Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This advisory action is in response to an “After Final Consideration Program 2.0” (AFCP) filed 07/30/2021. In the AFCP, applicant has amended claims 11 and 20. Claims 1-10, 13 and 15-17 remain cancelled. After final amendment submitted with the request will not be treated under AFCP 2.0 and will be treated under pre-pilot procedure. 
For this office action, claims 11-12, 14 and 18-20 have been received for consideration and have been examined. 
Response to Arguments
Claims rejection under 35 U.S.C. § 112
	After reviewing applicant’s amendments to independent claims, examiner notes that amendments overcome some of the 112(b) issues but not all. Claims still contain 112(b) indefiniteness issues as mentioned in the applicant initiated interview held on 07/15/2021. 
Applicant has cancelled couple of “wherein” clauses from first and third limitations, however, there are multiple other clauses which remain the basis of maintaining the 112(b) rejection in this advisory action. Therefore, examiner has maintained the 112(b) rejection in this advisory action. Please see replication of 112(b) rejection from Final action dated 04/29/2021 in this action.



Claims rejection under 35 U.S.C. § 103
	Applicant’s remarks with respect to rejection of claims under 35 U.S.C. § 103 have been reviewed by the examiner, however, examiner do not find them to be persuasive. After reviewing, applicant’s remarks have been summarized as follows:
Beresford does not teach the “target application” or “mock interface” of the pending claims because Beresford arguably discloses a lone application with altered functionality due to a security policy issue of the device upon which the lone application is installed.
Brutschy does not teach a “target application” or “mock interface” in the context of the pending claims.
Hoffner does not teach a “target application” or “mock interface” in the context of the pending claims.
Examiner’s Response
	Regarding remark # 1, that Beresford does not teach the “target application” or “mock interface” of the pending claims because Beresford arguably discloses a lone application with altered functionality due to a security policy issue of the device upon which the lone application is installed, examiner respectfully disagrees. 
Examiner would like to mention that Beresford does disclose a target application and also disclose a mock interface of that target application when the user try to access the target application but gets the mock interface due to insufficient permissions. Examiner has mapped the claim limitations with the evaluation/execution portion of the Beresford’s invention and not See Beresford: Pages 51-52). 
Regarding remark # 2, Brutschy does not teach a “target application” or “mock interface” in the context of the pending claims, examiner respectfully disagrees. As Brutschy title describes, it provides fine-grained user control over usages of sensitive system resources having private data with applications in privacy enforcement. Brutschy discloses a system and method in which when a user access an application which user does not have full permission to access, it replace a source object in the application, at the selected program point, that accesses the private data with another statement object that allocates a mock object or value based on a type of an actual value returned by the source statement. The mock object or value does not expose the private data of the user (See Brutschy: [0023] a new and novel form of (e.g., dynamic) analysis is used to characterize how an application is utilizing sensitive system resources. The analysis in an exemplary embodiment disables permission-requiring aspects of an app selectively by “mocking” objects and their values, which retains app functionality but limits infringement of the user's privacy). Therefore, Brutschy extensively discloses accessing a target application and creating a mock interface for that application based on insufficient permissions. 
Regarding remark # 3, Hoffner does not teach a “target application” or “mock interface” in the context of the pending claims, examiner respectfully disagrees. Hoffner explicitly discloses “a mock server” which is solely employs to intercepted client requests, and determine a mock response to be returned to the client application request instead of a response that would be generated by the backend server  (See Hoffner: Abstract; The mock server may intercept OData requests sent from an application toward a backend server. For at least some of the intercepted requests, the mock server may determine a mock response to be returned to the application instead of a response that would be generated by the backend server. In some examples, the mock server may employ various mock server extension components to generate the mock response. The mock response may include an error message, warning message, and/or other content, and may be provided to enable negative testing of the application. In some instances, the application employs a user interface (UI) model to provide UI elements). 
	Based on above explanation regarding each cited reference, examiner believe that combination of cited references would render similar result as being claimed in the instant application. Therefore examiner is compelled to maintain the rejection. 

