DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Status
Claims 1-20 are currently pending.

Priority
This application data sheet, dated 09/30/2020, makes a claim for Domestic Benefit/National Stage Information and references Application Number PCTUS1927857. However, the correct Application Number is PCTUS1927867. A new and corrected Application Data Sheet is required. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 3, 4, 6, 12, 14, 15 and 17 is/are rejected under 35 U.S.C. 102(a)(1) or (a)(2) as being anticipated by QUINLAN (2017/0293769).
Regarding claim 1 and 12,
Quinlan teaches a method of operating an access control system containing one or more hierarchies, each of the one or more hierarchies includes one or more access levels, the method comprising:
computing one or more hierarchies ([0011] teaches receiving instructions to create a new access level; see various access levels L0-L3 in figure 3B); and,
assigning a primary access level (one of L0-L3 as shown in fig. 3B) of the one or more access levels within a primary hierarchy of the one or more hierarchies (see the illustration of access level hierarchy in figure 3B) to a first credential ([0013] teaches storing data comprising, for each of a plurality of access levels, first data indicative of one or more credentials and an access level key corresponding to the respective access level; [0037] teaches giving access to a particular combination of credentials corresponding to a particular access level as defined in the policy data 118); and
determining that access levels vertically below the primary access level in the primary hierarchy are implicitly assigned to the first credential when assigning the ([0037] teaches retrieving access keys, from the key data 120,  for each of the data structures 114-1 to 114-4 assigned to a data category corresponding to the particular access level or lower, but is not able to retrieve, the keys assigned to a data category at an access level higher than the particular access level; [0044] in combination with figure 3B teaches access level L0 as the lowest access level; access level L1 which stores the  L1 access keys as well the L0 access key; access level L2 stores the access keys for L2, L1 and L0 levels; and access level L3 stores the access keys for L3, L2, L1 and L0 levels.)

Regarding claims 3 and 14,
Quinlan teaches receiving an access request at a first access control, the access request including the first credential ([0038] teaches receiving input from a user of the computing device 100 (i.e. a "user credential");
determining which access levels are assigned to the first credential ([0013] teaches storing data comprising, for each of a plurality of access levels, first data indicative of one or more credentials and an access level key corresponding to the respective access level);
determining that at least one access level assigned to the first credential is authorized to actuate the first access control ([0039] teaches prompting the user of the computing device 100 to provide one or more credentials required for a particular access level, thus teaching a means for determining when a particular credential is authorized); and
([0039] teaches managing access to the one or more containers 114-1 to 114-4 in accordance with the current authentication state for the application 110 and the access level policy defined in the policy data 118; [0048] teaches, with regard to figure 4, utilizing credential and associated access levels to finally provide access).

Regarding claims 4 and 15,
Quinlan teaches receiving an access request at a first access control, the access request including the first credential ([0038] teaches receiving input from a user of the computing device 100 (i.e. a "user credential");
determining which access levels are assigned to the first credential([0013] teaches storing data comprising, for each of a plurality of access levels, first data indicative of one or more credentials and an access level key corresponding to the respective access level);
determining that none of the access levels assigned to the first credential are not authorized to actuate the first access control([0039] teaches prompting the user of the computing device 100 to provide one or more credentials required for a particular access level, thus teaching a means for determining when a particular credential is authorized);  and
maintaining the access control in a non-actuated position ([0053] teaches that the computing device 700 may include a physical keyboard. Quinlan does not restrict that the keys of the keyboard are actuated as a result of authorization of input credentials).

Regarding claims 6 and 15,
Quinlan teaches identifying access levels proximate a vertical top portion of each of the one or more hierarchies ([0037] teaches retrieving access keys assigned to a data category corresponding to the particular access level or lower, but retrieval is not permitted at an access level higher than the particular access level. Therefore, Quinlan teaches identification of a vertical top portion of each of the one or more hierarchies because retrieval is not permitted to higher access levels).

