DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. EP15163852, filed on 04/16/2015.

 Claim Status
This Office Action is in response to communications filed on 6/11/2021. Claims 1-19 were pending for examination.
 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 18 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claim 18 is directed to program per se.
Claim 19 does not explicitly exclude signal per se.
Double Patenting 
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, 
e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 
1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 
1.321(b).  
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based e-Terminal Disclaimer may be filled out completely online using webscreens. An e-Terminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about e-Terminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 
 
Claims 1-19 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-19 of US Patent (U.S. Patent 11,062,542). 
Although the conflicting claims are not identical, they are not patentably distinct from each other because they are merely obvious variations of the patented claims, as shown below:  

Instant Application 17/345,234
U.S. 11,062,542

Claims:

1. A method for determining whether a user with a credential should be granted access to a physical space, the method being performed in an access control device and comprising: identifying the credential presented to the access control device; obtaining a set of at least one assignment of a permission, associated with the physical space, to external organizations from a database; determining a credential organization being associated with the credential; and granting access when, and only when, the permission is assigned to the credential organization.

















2. The method according to claim 1, further comprising obtaining a set of site roles associated with the credential identity; wherein the granting access further comprising granting access when and only when there is at least one site role in the set of site roles to which a permission is assigned.


3. The method according to claim 2, wherein obtaining a set of site roles comprises: obtaining a user identity assigned to the credential; and obtaining a set of site roles assigned to the user identity.

4. The method according to claim 1, wherein granting access further comprises granting access when and only when all available validity times of one or more of the assignments indicate validity.


5. The method according to claim 3, wherein obtaining a user identity assigned to the credential comprises reading data from a memory of the access control device, which caches data from a server of the credential organization.




6. The method according to claim 3, wherein obtaining a set of site roles assigned to the user identity comprises reading data from a memory of the access control device, which caches data from a server of a site owner, owning the physical space.


7. The method according to claim 1, wherein granting access comprises reading data of assignments of permissions to site roles from a memory of the access control device, which caches data from a server of the site owner, owning the physical space.


8. The method according to claim 1, wherein obtaining a set of site roles comprises, for each site role, determining an organizational role, from a server of the credential organization, and determining, from a server of the site owner, a site role associated with the organizational role.

9. An access control device for determining whether a user with a credential should be granted access to a physical space, the access control device comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the access control device to: identify the credential presented to the access control device; obtain a set of at least one assignment of a permission, associated with the physical space, to external organizations from a database; determine a credential organization being associated with the credential; and grant access when, and only when, the permission is assigned to the credential organization.
















10. The access control device according to claim 9, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the access control device to: obtain a set of site roles associated with the credential identity; and wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the access control device to grant access when and only when there is at least one site role in the set of site roles to which a permission is assigned.

11. The access control device according to claim 10, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the access control device to: obtain a user identity assigned to the credential; and obtain a set of site roles assigned to the user identity.

12. The access control device according to claim 9, wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the access control device to grant access when and only when all available validity times of one or more of the assignments indicate validity.

13. The access control device according to claim 11, wherein the instructions to obtain a user identity assigned to the credential comprise instructions that, when executed by the processor, cause the access control device to read data from a memory of the access control device, which caches data from a server of the credential organization.

14. The access control device according to claim 11, wherein the instructions to obtain a set of site roles assigned to the user identity comprise instructions that, when executed by the processor, cause the access control device to read data from a memory of the access control device, which caches data from a server of a site owner, owning the physical space.


15. The access control device according to claim 9, wherein the instructions to grant access comprise instructions that, when executed by the processor, cause the access control device to read data of assignments of permissions to site roles from a memory of the access control device, which caches data from a server of the site owner, owning the physical space.



16. The access control device according to claim 9, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the access control device to, for each site role, determine an organizational role, from a server of the credential organization and determine, from a server of the site owner, a site role associated with the organizational role.

17. An access control system comprising a plurality of access control devices according to claim 9 and a site management system server storing site role to user identity assignments and site role to permission assignments.

