DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 8/26/2022.

Examiner's Statement of reason for Allowance
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to a computing platform may be configured to (i) receive a request to access one or more resources on behalf of a given user, (ii) identify a parameter within the request that requires a permission verification, (iii) apply a verification tag to the parameter, wherein the verification tag is set to a first value indicating that a permission verification has not been successfully performed for the given user with respect to the parameter, (iv) perform a permission verification for the given user with respect to the parameter, (v) based on performing the permission verification, either (a) update the verification tag from the first value to a second value indicating that a permission verification has been successfully performed or (b) leave the verification tag set to the first value, and (vi) determine whether to grant or deny the request based at least in part on the verification tag for the parameter.



The closest prior art, as previously recited, Dutta (US 2005/0177570 A1), Shimizu (US 2017/0230422 A1) and Wiese (US 8,230,484 B1), in which, Dutta discloses facilitate database row-level security by utilizing SQL extensions to create and associate named security expressions with a query initiator(s). Such expressions include Boolean expressions, which must be satisfied by a row of data in order for that data to be made accessible to the query initiator. In general, a query is augmented with security expressions, which are aggregated and utilized during querying rows of data. The systems and methods variously place security expressions within a query in order to optimize query performance while mitigating information leaks. This is achieved by tagging security expressions as special and utilizing rules of predicate to pull or push non-security expressions above or below security expressions, depending on the likelihood of a non-security being safe, as determined via a static and/or dynamic analysis; and in which Shimizu teaches a state of following a policy is maintained without troubling a person in the case where an operation setting relating to the policy is added by the update of software for an apparatus that is managed systematically under the policy. In the embodiment, the aspect is described in which the two kinds of generation information (currently being applied and at the time of policy setting) about software are saved and whether the policy adaptation processing is necessary is determined in accordance with the difference therebetween; and in which Wiese teaches a client computer and/or a user is authenticated via installation of an agent, permitting access to previously inaccessible resources. All users are initially denied access to a resource via a permission list, such as a by being a member of a group that is denied access. The user, once authenticated, is permitted to access the resource, e.g. by being temporarily removed from a cached copy of the group, by being temporarily added to a cached copy of a group allowed to access the resource, or both. Authentication is revoked when the agent is uninstalled. Subsequent accesses to the resource are not permitted, e.g. by undoing the temporary removal or addition. An optional resource firewall proxy server between client computers and a resource filters requests for the resource, and until a user is authenticated via an out-of-band communication from an agent, the user is denied access to the resource.

However, none of Dutta (US 2005/0177570 A1), Shimizu (US 2017/0230433 A1) and Wiese (US 8,230,484 B1), alone or in combination, the particular combination of steps or elements as recited in the independent Claim 1, and similarly Claim 11 and Claim 20.  For example, none of the cited prior art teaches or suggest the steps of: receive a request to access one or more resources on behalf of a given user; identify a parameter within the request that requires a permission verification; append, to the request, a verification tag for the parameter, that comprises a verification status indicator that indicates whether or not a permission verification has been successfully performed for the given user with respect to the parameter, wherein the verification status indicator is set to a first value indicating that a permission verification has not been successfully performed for the given user with respect to the parameter; after appending the verification tag, perform a permission verification for the given user with respect to the parameter; based on performing the permission verification for the given user with respect to the parameter, either (i) update the verification status indicator from the first value to a second value indicating that a permission verification has been successfully performed for the given user with respect to the parameter if the given user's permission with respect to the parameter is successfully verified or (ii) leave the verification status indicator set to the first value if the given user's permission with respect to the parameter is not successfully verified; and determine whether to grant or deny the request based at least in part on the verification status indicator for the parameter.

Therefore, the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439