DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 1 and 18 are objected to because of the following informalities:  
Regarding claim 1, the claim recites a “processor implemented method” but does not expressly disclose an active processor or device implementing the method steps. 
Regarding claim 18, the claims recite a communication module and memory that are inactive in the claim. It is recommended to the applicant to recite these components performing an active step is the claim, such as “a memory storing instructions… the processor being configured to execute the instructions to…”  
Appropriate correction is required.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: communication module in claim 18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hockey et al (US 10,104,059) in view of Prock et al (US 2017/0104799).
Regarding claim 1, Hockey et al
receiving a first request to perform a first access operation of accessing the user account using the access token [column 3 lines 33-46, column 32 lines 61-column 33 line 14];
Please note that in this example the user inputs a request to perform an operation.
determining whether the first access operation is permitted based on the access permissions [column 20 lines 14-51];
Please note that in this example it can be determined whether the user account has access to data based on the account permissions associated with the token. 
However, Hockey et al does not expressly disclose but Prock et al discloses:
receiving an access token associated with a first application, the access token indicating access permissions for the first application to access a user account at a protected data resource [0098];
Please note that in this example, a token can be provisioned to grant access to data based on account permissions. 
in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for performing a second access operation of accessing the user account using the access token, the second access operation complying with the access permissions for the first application; and transmitting the second request to a server associated with the protected data resource [0118-0119];
Please note that in this example, if the subscription (permissions) isn’t allowed, a modified access request may be performed. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hockey et al by obtaining a second request, for the purpose of modifying the access request based on permissions, based upon the beneficial teachings provided by Prock et al, see for example [0118-0119].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 2, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the first request comprises a user input requesting to perform the first access operation [column 3 lines 33-46, column 32 lines 61-column 33 line 14].
Regarding claim 3, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the access token includes metadata which indicates the access permissions for the first application [column 55 lines 28-50].
Regarding claim 4, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the access token includes historical operations data associated with the first application, the historical operations data identifying operations previously performed by the first application in accessing the user account, and wherein determining whether the first access operation is permitted is based on the access permissions 
Regarding claim 5, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses updating the access token based on changes to the historical operations data associated with the first application [column 19 lines 32-36].
Regarding claim 6, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein updating the access token comprises modifying the historical operations data to include data for the second access operation [column 19 lines 32-36].
Regarding claim 7, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the first access operation comprises a transfer of value from or to the user account [column 54 line 65-column 55 line 16]. 
Regarding claim 8, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the access permissions indicate at least one time period and a maximum permitted value of transfers associated with the at least one time period [column 19 line 63-column 20 line 2]. 
Regarding claim 9, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al
Regarding claim 10, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the access permissions indicate at least one type of permitted transfer of value for the user account [column 19 line 63-column 20 line 2].
Regarding claim 11, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al 1 further discloses  wherein the at least one type of permitted transfer of value comprises an internal transfer of value between only those accounts belonging to a first user associated with the user account(i.e., allowable use)  [column 19 line 63-column 20 line 2].
Regarding claim 12, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the first access operation comprises access of the user account to retrieve first data [column 54 line 65-column 65 line 16]. 
Regarding claim 13, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein the second access operation comprises access of the user account to retrieve a subset of the first data [column 19 lines 37-45, column 19 line 63-column 20 line 2]. 
Regarding claim 14, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses in response to determining that the first access operation is permitted, transmitting the first request to the server associated with the protected data resource [column 18 line 62-column 19 line 3].
Regarding claim 15, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al
Regarding claim 16, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al further discloses wherein modifying the graphical user interface of the first application comprises removing selectable user interface elements corresponding to access operations that are not permitted based on the access permissions for the first application [column 71 lines 6-53].
Regarding claim 17, Hockey et al and Prock et al disclose all the limitations of claim 1. Hockey et al 1 further discloses wherein modifying the graphical user interface of the first application comprises modifying one or more user interface elements to correspond to access operations that are permitted based on the access permissions for the first application [column 71 lines 6-53].
Regarding claim 18, Hockey et al discloses a computing system comprising: a communications module communicable with an external network; a memory; and a processor coupled to the communications module and the memory the processor being configured to [column 72 lines 3-43]:
generate a first access token that indicates the access permissions for the first application and historical operations data for the first application, the historical operations data identifying operations previously performed by the first application in accessing the user account [column 19 lines 33-67];
Please note that in this example a unique token can be generated linked to the access permissions of the user account.
transmit the first access token to the client device  and receive, from the client device, a request for the first application to perform a first access operation using the first access token [column 55 lines 54-67];
Please note that in this example the token is transmitted to the user computer. 
determine whether the first access operation is permitted based on the access permissions and the historical operations data  and in response to determining that the first operation is permitted, grant, to the first application access to the user account [column 19 lines 32-36];
The token can include history of operations to decide whether or not to allow access. 
However, Hockey et al does not expressly disclose but Prock et al discloses:
Receive, from a client device associated with a user account, an indication of access permissions for a first application to access a user account [0098];
Please note that in this example, a token can be provisioned to grant access to data based on account permissions. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Hockey et al by obtaining a second request, for the purpose of modifying the access request based on permissions, based upon the beneficial teachings provided by Prock et al, see for example [0118-0119].  These modifications would result in ease of use and increased security, both of 
Regarding claim 19, Hockey et al and Prock et al disclose all the limitations of claim 18. Hockey et al does not expressly disclose but Prock et al further discloses generate a second access token based on updated historical operations data that includes data for the first access operation; and transmit the second access token to the client device [0118-0119];
Please note that in this example, if the subscription (permissions) isn’t allowed, a modified access request may be performed.
The rationale to combine is the same as disclosed in point (37). 
Regarding claim 20, Hockey et al and Prock et al disclose all the limitations of claim 18. Hockey et al does not expressly disclose but Prock et al further discloses in response to determining that the first access operation is not permitted, transmit, to the client device, a message indicating that the request for the first application to perform the first access operation is denied [0118-0119];
Please note that in this example, if the subscription (permissions) isn’t allowed, a modified access request may be performed.
The rationale to combine is the same as disclosed in point (37). 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Delp et al: discloses a system for expediting a generation of a direct messaging instance between two people associated with different organizations. A first person associated with a communication platform may submit a request to the communication platform to generate an invitation to communicate via the direct messaging instance. The first person may provide the invitation to a second person directly or via the communication platform. Responsive to receiving an indication that the second person has accepted the invitation, the communication platform may generate a direct messaging instance between the first person and the second person. The communication platform may update respective user interfaces to include the direct messaging instance. The communication platform may process messages and/or data between the first person and the second person that is input on the respective user interface and sent via the direct messaging instance.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948.  The examiner can normally be reached on Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/Primary Examiner, Art Unit 2436