DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections
1.	Claims 1, 5, 10, 16-17 and 19 are objected to because of the following informalities:
In Claim 1, Lines 3-4, “in response to detect that a target user account triggers…” should read “in response to detecting that a target user account triggers…”
In Claim 5, Lines 4-5, “wherein on one or more of the following are determined…” should read “wherein
In Claim 10, Lines 6-7, “in response to detect that a target user account triggers…” should read “in response to detecting that a target user account triggers…”
In Claim 16, Line 1-2, “comprising s a terminal and a server” should read “comprising
In Claim 17, Line 1, “wherein the server is is further configured to” should read “wherein the server
In Claim 19, Lines 3-4, “wherein on one or more of the following are determined…” should read “wherein

Appropriate correction is required.





Claim Rejections - 35 USC § 102
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


3.	Claims 1-4, 9-11 and 15-18 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by REUZEL (U.S. PGPub. 2021/0182131) (Effective filing date of Provisional Application on 12/12/2019), hereinafter Reuzel. 

	Regarding claim 1, Reuzel teaches A method for determining an application permission, applied to a terminal and comprising (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permissions for an application. For example, the access permissions data 480 define a list of applications that can access a first application…”):
	determining a current application scenario of a first application, in response to detect that a target user account triggers the first application to invoke a target application service of a second application (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application hosted by the server endpoint and whether the first application 110a is authorized to access the specified API of the second application…upon receiving the API access request from the first application 110a executing at the provider client device 104, the specified endpoint invokes the authorization API at an authorization endpoint with a pair of access tokens, one associated with the specified endpoint and another received from the provider client device 104…The authorization API processes the access tokens to determine that an instance of the first application 110a is requesting to invoke an instance of the second application”, where “provider client device 104” is being read as being comprised of a user account, due to the provider client device 104 being associated with a user device and where “The authorization API processes the access tokens to determine that an instance of the first application 110a is requesting to invoke an instance of the second application” is being read as determining a current application scenario of a first application, in response to detecting that a target user account (i.e., request from the provider client device 104) triggers the first application to invoke a target application service of a second application); and
	determining a target application permission corresponding to the target application service based on the current application scenario of the first application, such that the first application invokes the target application service based on the target application permission (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permission for an application. For example, the access permissions data 480 define a list of applications that can access a first application, regardless or independent of the roles implemented by the first application. In another example, the access permissions data 480 define a group of applications that can be accessed by a first application. In still another example, the access permissions data 480 define whether a first application can access a specific role of a second application, regardless or independent of whether first application and the second application implement roles that are associated with a transaction in which the first application is a source and the second application is a target of the transaction”, where “the access permissions data 480 define a list of applications that can access a first application…” is being read as determining a target application permission corresponding to the target application service based on the current application scenario of the first application, where “access permissions data 480” comprises the target application permission corresponding to the target application service based on the current application scenario of the first application) (Reuzel, Paragraph [0058], see “…The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480…if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access…”, which is being read as determining a target application permission corresponding to the target application service (i.e., second application 110b) based on the current application scenario of the first application (i.e., first application 110a), such that the first application invokes the target application service based on the target application permission (i.e., using the access permissions data 480)). 

	Regarding claim 2, Reuzel teaches The method of claim 1, where said determining the target application permission comprises:
	acquiring a corresponding relationship between an application scenario of the first application corresponding to the target user account and an application permission of an application service of the second application respectively (Reuzel, Paragraph [0043], see “…FIG. 4 shows data structures used for defining/generating/storing configuration data 125, including interaction pattern data 126, application conformance data 127 and application instance data 128…interaction pattern data 126 is stored in the interaction pattern database 134 using a first data structure 450…a data structure includes a number of attributes and relationships that define the data stored using the data structure…”) (Reuzel, Paragraph [0044], see “The relationship attributes define relationship between various attributes. As an example, role-transaction relationship attribute 456 define a relationship between a role and transaction. For example, the role can be a source or target of the associated transaction. The role-dependency attribute 457 of a role specifies another role from which the role depends…”, where “role-transaction relationship attribute 456 define a relationship between a role and transaction…the role can be a source or target of the associated transaction” is being read as acquiring a corresponding relationship between an application scenario of the first application (e.g., source) corresponding to the target user account and an application permission of an application service of the second application (e.g., target), due to the relationship attributes defining another role from which a specified role depends, in other words, determining a relationship between a first role for a first application and a second role (i.e., application permission of the second application) for a target application); and
	determining the target application permission based on the current application scenario of the first application and the corresponding relationship (Reuzel, Abstract, see “The present disclosure relates to controlling communication between various applications or integrating various applications using interaction patterns. Interaction pattern data, which defines multiple roles for an interaction pattern is generated. Each role is associated with a transaction and is a source or target of a transaction…A role can be a provider, or a consumer of the API based on whether the role is a source or target of the transaction. Application conformance data, which defines a set of roles implemented by the application is generated. An application is permitted to invoke an API of another application, if the application implements a first role and the other application implements a second role, and the first role and the second role are a source and target, respectively, of a transaction performed using the API”, where “An application is permitted to invoke an API of another application, if the application implements a first role and the other application implements a second role…” is being read as determining the target application permission based on the current application scenario of the first application and the corresponding relationship, where the system utilizes the “interaction pattern data” (e.g., corresponding relationship) which defines the relationships between a source and target role and is utilized to determine the permission of a first role invoking a second role). 

