DETAILED ACTION
Examination of Reissue Application
For reissue applications filed before September 16, 2012, all references to 35 U.S.C. § 251 and 37 CFR §§ 1.172, 1.175, and 3.73 are to the law and rules in effect on September 15, 2012.  Where specifically designated, these are “pre-AIA ” provisions.  
For reissue applications filed on or after September 16, 2012, all references to 35 U.S.C. § 251 and 37 CFR §§ 1.172, 1.175, and 3.73 are to the current provisions.
The present application, filed on June 17, 2019, is for a reissue examination for United States Patent Number US 8,943,316 B2, which was issued to Vainstein (hereinafter “the ‘316 Patent”), and for a Reissue Application 15/418,263 (patented US RE47,443 E).

Continued Examination under 37 CFR § 1.114
A request for continued examination under 37 CFR § 1.114 based on the Reissue Application No. 16/443,680, including the fee set forth in 37 CFR § 1.17(e), was filed on May 6, 2021 in this reissue application after final rejection, which the request is acceptable and an RCE has been established.  Since this reissue application is eligible for continued examination under 37 CFR § 1.114, and the fee set forth in 37 CFR § 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR § 1.114.  Reissue applicant submitted a response (hereinafter “the Response”) along with the instant request for continued examination.  It has been entered.
Original claims 1-20 have been canceled; and new claims 21-40 have been added since the instant reissue application was filed.  Currently, claims 21-40 are subject to the examination of this reissue application.

Oath/Declaration
The substitute statement in lieu of an oath/declaration filed on February 3, 2020 is defective because it fails to identify at least one error which is relied upon to support the reissue application.  See 37 CFR § 1.175 and MPEP § 1414.
The substitute statement declares that the new claim 21 modifies certain features recited in the originally issued independent claims for correcting an error by way of reciting “encrypting a file key with an encryption key associated with an external user in response to determining that the encryption key associated with the external user is available”; however, the error previously identified in the substitute statement is no longer being relied upon as the basis for reissue because the newly amended claim 21 is no more reciting the limitation foregoing.  
The reissue applicant fails to explicitly identify any error being relied upon as the basis for this reissue application in spite of the fact that the reissue applicant must explicitly identify on the record an error being relied upon as the basis for reissue (e.g., in the remarks accompanying an amendment) pursuant to 37 CFR § 1.175(d).  See MPEP § 1414.03 Supplemental Reissue Oath/Declaration [R-08.2017].
Therefore, the Examiner determines that there is no claims to be treated on the merit, and requires a new oath/declaration for identification of the error because the substitute statement in lieu of an oath/declaration filed on February 3, 2020 is not pursuant to 37 CFR § 1.175.
Information Disclosure Statement
The two information disclosure statements filed on May 6, 2021 have been considered.  Where patents, publications, and other such items of information are submitted by the reissue applicant in compliance with the requirements of the rules 37 CFR § 1.97 and 37 CFR § 1.98, the requisite degree of consideration to be given to such information will be normally limited by the degree to which the party filing the information citation has explained the content and relevance of the information.  The initials of the Examiner placed adjacent to the citations on the form PTO/SB/08A and 08B or its equivalent, without an indication to the contrary in the record, do not signify that the information has been considered by the Examiner any further than to the extent noted above. See MPEP § 2256.

Claim Interpretation
The following is a quotation of pre-AIA  35 U.S.C. § 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this reissue application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when pre-AIA  35 U.S.C. § 112, sixth paragraph is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph:

