DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is response to communication:  response to amendments/argumetns filed on 07/12/2022
Claims 1-20 are currently pending in this application.  
No IDS has been filed for this application.  

Response to Arguments
The prior 101 rejections have been withdrawn in response to applicant’s amendments/arguments.

Applicant’s arguments concerning the art rejections have been fully considered but are not found persuasive.
First, applicants argue that the references do not teach “storing a correlation of various representations of an individual across the different software systems in the organization.”  Applicants argue that the references only teach one identity of a user, and that no correlation of different representations are stored.  This is not persuasive.  The claim requires “storing a correlation of various representations of an individual,” and this is taught by Hanhirova.  Hanhirova is directed toward providing an integrated intranet workspace, which provides users a workspace and service for independent applications (see abstract, Figure 1).  As seen in paragraph 41, user data may be stored in an intranet database.  As seen in paragraph 44, such data may include user authorization data, which includes information such as identity and authentication keys.  Such user authorization data is an example of correlations of various representations of an individual (the correlation of keys and identity, as they keys are a type of identifier).  Further, as seen in paragraph 44, individual users may be correlated in a group of users.  In such a case, the relationship of the individual user in a group of users is an example of a stored correlation of various representations of an individual across different software systems in an organization.  In addition, as cited in the office action, the Cobb reference further shows the obviousness of such limitations.  Cobb claim 1 teaches gathering different user information for multiple applications, organizing the data, and normalizing all the user role information, and storing such information in a database.  This is a clear example of the claimed limitation and shows the obviousness of correlating data in a database.  When storing information together, as seen in the Cobb reference with different types of user data, information is stored in such a way that information is organized and correlated.
Second, applciants argue that the applied references do not provide for receiving “for each of the different software systems, relational information regarding a relationship of different entities in the organization.  As mentioned above, Hanhirova teaches gathering information for multiple applications, including identities, keys, permission data, etc.  All this data are examples of “relational data.”  Applicants are arguing that “relational” data is not explicitly teaught.  However, in computer systems such as this with gathering user information, such as identities, keys, permissions, etc., especially with regards to how all the information is related to a user, all such data is related.  The claims should not be read in such a vacuum. Further, as seen in the rejection, Cobb teaches such information in claim 1 as well with the gathering of all the data and normalizing the data in a database.  Cobb’s claim 1 explicitly teaches the gathering and organization of such information that is inherent in most systems.
Third, applciants continue to argue the “relational information.”  See the arguments above.
Fourth, applicants argue that the references do not teach the limitations as Cobb does not teach “computing.”  First of all, Cobb is directed toward computer-implemented system and functions.  Thus, any actions performed by Cobb is an example of “computing” even though it does not explicitly recite “computing.”  Second, such limitations are obvious over the cited art.  Cobb claim 1 generally teaches gathering information from multiple/heterogeneous applications, merging them, updating the information, and normalizing all the data.  Such steps are clear examples of computing corresponding changes to the relational information for other ones of the different software systems.”   
	As seen in the arguments above, the references, read as a whole and not in such a narrow vacuum or individually, render the claimed limitations obvious. 

Claim Rejections - 35 USC § 101
The prior 101 rejections have been withdrawn in response to applicant’s amendments/arguments.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-9, 11-13, 15-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hanhirova US Patent Application Publication 2017/0346862 (Hanhirova), in view of Cobb US Patent No. 8,671,013 (Cobb).