18. A computer program for determining whether a user with a credential should be granted access to a physical space, the computer program comprising computer program code which, when run on an access control device cause the access control device to: identify the credential presented to the access control device; obtain a set of at least one assignment of a permission, associated with the physical space, to external organizations from a database; determine a credential organization being associated with the credential; and grant access when, and only when, the permission is assigned to the credential organization.

















19. A computer program product comprising a computer program according to claim 17 and a computer readable means on which the computer program is stored.
Claims: 

1. A method for determining whether a user with a credential having permissions assigned to and controlled by a credential organization should be granted access to a physical space, the method being performed in a physical lock device which can be set in an unlocked state or locked state that is controlled by a site owner and comprising the steps of: identifying the credential presented to the physical lock device; obtaining, from a database and based on the identification of the credential presented to the physical lock device, a set of at least one assignment of a permission, associated with the physical space, to a plurality of external organizations, wherein the plurality of external organizations comprise the credential organization and wherein the credential organization is different from the site owner; determining, based on obtaining from the database the set of at least one assignment of the permission, that the credential organization is associated with the credential and that the credential organization is assigned the permission; and granting access, by the physical lock device and in accordance with a rule defined by the site owner, when, and only when, the permission is determined to be assigned to the credential organization based on obtaining the set of at least one assignment of the permission from the database.
2. The method according to claim 1, further comprising the step of: obtaining a set of site roles associated with the credential identity; wherein the step of granting access further comprising granting access when and only when there is at least one site role in the set of site roles to which a permission is assigned.
3. The method according to claim 2, wherein the step of obtaining a set of site roles comprises the steps of: obtaining a user identity assigned to the credential; and obtaining a set of site roles assigned to the user identity.
4. The method according to claim 1, wherein the step of granting access further comprises granting access when and only when all available validity times of one or more of the assignments indicate validity.
5. The method according to claim 3, further comprising the step of: caching data from a server of the credential organization in a memory of the physical lock device; and wherein the step of obtaining a user identity assigned to the credential comprises reading data from the memory of the physical lock device.
6. The method according to claim 3, further comprising the step of: caching data from a server of a site owner, owning the physical space, in a memory of the physical lock device; and wherein the step of obtaining a set of site roles assigned to the user identity comprises reading data from the memory of the physical lock device.
7. The method according to claim 1, further comprising the step of: caching data from a server of the site owner, owning the physical space, in a memory of the physical lock device; and wherein the step of granting access comprises reading data of assignments of permissions to site roles from the memory of the physical lock device.
8. The method according to claim 1, wherein the step of obtaining a set of site roles comprises, for each site role, determining an organizational role, from a server of the credential organization, and determining, from a server of the site owner, a site role associated with the organizational role.
9. A physical lock device that is switchable between an unlocked state and a locked state for determining whether a user with a credential having permissions assigned to and controlled by a credential organization should be granted access to a physical space of a site owner, the physical lock device comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the physical lock device to: identify the credential presented to the physical lock device; obtain, from a database and based on the identification of the credential presented to the physical lock device, a set of at least one assignment of a permission, associated with the physical space, to a plurality of external organizations, wherein the plurality of external organizations comprise the credential organization and wherein the credential organization is different from the site owner; determine, based on obtaining from the database the set of at least one assignment of the permission, that the credential organization is associated with the credential and that the credential organization is assigned the permission; and grant access in accordance with a rule defined by the site owner when, and only when, the permission is determined to be assigned to the credential organization based on obtaining the set of at least one assignment of the permission from the database.
10. The physical lock device according to claim 9, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the physical lock device to: obtain a set of site roles associated with the credential identity; and wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the physical lock device to grant access when and only when there is at least one site role in the set of site roles to which a permission is assigned.
11. The physical lock device according to claim 10, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the physical lock device to: obtain a user identity assigned to the credential; and obtain a set of site roles assigned to the user identity.
12. The physical lock device according to claim 9, wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the physical lock device to grant access when and only when all available validity times of one or more of the assignments indicate validity.
13. The physical lock device according to claim 11, wherein the instructions to obtain a user identity assigned to the credential comprise instructions that, when executed by the processor, cause the physical lock device to read data from a memory of the physical lock device, which caches data from a server of the credential organization.
14. The physical lock device according to claim 11, wherein the instructions to obtain a set of site roles assigned to the user identity comprise instructions that, when executed by the processor, cause the physical lock device to read data from a memory of the physical lock device, which caches data from a server of a site owner, owning the physical space.