Regarding claims 7 and 18,
Quinlan teaches identifying groups of credentials that are assigned to one or more access levels proximate a vertical top portion of one or more hierarchies([0037] teaches retrieving access keys assigned to a data category corresponding to the particular access level or lower, but retrieval is not permitted at an access level higher than the particular access level. Therefore, Quinlan teaches identification of “one or more access levels proximate a vertical top portion of one or more hierarchies” because retrieval is not permitted to higher access levels).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 9, 11, 13 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over QUINLAN (2017/0293769) in view of TAVEIRA (US 2016/0253907).
Regarding claims 2 and 13,
Quinlan teaches the method of claim 1, but fails to expressly teach computing one or more hierarchies further comprises at least one of:
removing duplicate access levels within each of the one or more hierarchies;
removing unassigned access levels within each of the one or more hierarchies;
removing redundant access levels across each of the one or more hierarchies;
combining two or more access levels within a hierarchy if the access levels are always assigned together within the hierarchy; and
splitting over assigned access levels within each of the one or more hierarchies.
TAVEIRA teaches combining two or more access levels within a hierarchy if the access levels are always assigned together within the hierarchy ([0176] teaches that there is a recognized need in the art to establish an access level for an individual (See “operator”), which may be in addition to access levels established or assigned to an object (see “drone”) such that the same object (see “drone”) operated by different operators may have different access levels, e.g.,, a first operator having an access level 2 operating a drone having an access level 5 may result in the drone being assigned a total Access Level 7 while in flight.)
Before the effective filing date of the invention, it would have been obvious to combine the teachings of Quinlan and Taveira such that a computing device having a predefined access level requirement, when accessed by an individual having a second predefined access level, results in the individual’s ability to access data structures of the computing system having a 3rd predefined access level, according to the applied cumulative sum.   

Regarding claims 9 and 20,
Taveira teaches detecting usage of access controls at each of the one or more access levels for each of the one or more hierarchies ([0178] teaches storing a history of unauthorized entry into restricted areas, (e.g., entry based on insufficient access level); and
recommending removal of access levels from a credential located proximate a vertical top portion each of the one or more hierarchies in response to usage by the credential ([0178] teaches that said history of accessing restricted areas may lower an access level).




Regarding claim 11,
Taveira teaches recommending an access level proximate a vertical bottom portion of a hierarchy for a new credential ([0178] teaches that said history of accessing restricted areas may lower an access level).

Claims 5 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over QUINLAN (2017/0293769) in view of TAVEIRA (US 2016/0253907) and further in view of LUPOVICI (US 2017/0228953).
 Quinlan as modified by Taveira, teaches the method of claim 3, but fails to expressly teach that the first access control is a door lock operably connected to a door and actuating the first access control unlocks the door.
	LUPOVICI teaches an access control system and in [0002] teaches that the access control is the selective restriction of access to places or resources and further includes an access authorization hierarchy (see [0179]) . Lupovici teaches in [0179] that a determination is made on the access rights as to whether to open a door or not.  Lupovici teaches a list of access level requirements for each access point wherein the requirements include credentials such as an indication that people with an access right of "7" or higher are authorized to obtain access and people with an identifier of "5" or "6" can enter when accompanies by a user with an access right of "7" or higher. 
Before the effective filing date of the invention, it would have been obvious to combine the teachings of Quinlan and Lupovici, since Lupovici teaches in [0002] that the disclosed access control is the selective restriction of access to places or resources. 
And furthermore, such as modification shall provide a degree of security and management and a higher level of safety for employees, and visitors of monitored areas.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the 
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 17/048363 (reference application). The claims at issue are identical, and therefore are not patentably distinct from each other.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding claim 1,
	Claim 1 of copending Application No. 17/048363 recites, “A method of operating an access control system containing one or more hierarchies, each of the one or more hierarchies includes one or more access levels, the method comprising:
computing one or more hierarchies; and
assigning a primary access level of the one or more access levels within a primary hierarchy of the one or more hierarchies to a first credential; and
	determining that access levels vertically below the primary access level in the primary hierarchy are implicitly assigned to the first credential when assigning the primary access level of the one or more access levels within the primary hierarchy of the one or more hierarchies to the first credential.”

