DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application 16/988,127 filed on 8/20/2020.

Election/Restriction
Restriction to one of the following inventions is required under 35 U.S.C. 121:
I. Claims 1-9 drawn to a host computing machine to manage access by a user computing machine of a network resource comprising computer machine eligibility, classified in H04L63/102.
II. Claims 10-19 drawn to an access right management computing machine to control access by a user operating a user computing machine of a network resource comprising widgets and access rights management macro, classified in H04L 63/04.
III. Claims 20 drawn to an access right management computing platform for controlling access to a network resource requested by a user involving single sign-on and macros, classified in H04L 63/0815.
The inventions are independent or distinct, each from the other because:
Inventions I, II, and II  are related as subcombinations disclosed as usable together in a single combination.  The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination is separately usable.  In the instant case, subcombination I has separate utility such as computer machine eligibility, subcombination II has separate utility such as widgets and macros, and subcombination III has separate utility such as sso and marcos. See MPEP § 806.05(d).
The examiner has required restriction between subcombinations usable together. Where applicant elects a subcombination and claims thereto are subsequently found allowable, any claim(s) depending from or otherwise requiring all the limitations of the allowable subcombination will be examined for patentability in accordance with 37 CFR 1.104.  See MPEP § 821.04(a).  Applicant is advised that if any claim presented in a continuation or divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to provisional statutory and/or nonstatutory double patenting rejections over the claims of the instant application. 
Restriction for examination purposes as indicated is proper because all the inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because one or more of the following reasons apply:
(a) the inventions have acquired a separate status in the art in view of their different classification;
(b) the inventions have acquired a separate status in the art due to their recognized divergent subject matter;
(c) the inventions require a different field of search (for example, searching different classes/subclasses or electronic resources, or employing different search queries);
(d) the prior art applicable to one invention would not likely be applicable to another invention;
Applicant is advised that the reply to this requirement to be complete must include (i) an election of an invention to be examined even though the requirement may be traversed (37 CFR 1.143) and (ii) identification of the claims encompassing the elected invention. 
The election of an invention may be made with or without traverse. To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA  35 U.S.C. 103(a) of the other invention.
During a telephone conversation with Timothy Meece on 8/8/2022 a provisional election was made with traverse to prosecute the invention of Group II, claims 10-19.  Affirmation of this election must be made by applicant in replying to this Office action.  Claims 1-9 and 20 are withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.


Claim Objections
Claim 10 are objected to because of the following informalities:

Regarding Claim 10; claim 10 is objected to failing to comply with 37 CFR 1.75(e). An independent claim should include a preamble, a transitional phrase, and a body of the claim, in which claimed limitations that the Applicants consider as new or improved elements/steps/features are positively recited within the body of the claim. Claim 10 includes a preamble and a transitional phrase and the claim’s body. It is suggested that claim 10 be further amended to include in the body of the claim comprising active steps on executing the instructions (i.e. authenticating....; generating..., allowing...;). Appropriate correction is required.













Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1).

