DETAILED ACTION
Claim 1, 8, 12 and 13 has been amended.
Claims 1 – 9 and 12 – 13 have been examined and are pending.

Continued Examination
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4 May 2022 has been entered.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 9 and 12 – 13 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over US Patent Application Publication No. 2014/0380048 to He et al. (hereinafter He).

Claim 1, He discloses (¶31) a secure mechanism for controlling access to computer resources made available to a client entity by a cloud computer system, and it includes:
method for managing a cloud computing system (He teaches ¶16 managing the cloud computer system) able to allocate computing and network resources to a plurality of clients, each client being associated with at least one user likely to access computing and network resources allocated to the client by the cloud computing system (He discloses ¶26 a server situated between terminals of a plurality of users (¶105) and a platform of a cloud computer service supplier for making computer resources available and accessible to at least one client entity) said method being performed by at least one hardware element of the cloud computing system (He teaches (Figs. 2,3 and ¶112) hardware elements of the cloud computing system such as processor and memory) and comprising for at least one client of the cloud computing system (He ¶26 teaches cloud computer service supplier that provides computer resources to at least one client);
providing, to said plurality of clients, a meta-model comprising a plurality of elements, said meta-model being common to the plurality of clients and allowing each of the plurality of clients to instantiate a plurality of distinct: access control models of different types; and access control policies, by parameterizing the plurality of elements of the meta-model (He ¶34-¶35 teaches providing a metamodel to clients (i.e. a metadata file) describing common elements or “plurality of elements” defining the model to all clients (e.g. role, action, subject, view) or “meta-model being common to the plurality of clients“, and this metadata file can be personalized and parameterized and modified dynamically by the client entity so as to enable access to be controlled in a manner that is adapted to the needs of that client entity at a given instant and to the access policy it desires to implement for its resources and its users. From this metadata file, customized access control models and an access control policy of different types for clients are derived and various structures for these elements e.g. expected format/attributes etc.)
 receiving from each of the plurality of clients a respective instance of the meta-model each received instance defining for said respective client an access control model and an access control policy based on this access control model, as parameterized by the respective client (He ¶34-¶35 teaches personalized words and metadata file elements defined and parameterized by each client specifically for the model (e.g. role, action, subject, view) and a structure for these elements e.g. expected format/attributes. The access control model and policy are configured by the supplied distinct metadata file, and they can be modified dynamically by the client entity in a personalized manner that is adapted to the needs of that client entity.)
for each of the plurality of clients, applying said access control policy of the respective instance of the meta-model to control access of a user of the client to at least one resource allocated to the client by the cloud computing system (He teaches a plurality of client accounts (¶119-¶123) with users or groups that have user rights defined in terms of access to the resources made available to the entity by the cloud computer system. The access policies are defined by the client entities and processing rules defined by the access control policies are applied ¶138-¶143 in the context of this model. The verification unit applies the access control model and the access policy to the resource and determines whether the user has the access rights permission i.e. authorized to access the resource).

Claim 2, He discloses all the elements of claim 1. Further, He discloses:
a perimeter of the access control model defining a plurality of entities involved in the access control policy of the client (He discloses (¶137) metadata file describing an access control model and defining names, formats of the access control policies corresponding to the model and various entities of the model) metadata defining, for each entity, at least one attribute category associated with that entity (He discloses (¶138) metadata file describing attribute category (e.g. Role) associated with that entity <EntityAttribute>Role<EntityAttribute>) data defining possible values for each attribute category defined by the metadata (He discloses (¶Annex 2) that data (i.e. file structure) defines values (i.e. permission level) for each attribute category (e.g. role) defined by the metadata. <PolicyFormat> (Subject, Role, Action, Object, Role equal = “”, permission </PolicyFormat>. Further, the Office notes that additional data is typical of a model of access control policies and the inclusion thereof is considered to be a mere configuration option that a person skilled in the art would choose) at least one meta-rule identifying one or several attribute categories defined by the metadata and used to provide an instruction in accordance with the access control policy of the client (He discloses (¶137) metadata file describing meta-rule and an instruction (action) in accordance with the access control policy <PolicyFormat>(Subject, Role, Action, Object … </PolicyFormat>) at least one access control rule based on said at least one meta-rule and providing an instruction in accordance with the access control policy of the client (He discloses (¶138) a metadata file META-RBAC issued for the access control model. The processing rules defined by the access control policies applied in the context of this model. For example, for a subject, an action, an object (e.g. resource R1) and a role associated with the subject, these rules should specify the access rights that are allocated i.e. "permission") a set of values assigned by the client to each entity defined for this client in the perimeter of the access control model, for each attribute category associated with this entity and comprised in a meta-rule, said assigned values being selected from the data (He discloses (¶107-¶111) a set of values (e.g. permission authorization) selected from the data (i.e. file structure), and assigned by the client for each attribute category (e.g. ‘Role’) associated with the entity (e.g. "a developer is authorized to manage such and such a program between 8:00 AM and 4:00 PM", "a manager is authorized to administer a memory space via an IP address that is distinct from IP addresses associated with the office", etc.)

