, the prior art of record further suggests wherein the metadata is associated with content, and wherein the content is not publicly available (The Examiner asserts it would be obvious to one of ordinary skill in the art to have the metadata be associated with some content that is not publicly available, in a system similar to the prior art of record, because it is merely a design decision whether to have all content publicly available or to restrict some content from being publicly available in order to satisfy the business and technological needs of the organization).
Per claim 13, the prior art of record further suggests wherein filenames associated with the content is not publicly visible (The Examiner asserts it would be obvious to one of ordinary skill in the art to have the metadata be associated with some content that is not publicly available, in a system similar to the prior art of record, 
Per claim 14, the prior art of record further suggests wherein the metadata is publicly searchable (reads on a metadata search, see Moore para 0065).
Per claim 15 the prior art of record further suggests, wherein the resource server includes a token validator (The Examiner construes this to be an obvious limitation of including a service for validating at least one remote service because Applicant provides no limiting definition of a token, one of ordinary skill in the art would find it obvious to consider whatever data structure that is validated by the prior art of record to be the same a token that is validated by the token validator, see Bahl para 0038), a query engine (reads on the query function, see Moore para 0065 and 0263), and a metadata manager (reads on a metaservice, see Moore para 0065).
Per claim 16, the prior art of record further suggests wherein data is stored on the secure database in a first normal form (INF) (reads on constraint applied to database tables to achieve certain design efficiencies, Official Notice; see MPEP 2144.03, as evidenced by Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038. One of ordinary skill in the database arts would recognize this limitation as not being Applicant’s invention, but rather a notoriously well-known constraint applied to database tables to achieve certain design efficiencies, see Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038).
Per claim 17, the prior art of record further suggests wherein the data violates a third normal form (3NF) (reads on constraint applied to database tables to achieve certain design efficiencies, Official Notice; see MPEP 2144.03, as evidenced by Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038. One of ordinary skill in the database arts would recognize this limitation as not being Applicant’s invention, but rather a notoriously well-known constraint applied to database tables to achieve certain design efficiencies, see Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038).
Per claim 18, the prior art of record further suggests wherein the secure database is at least partially non-normalized (reads on constraint applied to database tables to achieve certain design efficiencies, Official Notice; see MPEP 2144.03, as evidenced by Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038. One of ordinary skill in the database arts would recognize this limitation as not being Applicant’s invention, but rather a notoriously well-known constraint applied to database tables to achieve certain design efficiencies, see Moore claims 45, 69 and 70 and para 0068 – 0069 and Bahl para 0038).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Brian Shaw whose telephone number is (571)270-5191.  The examiner can normally be reached on Mon-Thurs from 6:00 AM-3:30 PM.


/BRIAN F SHAW/Primary Examiner, Art Unit 2491