Regarding claim 2,
	Claim 2 of copending Application No. 17/048363 recites, “…wherein computing one or more hierarchies further comprises at least one of:
	removing duplicate access levels within each of the one or more hierarchies;
	removing unassigned access levels within each of the one or more hierarchies;
	removing redundant access levels across each of the one or more hierarchies;
	combining two or more access levels within a hierarchy if the access levels are always assigned together within the hierarchy; and
	splitting over assigned access levels within each of the one or more hierarchies.”
Regarding claim 3,
	Claim 3 of copending Application No. 17/048363 recites, “receiving an access request at a first access control, the access request including the first credential;
	determining which access levels are assigned to the first credential;
	determining that at least one access level assigned to the first credential is authorized to actuate the first access control; and
	actuating the first access control when it has been determined that credentials are authorized to actuate the first access control.”
Regarding claim 4,
Claim 4 of copending Application No. 17/048363 recites, “receiving an access request at a first access control, the access request including the first credential;
determining which access levels are assigned to the first credential;
determining that none of the access levels assigned to the first credential are not authorized to actuate the first access control; and
maintaining the access control in a non-actuated position.” 
Regarding claim 5,
	Claim 5 of copending Application No. 17/048363 recites, “wherein the first access control is a door lock operably connected to a door and actuating the first access control unlocks the door.”
Regarding claim 6,
	Claim 6 of copending Application No. 17/048363 recites, “identifying access levels proximate a vertical top portion of each of the one or more hierarchies.”
Regarding claim 7,
	Claim 7 of copending Application No. 17/048363 recites, “identifying groups of credentials that are assigned to one or more access levels proximate a vertical top portion of one or more hierarchies.”
Regarding claim 8,
	Claim 8 of copending Application No. 17/048363 recites, “identifying sensitive access levels in each of the one or more hierarchies; and
	prioritizing the sensitive access levels for defining and enforcing access level policies.”
Regarding claim 9,
	Claim 9 of copending Application No. 17/048363 recites, “detecting usage of access controls at each of the one or more access levels for each of the one or more hierarchies; and 
recommending removal of access levels from a credential located proximate a vertical top portion each of the one or more hierarchies in response to usage by the credential.”

Regarding claim 10,
	Claim 10 of copending Application No. 17/048363 recites, “splitting an access level located proximate a vertical top portion of a hierarchy into multiple access levels each having a limited number of access controls.”
Regarding claim 11,
	Claim 11 of copending Application No. 17/048363 recites, “recommending an access level proximate a vertical bottom portion of a hierarchy for a new credential.”
Regarding claim 12,
	Claim 12 of copending Application No. 17/048363 recites, “A computer program product tangibly embodied on a computer readable medium, the computer program product including instructions that, when executed by a processor, cause the processor to perform operations comprising:
	computing one or more hierarchies;
	assigning a primary access level of the one or more access levels within a primary hierarchy of the one or more hierarchies to a first credential; and
	determining that access levels vertically below the primary access level in the primary hierarchy are implicitly assigned to the first credential when assigning the primary access level of the one or more access levels within the primary hierarchy of the one or more hierarchies to the first credential.”
Regarding claim 13,
	Claim 13 of copending Application No. 17/048363 recites, “wherein computing one or more hierarchies further comprises at least one of:
 removing duplicate access levels within each of the one or more hierarchies; removing unassigned access levels within each of the one or more hierarchies; removing 
Regarding claim 14,
	Claim 14 of copending Application No. 17/048363 recites, “wherein the operations further comprise: receiving an access request at a first access control, the access request including the first credential; determining which access levels are assigned to the first credential; determining that at least one access level assigned to the first credential are authorized to actuate the first access control; and actuating the first access control when it has been determined that credentials are authorized to actuate the first access control.”
Regarding claim 15,
	Claim 15 of copending Application No. 17/048363 recites, “wherein the operations further comprise: receiving an access request at a first access control, the access request including the first credential; determining which access levels are assigned to the first credential; determining that none of the access levels assigned to the first credential are not authorized to actuate the first access control; and maintaining the access control in a non-actuated position.”
Regarding claim 16,
	Claim 16 of copending Application No. 17/048363 recites, “wherein the first access control is a door lock operably connected to a door and actuating the first access control unlocks the door.”

Regarding claim 17,
	Claim 17 of copending Application No. 17/048363 recites, “wherein the operations further comprise: identifying access levels proximate a vertical top portion of each of the one or more hierarchies.”
Regarding claim 18,
	Claim 18 of copending Application No. 17/048363 recites, “wherein the operations further comprise: identifying groups of credentials that are assigned to one or more access levels proximate a vertical top portion of one or more hierarchies.”
Regarding claim 19,
	Claim 19 of copending Application No. 17/048363 recites, “wherein the operations further comprise: identifying sensitive access levels in each of the one or more hierarchies; and prioritizing the sensitive access levels for defining and enforcing access level policies.”
Regarding claim 20,
	Claim 20 of copending Application No. 17/048363 recites, “wherein the operations further comprise: 
detecting usage of access controls at each of the one or more access levels for each of the one or more hierarchies; and recommending removal of access levels from a credential located proximate a vertical top portion each of the one or more hierarchies in response to usage by the credential.” 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DIONNE PENDLETON whose telephone number is (571)272-7497. The examiner can normally be reached M-F 9a-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Feild can be reached on 571-272-4090. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. 
Visit ttps://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and  https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/DIONNE PENDLETON/Primary Examiner, Art Unit 2689