Regarding Claim 10;
Chayanam discloses a non-transitory computer-readable medium with computer-executable instructions stored thereon executed by a processor on an access right management computing machine to control access by a user operating a user computing machine of a network resource (FIG. 2 – Authentication Server and Client and Web Server/Data Server) said access right management computing machine and said user computing machine coupled to a network (FIG. 2 Authentication Server and Client), said computer-executable instructions comprising: 
a. single sign-on authentication instructions for the access right management computing machine to authenticate and identify the user (FIG. 3A-3B and col. 4, lines 55-59 - The web page [sic] may 212 also contain an authentication component 214 provided by an authentication server 220. In this example, the authentication server 220 contains an authentication database 222 and configuration file 224 used to authenticate a user to the web page 212); 
b. widget configuration instructions for the access right management computing machine to generate an access right management [code] containing a plurality of all [code] steps required for the user to secure all said access rights required access to the network resource (col. 2, lines 21-25 - The reusable authentication component may be implemented as a widget or other software component provided by an authentication server and col. 5. Lines 13-15 and col. 10, lines 35-45 - As described above, modifying the various user interfaces 400, 410, 420 and/or 430 of the authentication widget 214, all of which may be integrated into the web page 212, need not require refreshing or redirecting the parent web page 212. Since the authentication widget 214 may include the underlying code for controlling and modifying the widget user interfaces 400, 410, 420 and 430, as well as the code for communicating with the authentication server 220 to transmit and receive the various authentication data, the authentication process and user interface modifications may occur without the participation or knowledge of the web page 212.)
c. host page generation instructions for the access right management computing machine to generate an asset right management GUI containing a user-selectable graphical widget corresponding to the access right management [code] (FIG. 4G and col. 5, lines 67-col. 6, lines 23 -  In this example, the client 210 may initiate the request to the authentication server 220 for the authentication widget 214 during or shortly after receiving and loading the web page 212, so that the authentication widget 214 may be received from the authentication server 220 at approximately the same time as the other web content from the web server 230.... In step 302, the authentication widget 214 associated with the requested web page 212 is invoked (e.g., received from server 220 and instantiated by the client 210), and the corresponding authentication user interface is presented to the user within the web page 212. An illustrative user interface 400 corresponding to an authentication widget 214 is shown in FIG. 4A and col. 10, lines 21-45);
d. user input instructions to allow the user to select the graphical widget on the user computing machine and generate a request for the network resource (col. 6, lines 19-24 ad FIG. 4F-4H and col. 10, lines 21-45); 
e. ... execution instructions on the access right management computing machine to trigger execution of the plurality of [instruction] steps required for the user to secure all said access rights to the network resource when the user selects the graphical widget on the user computing machine (col. 10, lines 21-45 - In FIG. 4G, in step 309 an alternative modified user interface 430 is rendered on the authentication widget 214, integrated into the web page 212, to display a different a SiteKey.RTM. phrase 431 (tighten down the vise') and a SiteKey.RTM. image of a vice 432. In this example, in step 310, the user recognizes this data as his previously selected mutual authentication data and clicks the `Yes` button 433 (310:Yes). After the user confirms the mutual authentication data, the authentication user interface 430 is modified in step 311 to display a passcode text input box 434 and a `Sign In` button 435 to allow the user to submit his passcode to the authentication server 220. In step 312, the passcode submitted by the user via the authentication widget 210 to the authentication server 220 is verified to confirm that it is the user's correct passcode. As described above, modifying the various user interfaces 400, 410, 420 and/or 430 of the authentication widget 214, all of which may be integrated into the web page 212, need not require refreshing or redirecting the parent web page 212. Since the authentication widget 214 may include the underlying code for controlling and modifying the widget user interfaces 400, 410, 420 and 430, as well as the code for communicating with the authentication server 220 to transmit and receive the various authentication data, the authentication process and user interface modifications may occur without the participation or knowledge of the web page 212).
f. if the plurality of [code] steps are successfully executed to obtain all of said access rights, approval instructions for the access right management computing machine to notify the user that access to the network resource is granted and to allow the user to access the network resource (col. 10, lines 46-50); and 
g. if the plurality of [code] steps are not successfully executed to obtain all of said access rights, denial instructions for the access right management computing machine to notify the user that access to the network resource is denied and to prevent the user from accessing the network resource (col. 10, lines 46-50).
Chayanam teaches concepts of a widget that contains code for access right management, see FIG. 4G and col. 10, 21-45 - Since the authentication widget 214 may include the underlying code for controlling and modifying the widget user interfaces 400, 410, 420 and 430, as well as the code for communicating with the authentication server 220 to transmit and receive the various authentication data, the authentication process and user interface modifications may occur without the participation or knowledge of the web page 212) Chayanam fails to explicitly disclose the widget containing macros for access right management.   
However, Chayanam teaches in certain embodiments macros can be used to implement an authentication component on the web page.  
A person of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that the use of macros as noted by Chayanam, alternative embodiment, and could be substituted for the code of Chayanam because a widget using code could use macros, instead, for access right management (i.e., as Chayanam states macros can be used for authentication). Furthermore, a person of ordinary skill in the art would have been able to carry out the substitution. Finally, the substitution achieves the predictable result as code and macros both are used as mechanism for authentication.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the macros of Chayanam for the code of Chayanam according to known methods to yield a predictable result.

