DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
	Claims 1-10 are rejected under 35 U.S.C. 103.
	Claims 1-10 are rejected on the grounds of nonstatutory double patenting (over two different co-pending applications).
	Claims 2, 7, and 9 are objected to for minor informalities.

Claim Objections
Claims 2, 7, and 9 are objected to because of the following informalities:
In line 4 of claim 2, “at last time” should read “at a last time”.
In line 4 of claim 7, “at last time” should read “at a last time”.
In line 4 of claim 9, “at last time” should read “at a last time”.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets 

Claims 1, 4, and 8 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of copending Application No. 16/639,064 (hereinafter ‘064) in view of HUA (US 2016/0294881 A1).
This is a provisional nonstatutory double patenting rejection.

A comparison of the claims is given in the table below.

Instant Application
Claims of ‘064
Comments
(Claim 1) A form-authorizing method based on time property fields of a form, comprising:
(Claim 1) A method for setting a permission to view an operation record based on a time range, comprising:

selecting one or more grantees;
selecting a grantee;
It would have been obvious to a PHOSITA to allow more than one grantee to be selected.
selecting a form,
setting one or more viewed objects for each grantee,
It would have been obvious for a form to be 

and setting a viewing-permission time range for each grantee, wherein said grantee obtains a permission to view operation records of its corresponding viewed object within the viewing-permission time range of the grantee;
A viewing-permission time range setting is being created in each case. It would have been obvious for the setting to be saved, since settings are saved in order to be used later.
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a 


, the role is an independent individual not a group/class, one role can only be related to a unique user during the same period, and one user is related to one or more roles.
(Claim 3) wherein said role is an independent individual not a group/a class, and during the same period, one role can only be related to a unique user, while one user is related to one or more roles; and the user obtains the permissions of the related role.
It would have been obvious for the grantee to be a person, a user, a group, a class, or a role. This would not change the principal of operation and would merely amount to having different types of database entries for the different types of grantees.


and displaying time property fields of which permission time ranges need to be set in the selected form.
However, HUA, which is directed to setting user permissions by an administrative user, teaches and displaying time property fields of which permission time ranges need to be set in the selected form (“When a delegated administrator creates or adds a new user, the delegated administrator may assign a permission set to that user. A permission set may be used to determine the access right of a user relative to, for instance, objects, fields, pages, etc. A delegated administrator may also un-assign a permission set. A user interface associated with the permission management module 470 may display a list of permission set added by an administrator of a delegated administration group. The user interface may display an option to add a permission set to the list of permission sets and an option to remove a permission set from the list of permission sets.” Paragraph 0109. HUA teaches a user interface display for assigning permissions to specific users, which in view of claim 1 of ‘064 would include time property fields that need to be set by the administrator.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 1 of ‘064 by providing the administrator with a user interface that displays options to set permissions for a specific user as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the combination would yield predictable results. This would merely be incorporating a well 

	Regarding Claim 8, claim 1 of ‘064 does not teach and displaying time property fields of which permission time ranges need to be set in the selected form.
and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set.
However, HUA, which is directed to setting user permissions by an administrative user, teaches and displaying time property fields of which permission time ranges need to be set in the selected form (“When a delegated administrator creates or adds a new user, the delegated administrator may assign a permission set to that user. A permission set may be used to determine the access right of a user relative to, for instance, objects, fields, pages, etc. A delegated administrator may also un-assign a permission set. A user interface associated with the permission management module 470 may display a list of permission set added by an administrator of a delegated administration group. The user interface may display an option to add a permission set to the list of permission sets and an option to remove a permission set from the list of 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 1 of ‘064 by providing the administrator with a user interface that displays options to set permissions for a specific user as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the combination would yield predictable results. This would merely be incorporating a well known method such as form fields, drop down menus, and other common user interface elements into the method of setting time permissions ranges taught by claim 1 of ;064. Furthermore, HUA (Paragraphs 0045, 0048) teaches an advantage of such a a user interface would be reducing the administrative time managing a user’s rights. 
HUA further teaches and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set. (“Criteria may include a geographic location, a level within an organizational hierarchy (e.g., engineer, senior engineer, staff engineer, etc.; manager, senior manager, director, etc.), an industry, a role, level of experience or seniority, and other characteristics of users. For example, permission set 605 may be associated with “engineers.” Paragraph 0121-122. Also see Paragraphs 0123-0125. Limit fields include a level within the company, industry, or geographic location which are set by the administrator for a user. A non-management user is limited to only the permissions related to their criteria within the organization.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to further modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 1 of ‘064 by further limiting access permissions based on a level within an organization, an industry, or a geographic location pertaining to the specific user as taught by HUA. This would give the administrator user more control over the access to the applications and files in the system, improving information security. As taught by HUA (Paragraph 0120), “The permission sets may provide a more modular form of groupings of permissions than profiles. As such, a single user may be assigned multiple permission sets tailored to their particular access needs.”

Claim 10 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of copending Application No. 16/639,064 (hereinafter ‘064) in view of HUA (US 2016/0294881 A1) and further in view of CLARK (US 2007/0250905 A1).
This is a provisional nonstatutory double patenting rejection.

	
A form-authorizing method based on time property fields of a form, comprising: selecting one or more grantees; selecting a form, and displaying time property fields for which permission time ranges need to be set in the selected form;… setting time range permission time ranges for the time property fields, wherein a time range permission time range for each time property field is set respectively, said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, wherein the time range from the system initial time to the current time comprises the time range where the time field value is null; and after completing setting the permission time ranges, saving the settings.” See the comparison table and obviousness analysis of Claim 1 above over claim 1 of ‘064 in view of HUA.
Claim 1 of ‘064 in view of HUA does not teach selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; 
However, CLARK, which is directed to managing authorization levels for users, teaches selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; (“The administrator can associate a user authorization level template with a user by selecting a template from a template drop down menu 144. A set of defined templates are stored in database 24 that provide an administrator the ability to create or change user permissions for a single user and any combination of multiple applications based on the person's job title… This allows the administrator to select a user authorization level template based on the user's job title.” Paragraphs 0026-27. “As shown in FIG. 7, an administrator can create new templates or edit/delete existing templates to define user authorization levels across multiple applications.” Paragraph 0029. An administrator creates or chooses an existing template for a specific user that defines the user’s permissions for a plurality of applications. In view of PRICE, it would have been obvious for the template to include the time permission ranges set by the administrator to limit the user’s access of file system objects to a specific time.)
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the user interface for setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 1 of ‘064 in view of HUA by allowing an administrator to create or modify a template containing the desired time permission ranges, as taught by CLARK. Since the references are directed to assigning access rights by an administrator, the combination would yield predictable results. Such an implementation would improve the user experience by providing the administrator with more control and options for assigning access rights. As taught by CLARK (Paragraph 0027), “This is much faster 