	Regarding claim 3, Reuzel teaches The method of claim 2, wherein said acquiring the corresponding relationship comprises:
	determining the corresponding relationship between each application scenario and the application permission of each application service corresponding to the target user account, based on an invocation record of the application permission of each application service by the target user account under each application scenario (Reuzel, Paragraph [0004], see “…The method includes obtaining the interaction pattern data from a storage system, in which the interaction pattern data defines each of a plurality of interactions using a plurality of roles, wherein each role is configured to consume an API from another role, or provide the API to another role…”, where “interaction pattern data” is being read as comprising pattern and/or relationship data which ultimately comprises of an invocation record of the application permission of each application service by the target user account under each application scenario, due to the “interaction pattern data” defining each of a plurality of interactions (i.e., each application scenario) using a plurality of roles); and
	determining the corresponding relationship between the application scenario of the first application corresponding to the target user account and the application permission of the application service of the second application respectively, from the corresponding relationship between each application scenario and the application permission of each application service corresponding to the target user account (Reuzel, Paragraph [0020], see “…The configuration subsystem 112 can facilitate generation of configuration data 125 that can be used in controlling communication between the applications. The configuration data 125 includes interaction pattern data 126, which defines an interaction pattern in terms of roles, transactions, application programming interfaces (APIs) and their interdependencies…A role can be a source of a transaction (e.g., consumer of the API associated with the transaction), or a target of the transaction (e.g., provider of the API associated with the transaction)…the roles implemented by an application can be used to determine which other applications and their associated APIs the application can access…the configuration data 125 can be used in determining the allowed interactions between the applications (e.g., which API of an application can invoke which APIs of other applications based on the defined roles)”, where “configuration data 125” comprises corresponding relationships between each application scenario and the application permission of each application service corresponding to the target user account, due to the configuration data 125 including interaction pattern data, which defines an interaction pattern in terms of roles, transactions, and APIs, and where “the roles implemented by an application can be used to determine which other applications and their associated APIs the application can access” is ultimately determining the corresponding relationship between a first and second application and their application permission corresponding to the target user account (e.g., which roles can access their associated APIs)). 

	Regarding claim 4, Reuzel teaches The method of claim 3, where said determining the corresponding relationship comprises:
	acquiring a permission mapping table corresponding to the target user account, wherein the permission mapping table comprises application permissions of each application service under each application scenario for the target user account (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permissions for an application. For example, the access permissions data 480 define a list of applications that can access a first application, regardless or independent of the roles implemented by the first application. In another example, the access permissions data 480 define a group of applications that can be accessed by a first application. In still another example, the access permissions data 480 define whether a first application can access a specific role of a second application…”, where “access permissions data 480” is being read as comprising a permission mapping table corresponding to the target user account, wherein the permission mapping table comprises application permissions of each application service under each application scenario for the target user account, due to the access permissions data defining access permissions for a group of applications and whether a first application can access a specific role of a second application);
	updating the permission mapping table based on the invocation record (Reuzel, Paragraph [0035], see “…A user (e.g., an application developer) may use the interaction patterns stored in the interaction pattern database 134 to configure the applications to implement one or more roles, which in effect controls integration or communication between applications”, where “interaction patterns stored in the interaction pattern database 134” is being read as comprising of the invocation records, where “configure the applications to implement one or more roles, which in effect controls integration or communication between applications” is being read as updating (i.e., through configuration) the permission mapping table based on the invocation record, due to the application developer using the interaction patterns to configure the applications to implement one or more roles, due to the permission mapping table (i.e., access permissions) defining whether a first application can access a specific role of a second application) (Reuzel, Paragraph [0049], see “…a user (e.g., application developer) may configure one or more endpoints to host the APIs by the second subset of roles and update the location data of these APIs in the application instance data 128 accordingly…”); and
	determining the corresponding relationship based on the updated permission mapping table (Reuzel, Paragraph [0004], see “…The method includes obtaining the interaction pattern data from a storage system, in which the interaction pattern data defines each of a plurality of interactions using a plurality of roles, wherein each role is configured to consume an API from another role, or provide the API to another role…”, where “interaction pattern data” is being read as comprising the corresponding relationship, which ultimately is determined based on the updated permission table configured by the application developer) (Reuzel, Paragraph [0032], see “…A user (e.g., an application developer) can use the GUI to generate an interaction pattern…generating the interaction pattern includes defining a number of roles and configuring a role as a source or a target of a transaction”, wherein the corresponding relationship is determined based on the updated (i.e., configured) permission mapping table initialized by the application developer). 

	Regarding claim 9, Reuzel teaches The method of claim 1, where said determining the target application permission comprises:
	determining a pending application permission corresponding to the target application service based on the current application scenario of the first application (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application host by the server endpoint and whether the first application 110a is authorized to access the specified API of the second application”, where “the specified endpoint performs a check to determine…” is being read as determining a pending application permission, due to the request pending until the permissions are checked); and
	inquiring the target user account to invoke or not invoke the pending application permission in response to determining that the pending application permission is an application permission that the target user account has not acquired under the current application scenario of the first application (Reuzel, Paragraph [0058], see “…The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480. If the access permissions data 480 indicates that the first application 110a is not allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating so, and the specified endpoint can further notify the provider client device 104 that it is restricted from accessing the second application”, where the target user account (i.e., provider client device 104) is inquired to invoke or not invoke (i.e., determining whether the first application 110a is permitted to invoke an instance of the second application 110b) the pending application permission (i.e., request) in response to determining that the pending application permission is an application permission that the target user account has not acquired under the current application scenario of the first application (i.e., the access permissions data 480 indicating that the first application 110a is not allowed to access the second application 110b), and determining the pending application permission as the target application permission after the target user account allows the invocation (Reuzel, Paragraph [0058], see “However, if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access…”, which is being read as determining the pending application permission as the target application permission (i.e., indicating the list of allowed APIs the first application 110a is allowed to access) after the target user account allows the invocation (i.e., the access permissions data 480 indicating that the first application 110a is allowed to access the second application 110b)). 

