DETAILED ACTION
The Amendment filed on November 30th, 2021 has been entered and made of record.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Jeffrey Tracey on December 10th, 2021. During the telephone conference, Mr. Tracey has agreed and authorized the Examiner to amend claims 1 & 11.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Examiner’s Amendment
An Examiner’s Amendment to the record appears below. Should the changes and/or additions be unacceptable to the Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Claims
Replacing claims 1 & 11 as following:
Claim 1: (Currently Amended) A computing system, comprising:
a communications module communicable with an external network;
a memory; and
a processor coupled to the communications module and the memory, the processor being configured to:

receive, via an application server associated with the first application, a request for the first application to access the user account for performing a first access operation;
determine that the first access operation is not among the one or more permitted user account operations; and
in response to determining that the first access operation is not among the one or more permitted user account operations:
generate a request for a one-time authorization for the first application to access the user account for performing the first access operation;
send the request for the one-time authorization to the client device;
receive, via the client device, an indication of the requested one-time authorization;
generate an access token based on the indication of one-time authorization, the access token being valid for a one-time access of the user account by the first application for performing the first access operation in association with the user account; and
to grant, to the first application, one-time access to the user account.

Claim 11: (Currently Amended) A computer-implemented method, comprising:
receiving, via a client device associated with a user account at a protected resource, an indication of access permissions for a first application to access the user account, the access permissions defining at least one permission level and one or more permitted user account operations that are associated with the at least one permission level;
receiving, via an application server associated with the first application, a request for the first application to access the user account for performing a first access operation;
determining that the first access operation is not among the one or more permitted user account operations;
in response to determining that the first access operation is not among the one or more permitted user account operations:
generating a request for a one-time authorization for the first application to access the user account for performing the first access operation;
sending the request for the one-time authorization to the client device;
receiving, via the client device, an indication of the requested one-time authorization; 
generating an access token based on the indication of one-time authorization, the access token being valid for a one-time access of the user 
transmitting the access token to the application server associated with the first application to grant, to the first application, one-time access to the user account.

Examiner’s Statement of reason for Allowance
Claims 10 and 20 were canceled. Claims 1-9 and 11-19 are allowed.
The following is an examiner’s statement of reasons for allowance:
The present invention is directed a system and a method for controlling third-party access of a protected data resource. The closest prior arts, as previously recited, Tock (U.S. Pub. Number 2010/0263035) and Lindsay (U.S. Patent Number 7,552,467) are also generally direct to various aspects for providing secure access to private networks and protecting an asset. However, none of Tock and Lindsay teaches or suggests, alone or in combination, the particular combinations of steps or elements as recited in the independent claims 1 and 11. For example, none of the cited prior arts teaches or suggests the elements of “a communications module communicable with an external network; a memory; and a processor coupled to the communications module and the memory, the processor being configured to: receive, via a client device associated with a user account at a protected resource, an indication of access permissions for a first application to access the user account, the access permissions defining at least one permission level and one or more permitted user account operations that are associated with the at least one permission level; receive, via an application server associated with the first application, a request for the first application to access the user account for performing a first access operation; determine that the first access operation is not among the one or more permitted user account operations; and in response to determining that the first access operation is not among the one or more permitted user account operations: generate a request for a one-time authorization for the first application to access the user account for performing the first access operation; send the request for the one-time authorization to the client device; receive, via the client device, an indication of the requested one-time authorization; generate an access token based on the indication of one-time authorization, the access token being valid for a one-time access of the user account by the first application for performing the first access operation in association with the user account; and transmit the access token to the application server associated with the first application to grant, to the first application, one-time access to the user account.” Therefore, the claims are allowable over the cited prior arts.
Claims 2-9 & 12-19 are allowed because of their dependence from independent claims 1 & 11.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
           
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KHOI V LE/
Primary Examiner, Art Unit 2436