Examiner’s Note: Updated 35 U.S.C. § 112(b) rejection has been presented below for the record to show that cancelled “wherein” clauses have been removed from the rejection, however, other clauses remain the basis of 112(b) indefiniteness rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 11-12, 14, and 18-22 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claims 11 and 20 are rejected as failing to define the invention in the manner required by 35 U.S.C. 112(b).

According to MPEP 2173.02(II) "If the language of the claim is such that a person of ordinary skill in the art could not interpret the metes and bounds of the claim so as to understand how to avoid infringement, a rejection of the claim under 35 U.S.C. 112(b), is appropriate."
The following clauses are the basis for an indefiniteness rejection due to the reasoning set forth above (unclear to a potential infringer how to avoid infringement) because (i) it's unclear if these clauses are required for infringement or not, and (ii) it’s unclear how they affect the scope of the claimed product for claim 11-12, 14, 18-19 and 21, and the claimed system for claims 20 and 22.
With respect to claim 11, this claim is “a computer program product comprising: a non-transitory computer readable storage medium readable by one or more processors and storing instructions for execution by the one or more processors for performing a method” and written from the point of “one or more processors” performing the subsequently articulated method steps of executing the “stor[ed] instructions”.
However, claim 11 recites following clauses:
                A first clause recited in the first limitation
wherein the authorization request is submitted through a first graphical user interface displayed on the computing node”;
               A third clause recited in the third limitation
	“wherein the mock interface is accessible via a second graphical user interface displayed on the computing node”,
A fourth clause recited in the third limitation
“wherein a visual appearance of the second graphical user interface simulates a visual appearance of the first graphical user interface”;
A fifth clause recited in the third limitation
“wherein the second graphical user interface displays predefined data from the second server executing the mock interface and the first graphical user interface displays dynamic data, from one or more data sources accessed by the first server”,
A sixth clause recited in the third limitation
“wherein access to view data from the one or more data sources is authorized in the target application, in similar graphical formats”
                A seventh clause recited in the third limitation
                “wherein the predefined data is a static set of data that does not include the dynamic data from the one or more data sources that the user is not authorized to view”,
	A eighth clause (and onward) recited in the third limitation
	“wherein the second graphical user interface further comprises a list of permissions of the user to the target applications and options to select one or more additional permissions in the mock interface, via the second graphical user interface”;
herein the list comprises permissions assigned to the user to utilize the target application; and
 wherein the options comprise permissions not assigned to the user to utilize the target application; and
wherein the sufficient permissions comprise viewing the selected options in the target application.”
                All of the above mentioned steps are performed by entities such as “a computing node” (or a second graphical user interface displayed on the “computing node”), “a first server”, and “a second server”, which are outside the scope of the claimed product and its instructions for execution of various articulated steps, which are performed by “one or more processors”. 
It would be unclear to a potential infringer as to how the above clauses limit the structure or the method of the claimed product.  In particular, it’s unclear how the wall of wherein clauses affects the scope of instructions for “generating a mock interface” by the one or more processors.  The Examiner would like to remind applicant that during prosecution applicant has ample opportunity to amend the claims and preferably positively indicate which device is doing what steps to write claim with positive language. 
	Furthermore, the following clauses are contradictory:  “wherein based on the user selecting one or more of the options in the second graphical user interface, the mock interface displays a portion of the static set of data […] in the second graphical user interface”.  Wouldn’t the second graphical user interface be the entity displaying, and not the mock interface?  As per the previous wherein clauses from the wherein ‘wall of text’: “the mock interface is an API to the target application”, and “the mock interface is executed by a second server”, and “the mock interface is accessible via a second graphical user interface”.  The mock interface is clearly a software API on a server and not displaying anything to anyone.  Instead the mock interface is (presumably) configured to receive function calls from and respond to the “second graphical user interface”, which is on another computing node other than the second server.
	Furthermore, claim 11 recites “based on the user selecting one or more of the options […], [doing stuff]”.  As per IPXL Holdings v Amazon, this is indefinite because it recites use of the product in combination with the product and therefore the lines of infringement are obscured.
	Furthermore, a significant portion of the claim language in claim 11 is directed to actions being performed after the generating of the mock interface, yet are drafted as wherein clauses inside the step of generating the mock interface.  It’s unclear how any of these clauses affect the scope of the particular step of “generating a mock interface”.  
	Claim 11 further recites:  “automatically obtaining […]”, “wherein the request comprises a request for permissions to the target application represented by the selected one or more options in the mock interface”.  This contradicts the previous wherein clauses which state the options are presented and selected in the second graphical user interface, not the mock interface.
	Claim 11 further recites “automatically generating […]”, “wherein based on applying the customized security policy, repeating the access request by the user results in the user obtaining authorized access to the target application …”.  As per IPXL Holdings v Amazon this is, on its face, indefinite.  Perhaps applicant is intending to claim if the user were to submit a subsequent access request.  Regardless, the entire limitation is convoluted nonsense and can be almost [the customized security policy] grants the user the permissions represented by selected options”.
	Claim 12, recites “The computer program product of claim 11, further comprising: 
	notifying, by the one or more processors, the user of the update”.  This makes no sense, as a product cannot comprise an act. Perhaps applicant intended that the product comprise additional instructions that, upon execution, would further cause the one or more processors to perform additional steps such as notifying […].  
	Claim 14 recites “authorizing, by the one or more processors, access by the user to the mock interface based on obtaining the temporary credentials from the user via an entry by the user in the second graphical user interface”.  See concerns regarding claim 11 with respect to it being unclear how interactions with a second graphical user interface affect the scope of the step of “generating a mock interface”.  Furthermore, this is indefinite at least per IPXL Holdings v Amazon for reciting user use with the product “based on obtaining the temporary credentials from the user via entry by the user …”.
	Claim 18 recites “The computer program product of claim 11, wherein the request to change the permissions of the user to the target application further comprises identifying credentials of the user”.  A received request cannot comprise an action, such as identifying.  Ergo, this limitation makes no sense and its metes and bounds would not be determinable by a potential infringer.
Claim 20 is a system claim and directed to “a host computing system comprising a memory; one or more processors in communication with the memory; program instructions executable by the one or more processors via the memory to perform a method”. Claim 20 is a host system comprising memory and one or more processors” performing various articulated method steps. Claim 20 recites the same wherein clauses as noted above with respect to claim 11, which contain a litany of “wherein clauses” directed to various entities not within the immediate scope of the claimed invention, or unclear how they affect the scope of the claimed host system. Therefore examiner finds similarly for claim 20 as for claim 11, in that the examiner finds a person of ordinary skill in the art could not interpret the metes and bounds of the claim so as to understand how to avoid infringement.  This is because it is unclear how any of the wherein clauses affect the scope of the claimed system or the method performed by the host system.  

