Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This is the office action that has been issued in response to communication filed 02/07/2022 for patent application 16/579,310.
The amendment filed on 02/07/2022 has been entered by which claim 21 has been added.
Claims 1-21 remain pending in the application. Claims 1, 8 and 15 are independent claims, claims 2-7 and 21 are dependent on claim 1, claims 9-14 are dependent on claim 8, and claims 16-20 are dependent on claim 15.

Response to Arguments
Applicant’s arguments/remarks regarding claim rejections under 35 USC 101 as set forth in the Non-Final Action of 12/09/2021 is found persuasive and is withdrawn. Applicant’s arguments/remarks filed 02/02/2022 regarding claims rejected under prior art have been fully considered and are unpersuasive.

Applicant asserts that Karp does not disclose a switch performing the operations as set forth in claims 1, 8 and 15; particularly pointing out that Office’s interpretation is not reasonable in view of Applicant’s specification. Examiner disagrees as applicant’s specification discloses a switch that can be implemented in many embodiments, “switch 
Moreover, the functions of a switch include receiving the grant message to a second computing device of a capability from a first computing device, receiving a request for the capability from the second computing device, verifying that the second computing device has the rights to the capability, and forwarding the message to the first computing device (instant specification, pp0016). The “resource mediator” of Karp does perform these functions as enumerated below in the art rejection.

Applicant also asserts that Karp does not teach “receiving, by a switch in the network… a grant message… compris[ing]… an indication of a first capability… to perform one or more operations…,” as recited in claims 1, 8 and 15; particularly pointing out that “lock/permission pairs” of Karp does not teach a capability granted to a particular computing entity as in the grant message of Applicant’s claims, but rather permissions in Karp correspond to “users.” Examiner disagrees. 
While permissions may correspond to “users,” each user would access the capability through a computing entity. For example, Karp discloses the permissions are for reading, writing, or executing relative to a specified resource (Karp, col 3, lines 21-33). Clearly, these are capabilities being granted to the user with respect to the resource (i.e., the capability to read, write or execute the resource). Further, Applicant 

Finally, Applicant asserts that Karp does not teach “transmitting, by the switch, the request to the first computing entity in response to the confirming” as recited in claim 1, 8 and 15; particularly pointing out that what is forwarded in Karp is not transmitting and that it does not include a key. Examiner disagrees.
The forwarding in Karp is a way to send or transmit a message. As for the message not including the key, Examiner finds that the claim does not require the subsequently transmitted “request” to include the key that was included when the request was received. That is, the claim reciting “receiving … a request … to perform [a particular operation on a particular resource], the request comprising a key” requires the request, when received, to comprise a key. However, the subsequent transmitting of “the request” after processing the request, as recited in the claim via “transmitting … the request … in response to the confirming” does not require the transmitted request to also include the claimed “key” that was received with the request. The claim does not 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 3, 8, 10, 15 and 17 are rejected under 35 U.S.C. 102 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”)

Regarding claims 1, 8 and 15, Karp discloses receiving, by a switch in the network, a grant message from a first computing entity in the network (Karp, Fig. 1, col. 3, lines 34-46: resource mediator 12 receiving a list of lock/permission pairs), 
wherein the grant message comprises: a key; and an indication of a first capability granted to a second computing entity in the network to perform one or more , Fig. 1, col. 3, lines 21-34: lock/permission pairs to include lock keys and corresponding capability, e.g., read/write/execute, permissions);
generating, by the switch, an entry in a capability table based on the grant message (Karp, Fig. 1, col. 3, lines 34-46: resource mediator would insert the list of lock/permission pairs into the resource descriptor18 of repository 16);
receiving, by the switch, a request from the second computing entity to perform an operation of the one or more operations with respect to the resource, wherein the request comprises the key (Karp, Figs. 1 & 2, col. 4, line 66 – col. 5, line 12; col. 5, lines 54-65: resource mediator 12 receives request 200 to access resource 20 with a key);
confirming, by the switch, that the second computing entity is permitted to perform the operation based on the key and the entry in the capability table (Karp, Fig. 1, col. 3, lines 21-33: resource mediator matching provided keys); and
transmitting, by the switch, the request to the first computing entity in response to the confirming (Karp, col. 6, lines 21-37: forwarding message 202).

	Regarding claims 3, 10 and 17, Karp discloses the method of claims 1, 8 and 15 respectively, further comprising: receiving, by the switch, a revocation message from the first computing entity indicating that the first capability is revoked for the second computing entity and 
removing the entry from the capability table based on the revocation message (Karp, Fig. 1, col. 3, lines 34-46: revoked permission and removing or deletion from the repository).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of “A technique for user-to-user delegation of capabilities with reduced access rights” disclosed anonymously, hereinafter “IPCOM”.