15. The physical lock device according to claim 9, wherein the instructions to grant access comprise instructions that, when executed by the processor, cause the physical lock device to read data of assignments of permissions to site roles from a memory of the physical lock device, which caches data from a server of the site owner, owning the physical space.
16. The physical lock device according to claim 9, wherein the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the physical lock device to, for each site role, determine an organizational role, from a server of the credential organization and determine, from a server of the site owner, a site role associated with the organizational role.
17. An access control system comprising a plurality of physical lock devices according to claim 9 and a site management system server storing site role to user identity assignments and site role to permission assignments.
18. A non-transitory computer-readable means comprising a computer program stored thereon for determining whether a user with a credential having permissions assigned to and controlled by a credential organization should be granted access to a physical space of a site owner, the computer program comprising computer program code which, when run on a physical lock device which can be set in an unlocked state or locked state, cause the physical lock device to: identify the credential presented to the physical lock device; obtain, from a database and based on the identification of the credential presented to the physical lock device, a set of at least one assignment of a permission, associated with the physical space, to a plurality of external organizations, wherein the plurality of external organizations comprise the credential organization and wherein the credential organization is different from the site owner; determine, based on obtaining from the database the set of at least one assignment of the permission, that the credential organization is associated with the credential and that the credential organization is assigned the permission; and grant access in accordance with a rule defined by the site owner when, and only when, the permission is determined to be assigned to the credential organization based on obtaining the set of at least one assignment of the permission from the database.
19. A computer program product comprising a computer program according to claim 18 and the non-transitory computer-readable means on which the computer program is stored.


