Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been presented for examination and are rejected.

Response to Amendment 
   This office action is responsive to amendment filed on 09728/2021. The Examiner has acknowledged the amendments to Claims 1, 10 and 19. claims 8 and 17 have been canceled. 
Claims 1, 4, and 9 have been amended, claim 12 has been canceled. Claims 1-11 have been presented for examination and are rejected.

Response to Arguments
Applicant's argument, filed on July 28, 2021 have been entered and carefully considered. 
Applicant argues in substance that: on pages 11-13 of the remarks that " At page 10 of the Office Action, the Office alleges that Roth anticipates the claimed providing of the user with access to the network-accessible resource. Specifically, the Office refers to paragraphs [0014] through [0016] of Roth, which the Office asserts discloses that "The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources." However, as noted by the Office, in Roth it is the service provider that provides the services. Roth does disclose or suggest anything related to configuration settings, let alone configuration settings that are used in providing the user with access to the network accessible resource, and even further that such settings are provided by the customer, as recited in the present claims. Thus, Roth fails to anticipate, disclose, or suggest the above recitation of the present claims.”
In response, the Examiner respectfully disagrees and finds this argument unpersuasive. After further review of the prior art applied, the Examiner contends that the reference still qualify as prior arts. 
licies, rules, or other criteria that can be evaluated to determine which delegation profile to apply to a specific principal (I.e. equivalent to user or customer), or to a request from that principal, etc. Once a delegation profile has been created and assigned to a customer account (i.e. configuration settings created by customer), permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s) (based on configuration settings created by customer access to resource is enabled). Thereafter, the customer can use the delegation profile by providing references to the delegation profile to external entities, such as end users or external services, or the customer can provide policies or rules that can be used to determine that the profile should be used for those end users or services. …one or more delegation profiles can be selected and/or dynamically determined to enable a customer to delegate permissions to one or more end user devices or other external entities). 
Applicants are interpreting the claims very narrow without considering the broad teaching of the reference to meet the claimed language. During patent examination, the pending claims must be "given their broadest reasonable interpretation consistent with the specification." > The Federal Circuit's en banc decision in Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005) expressly recognized that the USPTO employs the "broadest reasonable interpretation" standard: 
The Patent and Trademark Office ("PTO") determines the scope of claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction "in light of the specification as it would be interpreted by one of ordinary skill in the art." In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364[, 70 USPQ2d 1827] (Fed. Cir. 2004).
 In view of such, the rejection is maintained as follows:


Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A person shall be entitled to a patent unless –

 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-3, 6-8, 10-12, 15-17 and 19-20 are rejected Under 35 U.S.C. 102 (a) (1) as being anticipated by Roth et al. (US 20150341368).