Claims 1 and 4-7 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3-4, and 6-10 of copending Application No. 16/627,992 (hereinafter ‘992) in view of PRICE (US 2013/0246470 A1).
This is a provisional nonstatutory double patenting rejection.

A comparison of the claims is given in the table below.
Instant Application
Claims of ‘551
Comments
(Claim 1) A form-authorizing method based on time property fields of a form, comprising:
(Claim 1) A method for authorizing form-related information, comprising:

selecting one or more grantees;
selecting a grantee
It would have been obvious to a PHOSITA to allow more than one grantee to be selected.

selecting a form

and displaying time property fields of which permission time ranges need to be set in the selected form;
wherein a form is selected, and candidate relation information of said form is displayed;
Claim 1 of ‘992 does not recite that the fields are time property fields. See the discussion of PRICE below, in which the fields are time property fields.
…and after completing setting the permission time ranges, saving the settings.
and after authorizing the relation information of the form to the grantee, saving the permissions of the relation information of the grantee's form.

(Claim 4) wherein said grantee comprises one or more of a person, a user, a group, a class, and a role, the role is an independent individual not a group/class, one role can only be related to a unique user during the same period, and one user is related to one or more roles.
(Claim 3) wherein said grantee comprises one or more types of a person, a user, a group, a class, and a role… wherein said role is an independent individual not a group/a class, one role can only be related to a unique user during the same period, and one user is related to one or more roles.
The claims are substantially identical.

(Claim 4) wherein said role belongs to a certain department, and the role is authorized according to the work content of the role; a name of the role is unique under the department, and a number of the role is unique in a system; and during cross-department transfer of said user, the user's relation to the role in the original department is canceled, and the user is related to a role in a new department.
The claims are substantially identical.
(Claim 6) wherein said form-authorizing method further comprises a step of setting the time property field.
(Claim 6) wherein said method for authorizing form-related information further comprises a step of setting the candidate relation information
In view of PRICE, the field that would be set would be a time field rather than a candidate relation field.
(Claim 7) wherein when there is one grantee, after the grantee and the form are selected, an operator and an authorization 




Claim 1 of ‘992 does not teach setting permission time ranges for the time property fields, wherein a permission time range for each time property field is set respectively, said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null.
However, PRICE, which is directed to time-based user permissions, teaches setting permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration constraints assigned by the ACL rules 105 relating to the validity of a user ACL entry, wherein any access request at 102 having a date or time outside of the duration constraint results in a denial of access condition” Paragraph 0030. A time range in which a specific user can access a file system object is set by the administrator user.)
 wherein a permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access time indicated by the vtime data at 312” Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null. (“the dtime metadata specifies a "Begin Date/Time" field that specifies a date and time on which access to the object begins, and an "End Date/Time" field that specifies the ending date and time for the granted access. Thus, the date and time of the current access request 102 is determined at 202, and at 204 an access control evaluation process determines whether the date and time of the user request 102 satisfies the duration constraint by falling within said dtime begin and end date/times.” Paragraph 0030. The permission time range is a duration comprising a start Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify form authorization method of claim 1 of ‘992 by applying the time-based permission settings taught by PRICE. Such a combination would yield predictable results since PRICE is also directed to access rights to specific users for specific forms based on settings by an administrator. Furthermore, PRICE (Paragraph 0031) teaches, “The embodiment helps to reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified, rather then relying on manual intervention as required under the prior art.”

Claim 2 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1of copending Application No. 16/627,992 (hereinafter ‘992) in view of PRICE (US 2013/0246470 A1) and further in view of ROBAINA (US 2018/0197624 A1).


(Claim 1 of ‘992) wherein when there is one grantee, in said candidate relation information, items thereof that are selected and saved in the candidate relation information when the grantee is authorized at last time are automatically selected, and a corresponding item is selected from said candidate relation information; when there are two or more grantees, in said candidate relation information, no item thereof is selected



Regarding Claim 2, claim 1 of ‘992 recites substantially similar limitations; however, claim 1 of ‘992 does not teach that a field is displayed in the case that there is one grantee and a field is not displayed in the case when there are two or more grantees.
However, ROBAINA, which is directed to access to patient medical records, teaches that a field is displayed in the case that there is one grantee and a field is not displayed in the case when there are two or more grantees. (“For example, the wearable device of a first user can identify a second user to share the information perceived by the first user. The wearable device of the first user can receive a request from the second user's wearable device to share the content. The wearable device can determine access privilege of the second user and only share the portion of the information in the first user's FOV to which the second user has access. The second Paragraph 0281. Only a portion of a form is viewable if there are two users with access to a form. Also see Paragraph 0277, which discusses limiting editing privilege if two users are viewing a form at the same time. In view of HUA, it would have been further obvious to limit a view privilege instead of an edit privilege.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the display of time property fields to users given access by an administrator user taught by claim 1 of ‘992 in view of PRICE by limiting the display of secure information, such as a time property field, when two users have access to a form as taught by ROBAINA. Since both references are directed to providing access rights to users viewing file system objects, the combination would yield predictable results. Such an implementation would preserve the integrity of the data input by the administrator user. As taught by ROBAINA (Paragraphs 0129, 0277), “The medical record management system can also, in order to preserve the integrity and accuracy of the medical records, prohibit the patient from managing some parts of his medical records such as, e.g., adding/editing doctors' notes, doctors' diagnoses, tests results, and so on.”

