Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/11/2022 was filed after the mailing date of the application on 4/20/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 4/20/2020 was filed after the mailing date of the application on 4/20/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


1.	Claims 1-9, 47 and 49 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
without any link in the body of the claims to a hardware component that is directed to non-statutory subject matter.  Therefore, it is software, per se and the claims fail to comprise any hardware to construct a system that can squarely fit within any statutory categories as shown above.  Applicant's specification fails to indicate any hardware tied to this data structure and if this data structure tied to hardware, then the hardware should be mentioned in the body of the claims.  It is not patent eligible subject matter in accordance with In re Warmerdam, 31 USPQ 2d, 1354.  The examiner suggests implementing hardware (i.e. processor or memory) into the body of the claims.  Claims 47 and 49 are rejected on the same rationale as independent claim 1.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
Examiner asserts that the claim is unclear to the device which performs the claim limitations.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 24-32, 47 and 49 are rejected under 35 U.S.C. 103 as being unpatentable over Singh (US Patent 7,870,270) in view of Wong (US Patent Pub. 2015/0256557).


As per claim 1, 24 and 47: (Currently Amended) Singh method of controlling access to network elements, the method comprising (See abstract): 
-through a first access interface, providing access to network elements (Col 3, lines 10-20; a component for granting the first user access to a first function of an application based on the first role);
- determining at least one access role of a user and at least one access target associated with the access role of the user (Col 4, lines 58-61; where a first profile including at least one role is assigned to a first user. The first profile may have a first privilege comprising a first function and a corresponding first target role set comprising at least one role); 
Singh does not specifically disclose based on the at least one access role of the user and the associated at least one access target, determining a subset of the network elements; defining a second access interface which is limited to the subset of the network elements and through the second access interface, providing the user with access to the subset of network elements.
 Wong discloses that a role is associated with one or more actions that a user associated with the role is authorized to perform on behalf of the entity. Various permissions are associated with a role to allow a user associated with the role to perform one or more of the actions associated with the role. Additionally, a role associated with a user may allow a user to assign a subset of the permissions associated with the role to one or more additional users, allowing an additional user to perform actions associated with the rule limited by the subset of permissions assigned to the additional user (Paragraph 5). 

As per claim 2, 25 and 49: (Original) The method according to claim 1, wherein the first access interface comprises a set of applications and the second access interface is limited to a subset of the applications of the first access interface (Col 4, lines 51-67; the first target role set may comprise the target role set for privilege three (r1, r,2, r3) as shown in FIG. 5. This example results in a positive match because each role in the second profile has a corresponding matching role in the first target role set).
As per claim 3 and 26: (Currently Amended) The method according to claim 1, wherein the first access interface comprises a set of management applications for managing the network elements and the second access interface is limited to a subset of the management applications of the first access interface (Col 3, lines 10-20; providing capabilities management and user administration may comprise a component for assigning a first profile including at least one role to a first user, the first profile having a first privilege).
As per claim 4 and 27: (Currently Amended) The method according to claim 1, wherein the user is provided with access to the subset of the network elements by interaction of the second access interface with the first access interface (See claim 1; in response to the third request, performing the first function of the first privilege on the second user when the first target role set of the first privilege contains a corresponding matching role for each role of the profile of the second user).
As per claim 5 and 28: (Currently Amended) The method according to claim 1, comprising:
providing the second access interface exclusively with data related to the subset of the network elements (Col 2, lines 29-32; assigning a second profile comprising at least one role to a second user, and a component for providing the first user the ability to perform the first privilege on the second user if each role in the second profile has a corresponding matching role in the first target role set).
As per claim 6 and 29: (Currently Amended) The method according to claim 1, comprising:
determining the subset of the network elements based on one or more access control policies (Col 2, lines 29-32; assigning a second profile comprising at least one role to a second user, and a component for providing the first user the ability to perform the first privilege on the second user if each role in the second profile has a corresponding matching role in the first target role set).
As per claim 7 and 30: (Currently Amended) The method according to claim 1 comprising:
Col 3, lines 25-30; a component for assigning a first profile including at least one role to a first user, the first profile having a first privilege comprising a first function and having a corresponding first target role set comprising at least one role);
- based on the at least one access role of the further user and the associated at least one access target, determining a further subset of the network elements (Col 4, lines 58-61; where a first profile including at least one role is assigned to a first user. The first profile may have a first privilege comprising a first function and a corresponding first target role set comprising at least one role);
- defining a third access interface which is limited to the further subset of the network elements (Col 9, lines 9-11; if it is determined that the first privilege comprises the adding function, exemplary method 300 proceeds to stage 320 where the first user is provided the ability to assign a third profile comprising the first target role set to a third user); and
- through the third access interface, providing the further user with access to the further subset of the network elements (Col 2, lines 29-32; assigning a second profile comprising at least one role to a second user, and a component for providing the first user the ability to perform the first privilege on the second user if each role in the second profile has a corresponding matching role in the first target role set).
As per claim 8 and 31: (Currently Amended) The method according to claim 7, wherein for an overlapping part of the subset of the network elements and the further subset of Col 2, lines 29-32; assigning a second profile comprising at least one role to a second user, and a component for providing the first user the ability to perform the first privilege on the second user if each role in the second profile has a corresponding matching role in the first target role set). 
As per claim 9 and 32: (Currently Amended) The method according to claim 7, wherein for an overlapping part of the subset of the network elements and the further subset of the network elements transactions through the second access interface and the third access interface are coordinated by providing consistency of data utilized by the second access interface with data utilized by the third access interface (Col 2, lines 29-32; assigning a second profile comprising at least one role to a second user, and a component for providing the first user the ability to perform the first privilege on the second user if each role in the second profile has a corresponding matching role in the first target role set).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433