Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to the communication filed on 04/14/2022.  Claims 1-20 are pending in the application. Claims 1, 9 and 17 are independent. Claims 6-7 and 14-15 are objected. Claims 1-5, 8-13 and 16-20 have been rejected.

Terminal Disclaimer
The terminal disclaimer filed on 04/14/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of patent No. 10,637,868 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
Applicant's arguments filed on 04/14/2022 have been fully considered but they are not persuasive for the reasons explained as below.
Regarding the previous 35 USC 103 type rejections of claims 1-5, 8-13 and 16-20, applicant primarily argues the followings:
(a) “Pearlman discloses a system in which a single entity (the CAS) manages polices that govern access to the community’s resources. Pearlman specifies that the CAS specifies who (which users or groups) have permission to use which resource groups, but does not indicate specify who (e.g. what entity) creates the groups or who defines who 1s granted access. Pearlman defines only two entities: (1) resource administrators and (2) users (see page 2, which recites “A CAS server solves these problems by giving both users and resource administrators a single point of contact for dealing with each other.”). If the resource administrators are analogous to the claimed “service provider administrators,” then Pearlman fails to disclose the claimed “enterprise administrators” that define the groups for each enterprise. It would appear that Pearlman teaches that the “resource administrators” also define the groups, as there is no other entity disclosed that might perform this function” (See page 9 of applicant’s remarks filed on 04/14/2022); and 
(b) “Pearlman grants rights to the resources to the entire community, and lets the community manage access control. It does not allow resource managers to specify which enterprises in that community are permitted access to the services or resources … Pearlman thus grants all enterprises in the community the same access rights, and does not permit service provider administrators to define which enterprises are provided access to which services. Applicants’ system permits the service providers to be used in contexts where a service provider administrator wishes to allow the administrator of one enterprise to grant access to services that are unavailable to the administrator of another enterprise. This permits the system to be usable by a community with multiple enterprises (not just multiple groups of users within an enterprise), while allowing the service provider administrator to control such use” (See page 10  of applicant’s remarks filed on 04/14/2022)
In response to the applicant’s arguments that combination of Pearlman et al and Martini references fails to teach expressly “If the resource administrators are analogous to the claimed “service provider administrators,” then Pearlman fails to disclose the claimed “enterprise administrators” that define the groups for each enterprise”, examiner respectfully disagrees. Upon further examination and consideration, primary reference Martini was found to teach a network administrator associated with an access control server  (note Martini,  figure 2.214) and/ or a content management device (note Martini, figure 2.220) that defines various user groups/ roles for each enterprise and creates policy associated with each  user group/ role (note Martini, column 6, lines 25-45 and column 12, lines 5-25; also see column 10, lines 50-55: control server and management device implemented in same computer) Therefore, martini reference teaches such “enterprise administrators”  (e.g. network administrator for access control server 214 and/ or content management device 220 in organization network 208)
In response to the applicant’s arguments that combination of Pearlman et al and Martini references fails to teach expressly, “Applicants’ system permits the service providers to be used in contexts where a service provider administrator wishes to allow the administrator of one enterprise to grant access to services that are unavailable to the administrator of another enterprise”, examiner respectfully disagrees.  Upon further examination and consideration, primary reference Martini was found to teach a network administrator (note Martini, column 6, lines 25-45) for a content management device 220 connected to an access control server 214 (note Martini, figure 2) that grants access to services of another enterprise (note Martini, figure 2: game server 1 and education server2 in external network; also see column 7, lines 38-50: When the user device 210a requests access to an external   resource, a content management device 220 determines the access permissions for the user device 210a to the external  resource based on the user groups 206 and the policy groups 216)
Although server 1 and server 2 in external network (note Martini figure 2) disclosed in primary reference Martini could inherently have their own “service provider administrator”, Martini reference fails to disclose expressly a dedicated administrator for each service/ resource provider. However, secondary reference Pearlman teaches utilization of CAS server by various users and “resource administrators” for facilitating fine grained access control for various communities (note Pearlman, Abstract; and Section 6:  A CAS  server solves these problems by giving both users and resource administrators a single point of contact for dealing with each other)
Therefore, combination of Pearlman and Martini references found to teach the features set forth by the applicant’s arguments, and previous 35 USC 103 type rejections are maintained. Examiner notes, upon further consideration, additional clarification regarding the teachings of Pearlman and Martini are provided in this office action (please see office action below for detail explanations) 

            Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-5, 8-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 8,856,865 B1 (hereinafter Martini) in view of publication “A community authorization service for group collaboration”, 2002, IEEE (hereinafter Pearlman et al)
Regarding claim 1, Martini teaches a method (700) for authorizing individuals of a plurality of enterprises to access one or more services provided by a plurality of service providers, the method comprising:
creating, by an administrator (801) directory service; examiner interprets a content management device 220 connected to a directory service as an authorization management service; note, additionally, an access control server 214 coupled to a directory server can also be interpreted as an authorization management service), a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701) (note figure 1: policy associated with user groups; and column 6, lines 20-23: (e.g., the Managers user group 106c) and that have the same name as one of the aliases as the Managers usage policy group 104c (e.g., the Supervisors user group 106d));
receiving security data 
determining, by the administrator of each of the plurality of enterprises, a subset of the security data that is available for access by a subset of the plurality of groups (703) (note figure 1; and column 6 lines 33-34: The network administrator determines which user group is associated with the policy); and
receiving associating data 
Martini fails to teach expressly creating, by an administrator (801) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150) a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701); receiving security data in the CAM service from each of the plurality of service providers; and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers.