Claims 3 and 8 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/627,992 (hereinafter ‘992) in view of PRICE (US 2013/0246470 A1) and further in view of HUA (US 2016/0294881 A1).
This is a provisional nonstatutory double patenting rejection.

Regarding Claim 3, claim 1 of ‘992 in view of PRICE does not explicitly teach wherein said form-authorizing method further comprises a step of setting an operation permission, said operation permission comprises one or more operations of viewing, modifying, adding, deleting or printing form data corresponding to a time property field, said form data is the data in the form in each permission time range of the time property field 
However, HUA, which is directed to setting user permissions by an administrative user, teaches wherein said form-authorizing method further comprises a step of setting an operation permission, said operation permission comprises one or more operations of viewing, modifying, adding, deleting or printing form data corresponding to a time property field, said form data is the data in the form in each permission time range of the time property field (“a customized application container may include the only the following permissions from the customized application permission: edit messages and custom links; modify standard picklist values; create, edit, and delete custom fields; create, edit, and delete page layouts; set field-level security; create, edit, and delete custom links” Paragraph 0111. “Finally, permission 6 may provide access to a particular object. In some implementations, permissions may include create, read, update, and/or delete (CRUD) options. For example, a permission may only include a level of access associated with reading, for Paragraph 0116. Also see Paragraphs 0039 and 0041, which generally discuss specific permissions (actions) different user profiles are given with regards to database objects. In view of PRICE, it would have been obvious for the users to only have these permissions during the time permission range set by the administrator.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 1 of ‘992 in view of PRICE by providing the administrator with a user interface that displays options to set permissions for a specific user, including operation permissions as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the combination would yield predictable results. This would merely be incorporating a well known method such as form fields, drop down menus, and other common user interface elements into the method of setting time permissions ranges taught by claim 1 of ‘064. Customization of operation permissions would also ensure security of the data and provide the administrator with more control of subordinate users’ access of data. Furthermore, HUA (Paragraphs 0045, 0048) teaches an advantage of such a user interface would be reducing the administrative time managing a user’s rights.

Regarding Claim 8, see the comparison of the claims in the table below:

(Claim 8 of ‘992) A method for authorizing form-related information, comprising:

selecting one or more grantees; selecting a form
selecting a grantee; selecting a form,
It would have been obvious to a PHOSITA to allow more than one grantee to be selected.
and displaying time property fields of which permission time ranges need to be set in the selected form;
wherein a form is selected, and candidate relation information of said form is displayed;
Claim 8 of ‘992 does not recite that the fields are time property fields. See the discussion of PRICE below.
and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set;


and saving the setting.
and after authorizing the relation information of the form to the grantee, saving permissions of the relation information of the grantee's form.
See the discussion of PRICE below regarding the limitations of claim 8 of the instant application that are not recited by claim 8 of ‘992.


Claim 8 of ‘992 does not teach setting permission time ranges for the time property fields, wherein a permission time range for each time property field is set respectively, said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null.
However, PRICE, which is directed to time-based user permissions, teaches setting permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration Paragraph 0030. A time range in which a specific user can access a file system object is set by the administrator user.)
 wherein a permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an inactivity time period (itime) that provides for the expiration of an ACL entry after an elapsed inactivity time period from a last access time of the accessing entity via the ACL entry” Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access time indicated by the vtime data at 312” Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null. (“the dtime metadata specifies a "Begin Date/Time" field Paragraph 0030. The permission time range is a duration comprising a start date/time and an end date/time. The claim only requires one type of time range. Also see Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify form authorization method of claim 8 of ‘992 by applying the time-based permission settings taught by PRICE. Such a combination would yield predictable results since PRICE is also directed to access rights to specific users for specific forms based on settings by an administrator. Furthermore, PRICE (Paragraph 0031) teaches, “The embodiment helps to reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified, rather then relying on manual intervention as required under the prior art.”
Claim 8 of ‘992 in view of PRICE does not fully teach setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set.
However, HUA teaches and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set. (“Criteria may include a geographic location, a level within an organizational hierarchy (e.g., engineer, senior engineer, staff engineer, etc.; manager, senior manager, director, etc.), an industry, a role, level of experience or seniority, and other characteristics of users. For example, permission set 605 may be associated with “engineers.” Permissions within permission set 605 (i.e., permissions 1, 2, 5, and 6) may provide a level of access to components needed for engineers.” Paragraph 0121-122. Also see Paragraphs 0123-0125. Limit fields include a level within the company, industry, or geographic location which are set by the administrator for a user. A non-management user is limited to only the permissions related to their criteria within the organization.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to further modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 8 of ‘992 in view of PRICE by further limiting access permissions based on a level within an organization, an industry, or a geographic location pertaining to the specific user as taught by HUA. This would give the administrator user more control 


Claim 9 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1of copending Application No. 16/627,992 (hereinafter ‘992) in view of PRICE (US 2013/0246470 A1) and further in view of HUA (US 2016/0294881 A1) and ROBAINA (US 2018/0197624 A1).

(Claim 9) wherein when there is one grantee, a permission time range value of the time property field is displayed as a value of the permission time range that is saved when the time property field is authorized at last time, and when there are two or more grantees, the permission time range value of the time property field is not displayed.
(claim 8 of ’992) wherein when there is one grantee, in said candidate relation information, items thereof that are selected and saved when the grantee is authorized at last time are automatically selected; and when there are two or more grantees, in said candidate relation information, no item thereof is selected.



However, ROBAINA, which is directed to access to patient medical records, teaches that a field is displayed in the case that there is one grantee and a field is not displayed in the case when there are two or more grantees. (“For example, the wearable device of a first user can identify a second user to share the information perceived by the first user. The wearable device of the first user can receive a request from the second user's wearable device to share the content. The wearable device can determine access privilege of the second user and only share the portion of the information in the first user's FOV to which the second user has access. The second user's wearable device can accordingly present to the second user a subset of information in the first user's FOV.” Paragraph 0281. Only a portion of a form is viewable if there are two users with access to a form. Also see Paragraph 0277, which discusses limiting editing privilege if two users are viewing a form at the same time. In view of HUA, it would have been further obvious to limit a view privilege instead of an edit privilege.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the display of time property fields to users given access by an administrator user taught by claim 8 of ‘992 in view of PRICE and HUA by limiting the display of secure information, such as a time property field, when two users have access to a form as taught by ROBAINA. Since both references are directed to 

Claim 10 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/627,992 (hereinafter ‘992) in view of PRICE (US 2013/0246470 A1) and further in view of CLARK (US 2007/0250905 A1).

