Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/15/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings are objected to because of Fig 3 and Fig 4A.  Fig 3, shows Job310f within the Project 310c box.  The Job number should be “Job 320f” per the specification section [0048].  Fig 4A box 420 recites “Required permission processed by the user creating the job?”  The box should recite “Required permission possessed by the user creating the job?” to be consistent with specification section [0058].
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 11-19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Marcotte (2014/0123312) in view of Bartlett (8,856,291) in view of O’Neill (2014/0310769).

Regarding claim 1, Marcotte teaches
a computer-implemented method, implemented by a computing system, the method comprising: (Marcotte, [0019] More specifically, various embodiments of the present invention relate systems and methods for providing token-based access control to various portions of information, action logs, end-user information, and/or other data sets.)
receiving, from a client device associated with a user, (Marcotte [0029] user device 115 executes an application allowing a user of user device 115 to interact with the access management system 150.) a job associated with a project, wherein the project is associated with one or more data sources; (Marcotte, [0034] In some embodiments, workflow engine 215 can be configured to receive an event (e.g., request from an end-user) and generate a workflow associated with the event. [0028] Various embodiments of the present use access management system 150 to manage the access the users (both end-users and employees) have to the information and data stored on databases 135 and 140.) (Examiner Note: workflow event maps to job, workflow maps to project)
identifying a plurality of inputs … associated with the job; (Marcotte, [0022] While, for convenience, embodiments of the present invention are described with reference to employee access to selected portions of end-user data, company data, and/or analytics, embodiments of the present invention are equally applicable to various other applications.) (Examiner Note: data maps to inputs)
determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; (Marcotte, [0040] Permission evaluation module 235 can be configured to receive and evaluate a request from the user to access an additional portion of the data in order to respond to the event or workflow assignment.)
verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and (Marcotte, [0046] Once the access management system receives a request to access a portion of the data at receiving operation 330, verification operation 340 uses the tokens to verify if access to the data is allowed.)
generating a token associated with the job, …, wherein the token is required for execution of the job (Marcotte, [0037] In some embodiments, the tokens generated by token generator 220 are permission objects that match identifiers according to some pre-configured matching rule [0034]  In addition to the workflow, workflow engine 215 can use token generator 220 to generate one or more workflow specific tokens to temporarily grant a user access to a portion of the data in order to respond to the event based on the created workflow.)
Marcotte teaches workflows that perform actions,1 record data and can edit data but does not explicitly teach a plurality of outputs associated with the job.
However Bartlett teaches a plurality of outputs associated with the job (Bartlett, Col 3, lines 41-44, Each data destination workflow component that is defined for a workflow2 may correspond to providing output data from the defined workflow to one or more storage locations and/or in one or more manners.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Bartlett’s plurality of outputs with Marcotte’s workflow permissions because data storage (servers) is/are increasingly networked and decentralized, that is, the data to manage and analyze is in many locations (Bartlett, Col 1, lines 7-15 In addition, as software programs increasingly execute in online and other networked environments, the data to manage and analyze is increasingly accessible in disparate locations and manners, which may increase the complexity of managing and analyzing such data.)
Marcotte teaches tokens to control access3 and combining tokens.  Marcotte does not teach the token encoding the required permissions associated with the job.
However O’Neill teaches the token encoding the required permissions associated with the session (O’Neill, [0110] A session credential may be a collection of information that may be used for gaining access to one or more computing resources. In an embodiment a session credential includes a token which encodes the collection of information.  [0114]  As noted, the session credential may encode one or more policies applicable to a holder of the session credential. Computing resource 1208 may also apply such policies that are encoded in the session of credential and determine whether such encoded policies permit or prohibit the request.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined O’Neill’s token encoding as part of access control with Marcotte’s access token because doing so improves access permission in sophisticated usage policies (O’Neill [0002] As the number and size of such computing resources, and their user communities, have grown and become more sophisticated, a need has arisen to establish increasingly sophisticated usage policies. For example, such policies may include policies that address security, privacy, access, regulatory and cost concerns. Policies may be applied to various users to control access to various computing resources accordingly. As just one example, some users may be allowed to read, write, and delete a certain set of data while other users may be allowed only to read the data and while other users may have no access to the set of data.  [0003] Conventional techniques for accomplishing permission delegation and/or reliable authentication can be cumbersome and, in many instances, may involve unnecessary risk.)

Regarding claim 2, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, wherein the job comprises one or more data transformations (Bartlett, Col 3, lines 10-14, Each data manipulation workflow component that is defined for a workflow may correspond to performing one or more defined data transformations or other manipulations on data that is input to the data manipulation workflow component.)
Bartlett is combined with Marcotte for the same reasons as claim 1 (systems are increasingly networked and online).

