Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.

DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/3/22 has been entered.
 	Claims 1 and 10 are amended.  Claims 1-7, 9, and 10 are pending.

Response to Amendment

Claim Interpretation
The enhanced set of authorized APIs do not carry patentable weight for a number of reasons.  The claim is directed to a method of using API’s for user authorizations.  However, the enhanced API’s are not positively relied upon to perform any actions in the performing and providing steps.  This raises the question if they are used even though they may be part of the SDK.  Actively using the particulars of the set of enhanced APIs to provide user authorization would at least give this subject matter patentable weight.  Claims 3-5 add details to the servlet filter if it is used but claim 1 does not require it in the user authorizations.  Claim 6 is interpreted as a result of using a cookie which claim 1 does not use.  Claim 7 is a result of a server-side session which is not required by claim 1.  Claim 1 as amended uses a shared session cache memory.  It is not certain if claim 7’s “shared session cache” is the same or not.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-7, 9, and 10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding claims 1 and 10, the preamble recites user authorization and later the performing step reintroduces user authorization.  It is unclear if they are the same or not. The preamble introduces a set of authorization APIs.   The performing step further uses this term having been developed by the SDK but that step is absent and unclear where that occurs.  Furthermore, the SDK comprises an enhanced set of authorization API’s.  It is unclear if these are the same or different from the set of authorization.  The claim is further indefinite when “the authorization API’s” is recited because it not clear if the antecedent basis is the set, the enhanced set, or both.  It its noted, that during the interview that the amendments appeared to overcome the “112” rejections but after further consideration this one issue still remains despite overcoming all of the other items pertaining to 112.  Claims 2-7 and 9 are likewise rejected.


Response to Arguments
Applicant’s arguments, with respect to the rejection(s) of claim(s) 1 and 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-7, 9, and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over USP Application Publication 2006/0168054 to Burkhart et al., hereinafter Burkhart in view of USP Application Publication 2009/0328174 to Cen et al., hereinafter Chen

As per claims 1 and 10, Burkhart teaches a computer-implemented method for providing user authorizations utilizing a set of authorization application program interfaces (APIs) (0044 and 0054), the method comprising: 
providing an SDK for a client web application which performs user authorizations for multiple resources within an on-demand services environment (Fig.6 and 0057), wherein the SDK comprises an enhanced set of authorization APIs (0044),  
and wherein the enhanced set of authorization APIs is configured to: 
provide a first resource of the multiple resources so that a developer can include developer-defined user information (0042); 
provide a second resource of the multiple resources to allow the developer to utilize one of a cookie, or a server-side storage for storing the developer-defined user information (0042); and 
provide a third resource of the multiple resources to allow the developer to utilize  first or second embodiment of security framework the first embodiment including servlet filter mappings that can include a generic filter for requests that need to be secured, the second embodiment including the ability to create user roles and define specific access to the user roles (0044), 
performing user authorizations with the authorization APIs developed by the SDK (alerts sent to user’s toolbar/messaging application; 0044), wherein the performing the user authorizations with the authorization APIs is through a client web application executed by a hardware computing device (0042) to allow access to the multiple resources within the on-demand database services environment [user can then view items from his/her page from the commerce site; 0042]; and
 providing, based on the user authorizations and with one or more computing devices, the multiple resources [0041, takes user to associated user page]. 
The claim is interpreted as using BRI in light of the above-mentioned deficiencies under 112(b).  The claim is directed to a method of using API’s for user authorizations.  However, the enhanced API’s are not positively relied upon to perform any actions in the performing and providing steps.  This raises the question if they are used even though they may be part of the SDK.  Actively using the particulars of the set of enhanced APIs to provide user authorization would at least give this subject matter patentable weight.  
Burkhart is silent in explicitly teaching using a shared session cache memory without the use of cookies when providing the resources with an access token.  Burkhart has user information stored on the server.  On the other hand, Chen teaches using a shared session cache memory without the use of cookies when providing the resources with an access token [At step 317, “the user initiates a service request with the ISV application”…”to check service access control cache” (0088), “use the cached token lists to determine whether the token exists” (0091), “[f]or a session token, the generating time of the token and the current time are checked again to determine timeout” (0092)].  The users of Burkhart could have obviously been authorized using a known method, such as token validation. Tokens that can exist during a session could have obviously been used in the system of Burkhart.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   
As per claims 2-7 and 9, Burkhart anticipates these claims because they do not add anything to the method of claim 1 in terms of patentable weight.  They are interpreted as further conditions to the enhanced set of API’s or additional API’s of the enhanced set which fail to provide patentable weight as explained in the rejection of claim 1.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday – Friday, 9:30am - 5:30pm, EST.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431