Regarding Claim 10, see the comparison of the claims in the table below:
(Claim 10) A form-authorizing method based on time property fields of a form, comprising: selecting one or more grantees; selecting a form,
(Claim 10 of ‘992) A method for authorizing form-related information, comprising: selecting a grantee; selecting a form,
It would have been obvious to a PHOSITA to allow more than one grantee to be selected.
and displaying time property fields for which permission 


and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template;
selecting an authorization template, wherein an existing role or a created template is selected as an authorization template; authorizing form-related information to a grantee, wherein in the candidate relation information, items thereof that are selected and saved when the authorization template is authorized at last time are automatically selected,
The template recited by claim 10 of ‘992 is equivalent to the template of claim 10 of the instant application. However, see the discussion of CLARK below, which teaches the limitations of claim 10 (underlined) of the instant application that are not recited by claim 10 of ‘992.
…and after completing setting the permission time ranges, saving the settings.
and after authorizing the relation information of the form to the grantee, saving permissions of the relation information of the grantee's form.
See the discussion of PRICE below regarding the limitations of claim 10 of the instant application that are not recited by claim 10 of ‘992.



Claim 10 of ‘992 does not teach setting permission time ranges for the time property fields, wherein a permission time range for each time property field is set respectively, said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null.
However, PRICE, which is directed to time-based user permissions, teaches setting permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration constraints assigned by the ACL rules 105 relating to the validity of a user ACL entry, wherein any access request at 102 having a date or time outside of the duration constraint results in a denial of access condition” Paragraph 0030. A time range in which a specific user can access a file system object is set by the administrator user.)
 wherein a permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an inactivity time period (itime) that provides for the expiration of an ACL entry after an elapsed inactivity time period from a last access time of the accessing entity via the ACL entry” Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null. (“the dtime metadata specifies a "Begin Date/Time" field that specifies a date and time on which access to the object begins, and an "End Date/Time" field that specifies the ending date and time for the granted access. Thus, the date and time of the current access request 102 is determined at 202, and at 204 an access control evaluation process determines whether the date and time of the user request 102 satisfies the duration constraint by falling within said dtime begin and end date/times.” Paragraph 0030. The permission time range is a duration comprising a start date/time and an end date/time. The claim only requires one type of time range. Also see Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify form authorization method of claim 10 of ‘992 by reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified, rather then relying on manual intervention as required under the prior art.”
Claim 10 of ‘992 in view of PRICE does not fully teach selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; 
However, CLARK, which is directed to managing authorization levels for users, teaches selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; (“The administrator can associate a user authorization level template with a user by selecting a template from a template drop down menu 144. A set of defined templates are stored in database 24 that provide an administrator the ability to create or change user permissions for a single user and any combination of multiple applications based on the person's job title… This allows the administrator to select a user authorization level template based on the user's job title.” Paragraphs 0026-27. “As shown in FIG. 7, an administrator can create new templates or edit/delete existing templates to define user authorization levels across multiple applications.” Paragraph 0029. An administrator creates or chooses an existing template for a specific user that defines the user’s permissions for a plurality of applications. In view of PRICE, it would have been obvious for the template to include the time permission ranges set by the administrator to limit the user’s access of file system objects to a specific time.)
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the user interface for setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by claim 10 of ‘992 in view of PRICE by allowing an administrator to create or modify a template containing the desired time permission ranges, as taught by CLARK. Since the references are directed to assigning access rights by an administrator, the combination would yield predictable results. Such an implementation would improve the user experience by providing the administrator with more control and options for assigning access rights. As taught by CLARK (Paragraph 0027), “This is much faster than setting up individual user authorization levels on an application-by-application basis.” For example, the administrator in the embodiment of claim 10 of ‘992 would therefore be able to assign a template that defines the properties of a user for a file system object rather than manually entering the properties for each user.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-4, and 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over PRICE (US 2013/0246470 A1) in view of HUA (US 2016/0294881 A1).