(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with pre-AIA  35 U.S.C. § 112, sixth paragraph.  The presumption that the claim limitation is interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with pre-AIA  35 U.S.C. § 112, sixth paragraph.  The presumption that the claim limitation is not interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this reissue application that use the word “means” (or “step”) are being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, except as otherwise indicated in an Office action.  Conversely, claim limitations in this reissue application that do not use the word “means” (or “step”) are not being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, except as otherwise indicated in an Office action.
In the claim 21, it recites (i) “an access manager configured to: manage access to a resource of an organization by a user external to the organization responsive to a request for the resource, ...; and determine whether a security policy associated with the organization and the user external to the organization is satisfied, ... and ..., wherein the access manager is further configured to encrypt the content key with the encryption key in response to determining ...,” (ii) “a database coupled to the server and configured to store an encryption key for use between the organization and the user external to the organization,” (iii) “the data network configured to allow the user external to the organization use of the external access server,” and (iv) “the external access server is configured to permit or deny exchange of resources between the organization and the user external to the organization”.  And, the claim 22 further recites (v) “the access manager is configured to encrypt the content key using the public key,” and the claim 25 further recites (vi) “the access manager is further configured to communicate via a data network”.  
The claim limitations (i) and (iv)~(vi) foregoing do not use the word “means,” but are nonetheless being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph because the claim limitations use generic placeholders “access manager” and “external access server” that are coupled with functional languages without reciting sufficient structures or acts to perform the recited functions, respectively, and the generic placeholders are not preceded by a structural modifier, but a mere function “access” preceding “manager” and a mere function “external access” preceding “server”.
As shown in the above, the claims 21, 22, and 25 do not recite any structure connected to the “access manager” and the “external access server,” which are not sufficient for performing the recited functions.  Thus, the “access manager,” the “external access server,” and claim language recited in the claims 21, 22, and 25 foregoing do not convey to a person skilled in the art enough structure because the description of the access manager’s operation in the claims 21, 22, and 25 and the description of the external access server’s operation in the claim 21 do nothing to define an access manager and an external access server as structure, and also the reissue application does not fully develop how the access manager and the external access server could perform the claimed functions.
If the reissue applicant does not intend to have these limitations interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, the reissue applicant may: (1) amend the claim limitations to avoid them being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph (e.g., by reciting sufficient structure or acts to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure or acts to perform the claimed function so as to avoid them being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph.
Although the other claim limitations (ii) and (iii) foregoing do not use the word “means” as well, but are nonetheless not being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph because the claim limitations recite sufficient structures (i.e., data base and data network) to entirely perform the recited functions, respectively (i.e., database storing encryption key and data network allowing the external user to use the external access server).
Because these claim limitations are not being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, they are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof.
If the reissue applicant intends to have these limitations interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, the reissue applicant may:  (1) amend the claim limitations to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitations do not recite sufficient structure, materials, or acts to perform the claimed function.
In the claim 35, it recites “[a] non-transitory computer-readable device having instructions stored thereon that when executed by at least one computing device, cause the at least one computing device to perform operations comprising: maintaining, in a database, an encryption key...; receiving, by a server..., a request to access a resource ...;determining ...; encrypting the content key ...; denying the request ...”.  
The claim limitations foregoing do not use the word “means,” but are nonetheless being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph because the claim limitations use generic placeholder “computing device” (i.e., generic computer component) that is coupled with specialized functional languages without reciting sufficient structures or acts to perform the recited functions, and the generic placeholder is not preceded by a structural modifier.
As shown in the above, the claim 35 does not recite any structure connected to the “computing device,” which is not sufficient for performing the recited functions.  Thus, the “computing device,” and claim language recited in the claim 35 foregoing do not convey to a person skilled in the art enough structure because the description of the computing device’s operation in the claim 35 does nothing to define a computing device as structure.
Because these claim limitations foregoing are being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, they are being interpreted to cover the corresponding structures or acts described in the specification as performing the claimed functions, and equivalents thereof.
Based upon a review of the ‘316 Patent, the algorithm that the computing device uses to perform the claimed specialized functions is found at Fig. 7 and col. 10, lines 7-41 of the ‘316 Patent.
If the reissue applicant does not intend to have these limitations interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph, the reissue applicant may: (1) amend the claim limitations to avoid them being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph (e.g., by reciting sufficient structure or acts to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure or acts to perform the claimed function so as to avoid them being interpreted under pre-AIA  35 U.S.C. § 112, sixth paragraph.
Claim Objections
Claims 22, 29, and 36 are objected to because of the following informality:
The claims 22, 29, and 36 recite a phrase "the public key" in line 2, respectively.  However, it has not been specifically clarified in those claims and their intervening claims.  Therefore, the Examiner presumes that the phrase “the public key” could be considered as --a public key-- in light of the specification since it is not defined in the claims.
Appropriate correction is required.