	Regarding claim 10, Reuzel teaches An apparatus for determining an application permission, applied to a terminal and comprising (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permissions for an application. For example, the access permissions data 480 define a list of applications that can access a first application…”) (Reuzel, Paragraph [0086], see “…Processes described herein may be performed by, and apparatus can also be implemented as, special purpose logic circuitry…”):
	a processor (Reuzel, Paragraph [0003], see “…the method being implemented by one or more processors…”); and
	a memory for storing instructions executable by the processor (Reuzel, Paragraph [0029], see “…The computer program instructions may refer to machine-readable instructions stored within memory 122 and executable by processors 120 automatically…”),
	wherein the processor is configured to:
	determine a current application scenario of a first application, in response to detect that a target user account triggers the first application to invoke a target application service of a second application (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application hosted by the server endpoint and whether the first application 110a is authorized to access the specified API of the second application…upon receiving the API access request from the first application 110a executing at the provider client device 104, the specified endpoint invokes the authorization API at an authorization endpoint with a pair of access tokens, one associated with the specified endpoint and another received from the provider client device 104…The authorization API processes the access tokens to determine that an instance of the first application 110a is requesting to invoke an instance of the second application”, where “provider client device 104” is being read as being comprised of a user account, due to the provider client device 104 being associated with a user device and where “The authorization API processes the access tokens to determine that an instance of the first application 110a is requesting to invoke an instance of the second application” is being read as determining a current application scenario of a first application, in response to detecting that a target user account (i.e., request from the provider client device 104) triggers the first application to invoke a target application service of a second application); and
	determine a target application permission corresponding to the target application service based on the current application scenario of the first application, such that the first application invokes the target application service based on the target application permission (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permission for an application. For example, the access permissions data 480 define a list of applications that can access a first application, regardless or independent of the roles implemented by the first application. In another example, the access permissions data 480 define a group of applications that can be accessed by a first application. In still another example, the access permissions data 480 define whether a first application can access a specific role of a second application, regardless or independent of whether first application and the second application implement roles that are associated with a transaction in which the first application is a source and the second application is a target of the transaction”, where “the access permissions data 480 define a list of applications that can access a first application…” is being read as determining a target application permission corresponding to the target application service based on the current application scenario of the first application, where “access permissions data 480” comprises the target application permission corresponding to the target application service based on the current application scenario of the first application) (Reuzel, Paragraph [0058], see “…The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480…if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access…”, which is being read as determining a target application permission corresponding to the target application service (i.e., second application 110b) based on the current application scenario of the first application (i.e., first application 110a), such that the first application invokes the target application service based on the target application permission (i.e., using the access permissions data 480)). 

	Regarding claim 11, Reuzel teaches The apparatus for determining an application permission according to claim 10, wherein the processor is further configured to:
	acquire a corresponding relationship between an application scenario of the first application corresponding to the target user account and an application permission of an application service of the second application respectively (Reuzel, Paragraph [0043], see “…FIG. 4 shows data structures used for defining/generating/storing configuration data 125, including interaction pattern data 126, application conformance data 127 and application instance data 128…interaction pattern data 126 is stored in the interaction pattern database 134 using a first data structure 450…a data structure includes a number of attributes and relationships that define the data stored using the data structure…”) (Reuzel, Paragraph [0044], see “The relationship attributes define relationship between various attributes. As an example, role-transaction relationship attribute 456 define a relationship between a role and transaction. For example, the role can be a source or target of the associated transaction. The role-dependency attribute 457 of a role specifies another role from which the role depends…”, where “role-transaction relationship attribute 456 define a relationship between a role and transaction…the role can be a source or target of the associated transaction” is being read as acquiring a corresponding relationship between an application scenario of the first application (e.g., source) corresponding to the target user account and an application permission of an application service of the second application (e.g., target), due to the relationship attributes defining another role from which a specified role depends, in other words, determining a relationship between a first role for a first application and a second role (i.e., application permission of the second application) for a target application); and
	determine the target application permission based on the current application scenario of the first application and the corresponding relationship (Reuzel, Abstract, see “The present disclosure relates to controlling communication between various applications or integrating various applications using interaction patterns. Interaction pattern data, which defines multiple roles for an interaction pattern is generated. Each role is associated with a transaction and is a source or target of a transaction…A role can be a provider, or a consumer of the API based on whether the role is a source or target of the transaction. Application conformance data, which defines a set of roles implemented by the application is generated. An application is permitted to invoke an API of another application, if the application implements a first role and the other application implements a second role, and the first role and the second role are a source and target, respectively, of a transaction performed using the API”, where “An application is permitted to invoke an API of another application, if the application implements a first role and the other application implements a second role…” is being read as determining the target application permission based on the current application scenario of the first application and the corresponding relationship, where the system utilizes the “interaction pattern data” (e.g., corresponding relationship) which defines the relationships between a source and target role and is utilized to determine the permission of a first role invoking a second role). 