Although the conflicting claims are not identical, they are not patentably distinct from each other because claims in the continuation are broader than the patented claims, In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982) and In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993), broad claims in the instant application are rejected as obvious double patenting over narrow claims of the patent. Likewise, claims 1-19 of the instant application contain only obvious modifications of independent and dependent claims 1-19. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 
.
Claims 1-3, 5-6, 9-11, 13-14, and 17, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Elfstrom et al. (U.S. Patent Application Pub. 2014/0247111) in view of Kuenzi et al. (U.S. Patent Application Pub. 2012/0180123) further in view of Whitson (U.S. Patent 7,650,633).   
Regarding claim 1, Elfstrom teaches a method for determining whether a user with a credential should be granted access to a physical space, the method being performed in an access control device (¶028, Fig. 1; access control system 100 including communication network 104 connecting a plurality of access control modules 116 and a credential programming system 128 to an administrative device 108 or control panel for providing physical access to secured rooms in a multi-room facility; Examiner: also see ¶029-¶030) comprising: 
identifying the credential presented to the access control device (¶034; access control modules 116 communicate with access credentials 136 carried by users or guests of the multi-room facility via contactless and/or contact-based communication protocols and such communications will allow the access control modules 116 to identify the access credential 136 presented thereto as well as determine access permissions for the holder of the access credential 136); 
obtaining a set of at least one assignment of a permission, associated with the physical space, from a database; (¶029-¶030, Fig. 1, ¶043-¶044; access control logic 132 of the administrative device 108 may provide a central location for administering the security of the multi-room facility… access control logic 132 connected to a centralized database 140 which includes guest’s reservation information to one or more rooms 112a-N within or assets of the multi-room facility….access control logic 132 serves as central source of security information for various other components of secure access system 100… access control logic 132 responds to requests generated by access control modules 116 and credential programming system 128, e.g., by providing requested information to the requesting device or confirming the accuracy of information provided by the requesting device); and  
granting access when, and only when, the permission is assigned to the credential (¶043; access control module 116 comprises a memory 208…further comprising one or more modules that provide the access control module 116 with the ability to make a determination to either permit or deny user access to an asset controlled by the access control module; also ¶067; the access control modules 116 associated with the elevator 124 or corridor 120 may permit access to their associated asset if the credential identification number is provided to the access control module 116; also ¶078; access control module 116 parses the message received from the credential 136 and determines the credential identification number 324 along with any other credential identification information (step 608).  This information is compared to the locally maintained list of identification numbers 224 to help the access control module 116 determine whether the credential 136 is allowed access to the asset associated with said module (steps 612 and 616).  If a match of information is found in the locally maintained list 224, the access control module 116 allows the holder of the credential 136 to access the asset secured by the access control module (step 620).  If not match is found, then the access control module 116 continues by reading access data from the credential 136, if such data has not already been previously obtained during other transactions, and determining access privileges for the credential 136 based on such access data (step 624).  Accordingly, the access control module 116 is capable of making access permission decisions based either on credential identification information 324 or, in the absence of confirming permissions with such data, based on access data 320.  Failure of the credential 136 to provide either valid credential identification information or access data will result in the access control module 136 maintaining its asset under secure conditions). 
Elfstrom is silent on: determining a credential organization is associated with the credential; and granting access when and only when, the permission is assigned to the credential organization. Kuenzi from an analogous art teaches a system/method to provide trusted vendor access (¶001) and that the system provides and facilitates management of a device by a first entity and management of a third entity by a second entity, wherein by way of the system access rights permitting access otherwise prevented by the device are assignable by the first entity to the second entity, the access rights are able to be administrated by the second entity to the third entity, and the access is obtainable by the third entity using a combination of the access rights and personal identification information to affect the device (¶009; also see ¶010). Kuenzi teaches in concept, a method for determining whether a user with a credential having permissions assigned to and controlled by a credential organization should be granted access to a physical space, the method being performed in an access control device that is controlled by a site owner (¶011, Figs 1-4; system provides/facilitates separate management of locking devices preventing access to secured resources by one or more lock owners and separate management of one or more trusted vendors each of whom possess a portable device by one or more trusted vendor organizations, wherein by way of the system access rights permitting access otherwise prevented by the one or more locking devices to the secured resources are assignable by the lock owners to the trusted vendor organizations, the access rights are able to be administered by the trusted vendor organizations to the trusted vendors, and access to the secured resources is obtainable by each of the one or more trusted vendors using the respective portable device to unlock the corresponding one or more locking devices with the access rights; Examiner interprets user, credential, credential organization and site owner as trusted vendor(s), portable device, trusted vendor organizations and lock owners, respectively); and
determining that the credential organization is associated with the credential (¶011; access rights administered by the trusted vendor organizations to the trusted vendors makes access to the secured resources obtainable by trusted vendors using respective portable device to unlock corresponding locking devices with the access rights). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to combine Elfstrom’s method with the concepts, as taught by Kuenzi, for the advantage of having a trusted vendor access allowing a second entity to act as an entire organization i.e., credential organizations/external organizations, to be `trusted` and to be given the responsibility to manage authorized third entities 13 i.e., users, within an organization, as overseen by a first entity, i.e., an owner (¶021).