Claim Rejections - 35 USC § 251
Claims 21-40 are rejected as being based upon a defective reissue declaration under 35 U.S.C. § 251 as set forth above.  See 37 CFR § 1.175.
The nature of the defect(s) in the declaration is set forth in the discussion above in this Office action.
Claims 21-40 are rejected under 35 U.S.C. § 251 as being an improper recapture of broadened claimed subject matter surrendered in the application for the patent upon which the present reissue is based.  See Greenliant Systems, Inc. et al v. Xicor LLC, 692 F.3d 1261, 103 USPQ2d 1951 (Fed. Cir. 2012); In re Shahram Mostafazadeh and Joseph O. Smith, 643 F.3d 1353, 98 USPQ2d 1639 (Fed. Cir. 2011); North American Container, Inc. v. Plastipak Packaging, Inc., 415 F.3d 1335, 75 USPQ2d 1545 (Fed. Cir. 2005); Pannu v. Storz Instruments Inc., 258 F.3d 1366, 59 USPQ2d 1597 (Fed. Cir. 2001); Hester Industries, Inc. v. Stein, Inc., 142 F.3d 1472, 46 USPQ2d 1641 (Fed. Cir. 1998); In re Clement, 131 F.3d 1464, 45 USPQ2d 1161 (Fed. Cir. 1997); Ball Corp. v. United States, 729 F.2d 1429, 1436, 221 USPQ 289, 295 (Fed. Cir. 1984).  A broadening aspect is present in the reissue which was not present in the application for patent.  The record of the application for the patent shows that the broadening aspect (in the reissue) relates to claimed subject matter that applicant previously surrendered during the prosecution of the application.  Accordingly, the narrow scope of the claims in the patent was not an error within the meaning of 35 U.S.C. § 251, and the broader scope of claim subject matter surrendered in the application for the patent cannot be recaptured by the filing of the present reissue application.
In this case, it is noted that the newly added claims 21, 28, and 35 are improperly broadened by recapture of subject matters, which were surrendered during the original prosecution of the ‘316 Patent.  See MPEP § 1412.02.
First, the Examiner determines that the new claim 21, 28, and 35 are broader in scope than the original claims 1, 8, and 15 because the reissue applicant deletes and/or omits, at least, the limitation “the file key, located within security information of the header portion of the file” from the patented claims of the ‘316 Patent.
Second, the Examiner determines that the broader aspects of the reissue claims 21, 28, and 35 relate to the deleted and/or omitted limitation foregoing, which was surrendered during the original prosecution of the ‘316 Patent.
  Actually, said deleted and/or omitted limitation was introduced during the prosecution of the ‘316 Patent for the purpose of making the claims patentable over a rejection or objection made in the original application (See the application 13/439,485 of the ‘316 Patent, the Applicant’s amendment/response filed on 5/20/2014).  In fact, the applicant of the original application 13/439,485 made argument on the record that said limitation was added to obviate the claim rejection (See the application 13/356,462 of the ‘389 Patent, the applicant’s remarks at page 8 filed on 5/20/2014).  Thus, it establishes the deleted and/or omitted limitation relating to subject matters previously surrendered (See MPEP § 1412.02).
Third, the Examiner determines that the reissue claims 21, 28, and 35 were not materially narrowed in other respect, respectively.  Thus, they do not avoid the recapture rule in a manner other respects, so that the claims may not have been enlarged.
Therefore, the narrow scope of the claims in the ‘316 Patent was not an error within the meaning of 35 U.S.C. § 251, and the broader scope of claim subject matter surrendered in the application 13/439,485 of the ‘316 Patent cannot be recaptured by the filing of the present reissue application.
The claims 22-27 are dependent claims of the claim 21.
The claims 29-34 are dependent claims of the claim 28.
The claims 36-40 are dependent claims of the claim 35.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. § 102 and  § 103 (or as subject to pre-AIA  35 U.S.C. § 102 and  § 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 21-23, 25-32, and 34-39 are rejected under pre-AIA  35 U.S.C. § 103(a) as being unpatentable over Lirov et al. [US 6,785,810 B1, hereinafter “Lirov”] in view of Lee et al. [US 7,681,034 B1; hereinafter “Lee”].