Regarding Claim 1, PRICE teaches a form-authorizing method based on time property fields of a form, comprising: (“The embodiment manages ACL entries as a function of user-specific object access data. More particularly, in response to a request at 102 associated with a request by a specific user having an access control list entry to a specific file system object, a processing unit executing program code performs file system management processes with respect to the file system data object and the user by determining at 104 whether this specific request by this specific user is authorized for access to the object as a function of ACL metadata for the object and the requesting user that is stored in an ACL metadata store 103, in view of one or more rules in an ACL access rule store 105 that are applicable to the requesting user and the requested object.” Paragraph 0022. The time property fields that will be discussed as follows are set for a specific user [grantee] and a specific file system object [form].)
selecting one or more grantees; selecting a form, (“FIG. 2 illustrates one example wherein ACL rule permissions stored at 105 are effective only during a specified time period controlled by time duration constraints for each user entry in the ACL 103… This embodiment extends the Access Control List capabilities within the file system to allow an administrator or other user who owns the requested file system object or is otherwise granted control of the object to specify a duration constraint metadata (dtime) when creating or modifying ACL's” Paragraphs 0029-30. An administrator user selects a user in an ACL [grantee] to assign permissions regarding a file system object [form].)
…setting permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration constraints assigned by the ACL rules 105 relating to the validity of a user ACL entry, wherein any access request at 102 having a date or time outside of the duration constraint results in a denial of access condition” Paragraph 0030. A time 
wherein a permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an inactivity time period (itime) that provides for the expiration of an ACL entry after an elapsed inactivity time period from a last access time of the accessing entity via the ACL entry” Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access time indicated by the vtime data at 312” Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null; (“the dtime metadata specifies a "Begin Date/Time" field that specifies a date and time on which access to the object begins, and an "End Date/Time" field that specifies the ending date and time for the granted access. Thus, Paragraph 0030. The permission time range is a duration comprising a start date/time and an end date/time. The claim only requires one type of time range. Also see Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
and after completing setting the permission time ranges, saving the settings (“The embodiment helps to reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified” Paragraph 0031. After the administrator sets the permission time ranges, the settings are saved in the ACL.)
PRICE does not explicitly teach and displaying time property fields of which permission time ranges need to be set in the selected form. 
However, HUA, which is directed to setting user permissions by an administrative user, teaches and displaying time property fields of which permission time ranges need to be set in the selected form (“When a delegated administrator creates or adds a new user, the delegated administrator may assign a permission set to that user. A permission set may be used to determine the access right of a user relative to, for instance, objects, fields, pages, etc. A delegated administrator may also un-assign a permission set. A user interface associated with the permission management module display a list of permission set added by an administrator of a delegated administration group. The user interface may display an option to add a permission set to the list of permission sets and an option to remove a permission set from the list of permission sets.” Paragraph 0109. PRICE teaches that an administrator sets time permission ranges for a plurality of time properties that control the access rights of a specific user to a specific object. It would have been obvious for there to be some type of user interface that displays the time property fields for the administrator to set. HUA teaches a user interface display for assigning permissions to specific users, which in view of PRICE would include time property fields that need to be set by the administrator.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by PRICE by providing the administrator with a user interface that displays options to set permissions for a specific user as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the combination would yield predictable results. This would merely be incorporating a well known method such as form fields, drop down menus, and other common user interface elements into the method of setting time permissions ranges taught by PRICE. Furthermore, HUA (Paragraphs 0045, 0048) teaches an advantage of such a a user interface would be reducing the administrative time managing a user’s rights. This supports the goal of PRICE (Paragraph 0031) of allowing an administrator to control 

Regarding Claim 3, PRICE in view of HUA further teaches wherein said form-authorizing method further comprises a step of setting an operation permission, said operation permission comprises one or more operations of viewing, modifying, adding, deleting or printing form data corresponding to a time property field, said form data is the data in the form in each permission time range of the time property field (HUA, “a customized application container may include the only the following permissions from the customized application permission: edit messages and custom links; modify standard picklist values; create, edit, and delete custom fields; create, edit, and delete page layouts; set field-level security; create, edit, and delete custom links” Paragraph 0111. “Finally, permission 6 may provide access to a particular object. In some implementations, permissions may include create, read, update, and/or delete (CRUD) options. For example, a permission may only include a level of access associated with reading, for example, a field of a record. Another permission may include a level of access associated with reading and updating a field of a record” Paragraph 0116. Also see Paragraphs 0039 and 0041, which generally discuss specific permissions (actions) different user profiles are given with regards to database objects. In view of PRICE, it would have been obvious for the users to only have these permissions during the time permission range set by the administrator.)

 wherein said grantee comprises one or more of a person, a user, a group, a class, and a role, the role is an independent individual not a group/class, one role can only be related to a unique user during the same period, and one user is related to one or more roles. (PRICE, “the ACL for a file or directory can contain many entries giving different entities (people, group, other) particular access rights to the file or directory. Further, the term "user" as used in describing access to an object via an ACL entry as described above is not limited to permissions for a single entity, but may refer to any group or other generic entity class comprising pluralities of entities that are each granted rights to the file system object via an ACL user entry” Paragraph 0043. The user entry for a file in an ACL can be for a single person, a group, or a class of users. The “role” embodiment is not required by the claim; however, HUA (Paragraph 0033, 0107, 0172) teaches user roles.)

Regarding Claim 6, PRICE in view of HUA further teaches wherein said form-authorizing method further comprises a step of setting the time property field. (PRICE, “it will be appreciated that each of the embodiments of FIGS. 2, 3, 4 and 5 may independently determine access permissions, they may be used in combination, or they may be used as condition precedents to trigger others of the processes or set their respective values. For example, they may also be used in combination at 104 of FIG. 1 wherein two or more of the processes 204, 304, 314 and 404 must indicate access should be granted to trigger access at 108” Paragraph 0042. The ‘dtime’, ‘itime’, and 

Regarding Claim 7, PRICE in view of HUA further teaches wherein when there is one grantee, after the grantee and the form are selected, an operator and an authorization time that the time property field of the grantee's form is authorized at last time are displayed. (HUA, “The user interface may be configured to display information about the administrator that creates and/or edits a delegated administration group. Information such as the time and date when those events occur may also be displayed.” Paragraph 0106. “the user interface may display information about the administrator who adds a permission set to the list of permission sets. Information such as the time and date when a permission set is added may also be displayed… Information such as the time and date when a custom object is added may also be displayed” Paragraphs 0109-0110. Information about the administrator that sets or modifies permissions is displayed. It would have been obvious to display the administrator that sets the time permission ranges and a timestamp of when the permissions were set in view of PRICE. This is further motivated by PRICE (Paragraph 0025), which teaches “Being able to identify when the entities have last accessed or modified the objects allows the owners to better manage the objects and the ACL's associated with those objects”.)