Dependent claims inherit the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, dependent claims are also rejected based on the same rationale as applied to their parent claims above.

Dependent claims 21 and 22 are also rejected as failing to define the invention in the manner required by 35 U.S.C. 112(b).
Claim 21 recites in first limitation “transmitting, by one or more processors, a second authorization request from a computing node to the target application, wherein the target application is executed by a first server and the authorization request is submitted through the first graphical user interface displayed on the computing node”. Claim 21 is written from the point of “one or more processors” of a device performing the method steps.
Instead, claim 21 recites following clause:
“wherein the target application is executed by a first server and the authorization request is submitted through the first graphical user interface displayed on the computing node”. 
The above mentioned limitation is outside the scope claim 21 which is directed to instructions for execution by “the one or more processors”. It would be unclear to a potential infringer as to how above clauses limit the claimed product.
	Claim 22 is a system claim and directed to “a host computing system, the method comprising”. Claim 22 is drafted from the point of “a host system comprising memory and one or more processors” performing the method steps. Claim 22 recites the same concept as claim 21 and therefore examiner will not repeat indefiniteness findings which have already been mentioned in previous section for claim 21. However, the basis of the indefiniteness is unclear as to how these wherein clauses effects the structure of a host computing system which comprises only a memory and one or more processors.


/S.M.A./             Patent Examiner, Art Unit 2432                                                                                                                                                                                           
/SYED A ZAIDI/Primary Examiner, Art Unit 2432