However, Pearlman et al teaches creating, by an administrator (801)  (note page 6, section 6: resource administrator at CAS server) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150) (note page 3, section 3: CAS server is interpreted as CAM service) a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701) (note page 3, section 3: CAS server for community authorization and delegation of rights to the users); receiving security data in the CAM service from each of the plurality of service providers (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server); and wherein the security data is defined by an associated service provider administrator at each of the plurality of service providers (note page 2, section 1: set of rights granted to the community by the resource provider); and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server)
Pearlman et al and Martini are analogous art because they are from the same field of securely managing and authorizing services to users of an enterprise or community. Therefore, at the time of filing of the invention, it would have been obvious to a person of ordinary skill in art to modify Martini method to include features of creating, by an administrator of each of the plurality of enterprises and via a Common Authorized Management (CAM) service a plurality of groups to contain one or more individuals at one of the plurality of enterprises, and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers taught by Pearlman et al in order to provide users with an alternative and fine-grained access control mechanism for provisioning and managing services from plurality of service providers (note Pearlman et al, Abstract, and section 3)
Regarding claim 2, it is rejected applying as same motivation and rationale applied above rejecting claim 1, and furthermore, Martini teaches the method of claim 1, wherein the security data comprises at least one of: access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements (note column 6, lines 31-32, 38-44: security policy including access permissions; examiner interprets access permission as one of the access rights, privilege and authorization)
Regarding claim 3, it is rejected applying as same motivation and rationale applied above rejecting claim 3, and furthermore, Martini teaches the method of claim 2, wherein the security data is accessible by the Pearlman et al teaches a method wherein the security data is accessible by the CAM service (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server)
Regarding claim 4, it is rejected applying as same motivation and rationale applied above rejecting claim 3, and furthermore, Martini teaches the method according to claim 5, wherein the management service is configured with a web interface for user interaction (note column 10, starts at line 56; col. 12, starts at line 33; and column 16, lines 16-22: user interface/ web page to communicate with directory server 202 or other networked servers) Furthermore,  Pearlman et al teaches various interfaces for user interaction with CAM servers (note section 3: community authorization; and section 9.3: CAS server; various interfaces, API  and infrastructure such as GUI interfaces, CAS server, SVE infrastructure etc. for facilitating interaction with the users/ administrators associated with different domains/ servers) 
Regarding claim 5, it is rejected applying as same motivation and rationale applied above rejecting claim 3, and furthermore, Martini teaches the method of claim 1, wherein creating a plurality of groups (205-207, 212-214, 219-221) to contain one or more individuals (202-204, 209-211, 216-218) at an enterprise (201, 208, 215) includes: adding or removing one or more individuals from the plurality of groups (note column 4, starts at line 5; and column 18 starts at line 63: adding/ creating new user groups/ roles)
Regarding claim 8, it is rejected applying as same motivation and rationale applied above rejecting claim 1, and furthermore, Pearlman et al teaches the method wherein the CAM pushes further security data for the associated individuals to each of the plurality of service providers (note section 2.3 and section 3: community authorization: delegation of security data such as credential, policy etc.  to users from CAS server)
Regarding claim 9, Martini teaches a system (100) for authorizing individuals of a plurality of enterprises to access one or more services (223-225, 232-234, 241-243) provided by a plurality of service providers (230, 239, 248), the system comprising at least one processor (802) and memory (804), the at least one memory communicatively coupled to the at least one processer (note column 22, starts at line 23), the at least one memory comprising computer-readable instructions that, when executed by the at least one processor, cause the system to:
create, via an administrator (801)
receive security data in the the parameters, where the parameters define access permissions to the resource D 102d for users in the Administrators user group 106a);
determine, by an administrator (801) 
receive associating data in the 
Martini fails to teach expressly creating, by an administrator (801) of associating individuals with the capability to access the one or more services provided by each of the plurality of service providers.