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1) in view of Vath et al. (US 2020/0401684 A1).

Regarding Claim 11;
Chayanam discloses the medium to Claim 10.
	Chayanam further discloses wherein the asset right management GUI .... for which the network resource is requested (FIG. 3A-B). 
Chayanam fails to explicitly disclose ...contains a first hyperlink to allow the user to change a user role...
However, in an analogous art, Vath teaches ...contains a first hyperlink to allow the user to change a user role... (Vath, [0085] -  FIG. 7 is a flowchart illustrating changing roles, according to one embodiment described herein. In an embodiment, as discussed above, a user can be associated with multiple potential roles for a system (e.g., primary care provider, secondary care provider, observer, administrator, patient, patient guardian, patient assistant, etc.). In this embodiment, a user can change roles during a session. For example, a user can select a “change role” action using a drop-down, link, or other user interface technique. In an embodiment, this triggers a change role action).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Vath to the GUI Chayanam to include...contains a first hyperlink to allow the user to change a user role...
One would have been motivated to combine the teachings of Vath to Chayanam to do so as it provides / allows a user to be associated with multiple potential roles for a system (Vath, [0085]).

Claim(s) 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1) in view of Vath et al. (US 2020/0401684 A1) and further in view of Rowen (US 2007/0174113 A1).

Regarding Claim 12;
Chayanam and Vath discloses the medium to Claim 11.
Chayanam further discloses the asset right management GUI (FIG. 3A-B and FIG. 4G).
Chayanam and Vath fail to explicitly disclose wherein ...displays a status of the request.
However, in an analogous art, Rowen teaches wherein ...displays a status of the request (Rowen, [0055]).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowen to the request of Chayanam and Vath to include ...displays a status of the request.
One would have been motivated to combine the teachings of Rowen to Chayanam and Vath to do so as it provides / allows providing notice of modification (Rowen, [0025]).

Regarding Claim 13;
Chayanam and Vath and Rowen discloses the medium to Claim 12.
	Rowen further teaches wherein the status of the asset right management GUI is displayed as pending (Rowen, [0055]).

Regarding Claim 14;
Chayanam and Vath and Rowen discloses the medium to Claim 12.
	Rowen further teaches wherein the status of the asset right management GUI is displayed as denied (Rowen, [0055]).

Regarding Claim 15;
Chayanam and Vath and Rowen discloses the medium to Claim 12.
	Rowen further teaches wherein the status of the asset right management GUI is displayed as approved (Rowen, [0055]).





Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1) in view of Burns et al. (US 2007/0233685 A1).

Regarding Claim 16;
Chayanam discloses the medium to Claim 10.
Chayanam further discloses the asset right management GUI (FIG. 3A-B and FIG. 4G).
Chayanam fails to explicitly disclose wherein ... contains a second hyperlink to allow the user to request help information.
However, in an analogous art, Burns teaches wherein ... contains a second hyperlink to allow the user to request help information (FIG. 3 and [0025] - Link 318, for example, can be an identifier presented to a requester that when accessed provides options and alternative methods for accessing the protected content within the search result that the affiliated institution is not authorized to access. In various embodiments, the alternative methods and options can be displayed in the same browser window as the link, in a separate browser window, in a pop-up window, in a side-pane window, or in a top/bottom-pane window).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Burns to the GUI of Chayanam to include wherein ... contains a second hyperlink to allow the user to request help information
One would have been motivated to combine the teachings of Burns to Chayanam to do so as it provides / allows options and alternatives for access (Burns, [0025]).

Claim(s) 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1) in view of in view of Burns et al. (US 2007/0233685 A1) and further in view of Yu et al. (US 2021/0064769 A1).