Regarding Claim 8, PRICE in view of HUA teaches a form-authorizing method based on time property fields of a form, comprising: (“The embodiment manages a specific user having an access control list entry to access a specific file system object, a processing unit executing program code performs file system management processes with respect to the file system data object and the user by determining at 104 whether this specific request by this specific user is authorized for access to the object as a function of ACL metadata for the object and the requesting user that is stored in an ACL metadata store 103, in view of one or more rules in an ACL access rule store 105 that are applicable to the requesting user and the requested object.” Paragraph 0022. The time property fields that will be discussed as follows are set for a specific user [grantee] and a specific file system object [form].)
selecting one or more grantees; selecting a form, (“FIG. 2 illustrates one example wherein ACL rule permissions stored at 105 are effective only during a specified time period controlled by time duration constraints for each user entry in the ACL 103… This embodiment extends the Access Control List capabilities within the file system to allow an administrator or other user who owns the requested file system object or is otherwise granted control of the object to specify a duration constraint metadata (dtime) when creating or modifying ACL's” Paragraphs 0029-30. An administrator user selects a user in an ACL [grantee] to assign permissions regarding a file system object [form].)
…setting permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration constraints assigned by the ACL rules 105 relating to the validity of a Paragraph 0030. A time range in which a specific user can access a file system object is set by the administrator user.)
wherein a time range permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an inactivity time period (itime) that provides for the expiration of an ACL entry after an elapsed inactivity time period from a last access time of the accessing entity via the ACL entry” Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access time indicated by the vtime data at 312” Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said time range permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, said time range from the system initial time to the current time comprises the time range where the time field value is null; (“the dtime metadata specifies a "Begin Paragraph 0030. The permission time range is a duration comprising a start date/time and an end date/time. The claim only requires one type of time range. Also see Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
…and saving the setting. (“The embodiment helps to reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified” Paragraph 0031. After the administrator sets the permission time ranges, the settings are saved in the ACL.)
PRICE does not explicitly teach and displaying time property fields of which permission time ranges need to be set in the selected form.
PRICE does not teach and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set.
and displaying time property fields of which permission time ranges need to be set in the selected form (“When a delegated administrator creates or adds a new user, the delegated administrator may assign a permission set to that user. A permission set may be used to determine the access right of a user relative to, for instance, objects, fields, pages, etc. A delegated administrator may also un-assign a permission set. A user interface associated with the permission management module 470 may display a list of permission set added by an administrator of a delegated administration group. The user interface may display an option to add a permission set to the list of permission sets and an option to remove a permission set from the list of permission sets.” Paragraph 0109. PRICE teaches that an administrator sets time permission ranges for a plurality of time properties that control the access rights of a specific user to a specific object. It would have been obvious for there to be some type of user interface that displays the time property fields for the administrator to set. HUA teaches a user interface display for assigning permissions to specific users, which in view of PRICE would include time property fields that need to be set by the administrator.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by PRICE by providing the administrator with a user interface that displays options to set permissions for a specific user as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the 
HUA further teaches and setting a limit field, wherein a limit field for a permission time range of a time property field that needs operation permission setting in the form is set, and said limit field is a field with a field value determined by selection or determined automatically, and an operation permission for data corresponding to the field value of the limit field is set. (“Criteria may include a geographic location, a level within an organizational hierarchy (e.g., engineer, senior engineer, staff engineer, etc.; manager, senior manager, director, etc.), an industry, a role, level of experience or seniority, and other characteristics of users. For example, permission set 605 may be associated with “engineers.” Permissions within permission set 605 (i.e., permissions 1, 2, 5, and 6) may provide a level of access to components needed for engineers.” Paragraph 0121-122. Also see Paragraphs 0123-0125. Limit fields include a level within the company, industry, or geographic location which are set by the administrator for a user. A non-management user is limited to only the permissions related to their criteria within the organization.)
 the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by PRICE by further limiting access permissions based on a level within an organization, an industry, or a geographic location pertaining to the specific user as taught by HUA. This would give the administrator user more control over the access to the applications and files in the system, improving information security. As taught by HUA (Paragraph 0120), “The permission sets may provide a more modular form of groupings of permissions than profiles. As such, a single user may be assigned multiple permission sets tailored to their particular access needs.”


Claims 2 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over PRICE (US 2013/0246470 A1) in view of HUA (US 2016/0294881 A1) and further in view of ROBAINA (US 2018/0197624 A1).

Regarding Claim 2, PRICE in view of HUA teaches all the limitations of claim 1, on which claim 2 depends.
PRICE in view of HUA further teaches wherein when there is one grantee, a permission time range value of the time property field is displayed as a value of the permission time range that is saved when the time property field is authorized at last time, (PRICE, “Multiple accesses by different users in the present embodiment Paragraph 0026. 
HUA, “The user interface may display information about the administrator who adds a permission set to the list of permission sets. Information such as the time and date when a permission set is added may also be displayed. As mentioned, a delegated administrator may not be able to modify any permission set in the list of permission sets.” Paragraph 0109.
It would have been obvious in view of HUA for the modifications to the time property fields, including setting time permission ranges, by an administrator user to be displayed for each grantee.)
PRICE in view of HUA does not teach and when there are two or more grantees, the permission time range value of the time property field is not displayed.
However, ROBAINA, which is directed to access to patient medical records, teaches and when there are two or more grantees, the permission time range value of the time property field is not displayed. (“For example, the wearable device of a first user can identify a second user to share the information perceived by the first only share the portion of the information in the first user's FOV to which the second user has access. The second user's wearable device can accordingly present to the second user a subset of information in the first user's FOV.” Paragraph 0281. Only a portion of a form is viewable if there are two users with access to a form. Also see Paragraph 0277, which discusses limiting editing privilege if two users are viewing a form at the same time. In view of HUA, it would have been further obvious to limit a view privilege instead of an edit privilege.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the display of time property fields to users given access by an administrator user taught by PRICE in view of HUA by limiting the display of secure information, such as a time property field, when two users have access to a form as taught by ROBAINA. Since both references are directed to providing access rights to users viewing file system objects, the combination would yield predictable results. Such an implementation would preserve the integrity of the data input by the administrator user. As taught by ROBAINA (Paragraphs 0129, 0277), “The medical record management system can also, in order to preserve the integrity and accuracy of the medical records, prohibit the patient from managing some parts of his medical records such as, e.g., adding/editing doctors' notes, doctors' diagnoses, tests results, and so on.”