	Regarding claim 15, Reuzel teaches The apparatus for determining an application permission according to claim 10, wherein the processor is further configured to:
	determine a pending application permission corresponding to the target application service based on the current application scenario of the first application (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application host by the server endpoint and whether the first application 110a is authorized to access the specified API of the second application”, where “the specified endpoint performs a check to determine…” is being read as determining a pending application permission, due to the request pending until the permissions are checked); and
	inquire the target user account to invoke or not invoke the pending application permission in response to determining that the pending application permission is an application permission that the target user account has not acquired under the current application scenario of the first application (Reuzel, Paragraph [0058], see “…The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480. If the access permissions data 480 indicates that the first application 110a is not allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating so, and the specified endpoint can further notify the provider client device 104 that it is restricted from accessing the second application”, where the target user account (i.e., provider client device 104) is inquired to invoke or not invoke (i.e., determining whether the first application 110a is permitted to invoke an instance of the second application 110b) the pending application permission (i.e., request) in response to determining that the pending application permission is an application permission that the target user account has not acquired under the current application scenario of the first application (i.e., the access permissions data 480 indicating that the first application 110a is not allowed to access the second application 110b), and determining the pending application permission as the target application permission after the target user account allows the invocation (Reuzel, Paragraph [0058], see “However, if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access…”, which is being read as determining the pending application permission as the target application permission (i.e., indicating the list of allowed APIs the first application 110a is allowed to access) after the target user account allows the invocation (i.e., the access permissions data 480 indicating that the first application 110a is allowed to access the second application 110b)).

	Regarding claim 16, Reuzel teaches A system for determining an application permission, comprising s a terminal and a server (Reuzel, Paragraph [0004], see “…the one or more processors effectuate the method of receiving, at a server, a request from a first application of a plurality of applications to invoke a specified API associated with a second application of the plurality of applications…”),
	wherein the terminal sends a corresponding relationship acquisition request to the server in response to detect that the target user account triggers a first application to invoke a target application service of a second application (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application hosted by the server endpoint and whether the first application 110a is authorized to access the specified API of the second application…upon receiving the API access request from the first application 110a executing at the provider client device 104, the specified endpoint invokes the authorization API at an authorization endpoint with a pair of access tokens, one associated with the specified endpoint and another received from the provider client device 104…The authorization API processes the access tokens to determine that an instance of the first application 110a is requesting to invoke an instance of the second application. The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480”, where “specified endpoint” is being read as a terminal, where “provider client device 104” is being read as comprising a target user account, where “authorization API” is being read as comprising a server, where the terminal (specified endpoint) sends (i.e., invokes) a corresponding relationship acquisition request to the server (authorization API) in response to detecting that the target user account (provider client device 104) triggers a first application to invoke a target application service of a second application (i.e., the request sent from the provider client device 104));
	the server receives the corresponding relationship acquisition request, and sends a corresponding relationship between each application scenario and an application permission of each application service corresponding to the target user account to the terminal based on the corresponding relationship acquisition request (Reuzel, Paragraph [0058], see “When the specified endpoint receives a request from the provider client device 104 for accessing the specified API, the specified endpoint performs a check to determine whether the first application 110a is authorized to access the second application hosted by the server endpoint…if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access”, where “if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs” is being read as sending a corresponding relationship between each application scenario (i.e., a list of APIs the first application can invoke) corresponding to the target user account to the terminal (specified endpoint), where “provider client device 104” is being read as comprising a target user account, where “authorization API” is being read as comprising a server and where the process involving the authorization API includes pulling pattern (relationship) data from a storage system to help in indicating specific permissions for a first application invoking a target application as seen in Reuzel, Paragraphs [0043 – 0044]), wherein the corresponding relationship between each application scenario and the application permission of each application service corresponding to the target user account is determined based on an invocation record of the application permission of each application service by the target user account under each application scenario (Reuzel, Paragraph [0004], see “…The method includes obtaining the interaction pattern data from a storage system, in which the interaction pattern data defines each of a plurality of interactions using a plurality of roles, wherein each role is configured to consume an API from another role, or provide the API to another role…”, where “interaction pattern data” is being read as comprising pattern and/or relationship data which ultimately comprises of an invocation record of the application permission of each application service by the target user account under each application scenario, due to the “interaction pattern data” defining each of a plurality of interactions (i.e., each application scenario) using a plurality of roles); and
	the terminal receives the corresponding relationship, and determines a target application permission corresponding to the target application service based on the corresponding relationship and a current application scenario of the first application, such that the first application invokes the application service to be invoked based on the target application permission (Reuzel, Paragraph [0058], see “…The authorization API then determines whether an instance of the first application 110a is permitted to invoke an instance of the second application 110b using the access permissions data 480. If the access permissions data 480 indicates that the first application 110a is not allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating so, and the specified endpoint can further notify the provider client device 104 that it is restricted from accessing the second application. However, if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access…”, where “if the access permissions data 480 indicates that the first application 110a is allowed to access the second application 110b, the authorization API returns a response to the specified endpoint indicating a list of APIs the first application 110a is allowed to access” is being read as the terminal (specified endpoint) receiving the corresponding relationship and determining a target application permission corresponding to the service based on the relationship and a current application scenario such that the first application invokes the application service to be invoked based on the target application permission). 