Regarding Claim 17;
Chayanam discloses the medium to Claim 16
Chayanam and Burns fails to explicitly disclose wherein the help information describes an approval process to secure all said access rights required to access the network resource.
However, in an analogous art, Yu teaches wherein the help information describes an approval process to secure all said access rights required to access the network resource (Yu, [0075] - The authorization object 503 can have a property such as “How_To_Authorize” to provide instructions to users about how to obtain the authorization. The indication of how to obtain the authorization can be presented to users who are trying to access a resource that requires the type of authorization if the users have not obtained the type of authorization. For example, the indication of how to obtain the authorization can be a string, such as a prompt to “Complete a confidentiality agreement for resource x.” As other examples, the indication of how to obtain the authorization can be a different object, such as an object representing a web page or URL that a user should access, an object representing a different user to be contacted, et.c).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Yu to the help of Chayanam and Burns to include wherein the help information describes an approval process to secure all said access rights required to access the network resource.
One would have been motivated to combine the teachings of Yu to Chayanam and Burns to do so as it provides / allows controlling access, for example by managing and auditing access to computer resources using context-based and/or role-based charters (Yu, [0003]).

Regarding Claim 18;
Chayanam and Burns and Yu discloses the medium to Claim 17.
Yu further teaches wherein the help information describes the user role for which access to the network resource may be requested. (Yu, [0075] – qualification object... The authorization object 503 can have a property such as “How_To_Authorize” to provide instructions to users about how to obtain the authorization. The indication of how to obtain the authorization can be presented to users who are trying to access a resource that requires the type of authorization if the users have not obtained the type of authorization. For example, the indication of how to obtain the authorization can be a string, such as a prompt to “Complete a confidentiality agreement for resource x.” As other examples, the indication of how to obtain the authorization can be a different object, such as an object representing a web page or URL that a user should access, an object representing a different user to be contacted, etc. and [0075] - The qualification object 505 can be used to represent a type of qualification that is required for resource access and/or a qualification that a known user has obtained. The qualification object 505 can have a property such as “Controls” for indicating the type of qualification represented by the qualification object 505. Example types of qualifications include completing trainings, technical skills, title, licenses, approval from another user such as a data owner compliance owner to access data, etc.).

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chayanam et al. (US 8,136,148 B1) in view of Vath et al. (US 2020/0401684 A1) and further in view of Rowen (US 2007/0174113 A1) and further in view of Yu et al. (US 2021/0064769 A1).

Regarding Claim 19;
Chayanam and Vath and Rowen disclose the medium to Claim 14.
Chayanam further discloses the asset right management GUI (FIG. 3A-B and FIG. 4G).
Rowen further discloses the denial (Rowen, [0055]).
Chayanam and Vath and Rowen fails to explicitly disclose wherein the asset right management GUI contains a denial explanation to explain to the user which of said access rights were not successfully obtained.
However, in an analogous art, Yu teaches wherein the asset right management GUI contains a denial explanation to explain to the user which of said access rights were not successfully obtained. (Yu, [0075] - The authorization object 503 can have a property such as “How_To_Authorize” to provide instructions to users about how to obtain the authorization. The indication of how to obtain the authorization can be presented to users who are trying to access a resource that requires the type of authorization if the users have not obtained the type of authorization. For example, the indication of how to obtain the authorization can be a string, such as a prompt to “Complete a confidentiality agreement for resource x.” As other examples, the indication of how to obtain the authorization can be a different object, such as an object representing a web page or URL that a user should access, an object representing a different user to be contacted, et.c).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Yu to the denial of Chayanam and Vath and Rowen to include wherein the asset right management GUI contains a denial explanation to explain to the user which of said access rights were not successfully obtained.
One would have been motivated to combine the teachings of Yu to Chayanam and Vath and Rowen to do so as it provides / allows controlling access, for example by managing and auditing access to computer resources using context-based and/or role-based charters (Yu, [0003]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/            Primary Examiner, Art Unit 2439