PRICE in view of HUA further teaches wherein when there is one grantee, a permission time range value of the time property field is displayed as a value of the permission time range that is saved when the time property field is authorized at last time, (PRICE, “Multiple accesses by different users in the present embodiment of FIG. 1 do not overwrite each other and result in only one, most-recent access (atime) or modification (mtime) time and date saved to the object metadata. Instead, embodiments of the present invention extend the Access Control List capabilities within the file system ACL to allow capturing and storing the last access time, modification time and/or access event count data for each entry within the ACL by adding a date/timestamp field for access and/or modification times to each entry within the ACL and modifying the file system operating system to update these new fields.” Paragraph 0026. 
HUA, “The user interface may display information about the administrator who adds a permission set to the list of permission sets. Information such as the time and date when a permission set is added may also be displayed. As mentioned, a delegated administrator may not be able to modify any permission set in the list of permission sets.” Paragraph 0109.
It would have been obvious in view of HUA for the modifications to the time property fields, including setting time permission ranges, by an administrator user to be displayed for each grantee.)
and when there are two or more grantees, the permission time range value of the time property field is not displayed.
However, ROBAINA, which is directed to access to patient medical records, teaches and when there are two or more grantees, the permission time range value of the time property field is not displayed. (“For example, the wearable device of a first user can identify a second user to share the information perceived by the first user. The wearable device of the first user can receive a request from the second user's wearable device to share the content. The wearable device can determine access privilege of the second user and only share the portion of the information in the first user's FOV to which the second user has access. The second user's wearable device can accordingly present to the second user a subset of information in the first user's FOV.” Paragraph 0281. Only a portion of a form is viewable if there are two users with access to a form. Also see Paragraph 0277, which discusses limiting editing privilege if two users are viewing a form at the same time. In view of HUA, it would have been further obvious to limit a view privilege instead of an edit privilege.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the display of time property fields to users given access by an administrator user taught by PRICE in view of HUA by limiting the display of secure information, such as a time property field, when two users have access to a form as taught by ROBAINA. Since both references are directed to providing access rights to users viewing file system objects, the combination would yield predictable results. Such an implementation would preserve the integrity of the data input by the 

Claims 5 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over PRICE (US 2013/0246470 A1) in view of HUA (US 2016/0294881 A1) and further in view of CLARK (US 2007/0250905 A1).

Regarding Claim 5, PRICE in view of HUA teaches the required limitations of claim 4, on which claim 5 depends.
PRICE in view of HUA further teaches wherein said role belongs to a certain department, and the role is authorized according to work content of the role; (HUA, “The users may include those who are at the roles specified by the administrator as well as the users who are at the subordinating roles according to a role hierarchy in an organization. For instance, the delegated administrator may be responsible for all users in the marketing group from the head of the marketing group down to all of the subordinates in the marketing group hierarchy.” Paragraph 0107. For example, a role belongs to a marketing department hierarchy and permissions are based on the work content of the role. See Paragraph 0172, which discusses a Sales Manager role including permissions to do the job of a sales manager.)
…and during cross-department transfer of the user, the user's relation to the role in the original department is canceled, and the user is related to a role in a new department. (HUA, “when a new employee is hired into the marking group, a delegated administrator responsible for the marketing group is allowed to create user information for the new employee. However, the delegated administrator for the marketing group is not involved when a new employee is hired into a human resource group, unless that delegated administrator is also a delegated administrator in the human resource group. The user interface associated with the user administration module 460 may display options to enable an administrator to add a role and to remove a role.” Paragraph 0107. Also see Paragraph 0125, which discusses the revoking of permission sets when a user transfers from one work location to another work location. Such a revocation would be obvious should the user transfer departments or between roles in the system.)
…and one user is related to one or more roles (HUA, “The users may include those who are at the roles specified by the administrator as well as the users who are at the subordinating roles according to a role hierarchy in an organization… The user interface associated with the user administration module 460 may display options to enable an administrator to add a role and to remove a role.” Paragraph 0107. Also see Paragraph 0124. A user is related to at least one role but can also be assigned multiple roles by an administrator or delegate administrator.)
…and a number of the role is unique in a system. (HUA, “In FIG. 7B, user entity 705 includes an identifier, user role identifier (e.g., a user role in an organization Paragraph 0128. Each role has a role ID.)
While Hua teaches user roles, HUA does not teach the limitation the role is an independent individual not a group/class, one role can only be related to a unique user during the same period in claim 4 and a name of the role is unique under the department.
However, CLARK, which is directed to managing authorization levels for users, teaches the role is an independent individual not a group/class, (“A set of defined templates are stored in database 24 that provide an administrator the ability to create or change user permissions for a single user and any combination of multiple applications based on the person's job title.” Paragraph 0027. The role is based on a specific user’s job title rather than a class. CLARK also differentiates the job title from group/class in Paragraph 0028: “Other employment indicators may be used to distinguish between the types of users”)
one role can only be related to a unique user during the same period, (“A new user may take over the job of an existing application user (i.e., the existing user has retired and a new person takes their job).” Paragraph 0005. Since one user replaces the other user, two users do not have the same job during a same time period.)
…a name of the role is unique under the department, (“FIG. 6 depicts an exemplary user authorization level template database which correlates job titles 150 with applications 152. For each application 152, the database indicates the authorization level for each lob title.” Paragraph 0027. The job title is the name of the 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the assigning of access rights to a user based on roles taught by PRICE in view of HUA by creating roles that are associated with a specific job title unique to the user as taught by CLARK. Since the references are directed to assigning permissions to users by an administrator, the combination would yield predictable results. Such an implementation would amount to creating a specific type of designation that applies to only one user and not a group of users, which would have been reasonable to one of ordinary skill in the art in view of CLARK.As suggested by CLARK (Paragraph 0005), such an implementation would provide “consistent and standardized access and permission levels based on work group or job title”.


