DETAILED ACTION

This communication is in response to Application No. 16/257,878 filed on 1/25/2019. The amendment presented on 11/24/2021, which amends claims 1, 2, 7, 8, 13, and 14, is hereby acknowledged.  Claims 1-20 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/24/2021 has been entered.
 
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 6-8, 12-14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gottumukkala et al. (hereinafter Gottumukkala)(US 2011/0162057) in view of Choi et al. (hereinafter Choi)(US 2013/0104200).
Regarding claims 1, 7, and 13, Gottumukkala teaches as follows:
an electronic device (interpreted as computer device 302 in figure 3) for service access (Computing device 302 includes a resource access module 306 (see, paragraph [0029]). Resource access module 306 communicates a request to access a resource 320 (see, paragraph [0032] and figure 3)), comprising: 
a processor (602 in figure 6); and 
a memory (606 in figure 6) having computer program instructions stored thereon, the processor executing the computer program instructions in the memory to control the electronic device to perform acts (an example computing device 600 that can be configured to implement the access control based on user and service in accordance with one or more embodiments.  Computing device 600 can be, for example, a computing device 302 of FIG. 3, see, paragraph [0058] and figure 6) comprising: 

determining, in response to the request, a first combined permission of the requester to access a plurality of functional interfaces of the plurality of services (if the user credentials are verified then identity validation service 330 does generate a user token on behalf of the user.  This user token includes one or more identifiers of the user, see, paragraph [0034]);  
determining a second combined permission (interpreted as service token) of the first service to access the plurality of functional interfaces of the plurality of services (the particular service 312 that receives the request also provides a service token to access control module 314.  This user token and service token together are referred to as the service and user token 110 of FIG. 1, see, paragraph [0039]); and 
controlling, based on the first combined permission and the second combined permission, access of the requester to the first functional interface (service 104 combines this identifier of the user with an identifier of service 104 to generate a service and user token 110 that is provided to access control module 108.  Service and user token 110 thus identifies to access control module 108 both the user associated with the request to access resource 106 and the service 104 through which the access is requested, see, paragraph [0020]).
Gottumukkala teaches all limitations as presented above except for determining access for the plurality of services.
Choi teaches as follows:
integrated service including a plurality of services or functions (see, paragraph [0040]); and
after completing the authentication on the application client 111, the access controller 114 determines accessible services based on the acquired service authentication method information, in step 204 (see, paragraph [0052] and figure 2).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gottumukkala with Choi to include controlling access to the plurality of services as taught by Choi in order to conveniently provide an integrated service including a plurality of services.
Regarding claims 2, 8, and 14, Gottumukkala teaches as follows:
determining, based on the first combined permission and the second combined permission, a third combined permission of the requester and the first service to access the plurality of services; and controlling, based on the third combined permission, the access of the requester to the first functional interface (the user token and service token are combined together into a single token by service 312. These tokens can be combined in a variety of different manners.  For example, a hash value can be generated by applying a hash algorithm to the identifiers from the user token and the service token, see, paragraph [0039]).
Regarding claims 6, 12, and 18, Gottumukkala teaches as follows:
.


Claims 4, 5, 10, 11, 16, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gottumukkala et al. (hereinafter Gottumukkala)(US 2011/0162057) in view of Choi et al. (hereinafter Choi)(US 2013/0104200), and further in view of Yabe (US 2013/0185809).
Regarding claims 4, 10, and 16, Gottumukkala teaches as follows:
a request to access a resource on a computing device is received through a particular service. The resource can potentially be accessed through multiple different services (see, paragraph [0012]); and
whether the requested access is permitted through a different service 312 can be readily determined by access control module 314 based on the access control entries of the access control list 316 of the corresponding resource 320.  This indication of one or more other services 312 through which the requested access is permitted can be returned to access control module 306, and can be displayed or otherwise presented to a user (see, paragraph [0041]).

Yabe teaches as follows:
the access management service system includes an approval screen transmission unit configured to confirm whether the user has an authority to use the second online service and, if it is confirmed that the user has the authority, configured to transmit an approval screen to the client to enable the user to confirm whether to approve that the first service system uses the second online service (see, paragraph [0008]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gottumukkala in view of Choi with Yabe to include the access management service system as taught by Yabe in order to efficiently authorize users for two different services.
Regarding claims 5, 11, and 17, Gottumukkala teaches as follows:
sending, to the second service in response to determining that the second functional interface is accessible to the requester, an indication associated with the first combined permission and the second combined permission (whether the requested access is permitted through a different service 312 can be readily determined by access control module 314 based on the access control entries of the access control list 316 of the corresponding resource 320.  This indication of one or more other services 312 through which the requested access is permitted can be returned to access control module 306, and can be displayed or otherwise presented to a user, see, paragraph [0041]).

Yabe teaches as follows:
a service cooperation table 400, which includes a service name column 401, an Application Program Interface column (hereinafter, referred to as "API column") 402, and a scope ID column 403, is stored in the service cooperation data management unit 303 (see, paragraph [0051]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gottumukkala in view of Choi with Yabe to include the well-known Application Program Interface as taught by Yabe in order to efficiently interface the service.

Claims 3, 9, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Gottumukkala et al. (hereinafter Gottumukkala)(US 2011/0162057) in view of Choi et al. (hereinafter Choi)(US 2013/0104200), and further in view of Chidlovskii (US 6,347,314).
Regarding claims 3, 9, and 15, Gottumukkala teaches as follows:
the user token and service token are combined together into a single token by service 312. These tokens can be combined in a variety of different manners.  For example, a hash value can be generated by applying a hash algorithm to the identifiers from the user token and the service token (see, paragraph [0039]).
Gottumukkala in view of Choi teaches all limitations as presented above except for the logical AND operation to combine two binary strings.
Chidlovskii teaches as follows:

It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gottumukkala in view of Choi with Chidlovskii to include the logical operation AND as taught by Chidlovskii in order to efficiently combine two binary strings. 

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Gottumukkala et al. (hereinafter Gottumukkala)(US 2011/0162057) in view of Choi et al. (hereinafter Choi)(US 2013/0104200), and further in view of Liu et al. (hereinafter Liu)(US 9,807,094).
Regarding claim 20, Gottumukkala teaches as follows:
service 330 also verifies the user token (equivalent to applicant’s permission) to computing device 304.  This verification of the user token can take different forms, such as including a statement (e.g., including a digital certificate) in the token that the user token is verified by service 330, and digitally signing the user token with a private key of service 330 (see, paragraph [0034]).
Gottumukkala in view of Choi does not teach the well-known form of Boolean value presenting the permission.  
Liu teaches as follows:

resource 208 is denied (see, col. 12, lines 28-54).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Gottumukkala in view of Choi with Liu to include presenting the permission in the well-known Boolean value as taught by Liu in order to simplify the communication associated with the permission.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeong S Park whose telephone number is (571)270-1597.  The examiner can normally be reached on Monday through Friday 8:00-4:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached on 571-272-3949.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JEONG S PARK/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        
January 25, 2022