Regarding claim 3, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, wherein the one or more data sources associated with the project comprise: 
one or more data sources internal to the project; or (Bartlett, Col 2, lines 27-32, In some embodiments, the configurable workflow service may provide internal storage locations for use by clients in storing their source data, with a particular data source corresponding to such an internal storage location, while in other embodiments and situations, a particular data source may be external to the configurable workflow service,)
Bartlett is combined with Marcotte for the same reasons as claim 1.
one or more data sources external to the project, wherein the project comprises a reference to each of the one or more data sources external to the project.  

Regarding claim 4, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, wherein the one or more required permissions comprise: 
reading data from a data source external to the project; or (Bartlett, Col 2, lines 61-64, Thus, in some situations and embodiments, a particular defined workflow may obtain and use data from multiple data sources, with some or all of the data sources optionally being external to the configurable workflow service.)
Bartlett is combined with Marcotte for the same reasons as claim 1.
writing to a data source external to the project.  

Regarding claim 5, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, further comprising: 
identifying a plurality of permissions possessed by the user; (Marcotte, [0035] Token generator 220 can generate default tokens in addition to the workflow specific tokens requested by workflow engine 215. Default tokens can include a set of default permissions and/or restrictions. These default tokens can be created and assigned to individual users based on company policies, job titles, job duties, and/or any other criteria.) and 
verifying that the permissions possessed by the user comprise the one or more required permissions associated with the job  (Marcotte, [0042] Priority module 240 can be configured to resolve access permissions based on multiple specific tokens assigned to the user. … Recommendation module 245 analyzes the conflicts and requests for additional permissions and provides recommendations for which permissions and data access should be associated with workflow events.  [0046] Once the access management system receives a request to access a portion of the data at receiving operation 330, verification operation 340 uses the tokens to verify if access to the data is allowed.)

Regarding claim 6, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, further comprising: 
receiving, from a service, a request for the token associated with the job; (Marcotte, [0040] Permission evaluation module 235 can be configured to receive and evaluate a request from the user to access an additional portion of the data in order to respond to the event or workflow assignment. [0047] Determination operation 420 determines the rules associated with each of the user's tokens. )
verifying that the service is authorized to execute the job; (Marcotte, [0051] Once the request has been received, verification operation 570 verifies that the tokens provide sufficient privileges to access the data.) and 
granting the token to the service (Marcotte [0034]  In addition to the workflow, workflow engine 215 can use token generator 220 to generate one or more workflow specific tokens to temporarily grant a user access to a portion of the data in order to respond to the event based on the created workflow.)  (Examiner Note: the user satisfies the service)

Regarding claim 7, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 6, further comprising: 
determining that the service has completed executing the job; and 
revoking the service's entitlement to the token (Marcotte, [0051] Once the task has been completed and/or a preset expiration period has been reached, deactivation 580 deactivates the tokens.)

Regarding claim 8, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, further comprising: 
receiving, from a service, a request to execute one or more data transformations, (Bartlett, Col 3, lines 10-14, Each data manipulation workflow component that is defined for a workflow may correspond to performing one or more defined data transformations or other manipulations on data that is input to the data manipulation workflow component.) wherein the request comprises the token associated with the job; (Marcotte, [0037] In some embodiments, the tokens generated by token generator 220 are permission objects that match identifiers according to some pre-configured matching rule [0046] Once the access management system receives a request to access a portion of the data at receiving operation 330, verification operation 340 uses the tokens to verify if access to the data is allowed)
verifying that the required permissions encoded in the token comprise each of one or more permissions required for executing the one or more data transformations; and (O’Neill [0042] More generally, the session credential may encode information that is requisite to fulfill a set of one or more conditions for performing one or more operations in connection with one or more computing resources. A user may request a session and a session credential may be generated accordingly.  [0064] The verification mode component 320 may be further configured to process requests for verification mode tokens (e.g., cryptographic tokens), and to authenticate such tokens.)
communicating, to the service, a response approving the request (Marcotte [0037] In some embodiments, the tokens generated by token generator 220 are permission objects that match identifiers according to some pre-configured matching rule (e.g., a Boolean matching rule or algorithm that results in a true/false output indicating the decision). This matching rule can then be used to either allow or deny access to data in a granular fashion.  [0048] If the rules are satisfied, the compliance operation 440 branches to access operation 450 where access to the data is granted.) 
Bartlett and O’Neill are combined with Marcotte for the same reasons as claim 1.

