DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/04/2022 follows the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-10, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over US 2012/0204235 to Jaudon et al. (hereinafter, “Jaudon”) in view of US 2007/0005595 to Gafter (hereinafter, “Gafter”).
As per claim 1: Jaudon discloses: A method comprising (methods, systems, devices, and computer program products [Jaudon, ¶0007]): receiving a request for a user to perform a plurality of activities (access permissions are granted to a user, wherein the access permissions are location-specific (“parameter of the user”) [Jaudon, ¶0038]; the access permissions include allowing/blocking actions to create, open, close, or delete a file or the like; e.g. see Fig. 3(305) [Jaudon, ¶0033]; a user logs into client device 120-b-1, which queries the host central computer system 105-a about the user and determine if a current session of the user is running; the user is granted location-specific access permissions to client device 120-b-1 [Jaudon, ¶0038; Fig. 2]); responsive to detecting an interaction by the user with the request, determining that the known parameter has changed (the user logs into client device 120-b-3, which is at a different location (e.g. the “parameter” of the user has changed) [Jaudon, ¶0039]); responsive to determining that the known parameter has changed, determining requirements for performing the plurality of activities based on a replacement parameter of the user (“The access permission rules may specify the control or access (e.g., to drives, directories, files, folders, applications, etc.) allowed at different locations, and these access permissions may be dynamically provided, modified, or taken away based on the changed location.” [Jaudon, ¶0039]; additional authentication factors at client device 120-b-3 may be required to allow access to the session at the new location [Jaudon, ¶0040-0041]); determining a replacement activity based on the requirements; and transmitting a new request to the user, the new request replacing the given activity with the replacement activity (identifying any access permission rules applicable to the determination that the user is within location 205-b of the client device 120-b-3 and initiate actions associated with enforcing the access permissions [Jaudon, ¶0040-0041]; for example, Fig. 3 depicts a user moving from an existing session with client device 120-c-1 at a first location to client device 120-c-2 at a second location, thereby changing a “parameter” of the user and initiating a “replacement” of previously applied permissions (“activities”) used at client device 120-c-1 with new permissions associated with the new location of device 120-c-2).
Furthermore, Jaudon discloses access permissions for the session to restrict resources, wherein resources include files [Jaudon, ¶0032]. Jaudon does not disclose explicitly include “secure documents”. However, Gafter is directed to controlling access to documents (i.e. the documents are “secure”) using access control lists and a membership list, akin to the access permissions in Jaudon.
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention was effectively filed to include secure documents as one of the resources to be protected in Jaudon. This would have been a design choice to developers in deciding what type of resources would have been protected. Electronic documents often contain sensitive information and would have been desirable for protection.

As per claim 2: Jaudon in view of Gafter disclose all limitations of claim 1. Furthermore, Jaudon discloses: wherein the known parameter is a known location of the user (the user’s session is tied with the location of the current client device the user has accessed [Jaudon, ¶0030, 0032]).

As per claim 3: Jaudon in view of Gafter disclose all limitations of claim 2. Furthermore, Jaudon discloses: wherein determining that the known parameter has changed comprises determining that a current location of the user is different from the known location of the user (in response to the user logging on to client device 120-b-3 at location 205 from client device 120-b-1 at a different location [Jaudon, ¶0039; Fig. 2]).

As per claim 7: Jaudon in view of Gafter disclose all limitations of claim 1.  Furthermore, Jaudon discloses: wherein the new request replaces the given activity with the replacement activity without providing indicia to the user that a replacement has occurred (“The user type-specific access permission rules and/or the region-specific access permission rules may be subsets of the aforementioned global set of access permissions identified for the user when the session is initiated. These actions may be initiated before the user has signed-in completely.” [Jaudon, ¶0040]).

As per claim 8: Claim 8 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 8 is directed to a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 8.

As per claim 9: Claim 9 incorporates all limitations of claim 8 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 2. Therefore, the arguments set forth above with respect to claims 2 and 8 are equally applicable to claim 9 and rejected for the same reasons.

As per claim 10: Claim 10 incorporates all limitations of claim 9 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 3. Therefore, the arguments set forth above with respect to claims 3 and 9 are equally applicable to claim 10 and rejected for the same reasons.

As per claim 14: Claim 14 incorporates all limitations of claim 8 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 7. Therefore, the arguments set forth above with respect to claims 7 and 8 are equally applicable to claim 14 and rejected for the same reasons.

As per claim 15: Claim 15 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 15 is directed to a system comprising memory with instructions corresponding to the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 15.

As per claim 16: Claim 16 incorporates all limitations of claim 15 and is a system comprising memory with instructions corresponding to the method of claim 2. Therefore, the arguments set forth above with respect to claims 2 and 15 are equally applicable to claim 14 and rejected for the same reasons.

