DETAILED ACTION
Claims 1-20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/30/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement has been considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3, 8, 12 and 17 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Da Palma (US PGPUB No. 2013/0067598).


As per claim 3, Da Palma teaches the method of claim 1, wherein the first policy includes a condition that the end- user must agree to abide by in order to access the first feature ([0048], license agreements contain terms and conditions end-users must abide by).



As per claim 12, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

As per claim 17, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Da Palma in view of Studer et al. (CA 3066238 A1) [hereinafter “Studer”].

As per claim 2, Da Palma teaches the method of claim 1.
Da Palma does not explicitly teach presenting, to the application provider, a user interface for inputting a plurality of text; receiving, via the user interface, a first textual content that corresponds to the first policy; and storing an editable version of the first textual content until final approval of the first policy is received from the application provider. Studer teaches presenting, to the application provider, a user interface for inputting a plurality of text ([0003], integrated user interface for requesting, examining and storing rulesets in a repository); receiving, via the user interface, a first textual content that corresponds to the first policy ([0003], requesting and storing rulesets in the repository); and storing an editable version of the first textual content until final approval of the first policy is received from the application provider ([0004], rulesets can be labeled “draft” which indicates it is still being edited).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Da Palma with the teachings of Studer, presenting, to the application provider, a user interface for inputting a plurality of text; receiving, via the user interface, a first textual content that corresponds to the first policy; and storing an editable version of the first textual content until final approval of the first policy is received from the .

Claims 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Da Palma in view of Yang et al. (US PGPUB No. 2020/0396058) [hereinafter “Yang”].

As per claim 4, Da Palma teaches the method of claim 1.
Da Palma does not explicitly teach wherein the first policy includes a consent to permit access of a specific data resource associated with the first end-user by a third party external to the application provider. Yang teaches wherein the first policy includes a consent to permit access of a specific data resource associated with the first end-user by a third party external to the application provider ([0010]-[0011], user consent to access personal data).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Da Palma with the teachings of Yang, wherein the first policy includes a consent to permit access of a specific data resource associated with the first end-user by a third party external to the application provider, to efficiently tie together consents to personal data to application functions that might require such access.

As per claim 5, the combination of Da Palma and Yang teaches the method of claim 4, wherein the first policy further includes an attribute that indicates whether the consent is recurring (Yang; [0010], requiring user consent on a daily basis depending on request).



As per claim 7, the combination of Da Palma and Yang teaches the method of claim 4, wherein the first policy further includes an attribute that indicates an action that may be taken with respect to the specific data resource (Yang; [0104], policy requires user permission to use user information while providing a service).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Da Palma in view of Gomez et al. (US PGPUB No. 2008/0141339) [hereinafter “Gomez”].

As per claim 9, Da Palma teaches the method of claim 8, as well as requiring acceptance of the first policy in order to enable access to the first feature ([0045], requirements, i.e. rules, whereby the EULA must be accepted to unlock particular commands and features).
Da Palma does not explicitly teach transmitting a signal to the API manager to create an XACML policy. Gomez teaches transmitting a signal to the API manager to create an XACML policy ([0066], creating an XACML policy combined with the policy rule requiring acceptance of a EULA before unlocking features - taught in Da Palma see above citation – a creation signal would be generated at some point).
.

Claims 10, 11, 13-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Da Palma in view of Grigera (US PGPUB No. 2018/0203984) [as cited in IDS dated 6/30/2020].

As per claim 10, Da Palma teaches the method of claim 1.
Da Palma does not explicitly teach receiving, from the application provider, a second policy and a third policy; receiving, from the application provider, a second selection of a second feature of the first application; linking, in response to the second selection, the second policy and the third policy to the second feature; creating a second rule that requires acceptance of both the second policy and the third policy in order to obtain access to the second feature; and executing the second rule, via the API manager, such that access by the end- user to the second feature is enabled only if the second policy and third policy are accepted by the end-user. Grigera teaches receiving, from the application provider, a second policy and a third policy ([0029], receiving requirements for user permissions for a particular feature or features of an application, i.e. permissions are policies); receiving, from the application provider, a second selection of a second feature of the first application (Abstract, permissions and consents can be linked to more than one feature of the application); linking, in response to the 
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Da Palma with the teachings of Grigera, receiving, from the application provider, a second policy and a third policy; receiving, from the application provider, a second selection of a second feature of the first application; linking, in response to the second selection, the second policy and the third policy to the second feature; creating a second rule that requires acceptance of both the second policy and the third policy in order to obtain access to the second feature; and executing the second rule, via the API manager, such that access by the end- user to the second feature is enabled only if the second policy and third policy are accepted by the end-user, to provide customizable consent management for varying applications with different functions and capabilities.

As per claim 11, the combination of Da Palma and Grigera teaches the method of claim 10, further comprising: receiving, from a first end-user, a request to access the first feature and the second feature (Grigera; [0029]-[0030], user requests to use one of 

As per claim 13, Da Palma teaches the system of claim 12.
Da Palma does not explicitly teach wherein the instructions further cause the processor to: generate a user profile for a first end-user of the application; receive, from the first end-user, a request to access the first feature; determine there is no record of first end-user accepting the first policy; automatically present to the first end-user, in response to the determination, the first policy; receive an acceptance of the first policy by the first end-user; and enable access of the first end-user to the first feature. Grigera teaches wherein the instructions further cause the processor to: generate a user profile for a first end-user of the application ([0032], user consents and permissions are stored by the system – since the consents are inherently associated with the user, this is considered a “user profile”); receive, from the first end-user, a request to access the first feature (Abstract, request for a function by user); determine there is no record of first end-user accepting the first policy (Abstract, determining there is no consent stored in 
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Da Palma with the teachings of Grigera, wherein the instructions further cause the processor to: generate a user profile for a first end-user of the application; receive, from the first end-user, a request to access the first feature; determine there is no record of first end-user accepting the first policy; automatically present to the first end-user, in response to the determination, the first policy; receive an acceptance of the first policy by the first end-user; and enable access of the first end-user to the first feature, to provide customizable consent management for varying applications with different functions and capabilities.

As per claim 14, the combination of Da Palma and Grigera teaches the system of claim 12, wherein the policy management service is a web-based plug-in that works in concert with the API manager (Grigera; [0040] and [0076], app provider has an API and permission management module – app provider can be a web based “plug-in” like an app store see [0021]).

As per claim 15, the combination of Da Palma and Grigera teaches the system of claim 13, wherein the instructions further cause the processor to store a record of the 

As per claim 16, the combination of Da Palma and Grigera teaches the system of claim 13, wherein the instructions further cause the processor to: receive, from the application provider, a modification to the first policy (Grigera; [0038], new version of application includes updated consent requirements); and automatically disable access of the first end-user to the first feature until the modified first policy has been accepted by the first end-user (Grigera; [0038], new consents are required for use of functionality – see abstract).

As per claim 18, the substance of the claimed invention is identical or substantially similar to that of claim 13. Accordingly, this claim is rejected under the same rationale.

As per claim 19, the substance of the claimed invention is identical or substantially similar to that of claim 15. Accordingly, this claim is rejected under the same rationale.

As per claim 20, the substance of the claimed invention is identical or substantially similar to that of claim 16. Accordingly, this claim is rejected under the same rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Francis et al. (US PGPUB No. 2009/0327296), Glogau (WO .

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        February 25, 2022