Regarding claims 2, 9 and 16, Karp discloses the method of claims 1, 8 and 15 respectively, but does not explicitly disclose receiving, by the switch, a mint message from the second computing entity. However, Karp teaches the concepts of receiving, by the switch, a grant message from a computing entity (Karp, Fig. 1, col. 3, lines 34-46: resource mediator 12 receiving a list of lock/permission pairs);
, Fig. 1, col. 3, lines 21-34: lock/permission pairs to include lock keys and corresponding capability, e.g., read/write/execute, permissions);
confirming, by the switch, that the another computing entity is permitted to perform the operation based on the key and the entry in the capability table (Karp, Fig. 1, col. 3, lines 21-33: resource mediator matching provided keys); and 
generating, by the switch, an entry in a capability table based on the grant message (Karp, Fig. 1, col. 3, lines 34-46: resource mediator would insert the list of lock/permission pairs into the resource descriptor18 of repository 16).
While Karp does not explicitly disclose the concept of receiving, by the switch, a mint message, IPCOM teaches the concept of “transitive delegation,” by which a user who is granted access from another user can further delegate a subset of the granted rights to other users (IPCOM, page 1, first paragraph).
Karp and IPCOM are analogous art to the claimed invention because they are in the same field of managing access control of resources. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to use the teaching of IPCOM to allow transitive delegation for more scalable sharing system.

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of Fischer et al. (US Patent No. 10,009,337, hereinafter “Fischer”).

Regarding claims 4, 11 and 18, Karp discloses the method of claims 3, 10 and 17 respectively, but does not explicitly disclose determining an additional entry in the capability table is a descendant of an entry and removing the additional entry based on the revocation message.
Fischer teaches the use of a hierarchical tree in managing access rights of parent-child relationships (Fischer, Fig. 10A, col. 25, line 57 - col. 26, line 7). When the access right of a parent is revoked, the child branch is cut from the parent tree, thereby removing the descendant entries (Fischer, Figs. 10A and 10B, col. 27, lines 29-46).
Karp and Fischer are analogous art to the claimed invention because they are in the same field of managing access control of resources. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to use the teaching of Fischer to store access rights in a hierarchical tree to more effectively manage access rights involving parent-child entities.

Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of Umamageswaran (US Patent No. 7,669,189).

Regarding claims 5, 12 and 19, Karp discloses the method of claims 1, 8 and 15, respectively, wherein: the grant message comprises: the indication of the first capability; and the key; and the one or more operations comprise one of: read; write; or invoke (Karp, Fig. 1, col. 3, lines 21-34: lock/permission field 72 includes lock/permission pairs for resource 20). 
Karp does not explicitly disclose wherein: the grant message comprises: an identifier of a memory region corresponding to the resource; a length of the memory region. Umamageswaran teaches locating content in a memory by region, address and length (Umamageswaran, col.4, line 57 – col. 5, line 4)
Karp and Umamageswaran are analogous art to the claimed invention because they are in the same field of memory access. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to use the teaching of Umamageswaran to uniquely identify content in a memory such as resource 20.

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of Yaguchi et al. (US Patent No. 10,637,830, hereinafter “Yaguchi”)

Regarding claims 6, 13 and 20, Karp discloses the method of claims 1, 8 and 15 respectively, but does not explicitly disclose the method further comprising: receiving, by the switch, results of the operation from the first computing entity; and transmitting, by the switch, the results of the operation to the second computing entity.
, Fig. 1, col. 6. lines 7-14, lines 54-63; col. 7, lines 4-15: connections via VPN router 16 with an authentication function). 
Karp and Yaguchi are analogous art to the claimed invention because they are in the same field of access control. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to use the teaching of Yaguchi to prevent leakage of information from the internal network, such as the resource 20.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of Lee et al. (US Patent No. 8,527,661, hereinafter “Lee”).

Regarding claims 7 and 14, Karp discloses the method of claims 1 and 15, respectively, but does not explicitly disclose wherein transmitting, by the switch, the request to the first computing entity in response to the confirming comprises translating the request into a format associated with the operation of the one or more operations.
Lee teaches networking gateways to manage communication and transfer of data between server system interconnection fabric and connections from client (Lee, col. 2, lines 27-36). Namely, a front-side gateway (“FSG”) of a storage server system 
Karp and Lee are analogous art to the claimed invention because they are in the same field of memory access. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to use the teaching of Lee as interconnection between client device and storage systems may be of a different type of interconnection fabric.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Karp et al. (US Patent No. 6,470,339, hereinafter “Karp”) in view of Deter et al. (US Patent Pub No. 20200177594, hereinafter “Deter”)

Regarding claim 21, Karp does not explicitly disclose method of claim 1, wherein the switch is a programmable physical or virtual switch that implements packet switching logic for the network and that has been programmed to process a particular packet format related to access control, and wherein the grant message corresponds to the particular packet format.
However, Deter teaches a controller that configures a network switch through which devices may access network resources. The network switch can block or permit a network traffic based on a packet header field according to access control lists while minimizing traffic leaks during replacement of an access control list (Deter, Figs, 1 and 
Karp and Deter are analogous art to the claimed invention because they are in the same field of network resource access. It would have been obvious to someone of ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Deter in the resource mediator of Karp to minimize traffic leaks when using access control lists.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAE-HEE CHOI whose telephone number is (571)272-9794. The examiner can normally be reached Monday-Thursday 12:00pm-8:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432