With respect to claims 1, 10 and 19, Roth teaches a method, comprising:
receiving, with a computing system and from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer(Roth, see paragraphs [0014-0015, 0028-0034, 0037] resource provider system can utilize a set of delegation profiles that can be created, selected, or applied for one or more accounts of at least one customer, where each customer has at least some level of access to one or more resources managed and/or offered by the system. In operation 303, once the external service receives the reference to the delegation profile, it can submit a request for credentials to perform actions in the account. For example, the external service may submit the request to a security token service and the request may indicate the delegation profile. Paragraphs [0047, 0054-0055] further discloses a request can be received 506 from an end user for access to at least a portion of the customer's resources in the multi-tenant environment. The multi-tenant environment can verify 508 criteria in the received request and use the criteria to obtain 510 identity attributes for the end user from the identity provider. When a request for access is received from an end user that contains identifying information from a third party identity service, it can be necessary to determine the appropriate customer account to which to provide access for the specific request. For example, it can be necessary to determine which application is associated with the request, and which customer is associated with that application, in order to determine which permissions to provide so the application can only access resources for the respective customer. A request might be received that is not associated with a third party identity service, but with an identity service associated with the resource provider environment. If the system can unambiguously determine 
identifying, with the computing system, at least one of a user identification associated with the user, a company represented by the user, or a class of user associated with the user (Roth, see paragraphs [0015-0016] The determination can include, for example, performing a lookup based at least in part upon one or more aspects of the request and/or based at least in part upon one or more aspects of the end user. In some embodiments, the end user can be identified by a security service or federation provider indicated by the delegation profile.  The delegation profile can include a reference to a security service or other authority that is capable of identifying the users, or types of users, for which that delegation profile should be utilized. Paragraph [0054] requests include an identification of the appropriate delegation profile to use. When the delegation profile is not identified, the system must determine the appropriate profile to use based on other information in, or associated with, the request);
determining, with the computing system, whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based at least in part on the identified at least one of the user identification associated with the user, the company represented by the user, or the class of user associated with the user(Roth, see paragraphs [0015-0017, 0020] the permissions can be determined in accordance with one or more rules that map attributes asserted by the security service or other authority to one or more permissions elements. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. …A resource provider environment 102 can include one or more secured resources 104 of various types, as may be used to support various services and/or applications. These resources can include physical and/or virtual resources, such as application or data servers or server instances, among other such resource types. A customer 124 of the resource provider access one or more of the secured resources 104 across at least one appropriate network 114. The customer in some embodiments can utilize these resources to support applications and services that might be utilized by one or more external entities 116, such as end users of those applications and services);
based on a determination that the at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, providing, with the computing system, the user with access to the at least one network-accessible resource associated with the customer(Roth, see paragraphs [0015-0016] Once a delegation profile has been created and assigned to a customer account, permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s). … an end user can submit a request for credentials to an identity service, such as a security token service, where the request includes a reference to the delegation profile. The security token service can verify whether the end user is one of the security principals that were specified in the validation policy of the delegation profile. If the user was specified as a security principal, the security token service can provide the end user with a set of credentials. These credentials enable requests to be made within the security context of the delegation profile in the account, subject to the permissions that were specified in the authorization policy. … a delegation profile can be created or otherwise obtained, and associated with an account for a customer of a service provider environment or system. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. The delegation profile thus encapsulates the grant of permission to a particular entity or set of entities (e.g., end users) to perform actions on the resources of the account while operating under the credentials of the delegation profile)
based at least in part on configuration settings provided by the customer (Roth, see paragraphs [0014-0015, 0020-0021, 0025] a customer of the resource provider system might specify one or more policies, rules, or other criteria that can be evaluated to determine which delegation profile to apply to a specific principal (I.e. equivalent to  user or customer), or to a request from that principal, etc. Once a delegation profile has been created and assigned to a customer account (i.e. configuration settings created by customer), permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s) (based on configuration settings created by customer access to resource is enabled). Thereafter, the customer can use the delegation profile by providing references to the delegation profile to external entities, such as end users or external services, or the customer can provide policies or rules that can be used to determine that the profile should be used for those end users or services. …one or more delegation profiles can be selected and/or dynamically determined to enable a customer to delegate permissions to one or more end user devices or other external entities);  and
based on a determination that the at least one resource record associated with the customer indicates that the user does not have permission to access the at least one network-accessible resource, denying, to the user, access to the at least one network-accessible resource associated with the customer (Roth, see paragraphs [0047] requesting the information from the identity provider or examining a cryptographic token (i.e. equivalent identification) included with the request, among other such options. The attributes can be used to verify that the user identity information is correct and signed by the identity provider. A determination can be made 512 as to whether the information matches. If not, the request can be denied 514. If the information matches or the user is otherwise authenticated, one or more delegation profiles 516 can be determined based at least in part upon the information for the user, the customer account for the resources to be used in providing access, and other such information. One or more access credentials then can be issued 518 to the end user, where those credentials are scoped by the determined delegation policy or other permissions that were previously expressed by the customer to apply to the type of request). 