However, Pearlman et al teaches creating, by an administrator (801)  (note page 6, section 6: resource administrator at CAS server) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150) (note page 3, section 3: CAS server is interpreted as CAM service) a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701) (note page 3, section 3: CAS server for community authorization and delegation of rights to the users); receiving security data in the CAM service from each of the plurality of service providers (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server); and wherein the security data is defined by an associated service provider administrator at each of the plurality of service providers (note page 2, column 1, section 1: set of rights granted to the community by the resource provider); and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server)
Pearlman et al and Martini are analogous art because they are from the same field of securely managing and authorizing services to users of an enterprise or community. Therefore, at the time of filing of the invention, it would have been obvious to a person of ordinary skill in art to modify Martini system to include features of creating, by an administrator of each of the plurality of enterprises and via a Common Authorized Management (CAM) service a plurality of groups to contain one or more individuals at one of the plurality of enterprises, and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers taught by Pearlman et al in order to provide users with an alternative and fine-grained access control mechanism for provisioning and managing services from plurality of service providers (note Pearlman et al, Abstract, and section 3)
Regarding claim 10, it is rejected applying as same motivation and rationale applied above rejecting claim 9, and furthermore, Martini teaches the system wherein the security data comprises at least one of: access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements (note column 6, lines 31-32, 38-44: security policy including access permissions; examiner interprets access permission as one of the access rights, privilege and authorization)
Regarding claim 11, it is rejected applying as same motivation and rationale applied above rejecting claim 9, and furthermore, Martini teaches the system of claim 10, wherein the security data is accessible by the CAM service (note fig. 2.202: directory server communicating with access control server 214; col. 1, lines 29-33; and col. 10 lines 50-65: common platform/ directory service) Furthermore,  Pearlman et al teaches a method wherein the security data is accessible by the CAM service (note page 2, section 1: set of rights granted to the community by the resource provider; and also page 7, sections 7.4:receiving CAS credential from resource server)
Regarding claim 12, it is rejected applying as same motivation and rationale applied above rejecting claim 3, and furthermore, Martini teaches the system wherein the CAM service is configured with a web interface for user interaction (note col 10, starts at line 56; col. 12, starts at line 33; and col 16, lines 16-22: user interface/ web page to communicate with directory server 202 or other networked servers) Furthermore,  Pearlman et al teaches various interfaces for user interaction with CAM servers (note section 3: community authorization; and section 9.3: CAS server; various interfaces, API  and infrastructure such as GUI interfaces, CAS server, SVE infrastructure etc. for facilitating interaction with the users/ administrators associated with different domains/ servers)
Regarding claim 13, it is rejected applying as same motivation and rationale applied above rejecting claim 9, and furthermore, Martini teaches the system wherein the creation of a plurality of groups to contain one or more individuals at an enterprise includes: adding or removing one or more individuals from the plurality of groups (note col. 4, starts at line 5; and col. 18 starts at line 63: adding/ creating new user groups/ roles) 
Regarding claim 16, it is rejected applying as same motivation and rationale applied above rejecting claim 9, and furthermore, Pearlman et al teaches the system wherein the CAM pushes further security data for the associated individuals to each of the plurality of service providers (note section 2.3 and section 3: community authorization: delegation of security data such as credential, policy etc.  to users from CAS server)
Regarding claim 17, Martini teaches a non-transitory computer-readable medium (note col 23, starts at line 1: medium)  for authorizing individuals of a plurality of enterprises to access one or more services provided by a plurality of service providers, bearing computer-executable instructions that, when executed upon a computer, cause the computer to perform operations comprising:
creating, via an administrator (801) 
receiving security data in the policy 108a for the resource D 102d based on the parameters, where the parameters define access permissions to the resource D 102d for users in the Administrators user group 106a), and wherein the security data is defined by an associated service provider administrator at each of the plurality of service providers (note col. 6 lines 33-34; col 11, lines 5-12: associating/ linking access permission to user groups by administrator), and the security data identifies which one of the one or more services provided by each of the plurality of service providers is available to each of the plurality of enterprises (702) (note col. 6 lines 30-33: based on the parameters, where the parameters define access permissions to the resource D 102d for users in the Administrators user group 106a);
determining, 
receiving data in the authorization management service   associating individuals in the subset of the plurality of groups with the capability to access the one or more services provided by each of the plurality of service providers based on the subset of security data (704) (note Fig. 1 and col. 6 lines 38-44: Based on the addition of the policies 108a-c for the resource D 102d to the usage policy groups 104a-c, the network system 100 updates access permissions for the users in the directory service user groups 106a-d, where the access permissions for each particular user are defined in the usage policy groups 104a-c that correspond to the user groups 106a-d which the particular user is a member of)
Martini fails to teach expressly creating, by an administrator (801) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150) a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701); receiving security data in the CAM service from each of the plurality of service providers; and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers.
