DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 04/16/21.  Claims 1-10 are still pending and have been considered below.

Claim Objections
Claim 1 is objected to because of the following informalities:  line 9 of the instant claim should be amended to recite “…privacy information and the user identity; and”.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The amendments and/or arguments submits by Applicant have been considered and are persuasive; thus, the previous claim rejection(s) have been withdrawn.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2-4 and 7-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 2-4 and 7-9 recite the limitation "the privacy information" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language appears to establish a first instance of “privacy information” separate from a second additional instance of “privacy information” (see line 9 of Claim 1; line 2 of Claim 2; line 5 of Claim 3; line 8 of Claim 6; line 2 of Claim 7; and line 4 of Claim 8); thus, render the claims indefinite in that it is unclear as to which one the limitation in question should be in reference to.

Claim Rejections - 35 USC § 101
The amendments and/or arguments submits by Applicant have been considered and are persuasive; thus, the previous claim rejection(s) have been withdrawn.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4 and 6-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nelson et al. (8,793,509) in view of Sondhi et al. (2015/0089622).
Claim 1:  Nelson et al. discloses an authority configuration method, comprising:
when a user logs in a system, sending a privacy information acquisition request to the user(first time user accesses web page at relying party…relying party requests an authorization token) [column 5, lines 1-10]; and
configuring an authority of the user according to response information of the privacy information acquisition request(relying party receives and stores authorization token from user which is used to verify access to user data) [column 5, lines 40-50];
but does not explicitly disclose wherein configuring the authority of the user according to the response information of the privacy information acquisition request comprises: determining a user identity corresponding to the response information according to a logical relationship between privacy information and the user identity; obtaining the authority of the user according to a correspondence between the user identity and the authority.
However, Sondhi et al. discloses a similar invention [page 3, paragraph 0037] and further discloses wherein configuring the authority of the user according to the response information of the privacy information acquisition request comprises: determining a user identity corresponding to the response information according to a logical relationship between privacy information and the user identity(token specifies various parameters/information including a user identity) [page 17, paragraph 0130]; obtaining the authority of the user according to a correspondence between the user identity and the authority(determine a scope of access that the user is permitted to have relative to requested resource) [page 8, paragraph 0072].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Nelson et al. with the additional features of Sondhi et al., in order to implement a generic authorization service Sondhi et al. [page 2, paragraphs 0015-0016].
Claim 2:  Nelson et al. and Sondhi et al. disclose the method as claimed in claim 1, and Nelson et al. further discloses wherein the response information comprises: privacy information(authorization token) [column 5, lines 40-50]; configuring the authority of the user according to the response information of the privacy information acquisition request comprises: configuring the authority of the user according to the privacy information(according to scope of token) [column 10, lines 25-35 & 50-60].
Claim 3:  Nelson et al. and Sondhi et al. disclose the method as claimed in claim 1, and Nelson et al. further discloses wherein the response information comprises: an access authority of a third-party system(data provider) [figure 1 | column 4, lines 55-65]; configuring the authority of the user according to the response information of the privacy information acquisition request comprises: acquiring privacy information of the user according to the access authority of the third-party system [column 4, lines 55-65]; and configuring the authority of the user according to the privacy information of the user [column 10, lines 25-35 & 50-60].
Claim 4:  Nelson et al. and Sondhi et al. disclose the method as claimed in claim 3, and Nelson et al. further discloses wherein the response information further comprises: specified privacy information, the specified privacy information being part of the privacy information [column 5, lines 40-50]; acquiring the privacy information of the user according to the access authority of the third-party system comprises: acquiring the specified privacy information from the third-party system according to the access authority(data provider may also be the authorization agent which creates/issues the tokens) [column 4, lines 50-60 | column 5, lines 25-35].
Claim 6:  Nelson et al. discloses an authority configuration device, comprising:

an authority configuration component, configured to configure an authority of the user according to response information of the privacy information acquisition request [column 5, lines 40-50];
but does not explicitly disclose wherein the authority configuration component is further configured to determine a user identity corresponding to the response information according to a logical relationship between privacy information and the user identity; and obtain the authority of the user according to a correspondence between the user identity and the authority.
However, Sondhi et al. discloses a similar invention [page 3, paragraph 0037] and further discloses wherein the authority configuration component is further configured to determine a user identity corresponding to the response information according to a logical relationship between privacy information and the user identity [page 17, paragraph 0130]; and obtain the authority of the user according to a correspondence between the user identity and the authority [page 8, paragraph 0072].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Nelson et al. with the additional features of Sondhi et al., in order to implement a generic authorization service framework that is more easily customized for particular use cases, as suggested by Sondhi et al. [page 2, paragraphs 0015-0016].
Claim 7:  Nelson et al. and Sondhi et al. disclose the device as claimed in claim 6, and Nelson et al. further discloses wherein the response information comprises: privacy information [column 5, 
Claim 8:  Nelson et al. and Sondhi et al. disclose the device as claimed in claim 6, and Nelson et al. further discloses wherein the response information comprises: an access authority of a third-party system [figure 1 | column 4, lines 55-65]; the authority configuration component comprises: an information acquisition element, configured to acquire privacy information of the user according to the access authority of the third-party system [column 4, lines 55-65]; and an authority configuration element, configured to configure the authority of the user according to the privacy information of the user [column 10, lines 25-35 & 50-60].
Claim 9:  Nelson et al. and Sondhi et al. disclose the device as claimed in claim 8, and Nelson et al. further discloses wherein the response information comprises: specified privacy information, the specified privacy information being part of the privacy information [column 5, lines 30-40]; the information acquisition element is further configured to acquire the specified privacy information from the third-party system according to the access authority [column 4, lines 50-60 | column 5, lines 25-35].
Claim(s) 5 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nelson et al. (8,793,509) in view of Sondhi et al. (2015/0089622) and further in view of Hadjinikitas et al. (7,024,556).
Claim 5:  Nelson et al. and Sondhi et al. disclose the method as claimed in claim 1, but do not explicitly disclose further comprising: within a preset time period after sending the privacy information acquisition request, when no response information is received, configuring the authority of the user according to a default setting.
Hadjinikitas et al. discloses a similar invention [column 4, lines 30-40] and further discloses further comprising: within a preset time period after sending the privacy information acquisition request(timeout value) [column 6, lines 50-60], when no response information is received(reach maximum allowable idle time without receiving any user activity) [column 9, lines 10-20], configuring the authority of the user according to a default setting(set access level of authenticated user to default value) [column 9, lines 25-35].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosures of Nelson et al. and Sondhi et al. with the additional features of Hadjinikitas et al., in order to minimize the overall time required for performing user authentication, as suggested by Hadjinikitas et al. [column 2, lines 15-25].
Claim 10:  Nelson et al. and Sondhi et al. disclose the device as claimed in claim 6, but do not explicitly disclose further comprising: a default setting component, configured to configure, within a preset time period after sending the privacy information acquisition request, the authority of the user according to a default setting when no response information is received.
However, Hadjinikitas et al. discloses a similar invention [column 4, lines 30-40] and further discloses further comprising: a default setting component, configured to configure, within a preset time period after sending the privacy information acquisition request [column 6, lines 50-60], the authority of the user according to a default setting [column 9, lines 25-35] when no response information is received [column 9, lines 10-20].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosures of Nelson et al. and Sondhi et al. with the additional features of Hadjinikitas et al., in order to minimize the Hadjinikitas et al. [column 2, lines 15-25].

Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686.  The examiner can normally be reached on Monday-Friday 9AM-5PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/EDWARD ZEE/Primary Examiner, Art Unit 2435