DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement 
The information disclosure statement(s) (IDS) submitted on 11/15/2019 and 04/02/2020 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-5 and 7-9 are rejected under 35 U.S.C. 102(a)(l) and (a)(2) as being anticipated by US PG-PUB No. US 2002/0147801 A1 TO Gullotta et al (hereinafter Gullotta) 
Regarding claim 1  
Gullotta discloses:
A method for setting form-field operation permission of a workflow, wherein a workflow comprises a start node and an approval node, and the form-field operation 5permission of said start node and that of said approval node are set in different modes (see ¶16, p56 and ¶71,  ¶16: “The method and system involves establishing a set of attributes and user roles, and defining a plurality of resource access policies based on selected attributes and user roles. The method and system also involves receiving attribute information and user role information for a particular user or resource, determining which resource access policies are applicable to the user based on the received user role information and attribute information, and provisioning the user with resources based on the applicable resource access policies”. 
¶56: “Using the system, several actions may be automatically initiated”. 
¶71: “The policies may define one or a series of approvals that are required before provisioning a given service or any service to a user”).   

Regarding claim 2 
Gullotta discloses:
The method for setting form-field operation permission of a workflow according to claim 1, wherein the form-field operation permission of said start node is set in the following mode: said start node comprises one or more process initiators, form operation permission of the process initiator in a system is obtained as the form-field operation 10permission of the process initiator in said start node, the form operation permission is the permission in the system, not the permission in a process, and the form-field operation permission of each process initiator is independent (see ¶124 and ¶135, ¶124: “… the provisioning of a user may be initiated by calling up a provisioning user interface (screen) on a Web browser connected to an organizational network. This screen would enable human resources personnel to input known roles and attributes. The RPM system would then search its stored policies and, based on the user's roles and attributes, determine a set of resources to be provisioned.”
¶135: “… a user wishing to be provisioned with one or more resources may access a provisioning user interface screen 700 from a networked computer. … the provisioning screen visible to the requesting user will only contain those fields for information that the user is capable of providing.”).  

Regarding claim 3 
Gullotta discloses:
 The method for setting form-field operation permission of a workflow according to claim 1, wherein the form-field operation permission of said approval node is set as follows:  15said approval node comprises one or more approvers, the form-field operation permission of each (see ¶138: “The provisioning process may also determine who can modify information, and which information cannot be modified. The provisioning process may also define what information must be added before the provisioning request can be sent to the next person. … the authorizing authority may change depending on what is entered into the request fields. Thus, there is no one process path through which this request form will flow. The process path may actually branch into different directions, depending on what information is entered into the fields of the request form”).  

Regarding claim 4 
Gullotta discloses:
A method for setting form-field operation permission of an approval node, wherein 20said approval node comprises one or more approvers, and the form-field operation permission of each approver in said approval node is customized (see ¶136-137, ¶62-63 and ¶70, ¶136: “”.
¶137: “… the provisioning screen may then be made known to the IT department, who may see a different provisioning screen 714 from the department manager. For example, the provisioning screen 714 may include an additional field 716 which allows IT personnel to designate a particular mail server, which may be dependent on the department information, and which may be beyond the department manager's knowledge”
¶62: “The System Configuration applications 112 may include an interface to a Form Generation application 114, invoked to provide custom forms for data managed by the system. An example of such a form is illustrated in FIG. 8”
¶63: “The Form Generation application may comprise a graphical user interface builder that associates system data attributes with graphical controls, which may include, but is not limited to, a "What You See Is What You Get" (WYSIWYG) graphical user interface builder.”
¶70: “The access level of the user determines which form, if any, the Form Viewer application will display in different situations”).  

Regarding claim 5 

The method for setting form-field operation permission of an approval node according to claim 4, wherein customizing the form-field operation permission of an approver comprises (see ¶62: “The System Configuration applications 112 may include an interface to a Form Generation application 114, invoked to provide custom forms for data managed by the system.”): 
selecting an approver from said approval node (see ¶78: “If an approval is needed for a provisioning request, the Policy Engine 148 interfaces with a Workflow Engine 150 to notify and obtain authorization instructions from the appropriate authorization entity, which may be, for example, one or more users having pre-defined supervisory roles.”);  
25displaying default settings of the form-field operation permission after selecting the approver (see ¶135: “… the provisioning screen 700 may include explanatory text and boxes or fields into which information may be entered”); and 
modifying the default settings of the form-field operation permission according to the approval item of the selected approver in a workflow (see ¶135: “… the provisioning screen visible to the requesting user will only contain those fields for information that the user is capable of providing”).   