However, Pearlman et al teaches creating, by an administrator (801)  (note page 6, column 2, section 6: resource administrator at CAS server) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150) (note page 3, column 2, section 3: CAS server is interpreted as CAM service) a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701) (note page 3, column 2, section 3: CAS server for community authorization and delegation of rights to the users); receiving security data in the CAM service from each of the plurality of service providers (note page 2, column 1, section 1: set of rights granted to the community by the resource provider; and also page 7, column 2, sections 7.4:receiving CAS credential from resource server); and wherein the security data is defined by an associated service provider administrator at each of the plurality of service providers (note page 2, column 1, section 1: set of rights granted to the community by the resource provider); and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers (note page 2, column 1, section 1: set of rights granted to the community by the resource provider; and also page 7, column 2, sections 7.4:receiving CAS credential from resource server)
Pearlman et al and Martini are analogous art because they are from the same field of securely managing and authorizing services to users of an enterprise or community. Therefore, at the time of filing of the invention, it would have been obvious to a person of ordinary skill in art to modify Martini method to include features of creating, by an administrator of each of the plurality of enterprises and via a Common Authorized Management (CAM) service a plurality of groups to contain one or more individuals at one of the plurality of enterprises, and receiving data in the CAM service from the administrator of each of the plurality of enterprises associating individuals with the capability to access the one or more services provided by each of the plurality of service providers taught by Pearlman et al in order to provide users with an alternative and fine-grained access control mechanism for provisioning and managing services from plurality of service providers (note Pearlman et al, Abstract, and section 3)
Regarding claim 18, it is rejected applying as same motivation and rationale applied above rejecting claim 17, and furthermore, Martini teaches the computer-readable medium wherein the security data comprises at least one of: access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements (note col. 6, lines 31-32, 38-44: security policy including access permissions; examiner interprets access permission as one of the access rights, privilege and authorization)
Regarding claim 19, it is rejected applying as same motivation and rationale applied above rejecting claim 18, and furthermore, Martini teaches the computer-readable medium wherein the security data is accessible by the CAM service (note col 10, starts at line 56; col. 12, starts at line 33; and col 16, lines 16-22: user interface/ web page to communicate with directory server 202 or other networked servers) Furthermore,  Pearlman et al teaches various interfaces for user interaction with CAM servers (note section 3: community authorization; and section 9.3: CAS server; various interfaces, API  and infrastructure such as GUI interfaces, CAS server, SVE infrastructure etc. for facilitating interaction with the users/ administrators associated with different domains/ servers)
Regarding claim 20, it is rejected applying as same motivation and rationale applied above rejecting claim 17, and furthermore, Martini teaches the computer-readable medium wherein creating a plurality of groups to contain one or more individuals at an enterprise includes: adding or removing one or more individuals from the plurality of groups (note column 4, starts at line 5; and column  18 starts at line 63: adding/ creating new user groups/ roles)

Allowable Subject Matter
Claims 6-7 and 14-15 would be allowable if rewritten to include all of the limitations of the base claim and any intervening claims.


Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-272-3551.  The examiner can normally be reached on M-F from 10:00 AM to 6:30 PM.  Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http:// www.uspto.gov/ interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jung (Jay) Kim, can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/SHANTO ABEDIN/Primary Examiner, Art Unit 2494