	As per claim 1, Hanhirova teaches a system for ensuring consistency in authorization across different software systems in an organization, the system comprising: one or more memories storing a correlation of various representations of an individual across different software systems in the organization (paragraph 41 with information of user stored; also see paragraph 44 with user identity and authentication stored in database so that intranet system is aware of access permissions of all intranet web clients; see also abstract with multiple integrated intranet applications; see further paragraph 47; in addition, see paragraph 41 and 52 with multiple different workspaces); one or more processors in communication with the one or more memories, the one or more processors configured to: receive, for each of the different software systems relational information regarding a relationship of different entities in the organization, where each of the different entities has a defined set of authorizations (see paragraph 54 with providing authorization for users and user type; user type defines user privileges of users, which are level of access rights; see also paragraph 57 wherein when users are added to the intranet system, the different roles in different workspaces are incorporated; see further claim 2 of receiving user information related to authorization; see further paragraph 29 wherein roles are defined according to a hierarchy); receive, for each of the different software systems, one or more constraints associated with the relational information (see paragraph 54 with user privileges of the users in the respective level of access rights; see also Figure 2); receive, from an author, a change to the authorizations in a first one of the different software systems (paragraph 71 wherein administrator may change authorization of user; changes may include an organization wide change or changes based on project, etc; see also claim 9) and compute, based on the change to the authorizations in the first one of the different software systems and the one or more constraints, corresponding changes to the relational information (paragraph 71 wherein the authorizations are updated accordingly).
	Although Hanhirova teaches receiving a change to authorizations and updating those authorizations, , the reference does not explicitly teach computing corresponding changes to the relational information for other ones of the different software systems.  However, updating relational information for others based on a change in relational information is well known in the art.  For example, see Cobb (claim 1 and throughout reference with adding or changing a role management rule, business transaction rule, configuration rule, etc; the information is normalized and applied throughout the enterprise environment and extends to all applciations).  Cobb further teaches receiving, for each of the different software systems, relational information regarding a relationship of different entities in the organization, wehre each of the different entities has a defined set of authorizations and receive, for each of the different software systems, one or more constraints associated with the relational information (claim 1 with importing user role information that describes authorizations or permissions assigned to users in the plurality of applications).
	At the time the invention was filed, it would have been obvious to one of ordinary skill to combine Hanhirova with Cobb.  One of ordinary skill in the art would have been motivated to perform such an addition to provide a better management of controls within a heterogeneous enterprise environment (col. 2 lines 20-48).  
	As per claim 2, Hanhirova as modified teaches wherein the different entities are one of jobs, teams, roles, individuals, or tasks (Hanhirova paragraph 41, 52, 57, and 71 with roles and projects/tasks; also see Cobb claim 1 with roles). 
	As per claim 3, Hanhirova teaches wherein the relational information comprises hierarchical information (Hanhirova paragraph 29 wherein roles are defined according to a hierarchy)
	As per claim 5, it would have bene obvious over the Hanhirova combination wherein the one or more processors are further configured to detect inconsistencies among the one or more constraints for the different software systems (Cobb abstract and claim 1with testing and performing remediation; see claim 1 with testing to see whether the processes violate rules or comply with controls, etc).
	As per claim 6, it would have been obvious over the Hanhirova combination wherein the defined set of authorization defines at least one or permissions or responsibilities associated with the entity (Hanhirova paragraph 57 with different roles in workspaces; see also throughout Cobb such as claim 1 and 2 with roble-based access and authentication).
	As per claim 7, it would have been obvious over the Hanhirova combination wherein computing the corresponding changes comprises applying a domain-specific programming language (see Cobb claim 1 wherein the information/data is normalized by the system/domain).
	As per claim 8, it would have been obvious over the Hanhirova combination wherein the programming language is strictly typed against a globally dynamically-bound type state (Cobb claim 1 wherein the information is normalized; see also Cobb col. 2 line 65 to col. 3 line 15 with normalizing data from enterprise applications including proprietary applciations; see Cobb col. 8 line 51-68 with utilizing common data format for normalizing data).
	As per claim 9, it would have been obvious over the Hanhirova combination wherein computing the corresponding changes comprises transactionally managing policy programs as data (see claim 1 with normalizing all information and processing it accordingly). 
Claim 11 is rejected using the same basis of arguments used to reject claim 1 above. 
Claim 12 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 13 is rejected using the same basis of arguments used to reject claim 3 above. 
Claim 15 is rejected using the same basis of arguments used to reject claim 5 above. 
Claim 16 is rejected using the same basis of arguments used to reject claim 6 above. 
Claim 17 is rejected using the same basis of arguments used to reject claim 7 above. 
Claim 18 is rejected using the same basis of arguments used to reject claim 8 above. 
Claim 20 is rejected using the same basis of arguments used to reject claim 1 above.

Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over the Hanhirova combination as applied, and further in view of Chang et al. US Patent Application Publication 2003/0229623 (Chang).
As per claim 4, the Hanhirova combination does not explicitly teach wherein the hierarchical information comprises one or more trees.  However, this would have been obvious.  As seen in paragraph 29 of Hanhirova, the roles are already defined in a hierarchy.  Utilizing trees is a way of organization information and notoriously well known in the art, and it would have been obvious to one of ordinary skill in the art and a design choice to use a tree structure in a hierarchical structure to further detail the relationships.  Howeer, for a further showing of a hierarchical tree in role based permission, see Chang (paragraph 121, claim 1, and throughout).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachigns of the Hanhirova combination with Chang.  One of ordinary skill in the art would have been motivated to perform such an addition to provide fine grained access control to system resources (paragraph 2 and 39). 
Claim 14 is rejected using the same basis of arguments used to reject claim 4 above. 

Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over the Hanhirova combination as applied, and further in view of Walls et al. US Patent No. 7,284,274 (Walls)
	As per claim 10, the Hanhirova combination does not explicitly teach wherein the programming language is applied along with trees to allow extensive static analysis to avoid re-evaluating all constraints for every change.  However, allying programming language with trees is notoriously well known in the art.  For example, see Walls (claim 1 with applying trees to code and performing static analysis).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Hanhirova combination with Walls.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by providing certification for software systems (col. 6 line 20-25 of Walls).
Claim 19 is rejected using the same basis of arguments used to reject claim 10 above.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monda-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495