DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Preliminary Amendment
The preliminary amendment filed 6/24/2021 has been entered. Claims 1, 8, 15 have been amended. Claims 5-7, 12-14, 19-21 have been canceled. Claims 22-29 have been added. Claims 1-4, 8-11, 15-18, 22-29 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4, 8-11, 15-18, 22-29 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Hinton et al. (US 2006/0236382 A1), hereinafter “Hinton”, and in view of Win et al. (US 6,453,353 B1), hereinafter “Win”. 
As per claim 1, Hinton teaches a method of provisioning users new to a service provider including:
“receiving a request of a user associated with an identify provider to access a service of the service provider via a single sign-on protocol” at [0163];
(Hinton teaches the single sign-on is triggered by the identity provider, e.g., when an identity provider has a list of linked resources that are hosted by related service providers, and after a user selects one of these links, a single-sign-on operation is initiated by the identity provider)
“receiving, as part of the request, stored user attributes indicating a role attribute associated with an existing account of the user from the identify provider via the single sign-on protocol” at [0167]-[0173], [0198];
(Hinton teaches the request to the service provider includes user attributes as well as an alias identifier for the user, these attributes may be added to the local account. The user attributes include group or roles of the user)
“upon receiving of the request from the user, retrieving at least one rule of a plurality of rules to apply when setting up the user as a new user to access the service of the service provider” at [0200]-[0201].
(Hinton teaches a service provider may require that a local workflow operation must be under taken. This requirement allows an administrative user at the service provider to approve the creation of the user account in accordance with local policy requirements (i.e., “plurality of rules))
“creating, at the service provider, a new account with the permission for accessing the object based on the request” at [0170]-[0173].
(Hinton teaches the service provider creates a new account for the user using the alias information and user attributes that have been provided by the identity provider within the request message. After the linked user account has been created, the service provider then performs the requested resource access and responds by sending an HTTP response message to the client)
	Hinton does not explicitly teach “determining a permission, as specified by the at least one rule, for accessing an object within the service based on the stored user attributes, by matching the role attribute associated with the existing account to the at least one rule and applying the at least one rule to the role attribute” as claimed. However, Win teaches a single secure sign-on gives a user access to authorized Web resources, based on the user’s role, including the step of: “determining a permission, as specified by the at least one rule, for accessing an object within the service based on the stored user attributes, by matching the role attribute associated with the existing account to the at least one rule and applying the at least one rule to the role attribute” at Col. 5 lines 10-65 and Col. 16-18. Thus, it would have been obvious to one of ordinary skill in the art to combine Win with Hinton’s teaching in order to “make[s] managing access simple because it is based on an additive data model. Assigning a role to a user or deleting a role from a user can add or delete access to all resources with that roles. Similarly, adding a role to a resource or removing a role from a resource can give or take way access to that resource from all users with that roles. The system allows 

As per claim 2, Hinton and Win and teach the method of claim 1 discussed above. Hinton also teaches: wherein “the single sign-on protocol includes one or more SAML (Security Assertion Markup Language), OAuth (Open standard for Authorization), OpenID, EmpowerID, Federation Services, Oracle Access Manager, and Tivoli Identity Manager” at [0059].

As per claim 3, Hinton and Win teach the method of claim 1 discussed above. Hinton also teaches: “requesting user attributes that are required but not included in the request” at [0175]-[0176], [0185], [0188].

As per claim 4, Hinton and Win teach the method of claim 1 discussed above. Hinton also teaches:  wherein the creating further includes: “creating a management account object at least based on an account identifier attribute; creating a contact object at least based on a contact identifier attribute and the management account object; and creating a new portal user account at least based on the management account object and the contact object” at [0170]-[0173], [0190]-[0196].

As per claim 22, Hinton Win and teach the method of claim 1 discussed above. Win also teaches: wherein “the plurality of rules are created by an administrative user” at Col. 12 line 55 to Col. 14 line 20.
As per claim 23, Hinton and Win teach the method of claim 1 discussed above. Win also teaches: wherein “the role attribute associated with the existing account of the user is based on a role hierarchy” at Col. 13 lines 5-65.

As per claim 24, Hinton and Win teach the method of claim 1 discussed above. Win also teaches: wherein “the at least one rule of the plurality of rules includes a rule specifying how to derive an access right value associated with the object within the system based on the role attribute” at Col. 13 line 5 to Col. 18 line 60. 

Claims 8-11, 15-18, 25-29 recite similar limitation as in claims 1-4, 22-24 and are therefore rejected by the same reasons.



Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-4, 8-11, 15-18, 22-29 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-21 of US Patent No. 10,885,179 B2. Claims 1-21 of US Patent 10,885,179 contain every element of claims 1-4, 8-11, 15-18, 22-29 of the instant application and as such anticipate claims 1-4, 8-11, 15-18, 22-29 of the instant application.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001). 


Conclusion
Examiner's Note: Examiner has cited particular columns and line numbers in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.


	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANH B PHAM whose telephone number is (571)272-4116. The examiner can normally be reached Monday - Friday, 8am to 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached on (571)270-3750. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 



/KHANH B PHAM/Primary Examiner, Art Unit 2166                                                                                                                                                                                                        
February 15, 2022