As per claim 17: Claim 17 incorporates all limitations of claim 16 and is a system comprising memory with instructions corresponding to the method of claim 3. Therefore, the arguments set forth above with respect to claims 3 and 16 are equally applicable to claim 17 and rejected for the same reasons.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jaudon in view of Gafter and in further view of US 2004/0078490 to Anderson et al. (hereinafter, “Anderson”). 
As per claim 4: Jaudon in view of Gafter disclose all limitations of claim 3. Jaudon and Gafter do not disclose the limitations of claim 4. However, Anderson discloses: wherein determining that the current location of the user is different from the known location of the user comprises determining the current location of the user based on an internet protocol (IP) address of a device of the user associated with the interaction by the user (the geographic location of a received IP address is obtained [Anderson, ¶0052]).
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention was effectively filed to utilize the IP address of the client device a user is attempting to login to determine the physical location the user is currently located. IP addresses are associated with known geolocations according to Anderson, which would have provided a simple manner of determining the physical locations of a device. In contrast to known GPS-based location determination processes, which often require additional hardware to achieve.

As per claim 11: Claim 11 incorporates all limitations of claim 10 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 4. Therefore, the arguments set forth above with respect to claims 4 and 10 are equally applicable to claim 11 and rejected for the same reasons.

As per claim 18: Claim 18 incorporates all limitations of claim 17 and is a system comprising memory with instructions corresponding to the method of claim 4. Therefore, the arguments set forth above with respect to claims 4 and 17 are equally applicable to claim 18 and rejected for the same reasons.

Claims 5, 6, 12, 13, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jaudon in view of Gafter and in further view of US 2011/0030037 to Olshansky et al. (hereinafter, “Olshansky”). 
As per claim 5: Jaudon in view of Gafter disclose all limitations of claim 3. Furthermore, Jaudon discloses: wherein determining the requirements for performing the plurality of activities based on a replacement parameter of the user comprises: assigning the current location to be the replacement parameter (region-specific access permission rules for user, such as the user logging into the location 205 [Jaudon, ¶0039]; in other words, the user is assigned to location 205 by the way of assigning region-specific access permissions); .
Jaudon and Gafter do not disclose: retrieving an entry from a requirements database, the entry mapping the requirements to the current location; and determining the requirements based on contents of the entry. However, Jaudon does suggest the notion of requiring a user to provide additional authentication factors when at a client device in a different location [Jaudon, ¶0040-0041]. Olshansky is directed to analogous art of controlling network access in different physical locations of a network [Olshansky, ¶0003]. Olshansky discloses: retrieving an entry from a requirements database, the entry mapping the requirements to the current location; and determining the requirements based on contents of the entry (re-login process of a user is determined to be required based on zone migration settings [Olshansky, ¶0046; Fig. 5]; for example, re-authentication is dependent on settings implemented by an administrator (i.e. collectively, these are the “requirements”) [Olshansky, ¶0042-0044]).
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention as effectively filed to implement location-specific authentication policies in Jaudon, as disclosed in Olshansky. This additional feature would have enabled an administrator to provide different degrees of security based on locations and/or zones.

As per claim 6: Jaudon in view of Gafter and Olshansky disclose all limitations of claim 5. The motivation for incorporating Olshansky in claim 5 is also applicable herein. Furthermore, Jaudon in view of Gafter and Olshansky disclose: wherein the requirements comprise identity verification requirements, and wherein determining the replacement activity comprises determining a workflow that, when completed by the user, would satisfy the identity verification requirements (determining if re-login at a particular port-location is required after a zone migration [Olshansky, ¶0046]).

As per claim 12: Claim 12 incorporates all limitations of claim 10 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 5. Therefore, the arguments set forth above with respect to claims 5 and 10 are equally applicable to claim 12 and rejected for the same reasons.

As per claim 13: Claim 11 incorporates all limitations of claim 12 and is a non-transitory computer-readable medium comprising memory with instructions corresponding to the method of claim 6. Therefore, the arguments set forth above with respect to claims 6 and 12 are equally applicable to claim 13 and rejected for the same reasons.

As per claim 19: Claim 19 incorporates all limitations of claim 17 and is a system comprising memory with instructions corresponding to the method of claim 5. Therefore, the arguments set forth above with respect to claims 5 and 17 are equally applicable to claim 19 and rejected for the same reasons.

As per claim 20: Claim 20 incorporates all limitations of claim 19 and is a system comprising memory with instructions corresponding to the method of claim 6. Therefore, the arguments set forth above with respect to claims 6 and 19 are equally applicable to claim 20 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2013/0254831: A change of context information associated with a device results in revision of a security policy. Context includes data regarding current and recent locations of the device. See Abstract, ¶0019.
US 2002/0091532: A document control system determines if a user has authorization to access to a document based on a client list and a list of documents associated with the client’s role. See ¶0011.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        8-26-2022