	Regarding claim 17, Reuzel teaches The system of claim 16, wherein the server is is further configured to:
	determine a permission mapping table corresponding to the target user account, wherein the permission mapping table comprises application permissions of each application service under each application scenario for the target user account (Reuzel, Paragraph [0047], see “The access permissions data 480 define access permissions for an application. For example, the access permissions data 480 define a list of applications that can access a first application, regardless or independent of the roles implemented by the first application. In another example, the access permissions data 480 define a group of applications that can be accessed by a first application. In still another example, the access permissions data 480 define whether a first application can access a specific role of a second application…”, where “access permissions data 480” is being read as comprising a permission mapping table corresponding to the target user account, wherein the permission mapping table comprises application permissions of each application service under each application scenario for the target user account, due to the access permissions data defining access permissions for a group of applications and whether a first application can access a specific role of a second application);
	update the permission mapping table based on the invocation record (Reuzel, Paragraph [0035], see “…A user (e.g., an application developer) may use the interaction patterns stored in the interaction pattern database 134 to configure the applications to implement one or more roles, which in effect controls integration or communication between applications”, where “interaction patterns stored in the interaction pattern database 134” is being read as comprising of the invocation records, where “configure the applications to implement one or more roles, which in effect controls integration or communication between applications” is being read as updating (i.e., through configuration) the permission mapping table based on the invocation record, due to the application developer using the interaction patterns to configure the applications to implement one or more roles, due to the permission mapping table (i.e., access permissions) defining whether a first application can access a specific role of a second application) (Reuzel, Paragraph [0049], see “…a user (e.g., application developer) may configure one or more endpoints to host the APIs by the second subset of roles and update the location data of these APIs in the application instance data 128 accordingly…”); and
	determine the corresponding relationship based on the updated permission mapping table (Reuzel, Paragraph [0004], see “…The method includes obtaining the interaction pattern data from a storage system, in which the interaction pattern data defines each of a plurality of interactions using a plurality of roles, wherein each role is configured to consume an API from another role, or provide the API to another role…”, where “interaction pattern data” is being read as comprising the corresponding relationship, which ultimately is determined based on the updated permission table configured by the application developer) (Reuzel, Paragraph [0032], see “…A user (e.g., an application developer) can use the GUI to generate an interaction pattern…generating the interaction pattern includes defining a number of roles and configuring a role as a source or a target of a transaction”, wherein the corresponding relationship is determined based on the updated (i.e., configured) permission mapping table initialized by the application developer).

	Regarding claim 18, Reuzel teaches The system of claim 17, wherein the invocation record of the application permission of each application service by the target user account under each application scenario comprises at least one of: the number of times of invoking each application service by the target user account under each application scenario, time consumed for invoking each application service by the target user account under each application scenario, and invocation feedback of each application service by the target user account under each application scenario, wherein the invocation feedback comprises rejecting the invocation, and manually adding a new application service and invoking the manually added new application service (Reuzel, Paragraph [0065], see “…the metering subsystem 116 can analyze the tagged access logs to generate reports having any of various analytics. Examples of reports include usage reports that describe, for example, how many interactions of a certain interaction pattern type have taken place (e.g. patient data exchange). The reports can further be categorized based on various parameters, such as requesting application and requested application. Reports can also include financial data such as how many interactions have taken place with a specific endpoint…Reports can also include security information, such as information regarding failed requests (e.g., for security reasons/unauthorized requests), unexpected interactions, or a behavior change, which are useful in detecting security breaches”, where “the metering subsystem 116 can analyze the tagged access logs to generate reports having any of various analytics. Examples of reports include usage reports that describe, for example, how many interactions of a certain interaction pattern type have taken place. The reports can further be categorized based on various parameters, such as requesting application and requested application” is being read as the invocation record comprising at least the number of times if invoking each application service by the target user account under each application scenario).

	



Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


5.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

6.	Claims 5 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Reuzel, in view of TAKI (U.S. PGPub. 2017/0286324), hereinafter Taki. 

	Regarding claim 5, Reuzel does not teach the following limitation(s) as taught by Taki: The method of claim 4, where said updating the initial permission mapping table based on the invocation record comprises:
	updating the permission mapping table based on one or more of the following and a weight value preset for one or more of the following, wherein on one or more of the following are determined based on the invocation record:
	an acquisition success rate of the application permission of each application service by the target user account under each application scenario;
	an acquisition failure rate of the application permission of each application service by the target user account under each application scenario (Taki, Paragraph [0143], see “…when a failure occurs in the processing unit 210, the management information of the task ID permission unit 400 is updated. That is, it is possible to change the task ID(s) that can be used by the processing unit 210 when a failure has occurred”, where “task ID(s)” is analogous to comprising the permissions in the permission mapping table, which are updated based on an acquisition failure rate);
	a ranking value of consuming time in a first consuming time queue, wherein the consuming time is a time at which the target user account successfully acquires the application permission of each application service under each application scenario, the first consuming time queue is a queue corresponding to the target user account, wherein the first consuming time queue is formed by arranging the consuming time at which the target user account successfully acquires the application permission of each application service under each application scenario in a descending order; or
	a ranking value of consuming time in a second consuming time queue, wherein the consuming time is a time at which the target user account fails to acquire the application permission of each application service under each application scenario, the second consuming time queue is a queue corresponding to the target user account, wherein the second consuming time queue is formed by arranging the consuming time at which the target user account fails to acquire the application permission of each application service under each application scenario in an ascending order.
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for an access management method, comprising of updating a permission mapping table based on an acquisition failure rate of the permission, disclosed of Taki.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of updating a permission mapping table based on an acquisition failure rate of the permission. This allows for better security management by keeping track of the amount of failures for each request, in order to report/log the failure and update the permission mapping table to overcome the failure or help in detecting potential security breaches. Taki is deemed as analogous art due to the art disclosing techniques for updating permissions based on when a failure occurs in the system (Taki, Paragraph [0143]). 