Regarding claim 7 
Gullotta discloses:
The method for setting form-field operation permission of an approval node according to claim 4, wherein the approver is a role, the role is set in two modes, one is to directly select the role and authorize approval permission, and the other is to determine the 10role according to a department level and authorize approval permission; the role is an independent individual rather than a group or a class, one role can only be related to a unique user during the same period, and one user can be related to one or more roles (see ¶69 and ¶136, ¶69: “The interface may allow, for example, users acting in a supervisory role to approve or disapprove change requests” 
¶136: “… the provisioning screen 708 may include additional fields 710 and 712 which allows the manager to approve or disapprove the request, and, if approval is given, which department has given the approval”).  

Regarding claim 8 
Gullotta discloses:
The method for setting form-field operation permission of an approval node according to claim 7, wherein the role belongs to a certain department, the name of the role 15is unique under the department, and the number of the role is unique in a system (see ¶136, ¶010, ¶120 and ¶123, ¶136: “… the provisioning screen 708 may include additional fields 710 and 712 which allows the manager to approve or disapprove the request, and, if is given,  approval which department has given the approval.”
¶10: “A single user may appear in several or all of these organizational structures, and thus may be in a somewhat unique overall role as compared to other users in the organization. Because this may require that many users be provisioned uniquely, many unique roles would have to be defined in the system to automate such provisioning.”
¶120: “The role -based system would determine that roles 1 and 3 apply to user A … roles 2 and 3 apply to user B”
¶123: “… policy 1 of the policy-based system replaces roles 1 and 2 of the role-based system.”).   

Regarding claim 9 
Gullotta discloses:
The method for setting form-field operation permission of an approval node according to claim 8, wherein during cross-department transfer of the user, the user's relation to the role in the original department is cancelled, and the user is related to a role in a new department (see ¶126 and ¶15, ¶126: “… if a user's roles or attributes should change, the policies are re-evaluated and a new list of resources to be provisioned are determined.”
¶15: “A particular advantage of RBAC is that it allows the access privileges provided to individuals to be very conveniently reconfigured as the individuals change job requirements, simply by deleting one's original assignment to a first role and adding one to the new role.”).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Gullotta as applied to claim 1 above, and further in view of USPAT No. 6202066 B1 to Barkley et al (hereinafter Barkley)
Regarding claim 6 
Gullotta discloses:
The method for setting form-field operation permission of an approval node according to claim 5, but fails to explicitly disclose the following limitation taught by Barkley: 
wherein the default form-field operation permission is as follows: having all viewing permissions of form fields, and not having any modification permission of the form fields (see Barkley ¶49: “Different kinds of access, that is, different sets of permissions, may be displayed … 
RGP-Admin displays the object icon in a third way, … in blue, if the selected role or group has any access, i.e., any permission to access the object”); or 
 5having all viewing permissions and all modification permissions of form fields (see Barkley ¶49: “… in green, if the selected role or group has all of the selected permissions”); or
 not having any viewing permission or modification permission of form fields (see Barkley ¶49: “… red, if the selected role or group has no access to the object”).    
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the method of Gullotta to incorporate the different default form-field operation permissions, colored differently, as disclosed by Barkley, such modification would provide increased system security by providing visual alerting feature(colorful) and limiting access permissions.
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Gullotta as applied to claim 1 above, and further in view of USPAT No. 9864752 B2 to Keng Lim (hereinafter Lim)
Regarding claim 10  
Gullotta discloses:
20The method for setting form-field operation permission of an approval node according to claim 4. However, Gullotta fails to explicitly disclose the following limitation taught by Lim:  
wherein when the form fields comprise a confidential field and a common field, the confidential field and the common field are displayed in different modes (see Lim ¶55: “If information to be displayed contains personal information such as a social security number, personal identification number (PIN) or account balance, then controlling information usage includes: filtering out or obscuring the personal information”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the method of Gullotta to incorporate the confidential personal information protection method as disclosed by Lim, such modification would provide increased system security by protecting confidential information from being compromised.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Dixit et al.  (USPAT No. 8336078 B2)- disclosed a method for managing role-based access in a multi-customer computing environment
Kuhn. (USPAT No. 6023765 A)- disclosed control of  access of users to objects protected by known lattice-based multi-level secure systems.
Ben Chetrit et al. (USPAT No. 8763155 B1)- disclosed an access control system in which the access permissions of users are stated by logical functions on tags associated with protected elements.
Svetov et al. (USPAT No. 2011/0283281 A1)- disclosed a system and method for providing complex access control in workflows

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Matthias Habtegeorgis whose telephone number is (571)272-1916. The examiner can normally be reached on 8:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through

Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491