With respect to claims 2, 11 and 20, Roth teaches the method, wherein the computing system comprises one of a gateway device, an Internet of things ("IoT") gateway device, a host device, a host computing system, a host server system, a customer resource use as a service ("CRUaaS") platform, a server computer over a network, a cloud-based computing system over a network, a cloud tenant federation gateway is included that can provide a of DNS endpoints, the system can provide full disambiguation. The handling of all requests and responses, as well as the delivery of content between the client device 702 and the application server 708, can be handled by the Web server 706. It should be understood that the Web and application servers are not required and are merely example components, as structured code discussed herein can be executed on any appropriate device or host machine).

With respect to claims 3 and 12, Roth teaches the method, wherein the at least one network-accessible resource associated with the customer each comprises one or more of at least one network resource, at least one edge network resource, at least one compute resource, at least one data storage resource, at least one telemetry resource, at least one Internet of things ("IoT") resource, at least one network-accessible household resource, at least one customer premises security resource, at least one wireless device resource, at least one microservice resource, or at least one customer record resource (Roth, see paragraphs [0016, 0019] a delegation profile can be created or otherwise obtained, and associated with an account for a customer of a service provider environment or system. The service provider can provide network-accessible services (e.g., Web Services), and in at least some embodiments the account can be associated with a set of resources and principals that can use those resources. The account is secured such that access to the resources of the account is controlled and restricted to authenticated principals associated with, or including, the customer. The delegation profile thus encapsulates the grant of permission to a particular entity or set of entities (e.g., end users) to perform actions on the resources of the account while operating under the credentials of the delegation profile. This grant may span across multiple accounts of the service provider. In addition, the delegation profile may be used in a single service provider or between multiple service providers. The delegation profile can be used to delegate permissions between a plurality of services that are components of a distributed system). 

With respect to claims 6 and 15 , Roth teaches the method, further comprising:
receiving, with the computing system and from the customer of the service provider, one or more instructions to set, modify, or update the at least one resource record associated with the customer to set, modify, or update use permissions for the one or more resources associated with the customer (Roth, see paragraph [0025] an administrator 200 of a customer's account 201 may create a delegation profile named "profile1" with a validation policy that grants access to an automatic scaling service (i.e. security principal) to assume the delegation profile. By way of example, the scaling service may be responsible for adding or removing resources to the customer's account 201 depending on demand for compute or storage capacity. When the customer of a service provider needs more computing resources due to an increase in traffic or workload, the automatic scaling service may automatically add compute instances to meet the traffic demand).

With respect to claims 7 and 16, Roth teaches the method, further comprising:
providing, with the computing system, a user interface that provides the customer of the service provider with at least one of:
options to set, modify, or update the at least one resource record associated with the customer;
options to set, modify, or update the use permissions for the one or more resources associated with the customer(Roth, see paragraph [0025] an administrator 200 of a customer's account 201 may create a delegation profile named "profile1" with a validation policy that grants access to an automatic scaling service (i.e. security principal) to assume the delegation profile. By way of example, the scaling service may be responsible for adding or removing resources to the customer's account 201 depending on demand for compute or storage capacity. When the customer of a service provider needs more computing resources due to an increase in traffic or workload, the automatic scaling service may automatically add compute instances to meet the traffic demand);
options to set, modify, or update privacy settings associated with services provided to the customer;
options to select any information brokers or agents with whom to share information and amount of information to share; options to purchase one or more services provided by the service provider; options 

 Claims 8 and 17 (Canceled).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4-5 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable Roth et al. (US 20150341368) in view of Bugenhagen et al. (US 20170026472).