	Regarding claim 19, Reuzel does not teach the following limitation(s) as taught by Taki: The system of claim 18, wherein the server is further configured to:
	update the permission mapping table based on one or more of the following and a weight value preset for one or more of the following, wherein on one or more of the following are determined based on the invocation record:
	an acquisition success rate of the application permission of each application service by the target user account under each application scenario;
	an acquisition failure rate of the application permission of each application service by the target user account under each application scenario (Taki, Paragraph [0143], see “…when a failure occurs in the processing unit 210, the management information of the task ID permission unit 400 is updated. That is, it is possible to change the task ID(s) that can be used by the processing unit 210 when a failure has occurred”, where “task ID(s)” is analogous to comprising the permissions in the permission mapping table, which are updated based on an acquisition failure rate);
	a ranking value of consuming time in a first consuming time queue, wherein the consuming time is a time at which the target user account successfully acquires the application permission of each application service under each application scenario, the first consuming time queue is a queue corresponding to the target user account, wherein the first consuming time queue is formed by arranging the consuming time at which the target user account successfully acquires the application permission of each application service under each application scenario in a descending order; or
	a ranking value of consuming time in a second consuming time queue, wherein the consuming time is a time at which the target user account fails to acquire the application permission of each application service under each application scenario, the second consuming time queue is a queue corresponding to the target user account, wherein the second consuming time queue is formed by arranging the consuming time at which the target user account fails to acquire the application permission of each application service under each application scenario in an ascending order.
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for an access management method, comprising of updating a permission mapping table based on an acquisition failure rate of the permission, disclosed of Taki.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of updating a permission mapping table based on an acquisition failure rate of the permission. This allows for better security management by keeping track of the amount of failures for each request, in order to report/log the failure and update the permission mapping table to overcome the failure or help in detecting potential security breaches. Taki is deemed as analogous art due to the art disclosing techniques for updating permissions based on when a failure occurs in the system (Taki, Paragraph [0143]). 


7.	Claims 6 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Reuzel, in view of Lu et al. (U.S. PGPub. 2019/0332232), hereinafter Lu. 

	Regarding claim 6, Reuzel does not teach the following limitation(s) as taught by Lu: The method of claim 1, where said determining the current application scenario of the first application comprises:
	determining a page parameter of a current page of the first application (Lu, Paragraph [0038], see “…during the process of using a terminal application, the application can display URLs of some web pages to the user”, where “the application can display URLs of some web pages to the user” is analogous to determining a page parameter of a current page of the first application, and where “URLs” is read as comprising of a page parameter), wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application (Lu, Paragraph [0038], see “…For a URL displayed in the user interface of the application, if the user desires to view the web page content corresponding to the URL, the user can click the URL. Correspondingly, upon the application obtains the click operation signal corresponding to the URL, the web page corresponding to the URL can be displayed in a browser of the application…”, where “if the user desires to view the web page content corresponding to the URL, the user can click the URL” is analogous to the current page being provided with a page element or an entry that triggers the first application to invoke the target application service of the second application, where “the user can click the URL” is read as an entry that triggers, where “user interface of the application” is read as the current page of the first application and where “web page corresponding to the URL” is analogous to comprising the target application service of the second application); the page parameter comprises a page label or an uniform resource locator (URL) of a page or both of the page label and URL (Lu, Paragraph [0038], see “…the application can display URLs of some web pages to the user”, where “URLs of some web pages” is read as the page parameter); and
	determining the current application scenario of the first application based on the page parameter of the current page of the first application (Lu, Paragraph [0111], see “…when the operating system invokes the first application, the operating system ends a first invoking request to the first application, and the first invoking request carries the first web page address. The first application can be configured to request from the background server corresponding to the first application, a page turning mode corresponding to the first web page address, and display the target page according to the page turning mode corresponding to the first web page address…”, where “a page turning mode corresponding to the first web page address” is analogous to determining a current application scenario of the first application based on the page parameter of the current page of the first application, where “first web page address” can be read as comprising the page parameter, and where “page turning mode” can be read as comprising an application scenario).  
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for displaying web page content, comprising determining a page parameter of a current page of a first application, wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application, disclosed of Lu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising determining a page parameter of a current page of a first application, wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application. This allows for a more user-friendly interface by allowing a target user account to click on a button/URL to trigger the first application to invoke the target application service of the second application. Lu is deemed as analogous art due to the art disclosing techniques for providing an entry that triggers the first application to invoke the target application service of a second application on the current page of the first application (Lu, Paragraph [0038]). 

	Regarding claim 12, Reuzel does not teach the following limitation(s) as taught by Lu: The apparatus for determining an application permission according to claim 10, wherein the processor is further configured to:
	determine a page parameter of a current page of the first application (Lu, Paragraph [0038], see “…during the process of using a terminal application, the application can display URLs of some web pages to the user”, where “the application can display URLs of some web pages to the user” is analogous to determining a page parameter of a current page of the first application, and where “URLs” is read as comprising of a page parameter), wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application (Lu, Paragraph [0038], see “…For a URL displayed in the user interface of the application, if the user desires to view the web page content corresponding to the URL, the user can click the URL. Correspondingly, upon the application obtains the click operation signal corresponding to the URL, the web page corresponding to the URL can be displayed in a browser of the application…”, where “if the user desires to view the web page content corresponding to the URL, the user can click the URL” is analogous to the current page being provided with a page element or an entry that triggers the first application to invoke the target application service of the second application, where “the user can click the URL” is read as an entry that triggers, where “user interface of the application” is read as the current page of the first application and where “web page corresponding to the URL” is analogous to comprising the target application service of the second application); the page parameter comprises a page label or an uniform resource locator (URL) of a page or both of the page label and URL (Lu, Paragraph [0038], see “…the application can display URLs of some web pages to the user”, where “URLs of some web pages” is read as the page parameter); and
	determine the current application scenario of the first application based on the page parameter of the current page of the first application (Lu, Paragraph [0111], see “…when the operating system invokes the first application, the operating system ends a first invoking request to the first application, and the first invoking request carries the first web page address. The first application can be configured to request from the background server corresponding to the first application, a page turning mode corresponding to the first web page address, and display the target page according to the page turning mode corresponding to the first web page address…”, where “a page turning mode corresponding to the first web page address” is analogous to determining a current application scenario of the first application based on the page parameter of the current page of the first application, where “first web page address” can be read as comprising the page parameter, and where “page turning mode” can be read as comprising an application scenario).  
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for displaying web page content, comprising determining a page parameter of a current page of a first application, wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application, disclosed of Lu. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising determining a page parameter of a current page of a first application, wherein the current page is provided with a page element or an entry that triggers the first application to invoke the target application service of the second application. This allows for a more user-friendly interface by allowing a target user account to click on a button/URL to trigger the first application to invoke the target application service of the second application. Lu is deemed as analogous art due to the art disclosing techniques for providing an entry that triggers the first application to invoke the target application service of a second application on the current page of the first application (Lu, Paragraph [0038]). 