Referring to claim 21, Lirov discloses a system (i.e., system 10 in Fig. 1a; See col. 1, lines 6-8), comprising:
a server (i.e., Application Server 100 of Fig. 1a) comprising an access manager (i.e., means for performing various operations by said Application Server in Figs. 4-5) configured to:
manage access to a resource of an organization (i.e., Record Database 105 of hospital, e.g., patient’s records and doctor’s record in Fig. 1a; See col. 4, lines 62-67) by a user (i.e., Client 140 in Fig. 1a; e.g., physicians and patients) external to the organization (See col. 4, lines 46-61) responsive to a request for the resource (i.e., Client’s request for sensitive information; See col. 9, lines 49-61 and col. 10, lines 46-48),
the resource (i.e., said Record Database) comprising a content portion (i.e., sensitive information) encrypted (i.e., encrypted by public key; See col. 5, lines 1-3); and
determine whether a security policy (i.e., access privilege; See Table 1 in col. 4) associated with the organization (e.g., said hospital) and the user external to the organization (e.g., said physicians and patients) is satisfied (See Steps 502-504 in Fig. 5 and col. 9, line 62 through col. 10, line 12), wherein
the determining comprises verifying whether the user external to the organization (i.e., said physicians and patients) is part of a group partnered with the organization (i.e., medical industry; other examples are a corporate environment and a banking environment; See col. 10, line 58 through col. 11, line 16);
a database (i.e., Key-Store Database 115 of Fig. 1a) coupled to the server (i.e., said Application Server being coupled to said Key-Store Database within Private Network 150 in Fig. 1a) and configured to store an encryption key (i.e., public-private key pair; e.g., user’s private key) for use between the organization and the user external to the organization (See col. 5, lines 4-9 and 21-23), wherein
the access manager (i.e., said means for performing various operations by said Application Server) is further configured to deny the request in response to determining that the security policy is not satisfied (i.e., notifying access denial; See Step 506 in Fig. 5 and col. 10, lines 5-8); and
an external access server (i.e., Interface Server 130 of Fig. 1a) operatively connected to the server (i.e., said Application Server) and coupled between the server (i.e., said Application Server) and a data network (i.e., Public Network 135 of Fig. 1a; See Fig. 1a),
the data network (i.e., said Public Network) configured to allow the user external to the organization use of the external access server (See col. 4, lines 46-52), wherein
the external access server (i.e., said Interface Server) is configured to permit or deny (i.e., properly authenticated or not) exchange of resources between the organization and the user external to the organization (See col. 6, lines 39-49).
Lirov does not expressly teach that the content portion is encrypted by a content key; and the access manager is further configured to encrypt the content key with the encryption key in response to determining that the security policy is satisfied.
Lee discloses an apparatus for securing electronic data (See Abstract), wherein
a resource (i.e., Secured document 208 in Fig. 2A) comprising a content portion (i.e., Encrypted Created document 212 of Fig. 2A) encrypted by a content key (i.e., File key of Fig. 2A; See col. 7, lines 25-27, col. 11, lines 12-17, and col. 18, lines 49-52); and
an access manager (i.e., Server Assisted Process 530 in Fig. 5B.4) is configured to encrypt the content key (i.e., said File key) with an encryption key (i.e., authenticated user key; See col. 7, lines 28-30 and col. 18, lines 59-61) in response to determining that a security policy (i.e., evaluating user access privileges; See Step 542 in Fig. 5B.4) is satisfied (i.e., SUCCESS at Step 542 in Fig. 5B.4; See col. 12, lines 1-5 and col. 26, lines 4-20).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to have included said apparatus for securing electronic data, as disclosed by Lee, in said system, as disclosed by Lirov, for the advantage of providing a mechanism for all authorized users/groups to view who has what access rules and rights (See Lee, col. 15, lines 7-13).

