Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
The instant application having Application No. 16/588,466 is presented for examination by the examiner.  Claims 1, 3-7, 9 and 10 have been amended.  Claim 8 is canceled.  Applicant’s response has now been deemed fully responsive and having amended claims from the examined claim set filed 3/18/20.

Response to Amendment


Claim Rejections - 35 USC § 101
Rejections under this statute have been overcome by amendment.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-7, 9, and 10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As per claim 1, a resource is defined multiple times.  Multiple resources are introduced in the providing step but these later recitations of resources should be distinguishable from one another and multiple resources.  Later the claim recites “the multiple resources” but that causes confusion because (i) “multiple resources” is defined, (ii) “a resource” is defined multiple times, and (iii) “the resources” is recited in the last step.  The claim should be cleared up so there is no mistake that the multiple resources are resources the user seeks to have access to and the resources of the enhanced APIs appear to be programming objects that when executed facilitate the authorization process.
It is unclear to what the one or two embodiments of security framework allude.
The preamble recites user authorization and later the performing step reintroduces user authorization.  It is unclear if they are the same or not. The preamble introduces a set of authorization APIs.   The performing step further uses this term having been developed by the SDK but that step is absent and unclear where that occurs.  Furthermore, the SDK comprises an enhanced set of authorization API’s.  It is unclear if these are the same or different from the set of authorization.  The claim is further indefinite when “the authorization API’s” is recited because it not clear if the antecedent basis is the set, the enhanced set, or both.
The last step is confusing because the step sets out to providing access to the resources through a memory to store an access token.  It is unclear how the shared session cache memory and the action “to store” are associated.  Does this step simply mean access is provided by storing an access token in a shared session cache memory? 
Dependent claims, 2-7 and 9 are at least likewise rejected for failing to correct the indefiniteness of claim 1.  Examiner suggests that Applicant carefully review all of the dependent claims for similar antecedent basis problems.
As per claim 10, the user authorizations lack antecedent basis.  User authorization is defined later in the claim but not prior to the first instance.  Similarly, as described above, the relationship between one or more API’s and the enhanced set of API’s is unclear.  Claim 10 recites that the computing environment comprises one of more API’s but is never clearly used in the claim.  The set of authorization API’s creates an unknown antecedent basis.  This exact term does not precisely refer back to either API in the claim.  The phrase “that enhanced set” should be “the enhanced set” in the third clause.
A multitenant computing environment is defined but later assumed recitations do not properly address the term.  The multitenant computer environment and the computing environment are two instances in the body of the claim.

Response to Arguments

Applicant’s arguments with respect to claim(s) 1-7, 9, and 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-7 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over USP Application Publication 2006/0168054 to Burkhart et al., hereinafter Burkhart in view of USP 8,365,150 to Wong et al., hereinafter Wong.
As per claim 1, Burkhart teaches a computer-implemented method for providing user authorizations utilizing a set of authorization application program interfaces (APIs) (0044 and 0054), the method comprising: 
providing an SDK for a client web application which performs user authorizations for multiple resources within an on-demand services environment (Fig.6 and 0057), wherein the SDK comprises an enhanced set of authorization APIs (0044),  
and wherein the enhanced set of authorization APIs is configured to: 
provide a resource so that a developer can include developer-defined user information (0042); 
provide a resource to allow the developer to utilize one of a cookie, or a server-side storage for storing the developer-defined user information (0042); and 
provide a resource to allow the developer to utilize one or two embodiments of security framework (0044), 
performing user authorizations with the authorization APIs developed by the SDK (alerts sent to user’s toolbar/messaging application; 0044), wherein the performing the user authorizations with the authorization APIs is through a client web application executed by a hardware computing device (0042) to allow access to the multiple resources within the on-demand database services environment [user can then view items from his/her page from the commerce site; 0042];
 providing, based on the user authorizations and with one or more computing devices, access to the resources [0041, takes user to associated user page]. 
The claim is interpreted as using BRI in light of the above-mentioned deficiencies under 112(b).  Furthermore, the enhanced set of authorized APIs do not carry patentable weight for a number of reasons.  The claim is directed to a method of using API’s for user authorizations.  However, the enhanced API’s are not positively relied upon to perform any actions in the performing and providing steps.  This raises the question if they are used even though they may be part of the SDK.  Clearing up the numerous indefinite issues and actually using the particulars of the set of enhanced APIs to provide user authorization would at least give this subject matter patentable weight.  
Burkhart is silent in explicitly teaching a shared session cache memory to store an access token.  Burkhart has user information stored on the server.  On the other hand, Wong teaches using cookies to store data between two entities using API to interface with one another (col. 12, lines 13-20 and 38-45).  Burkhart teaches that SDK can be installed on either side of the communication to pass API commands back and forth and saving data.  Cookies are just one form of token that can exist across a session and in view of Wong, cookies could have obviously been used in the system of Burkhart to store the user’s alert criteria.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   Using cookies as a token to specify the user’s alert criteria does not yield any unpredictable results.

As per claims 2-7 and 9, Burkhart anticipates these claims because they do not add anything to the method of claim 1 in terms of patentable weight.  They are interpreted as further conditions to the enhanced set of API’s or additional API’s of the enhanced set which fail to provide patentable weight as explained in the rejection of claim 1.  

Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Burkhart in view of USP Application Publication 2010/0293094 to Kolkowitz et al., hereinafter Kolkowitz.

As per claim 10, Burkhart teaches a multi-tenant database system, comprising: 
A multitenant computing environment (Fig. 6, 600) comprising a database system to store data for each of multiple tenants (Fig. 6, 640), wherein the multitenant computer environment is configured to provide multiple resources to multiple tenants (Fig. 6, 616, 612, 614, 622).; 
an application server (Fig. 6, 628) communicably coupled to the computing environment comprising a database system connection and one or more APIs via a network (Fig. 6, 638), the application server to provide network access to the multiple resources of the database system for each of the multiple tenants (0057); and 
a software development kit (SDK) for building client applications which will be accessible on the application server (0044), the SDK comprising an enhanced set of authorization APIs (0043 and 0044), wherein the enhanced set of authorization APIs include developer-defined user information [criterion/messages; 0044] and also using server-side storage [stored at server; 0043].  
and a client web application (0044 and 0057) interface utilizing the set of authorization APIs (0044) as a portion of the user authorizations (0041) executed by a hardware computing device to: 
allow access to the multiple resources within the on-demand database services environment [user can then view items from his/her page from the commerce site; 0042]; 
provide access to the resources based on user authorizations [0041, takes user to associated user page].
Burkhart does not explicitly teach that the API can use cookies, utilizing access to a shared session cache memory to store an access token, and based on the user not being recognized, divert to a security handshake and/or a token request to obtain the access token.  On the other hand, Kolkowitz teaches the API can use cookies (0066), utilizing access to a shared session cache memory to store an access token (0066), and based on the user not being recognized, divert to a security handshake and/or a token request to obtain the access token (0067).  Kolkowitz adds security around the use of cookies used as an access token and when the user fails to produce the proper cookie, the user must then perform a user authentication method.  Cookies are just one form of token that can exist across a session and in view of Kolkowitz, cookies could have obviously been used in the system of Burkhart to store the user’s alert criteria and provide security credential to improve the system security.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   Using cookies as a token to specify the user’s alert criteria does not yield any unpredictable results.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431