8.	Claims 7 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Reuzel, in view of Dropps (U.S. Patent 10,664,621). 

	Regarding claim 7, Reuzel teaches The method of claim 1, where said determining the target application permission comprises:
	determining a candidate application permission corresponding to the target application service based on the current application scenario of the first application (Reuzel, Paragraph [0032], see “…generating the interaction pattern includes defining a number of roles and configuring a role as a source or a target of a transaction…a transaction is a communication path between two roles…In some embodiments, two roles may communicate with each other if they are associated with a transaction. If one has to enable a first role and a second role to communicate, the first role and the second role may have to be associated with a transaction. As can be appreciated, the transactions can determine which roles can invoke which other roles”, where “the transactions can determine which roles can invoke which other roles” is being read as the roles being used to determine a candidate application permission corresponding to the target application service based on the current application scenario of the first application, due to the first application needing to have a specific role in order to invoke a second application. In other words, based on the role of the first application, the system can determine a candidate application permission corresponding to the target application); 
	
	Reuzel does not teach the following limitation(s) as taught by Dropps: determining a candidate application permission as the target application permission in response that a historical rejection rate of the candidate application permission by the target user account under the current application scenario of the first application is smaller than a rejection rate threshold (Dropps, Column 4, Lines 4 – 11, see “Typical cloud computing providers deliver common business applications online, which are accessed from another web service or software like a web browser, while the software and data are stored remotely on servers…In this example, the application allows a client to access storage via a cloud”) (Dropps, Column 24, Lines 56 – 64, see “…At block 738, the request is deemed a failure, and a fail counter may be incremented and/or other notifications may be generated before the process returns to block 702 to await another request. If the fail count is greater than a threshold value, at block 740, the update token may be locked until a manual override at block 742. However, if the fail count is less than or equal to the threshold, the update token is simply released and the process continues to block 702…”, where “the request is deemed a failure, and a fail counter may be incremented…” is analogous to keeping track of a historical rejection rate of a candidate application by a target user account under a current application scenario and where “if the fail count is less than or equal to the threshold, the update token is simply released…” is analogous to determining a candidate application permission as the target application permission in response to a historical rejection rate (i.e., fail counter) is smaller than a rejection rate threshold). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for secure control systems, comprising of determining an application permission in response that a historical rejection rate is smaller than a rejection rate threshold, disclosed of Dropps. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of determining an application permission in response that a historical rejection rate is smaller than a rejection rate threshold. This allows for better security management by keeping track of past invocations with a particular user with regard to requesting access to a target application, in instances where if a user gets denied access to their request two or more times in a short period of time, the system can lock the user from further requests and/or the like. Dropps is deemed as analogous art due to the art disclosing techniques for utilizing a historical rejection rate in determining whether a user is permitted to access a respectively application (Dropps, Column 24, Lines 56 – 64).

	Regarding claim 13, Reuzel teaches The apparatus for determining an application permission according to claim 10, wherein the processor is further configured to:
	determine a candidate application permission corresponding to the target application service based on the current application scenario of the first application (Reuzel, Paragraph [0032], see “…generating the interaction pattern includes defining a number of roles and configuring a role as a source or a target of a transaction…a transaction is a communication path between two roles…In some embodiments, two roles may communicate with each other if they are associated with a transaction. If one has to enable a first role and a second role to communicate, the first role and the second role may have to be associated with a transaction. As can be appreciated, the transactions can determine which roles can invoke which other roles”, where “the transactions can determine which roles can invoke which other roles” is being read as the roles being used to determine a candidate application permission corresponding to the target application service based on the current application scenario of the first application, due to the first application needing to have a specific role in order to invoke a second application. In other words, based on the role of the first application, the system can determine a candidate application permission corresponding to the target application); 
	