Referring to claim 22, Lee teaches that
the encryption key (i.e., authenticated user key) comprises a public-private key pair (e.g., said authenticated user key for encrypting document is comprised of being paired with a different user key, i.e., paired user key, for decrypting the document; See col. 7, lines 28-33), and
wherein the access manager (i.e., Server Assisted Process 530 in Fig. 5B.4) is configured to encrypt the content key (i.e., File key of Fig. 2A) using a public key (i.e., public user key; See col. 26, lines 46-48).

Referring to claim 23, Lirov teaches that
the data network (i.e., Public Network 135 of Fig. 1a; See Fig. 1a) includes at least a part of an Internet (See col. 4, lines 46-48).

Referring to claim 25, Lirov, as modified by Lee, teaches that
the access manager (i.e., means for performing various operations by said Application Server in Figs. 4-5 of Lirov) is further configured to communicate (See Fig. 1h of Lirov), via a data network (i.e., via Public Network 135 in Fig. 1a of Lirov), the resource (i.e., Secured document 208 in Fig. 2A of Lee) and the encrypted content key (i.e., File key of Fig. 2A encrypted by authenticated user key in Lee; See Lee, col. 7, lines 28-30 and col. 18, lines 59-61) to the user external to the organization (e.g., said physicians and patients; i.e., returning to Client the Requested Information in Step 60 of Fig. 1h in Lirov).

Referring to claim 26, Lirov teaches that
the database (i.e., Key-Store Database 115 of Fig. 1a) stores a plurality of keys (i.e., user’s private keys; See col. 5, lines 4-6 and 21-22) utilized by the access manager (i.e., means for performing various operations by said Application Server in Figs. 4-5) to manage access to a plurality of resources (i.e., sensitive data) of the organization (See col. 6, lines 28-38).

Referring to claim 27, Lee teaches that
the resource (i.e., Secured document 208 in Fig. 2A) is a document (See col. 11, lines 50-55).

Referring to claims 28 and 35, Lirov discloses a method (i.e., method for providing secure transmission, search, and storage of data; See col. 1, lines 6-8) and a non-transitory computer-readable device having instructions stored thereon that when executed by at least one computing device, cause the at least one computing device to perform operations (i.e., Application Server 100 in Fig. 1a inherently anticipates a non-transitory computer-readable device having instructions stored thereon in order to perform operations for said method of providing secure transmission, search, and storage of data when executed by at least one computing device), comprising:
maintaining, in a database (i.e., Key-Store Database 115 of Fig. 1a), an encryption key (i.e., user’s public-private pair keys) for use between an organization (e.g., hospital) and a user (i.e., Client 140 in Fig. 1a; e.g., physicians and patients) external to the organization (See col. 5, lines 4-9 and 21-23);
receiving, by a server (i.e., Application Server 100 of Fig. 1a) coupled to the database  (i.e., said Application Server being coupled to said Key-Store Database within Private Network 150 in Fig. 1a), a request to access a resource (i.e., Client’s request for sensitive information from Record Database 105 of said hospital, e.g., patient’s records and doctor’s record in Fig. 1a; See col. 9, lines 49-61 and col. 10, lines 46-48),
the resource (i.e., said Record Database) comprising a content portion (i.e., sensitive information) encrypted (i.e., encrypted by public key; See col. 5, lines 1-3);
determining whether a security policy (i.e., access privilege; See Table 1 in col. 4) associated with the organization (e.g., said hospital) and the user external to the organization (e.g., said physicians and patients) is satisfied (See Steps 502-504 in Fig. 5 and col. 9, line 62 through col. 10, line 12), wherein
the determining comprises verifying whether the user external to the organization (i.e., said physicians and patients) is part of a group partnered with the organization (i.e., medical industry; other examples are a corporate environment and a banking environment; See col. 10, line 58 through col. 11, line 16);
denying the request in response to determining that the security policy is not satisfied (i.e., notifying access denial; See Step 506 in Fig. 5 and col. 10, lines 5-8).
Lirov does not expressly teach that the resource comprising a content portion encrypted by a content key; and encrypting the content key using the encryption key in response to determining that the security policy is satisfied.
Lee discloses a method for securing electronic data (See Abstract), wherein
a resource (i.e., Secured document 208 in Fig. 2A) comprising a content portion (i.e., Encrypted Created document 212 of Fig. 2A) encrypted by a content key (i.e., File key of Fig. 2A; See col. 7, lines 25-27, col. 11, lines 12-17, and col. 18, lines 49-52); and
encrypting the content key (i.e., said File key) using an encryption key (i.e., authenticated user key; See col. 7, lines 28-30 and col. 18, lines 59-61) in response to determining that a security policy (i.e., evaluating user access privileges; See Step 542 in Fig. 5B.4) is satisfied (i.e., SUCCESS at Step 542 in Fig. 5B.4; See col. 12, lines 1-5 and col. 26, lines 4-20).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to have included said method for securing electronic data, as disclosed by Lee, in said method, as disclosed by Lirov, for the advantage of providing a mechanism for all authorized users/groups to view who has what access rules and rights (See Lee, col. 15, lines 7-13).

