DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/10/2022 has been entered.
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given with Applicant’s representative, Joel Gotkin on May 17, 2022.  

The application has been amended as follows: 

Claims
Please replace claims as following: 
Claim 1 (Currently Amended) An information processing apparatus comprising: a hardware processor configured to: 
obtain first authority information indicating possession of authority over a server, the first authority information being associated with identification information of a user, and second authority information indicating possession of authority over the server that is different from authority indicated by the first authority information, the first authority information including a first token and the second authority information including a second token, the second token having a range of authority that (a) encompasses a range of authority of the first token and (b) is wider than the range of authority of the first token, the first token being a normal token that is individually set to each user using a service of the server, and the second token being a token that is obtained by an organization and set as usable by users belonging to the organization; 
accept a request for the server; 
in a case where the request is executable with authority based on the first authority information identified by the identification information, add the first authority information to the request and send the request with the first authority information to the server; 
in a case where the request is not executable with authority based on the first authority information and is executable with authority based on the second authority information, add the second authority information to the request and send the request with the second authority information to the server; and
inquire with the server about whether a service is usable before a user selects the service, the inquiry occurring at a same time where the first token and the second token are identified, the first token and the second token being identified when the identification information is obtained.
 




Claim 7 (Currently Amended) An information processing apparatus comprising: 
a hardware processor configured to: 
obtain identification information of a user; 
display, on a display device, a service usable based on first authority over a server, the first authority being associated with the identification information, and a service usable based on second authority over the server different from the first authority, the first -3-Application No. 16/848,265 authority represented by a first token and the second authority represented by a second token, the second token having a range of authority that (a) encompasses a range of authority of the first token and (b) is wider than the range of authority of the first token, the first token being a normal token that is individually set to each user using a service of the server, and the second token being a token that is obtained by an organization and set as usable by users belonging to the organization; 
accept an operation performed by the user to select a service; 
in a case where the selected service is a service usable based on the first authority, output an execution request for the service based on the first authority; 
in a case where the selected service is a service that is unusable based on the first authority and that is usable based on the second authority, output an execution request for the service based on the second authority; and
inquire with the server about whether a service is usable before a user selects the service, the inquiry occurring at a same time where the first token and the second token are identified, the first token and the second token being identified when the identification information is obtained.


Claim 15 (Currently Amended) A non-transitory computer readable medium storing a program causing a computer to execute a process, the process comprising: 
accepting an input of identification information of a user; 
displaying, on a display device, a service usable based on first authority over a server, the first authority being associated with the identification information, and a service usable based on second authority over the server different from the first authority, the first authority represented by a first token and the second authority represented by a second token, the second token having a range of authority that (a) encompasses a range of authority of the first token and (b) is wider than the range of authority of the first token, the first token being a normal token that is individually set to each user using a service of the server, and the second -5-Application No. 16/848,265 token being a token that is obtained by an organization and set as usable by users belonging to the organization;
accepting an operation performed by the user to select a service; 
in a case where the selected service is a service usable based on the first authority, outputting an execution request for the service based on the first authority; 
in a case where the selected service is a service that is unusable based on the first authority and that is usable based on the second authority, outputting an execution request for the service based on the second authority; and
inquiring with the server about whether a service is usable before a user selects the service, the inquiry occurring at a same time where the first token and the second token are identified, the first token and the second token being identified when the identification information is obtained.

Claim 16 (Canceled)
Claim 17 (Canceled)




Examiner's Statement of Reason for Allowance

Claims 1, 2 and 4-15 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to an information processing apparatus includes a 
processor configured to: obtain first authority information indicating possession of authority over a server, the first authority information being associated with user's identification information, and second authority information indicating possession of authority over the server that is different from authority indicated by the first authority information; accept a request for the server; in a case where the request is executable with authority based on the first authority information identified by the identification information, add the first authority information to the request and send the request with the first authority information to the server; and in a case where the request is not executable with authority based on the first authority information and is executable with authority based on the second authority information, add the second authority information to the request and send the request with the second authority information to the server. 
The closest prior art, are Dayan (US 2021/0136084 A1), Ward et al. (US 2006/0248585 A1), Agarwal et al. (US 10, 783,235 B1) and Mao et al. (US 2006/0294192 A1), in which, Dayan disclose implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions; and in which Ward teaches invention provide a method for implementing a mandatory integrity control (MIC) system that provides access control for each and every object and subject that need access control, but in a way that allows legacy operating systems to continue with little modification. The invention provides a novel method that selects an integrity level designator for a subject, when the subject logs onto the computer system. The selected integrity level designator is then added to an existing data structure in the computer system. The existing data structure may be a part of a security descriptor stored in a system access control list of an object. The existing data structure may be a part of a list of security permissions that constitute an access token for a process executing as a subject; and in which Agarwal teaches techniques for secure remote access of computing resources are described herein. In some examples, when a client requests to access a computing resource, a computing service may generate a first password value for the computing resource and transmit the first password value to the client. The client may then generate and transmit key data for entry of the first password value back to the computing service. The client may generate and transmit the key data on the user's behalf, without requiring any activation or selection of keys by the user. Upon receiving the key data, the computing service may enter the first password value into the computing resource, thereby allowing the client to access the computing resource. The computing service may detect the accessing of the computing resource and may change the first password value to a second password value; and in which Mao teaches access control systems and methods regulate access to shared content items in a corpus using visibility tokens. A user provides other users with access to a content item by associating a content token with the content item and associating a matching user token with each user who is to be granted access. A user who attempts to access the content item succeeds only if that user has a user token matching the content token associated with the content item. User tokens can be propagated automatically from one user to another, e.g., based on trust relationships among the users. Content tokens can be indexed with content items so that when a user searches the corpus, a search engine can detect matches between user tokens and content tokens and filter the search results based on whether they are visible to the querying user.

However, none of Dayan (US 2021/0136084 A1), Ward et al. (US 2006/0248585 A1), Agarwal et al. (US 10, 783,235 B1) and Mao et al. (US 2006/0294192 A1), teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claim 1 and similarly Claim 7 and Claim 15.  For example, none of the cited prior art teaches or suggest the steps of Claim 1: accepting an input of identification information of a user; displaying, on a display device, a service usable based on first authority over a server, the first authority being associated with the identification information, and a service usable based on second authority over the server different from the first authority, the first authority represented by a first token and the second authority represented by a second token, the second token having a range of authority that (a) encompasses a range of authority of the first token and (b) is wider than the range of authority of the first token, the first token being a normal token that is individually set to each user using a service of the server, and the second -5-Application No. 16/848,265 token being a token that is obtained by an organization and set as usable by users belonging to the organization; accepting an operation performed by the user to select a service; in a case where the selected service is a service usable based on the first authority, outputting an execution request for the service based on the first authority; in a case where the selected service is a service that is unusable based on the first authority and that is usable based on the second authority, outputting an execution request for the service based on the second authority; inquiring with the server about whether a service is usable before a user selects the service, the inquiry occurring at a same time where the first token and the second token are identified, the first token and the second token being identified when the identification information is obtained

Therefore, the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439