With respect to claims 4 and 13, Roth teaches the method, yet fails to explicitly disclose wherein the at least one edge network resource comprises one or more of at least one agricultural device, at least one healthcare device, at least one vehicle, at least one home appliance, at least one office device, at least one entertainment device, at least one surveillance device, at least one lighting device, at least one gas-operated device, at least one solar-powered device, at least one battery-powered device, or at least one building system.
However, Bugenhagen discloses wherein the at least one edge network resource comprises one or more of at least one agricultural device, at least one healthcare device, at least one vehicle, at least one home appliance, at least one office device, at least one entertainment device, at least one , a thermostat, a kitchen appliance, a medical device, a vehicle, a speaker, an audio headset, a telephone system, a media recording device, a media playback device, a lighting system, a sensing device, a door locking system, a customer premises security control system, a window locking system, a window covering system, or a sprinkler system, and/or the like. The customer premises might comprise at least one of an Internet of things (“IoT”) local environment, a customer residential premises, a multi-dwelling unit, a short-term lodging facility, a customer commercial premises, or a customer business premises, and/or the like).
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine with the teaching Roth with the teaching of Bugenhagen to provide the method for implementing customer-based Internet of Things (IoT)-transparent privacy functionality on a user device. The method enables providing robust and scalable solutions for implementing IoT functionality, where the combination of elements according to known methods would yield a predictable result (Bugenhagen, see paragraphs [0008-0009).

With respect to claims 5 and 14, Roth-Bugenhagen teaches the method, wherein one or more of the at least one telemetry resource or the at least one customer record resource comprises one or more of at least one datastore containing state information associated with the at least one network-accessible resource, at least one datastore containing metrics data associated with the at least one network-accessible resource, or at least one datastore containing one or more attributes associated with the at least one network-accessible resource (Roth, see paragraphs [0051, 0059] The rules engine might also be operable to manipulate other resources in the course of making that determination, such as reading or writing information to a data store for purposes such as quota maintenance or mapping updates, etc. In some embodiments a new identifier can be associated with an entity that has not previously been encountered, and the identifier can be an additional output of an example mapping process. The output thus can include at least a credential that allows the end user to access at least a portion of the customer allocated resources, the permissions that define what the end user can do with that access, and optionally some metadata that goes back to the customer or is stored by the resources. At least one application server 708 and a data store 710. It should be understood that there can be several application servers, layers or other elements, processes or components, which may be chained or otherwise configured, which can interact to perform tasks such as obtaining data from an appropriate data store. As used herein the term "data store" refers to any device or combination of devices capable of storing, accessing and retrieving data, which may include any combination and number of data servers, databases, data storage devices and data storage media, in any standard, distributed or clustered environment).

9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable Roth et al. (US 20150341368) in view of Wu et al.  (US 20190166504).

With respect to claims 9 and 18, Roth teaches the method, yet fails to explicitly disclose wherein providing, with the computing system, the user with access to the at least one network-accessible resource associated with the customer comprises:
providing, with a host computing system, the user with access and control of a wireless service set identifier ("SSID") for the at least one network-accessible resource, the wireless SSID having been previously setup by the customer as enabled by the host computing system, wherein the wireless SSID enables the user to access and control the at least one network-accessible resource.
However, Wu discloses wherein providing, with the computing system, the user with access to the at least one network-accessible resource associated with the customer comprises:
providing, with a host computing system, the user with access and control of a wireless service set identifier ("SSID") for the at least one network-accessible resource, the wireless SSID having been previously setup by the customer as enabled by the host computing system, wherein the wireless SSID 
It would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed to combine with the teaching Roth with the teaching of Wu to provide the method for facilitating a wireless service set identifier ("SSID") for the at least one network-accessible resource by creating Wi-Fi WVNO function and enables the user to access and control. In doing so, the network architecture provides a new class of service to be offered, selling opportunities to end users, businesses and/or network providers, better end user experience, avoiding contention and interference using common infrastructure with appropriately allocated frequencies, better network coverage, and efficient utilization of otherwise unused bandwidth. The processor can manipulate antennas to facilitate beam forming or selective radiation pattern formation, which can benefit specific locations, where the combination of elements according to known methods would yield a predictable result (Wu, see paragraph [0053).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIZABETH KASSA whose telephone number is (571)270-0567.  The examiner can normally be reached on Monday -Friday 9 AM -6 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 517-272-4001.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ELIZABETH KASSA/Examiner, Art Unit 2457                                                                                                                                                                                                        
/HEE SOO KIM/Primary Examiner, Art Unit 2457