Regarding Claim 10, PRICE teaches a form-authorizing method based on time property fields of a form, comprising: (“The embodiment manages ACL entries as a function of user-specific object access data. More particularly, in response to a request at 102 associated with a request by a specific user having an access control list entry to access a specific file system object, a processing unit executing program code performs file system management processes with respect to the file system data object and the user by determining at 104 whether this specific request by this specific user is authorized for access to the object as a function of ACL metadata for the object and the Paragraph 0022. The time property fields that will be discussed as follows are set for a specific user [grantee] and a specific file system object [form].)
selecting one or more grantees; selecting a form, (“FIG. 2 illustrates one example wherein ACL rule permissions stored at 105 are effective only during a specified time period controlled by time duration constraints for each user entry in the ACL 103… This embodiment extends the Access Control List capabilities within the file system to allow an administrator or other user who owns the requested file system object or is otherwise granted control of the object to specify a duration constraint metadata (dtime) when creating or modifying ACL's” Paragraphs 0029-30. An administrator user selects a user in an ACL [grantee] to assign permissions regarding a file system object [form].)
…setting time range permission time ranges for the time property fields, (“the determination of access for a given user (at 104 of FIG. 1) comprises application of specific duration constraints assigned by the ACL rules 105 relating to the validity of a user ACL entry, wherein any access request at 102 having a date or time outside of the duration constraint results in a denial of access condition” Paragraph 0030. A time range in which a specific user can access a file system object is set by the administrator user.)
wherein a time range permission time range for each time property field is set respectively, (“ACL rule permissions stored at 105 for a given user ACL specify an inactivity time period (itime) that provides for the expiration of an ACL entry after an Paragraph 0032. “a validity period is determined as a function of a specific length of time after a first access time indicated by a valid time (vtime) metadata entry, wherein at 314, regardless of any subsequent access times (such as those indicated by an ACL atime entry), the ACL entry is only valid for a specific length of time after the first access time indicated by the vtime data at 312” Paragraph 0036. Time property fields include dtime (Paragraph 0030), itime, and vtime for which an administrator user sets a permission time range for each time property field.)
said permission time range comprises one or more of the following six types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, a time range from a start time to a deadline, a time range where a time field value is null, and a time range from a system initial time to a current time, wherein the time range from the system initial time to the current time comprises the time range where the time field value is null; (“the dtime metadata specifies a "Begin Date/Time" field that specifies a date and time on which access to the object begins, and an "End Date/Time" field that specifies the ending date and time for the granted access. Thus, the date and time of the current access request 102 is determined at 202, and at 204 an access control evaluation process determines whether the date and time of the user request 102 satisfies the duration constraint by falling within said dtime begin and end date/times.” Paragraph 0030. The permission time range is a duration comprising a start date/time and an end date/time. The claim only requires one type of Paragraph 0037: a determination of an initial time (atime) and an end time by adding a time range to the initial time is made, which reads on “a time range from a deadline to a system initial time”.)
and after completing setting the permission time ranges, saving the settings. (“The embodiment helps to reduce potential security exposures and increase operational efficiencies by allowing the administrators to constrain access for any specific user to a specific, time based, duration when the ACL is being created or modified” Paragraph 0031. After the administrator sets the permission time ranges, the settings are saved in the ACL.)
PRICE does not teach and displaying time property fields for which permission time ranges need to be set in the selected form.
However, HUA, which is directed to setting user permissions by an administrative user, teaches and displaying time property fields for which permission time ranges need to be set in the selected form(“When a delegated administrator creates or adds a new user, the delegated administrator may assign a permission set to that user. A permission set may be used to determine the access right of a user relative to, for instance, objects, fields, pages, etc. A delegated administrator may also un-assign a permission set. A user interface associated with the permission management module 470 may display a list of permission set added by an administrator of a delegated administration group. The user interface may display an option to add a permission set to the list of permission sets and an option to remove a permission set from the list of permission sets.” Paragraph 0109. PRICE teaches that an administrator sets time permission ranges for a plurality of time properties that control the access rights of a 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by PRICE by providing the administrator with a user interface that displays options to set permissions for a specific user as taught by HUA. Since both references are directed to access rights tailored to specific users and file system objects, the combination would yield predictable results. This would merely be incorporating a well known method such as form fields, drop down menus, and other common user interface elements into the method of setting time permissions ranges taught by PRICE. Furthermore, HUA (Paragraphs 0045, 0048) teaches an advantage of such a a user interface would be reducing the administrative time managing a user’s rights. This supports the goal of PRICE (Paragraph 0031) of allowing an administrator to control settings for time-based access permission rather than relying on manual review and intervention.
PRICE in view of HUA does not teach selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; 
selecting a template: selecting an existing grantee or a created template as an authorization template, and updating a permission time range value of the time property field to be a permission time range value of a corresponding time property field in the authorization template; (“The administrator can associate a user authorization level template with a user by selecting a template from a template drop down menu 144. A set of defined templates are stored in database 24 that provide an administrator the ability to create or change user permissions for a single user and any combination of multiple applications based on the person's job title… This allows the administrator to select a user authorization level template based on the user's job title.” Paragraphs 0026-27. “As shown in FIG. 7, an administrator can create new templates or edit/delete existing templates to define user authorization levels across multiple applications.” Paragraph 0029. An administrator creates or chooses an existing template for a specific user that defines the user’s permissions for a plurality of applications. In view of PRICE, it would have been obvious for the template to include the time permission ranges set by the administrator to limit the user’s access of file system objects to a specific time.)
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the user interface for setting of time permission ranges by an administrator that control the access rights of a specific user to a specific object taught by PRICE in view of HUA by allowing an administrator to create or modify a template containing the desired time permission ranges, as taught by CLARK. Since the references are directed to assigning access rights by an administrator, the .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Houston (US 2004/0030702 A1) teaches an ACL including assigning start and end times to users and documents, with the users being on a start list or an end list. (¶ 25)
Howarth (US 2014/0280129 A1) teaches role-based templates for implementing security rules. (Abstract)
Bhatti (US 2010/0306268 A1) teaches determining an effective date constraint for a user with multiple roles, each role having date constraints for access of a system resource. (Abstract, Fig. 7B)
Schulze (US 2018/0018448 A1) teaches managing permissions, including role-based access control, in which one user can assign permissions customizable for each other user. (Abstract)
Torman (US 2016/0105409 A1) teaches assigning permissions to specific users, including the actions the user can perform. (Abstract, Fig. 2A)
Beck (US 2008/0162707 A1) teaches time-based permissioning, including setting a start and end time on a user interface. (Abstract, Figs. 3-4)
Danner (US 2007/0208857 A1) teaches granting of time-based permissions, including setting different time ranges and recurrence patterns. (Abstract, Fig. 7)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAMI RAFAT OKASHA whose telephone number is (571)272-0675. The examiner can normally be reached M-F 9-5 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kieu Vu can be reached on (571) 272-4057. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/R.R.O./Examiner, Art Unit 2173                                                                                                                                                                                                        

/KIEU D VU/Supervisory Patent Examiner, Art Unit 2173