Regarding claim 9, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 8, further comprising: obtaining a result associated with execution of the one or more data transformations; (Bartlett, Col 8, lines 1-8, As part of provisioning such computing nodes and/or of executing workflow worker processes on the computing nodes, additional interactions with one or more storage locations may be performed to obtain input data to be used and/or to store results data that are produced, including for intermediate results data for use by other workflow worker processes of the defined workflow.
verifying that the service possesses one or more permissions required for accessing the result; and (Marcotte, [0036] In some embodiments, portions of the data can include unique data identifiers which can be specified within the tokens. In other cases, metadata or other data associations (e.g., all users in China) can be specified within the token in order to identify portions of data to which a rule will apply. This information can be used in verifying and determining which portions of the data the user can access.)
providing the result to the service (Bartlett, Col 13, lines 17-19, those data results are configured to be sent to the database 210 as final output of the defined workflow, and to be stored as part of the data groups 212,)
Bartlett is combined with Marcotte for the same reasons as claim 1.

Claims 11-19 are system claims for the method claims 1-9 and are rejected for the same reasons as claims 1-9.

Claim 20 is a media claim for the method claim 1 and is rejected for the same reasons as claim 1.

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Marcotte (2014/0123312) in view of Bartlett (8,856,291) in view of O’Neill (2014/0310769). In view of Drake (2020/0053088).

Regarding claim 10, Marcotte, Bartlett and O’Neill teach
the computer-implemented method of claim 1, further comprising: 
receiving, from a service, a request to execute one or more data transformations, (Bartlett, Col 3, lines 10-14, Each data manipulation workflow component that is defined for a workflow may correspond to performing one or more defined data transformations or other manipulations on data that is input to the data manipulation workflow component.) wherein the request comprises the token associated with the job; (Marcotte, [0037] In some embodiments, the tokens generated by token generator 220 are permission objects that match identifiers according to some pre-configured matching rule [0046] Once the access management system receives a request to access a portion of the data at receiving operation 330, verification operation 340 uses the tokens to verify if access to the data is allowed) 
Bartlett is combined with Marcotte for the same reasons as claim 1.
determining that at least one of the one or more data transformations require a permission (Marcotte, [0042] Priority module 240 can be configured to resolve access permissions based on multiple specific tokens assigned to the user. For example, in some situations the rules may conflict which one token granting access while another token would restrict access to a certain data portion. For example, in some embodiments, the tokens may have an embedded priority level which can be used by priority module 240 to resolve conflicts.)
encoded in the token; and (O’Neill, [0110] A session credential may be a collection of information that may be used for gaining access to one or more computing resources. In an embodiment a session credential includes a token which encodes the collection of information.  [0114]  As noted, the session credential may encode one or more policies applicable to a holder of the session credential. Computing resource 1208 may also apply such policies that are encoded in the session of credential and determine whether such encoded policies permit or prohibit the request.)
communicating, to the service, a response denying the request (Marcotte [0037] In some embodiments, the tokens generated by token generator 220 are permission objects that match identifiers according to some pre-configured matching rule (e.g., a Boolean matching rule or algorithm that results in a true/false output indicating the decision). This matching rule can then be used to either allow or deny access to data in a granular fashion.) 
Marcotte teaches a permission priority level to resolve token conflicts.  Marcotte does not  teach a permission exceeding the required permissions.
However Drake teaches determining that at least one of the one or more data transformations require a permission exceeding the required permissions encoded in the token; and 
communicating, to the service, a response denying the request. (Drake [0039] In some cases, the policy decision point accesses information indicating an authorization of the particular user to access the resource system. For example, the policy decision point may receive permissions information for the requested resource system. The permissions information may indicate that the requested computing system is available to authenticated users having a particular level of permissions (e.g., network administrator, premium subscriber, super-user). In addition, the permissions information may indicate that authenticated users who do not meet (or exceed) the required level of permissions are not authorized to access the resource system.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Drake’s permission levels with Marcotte’s permissions because doing so improves access control by considering multiple permissions (Drake [0003] The access gateway may determine an intrinsic value of each of the authentication factors, and may also determine a cumulative assurance level of the authentication data based on a combination of the intrinsic values. … Based on the cumulative assurance level, the access gateway may allow the group of computing devices to access the associated resource systems in the multi-resource computing environment.)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Mathew (7,685,206) teaches access control authorization with a token.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRUCE S ASHLEY/               Examiner, Art Unit 2494                                                                                                                                                                                         


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 (Marcotte [0049] The workflow event can be any request, signal, message, or other indicator for initiating a workflow to perform an action.  [0060] Additionally, action log 630 records a user's interactions [0039]  For example, suppose an event requesting removal of an inappropriate post from a social networking site is received)
        2 Bartlett discloses a workflow component in the context of a workflow which maps to a job in a project.
        3 Marcotte [0020] unique tokens (e.g., system objects encapsulating security information and/or descriptors) can be issued to each employee. These tokens can include default tokens that restrict certain access (e.g., access to data relating to other employees) or workflow tokens that temporarily grant specific access to specific portions of the data subject to the default token restrictions. [0037] By combining the different types of tokens different policies can be enforced.