Claim 3, He discloses all the elements of claim 2. Further, He discloses:
wherein said plurality of entities comprises at least one subject, and/or at least one object, and/or at least one action; He discloses (¶137-138, Annex 1) metadata file with a plurality of entities describing subject, object, action as per the access control policy <PolicyFormat>(Subject, Role, Action, Object … </PolicyFormat>.


Claim 4, He discloses all the elements of claim 2. Further, He discloses:
wherein at least one attribute category defined for an entity is selected from a security level; a role; a type; and a field; He discloses (¶138) that attribute category defined for an entity is selected from a ‘role’ for a subject which might be “admin”, “manager”, “employee”, etc.

Claim 5, He discloses all the elements of claim 2. Further, He discloses:
wherein at least one instruction provided by said at least one rule comprises an authorization or a denial of access to a determined resource allocated to the client by the cloud computing system; He discloses (¶23-¶25) verifying that the user is authorized to access the computer resource via the terminal by applying to the user and to the resource an access control model and an access control policy corresponding to the model, which model and policy are obtained by the authentication and authorization module for the client entity; and if the user is authorized to access the computer resource, sending to the platform a request derived from the access request on the basis of at least one second authentication parameter for authenticating the client entity with the platform; or else rejecting the access request.

Claim 6, He discloses all the elements of claim 1. Further, He discloses:
wherein the instance of the meta-model is provided by said client via a configuration interface of the cloud computing system common to said plurality of clients; He discloses (¶156) that terminal 2 interface is used by the platform to inform the client(s) that the user has been authenticated successfully and the requested access to the cloud computing resource is granted.




Claim 7, He discloses all the elements of claim 1. Further, He discloses:
wherein the instance of the meta-model provided by the client defines an access control model of the RBAC, OrBAC, ACL, DTE, ABAC or MLS type; He discloses (¶138) shows an example of a metadata file META-RBAC issued for the access control model known as RBAC.

Claim 8, do not teach or further define over the limitations in claim 1. Therefore, claim 8 is rejected for the same rationale of rejection as set forth in claim 1.

Claim 9, do not teach or further define over the limitations in claim 2. Therefore, claim 9 is rejected for the same rationale of rejection as set forth in claim 2.

Claim 12, do not teach or further define over the limitations in claim 1. Therefore, claim 12 is rejected for the same rationale of rejection as set forth in claim 1.

Claim 13, do not teach or further define over the limitations in claim 1. Therefore, claim 13 is rejected for the same rationale of rejection as set forth in claim 1.

Response to Arguments
Applicant’s arguments, filed on 05/04/2022, with respect to Claims 1 – 9 and 12 - 13 have been fully considered and they are persuasive. Upon further consideration and search, and in view of the current amendments, the Examiner withdraws the single-reference 35 USC § 103 rejection and instead introduces the 35 USC § 102 rejection using the same reference (He et al., 2014/0380048).
In respond to the argument on Pg. 11-12, “the metadata file disclosed in appendix 1 allows defining single access control model and therefore cannot be assimilated to the meta-model mentioned in claim 1,” the Office disagrees with this interpretation of the He reference, and notes that He (¶34-¶35) clearly discloses a generic/common/blank metadata file with plurality of elements (e.g. role, action, subject, view) for each model is provided to the client, and this file is modified dynamically by the client entity so as to enable and configure access control model and policy in a manner that is adapted to the needs of that client entity at a given instant and to the access policy it desires to implement for its resources and its users. This customization of this generic metadata file by the respective client, is similar to the meta-model mentioned in Claim 1.
In respond to the argument on Pg. 12-13, “He does not disclose providing client with a meta-model as mentioned in claim 1,” the Office disagrees with this interpretation of the He reference, and the Office notes, however, at the time of filing it would be obvious to one of ordinary skill in the art to provide the generic meta-model file to a plurality of client and this file is customized and modified dynamically by the client entity so as to enable and configure access control model and policy in a manner that is adapted to the needs of that client entity and its users. The meta-model may be seen as a further abstraction of the data, architecture, and processes of a repository. A meta-model may be considered as an explicit description in terms of constructs, rules, and the like, that a specific software model should adhere to. So, it is implicit that at first, the client would be provided with a generic metadata file defining the model (e.g. role, action, subject, view, expected format and/or attributes), and then the client defines and personalized the access control model accordingly, and sends it back to the cloud server.
In respond to the argument on Pg. 14-15, “He does not disclose or suggest an instantiation by the client of the meta-model in order to define an access control model and an access control policy based on this access control model … metadata file is not sufficient for the server to verify the access rights of users and in addition an access control policy must be supplied by a client to the server to verify the access rights of the users,” the Office disagrees with this interpretation of the He reference, and notes that He clearly teaches metadata file describing access control model (¶137) and the processing rules defined by the access control policies should specify the access rights of users (¶138).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN KHAN whose telephone number is (313) 446-6574 and fax number is (571) 483-7559. The examiner can normally be reached on MONDAY - THURSDAY. 	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Christopher L. Parry can be reached on (571) 272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H. A. K./
Examiner, Art Unit 2451	

/Chris Parry/Supervisory Patent Examiner, Art Unit 2451