Referring to claims 29 and 36, Lee teaches that
the encryption key (i.e., authenticated user key) comprises a public-private key pair (e.g., said authenticated user key for encrypting document is comprised of being paired with a different user key, i.e., paired user key, for decrypting the document; See col. 7, lines 28-33), and
wherein the content key (i.e., File key of Fig. 2A) is encrypted using a public key (i.e., public user key; See col. 26, lines 46-48).

Referring to claims 30 and 37, Lirov, as modified by Lee, teaches that
communicating (See Fig. 1h of Lirov), in response to the content key being encrypted (i.e., File key of Fig. 2A encrypted by authenticated user key in Lee; See Lee, col. 7, lines 28-30 and col. 18, lines 59-61), the requested resource via a data network (i.e., returning to Client the Requested Information in Step 60 of Fig. 1h via Public Network 135 of Fig. 1a in Lirov).

Referring to claims 31 and 38, Lirov teaches that
the data network (i.e., Public Network 135 of Fig. 1a; See Fig. 1a) includes at least a part of an Internet (See col. 4, lines 46-48).

Referring to claims 32 and 39, Lirov teaches that
the database (i.e., Key-Store Database 115 of Fig. 1a) stores a plurality of keys (i.e., user’s private keys; See col. 5, lines 4-6 and 21-22) utilized by the access manager of the organization (i.e., means for performing various operations by said Application Server in Figs. 4-5) to manage access to a plurality of resources (i.e., sensitive data) of the organization (See col. 6, lines 28-38).

Referring to claim 34, Lee teaches that
the resource (i.e., Secured document 208 in Fig. 2A) is a document (See col. 11, lines 50-55).

Claims 24, 33, and 40 are rejected under pre-AIA  35 U.S.C. § 103(a) as being unpatentable over Lirov [US 6,785,810 B1] in view of Lee [US 7,681,034 B1] as applied to claims 21-23, 25-32, and 34-39 above, and further in view of what was well known in the art, as exemplified by Lim et al. [US 2002/0169866 A1; hereinafter “Lim”].
Referring to claims 24, 33, and 40, Lirov, as modified by Lee, discloses all the limitations of the respective claims 24, 33, and 40 including the user external to the organization and an internal user of the organization (i.e., accessing documents by users in a group; See Lee, Fig. 2A) are members of a common group (i.e., everyone in a group, e.g., software design group or marketing group, accessing the document with the same privileges; See Lee, col. 14, lines 33-57), except that does not expressly teach whether the external user is unable to change group membership and is unable to query group membership to determine members of the common group.
However, the Examiner notices that the limitation “the external user is unable to change group membership and is unable to query group membership to determine members of the common group” recited in the respective claims 24, 33, and 40 was well known to one of ordinary skill in the art, as evidenced by Lim, such that an external user is unable to change group membership and is unable to query group membership to determine members of the common group (See Lim, ¶ [0374], wherein it states (i) “External” user type restricts a user to access only its assigned customer data, and (ii) “System Admin” gives a user authority to configure the system, which are implicitly teaching that the external user is unable to change group membership and is unable to query group membership to determine members of the common group because said membership-related operation should be a system administrator’s authority, which is not granted to the user having “External” user type.).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to have applied said privileged/restricted access according to user type, as disclosed by what was well known in the art, as exemplified by Lim, to said system, as disclosed by Lirov, as modified by Lee, for the advantage of providing a system consistency, which is well known in the relevant art.

Response to Arguments
Reissue applicant’s arguments with respect to newly amended claims 21-40 have been considered but are moot because the new ground of rejection does not rely on the references applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Lewin et al. [US 2002/0091801 A1] disclose extending an internet content delivery network into an enterprise.

A shortened statutory period for response to this action is set to expire THREE (3) months from the mailing date of this action.
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Christopher E. Lee whose telephone number is (571)272-3637.  The Examiner can normally be reached on 9:00am to 5:00pm.  If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Andrew J. Fischer can be reached on 571-272-6779.  The FAX phone number for the organization where this application or proceeding is assigned is (571) 273-9900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://www.uspto.gov/patents/process/status/index.jsp. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Signed:
/Christopher E. Lee/  
Christopher E. Lee, Primary Examiner                                                                                                                                                                                                        Central Reexamination Unit / Art Unit 3992


Conferees:
/MY TRANG TON/Primary Examiner, Art Unit 3992                                                                                                                                                                                                        
/ANDREW J. FISCHER/Supervisory Patent Examiner, Art Unit 3992