	Reuzel does not teach the following limitation(s) as taught by Dropps: determine a candidate application permission as the target application permission in response that a historical rejection rate of the candidate application permission by the target user account under the current application scenario of the first application is smaller than a rejection rate threshold (Dropps, Column 4, Lines 4 – 11, see “Typical cloud computing providers deliver common business applications online, which are accessed from another web service or software like a web browser, while the software and data are stored remotely on servers…In this example, the application allows a client to access storage via a cloud”) (Dropps, Column 24, Lines 56 – 64, see “…At block 738, the request is deemed a failure, and a fail counter may be incremented and/or other notifications may be generated before the process returns to block 702 to await another request. If the fail count is greater than a threshold value, at block 740, the update token may be locked until a manual override at block 742. However, if the fail count is less than or equal to the threshold, the update token is simply released and the process continues to block 702…”, where “the request is deemed a failure, and a fail counter may be incremented…” is analogous to keeping track of a historical rejection rate of a candidate application by a target user account under a current application scenario and where “if the fail count is less than or equal to the threshold, the update token is simply released…” is analogous to determining a candidate application permission as the target application permission in response to a historical rejection rate (i.e., fail counter) is smaller than a rejection rate threshold). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for secure control systems, comprising of determining an application permission in response that a historical rejection rate is smaller than a rejection rate threshold, disclosed of Dropps. 
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of determining an application permission in response that a historical rejection rate is smaller than a rejection rate threshold. This allows for better security management by keeping track of past invocations with a particular user with regard to requesting access to a target application, in instances where if a user gets denied access to their request two or more times in a short period of time, the system can lock the user from further requests and/or the like. Dropps is deemed as analogous art due to the art disclosing techniques for utilizing a historical rejection rate in determining whether a user is permitted to access a respectively application (Dropps, Column 24, Lines 56 – 64).



9.	Claims 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Reuzel, in view of Smith (U.S. PGPub. 2019/0036776). 

	Regarding claim 8, Reuzel does not teach the following limitation(s) as taught by Smith: The method of claim 1, where said determining the target application permission comprises:
	obtaining adding times of application permissions added by the target user account under the current application scenario of the first application respectively (Smith, Paragraph [0055], see “…the control device 120 may base the implementation of the proposed changes on both the permission level of an administrator’s account and on the change index…the control device 120 may scale the change index from 1 to 10…the control device 120 may associate a first administrator account with a change threshold of 7…the first administrator may have permission to authorize implementation of proposed changes when the proposed changes have a change index less than or equal to the change threshold of 7”, where “change threshold” is analogous to obtaining adding times of application permissions added the by target user account, due to the “change threshold” being tracked by the control device and indicating how many changes (i.e., adding times) can be made by the target user account (i.e., first administrator)); and
	determining the application permission as the target application permission corresponding to the target application service under a condition that the adding times of the application permission is greater than a threshold of times (Smith, Paragraph [0055], see “…the control device 120 may scale the change index from 1 to 10…the control device 120 may associate a first administrator account with a change threshold of 7…the first administrator may have permission to authorize implementation of proposed changes when the proposed changes have a change index less than or equal to the change threshold of 7…when the proposed changes have a change index that exceeds the change threshold of 7, that is a change index of 8, 9, or 10, the control device 120 may prevent the first administrator from authorizing the implementation of the proposed changes”, where “the first administrator may have permission to authorize implementation of proposed changes…” is analogous to determining the application permission as the target application permission corresponding to the target application service under a condition that the adding times (i.e., change threshold of 7) of the application permission is greater than a threshold of times (i.e., proposed changes)).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for determining an effect of a network configuration change, comprising of obtaining adding times of application permissions added by a user and allowing the adding to be done if it meets certain criteria, disclosed of Smith.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of obtaining adding times of application permissions added by a user and allowing the adding to be done if it meets certain criteria. This allows for better security management by keeping track of the number of changes done to a system in order to keep the system more organized, as well as help in determining whether unauthorized changes are being made. Smith is deemed as analogous art due to the art disclosing techniques for granting privileges to users to make a specific number of changes to the system (Smith, Paragraph [0055]). 

	Regarding claim 14, Reuzel does not teach the following limitation(s) as taught by Smith: The apparatus for determining an application permission according to claim 10, wherein the processor is further configured to:
	obtain the adding times of application permissions added by the target user account under the current application scenario of the first application respectively (Smith, Paragraph [0055], see “…the control device 120 may base the implementation of the proposed changes on both the permission level of an administrator’s account and on the change index…the control device 120 may scale the change index from 1 to 10…the control device 120 may associate a first administrator account with a change threshold of 7…the first administrator may have permission to authorize implementation of proposed changes when the proposed changes have a change index less than or equal to the change threshold of 7”, where “change threshold” is analogous to obtaining adding times of application permissions added the by target user account, due to the “change threshold” being tracked by the control device and indicating how many changes (i.e., adding times) can be made by the target user account (i.e., first administrator)); and
	determine the application permission as the target application permission corresponding to the target application service under a condition that the adding times of the application permission is greater than a threshold of times (Smith, Paragraph [0055], see “…the control device 120 may scale the change index from 1 to 10…the control device 120 may associate a first administrator account with a change threshold of 7…the first administrator may have permission to authorize implementation of proposed changes when the proposed changes have a change index less than or equal to the change threshold of 7…when the proposed changes have a change index that exceeds the change threshold of 7, that is a change index of 8, 9, or 10, the control device 120 may prevent the first administrator from authorizing the implementation of the proposed changes”, where “the first administrator may have permission to authorize implementation of proposed changes…” is analogous to determining the application permission as the target application permission corresponding to the target application service under a condition that the adding times (i.e., change threshold of 7) of the application permission is greater than a threshold of times (i.e., proposed changes)).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for application integration using interaction patterns, disclosed of Reuzel, by implementing techniques for determining an effect of a network configuration change, comprising of obtaining adding times of application permissions added by a user and allowing the adding to be done if it meets certain criteria, disclosed of Smith.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for determining an application permission, comprising of obtaining adding times of application permissions added by a user and allowing the adding to be done if it meets certain criteria. This allows for better security management by keeping track of the number of changes done to a system in order to keep the system more organized, as well as help in determining whether unauthorized changes are being made. Smith is deemed as analogous art due to the art disclosing techniques for granting privileges to users to make a specific number of changes to the system (Smith, Paragraph [0055]). 

Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499