Elfstrom and Kuenzi both remain silent on granting access when and only when, the permission is assigned to a credential organization. Whitson, from an analogous art, also teaches the concepts of an organizational environment 101, being any type of business system or other organizational system for which access controls may be used to grant access, when and only when, the permission is assigned to a credential organization (col. 6:36-38; and the organizational environment 101 of FIG. 2 representing a physical security system used by security service providing security to building and rooms therein.  In the physical security-based organizational environment 201, roles assigned to user dictate which physical locations/spaces they are granted access.  Only users who are assigned a role indicating they belong to a particular department for example, may be allowed access to a department storeroom via an RBAC access control system.  …only individuals with assigned role associated with users with sufficient rank in the organization (e.g., supervisors, colonels, etc.) may be allowed into a particular document room (col. 9:6-18, also read col. 9:18-39 for more details). Likewise, Whitson teaches, an external organizational perspective during the obtaining a set of at least one assignment of a permission, associated with the physical space and  for granting access, when and only when, the permission is assigned to a credential organization (col. 9:6-39, Fig. 2). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to further combine Elfstrom’s method with the concept, as taught by Whitson above, for the advantage of having a physical security-based organizational environment, where the roles assigned to a user may dictate which physical locations or spaces to which they are granted access, such as that only users who are assigned a role indicating they belong to a particular department/organization, may be allowed access to a department/organization storeroom via the access control system.  
Regarding claim 2, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim 1, and Whitson teaches the method further comprising obtaining a set of site roles associated with the credential identity; wherein the granting access further comprising granting access when and only when there is at least one site role in the set of site roles to which a permission is assigned (col. 9:6-39, Fig. 2 as detaieds in claim 1). The motivation is the same as claim 1.
.
Regarding claim 3, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim 2, and Whitson further teaches wherein obtaining a set of site roles comprises: obtaining a user identity assigned to the credential (col. 9:19-39); and obtaining a set of site roles assigned to the user identity (col. 9:6-18). The motivation is the same as claim 1.
Regarding claim 5, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim claim 3, wherein obtaining a user identity assigned to the credential comprises reading data from a memory of the access control device, which caches data from a server of the credential organization (col. 9: 28-49; when the security server 206 determines that the user is authorized, it transmits the authorization to the security kiosk 202, which in turn may allow access to the physical resource 208 by unlocking the door or other means.  In this fashion, the security server 206 and its access control 110 system may efficiently utilize the roles defined to control access to various physical resources; Examiner interprets kiosk 202 to include memory means because 202 receives the authorization from the server in order to allow physical access, i.e. open a lock). The motivation is the same as claim 1.
Regarding claim 6, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim 3, wherein obtaining a set of site roles assigned to the user identity comprises reading data from a memory of the access control device, which caches data from a server of a site owner, owning the physical space (col. 9: 28-49; when the security server 206 determines that the user is authorized, it transmits the authorization to the security kiosk 202, which in turn may allow access to the physical resource 208 by unlocking the door or other means.  In this fashion, the security server 206 and its access control 110 system may efficiently utilize the roles defined to control access to various physical resources; Examiner interprets kiosk 202 to include memory means since 202 receives the authorization from the server in order to allow physical access, i.e. authorization as in a command/instruction to open lock). The motivation is the same as claim 1.
Regarding claim 9, Elfstrom teaches an access control device  for determining whether a user with a credential should be granted access to a physical space the access control device  (¶028, Figs. 1-2; access control system 100 including communication network 104 connecting a plurality of access control modules 116 and a credential programming system 128 to an administrative device 108 or control panel for providing physical access to secured rooms in a multi-room facility; Examiner interprets access control modules 116 as access control device); comprising: 
a processor (¶040-¶041, Fig. 2; the processor 204 includes a microprocessor, a random number generator, and a cryptographic coprocessor... processor 204 is capable of properly modulating/demodulating data sent to and received from external devices such as the credential 136...  processor 204 controls and determines how the access control module 116 behaves when a credential 136 is presented to it… processor 204 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming); and 
a memory storing instructions (¶043-¶044, Fig. 2 memory 208). The remainder of the claim is interpreted and rejected the same as claim 1 above. 

Regarding claim 10, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device to claim 9, and Whitson further teaches instructions to obtain a set of site roles  comprise instructions  that, when executed by the processor, cause the access control device  to: obtain a set of site roles associated with the credential identity; and wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the access control device to grant access when and only when there is at least one site role in the set of site roles to which a permission is assigned (col. 9:6-39, Fig. 2 as used per details shown in claim 1). The motivation is the same as claim 1.

Regarding claim 11, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device to claim 10, and Whitson further teaches wherein the instructions to obtain a set of site roles  comprise instructions  that, when executed by the processor, cause the access control device  to: obtain a user  identity assigned to the credential  (col. 9:19-39); and obtain a set of site roles  assigned to the user  identity (col. 9:6-18). The motivation is the same as claim 1.

Regarding claim 13, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device  according to claim 11, and Whitson further teaches wherein the instructions to obtain a user  identity assigned to the credential  comprise instructions  that, when executed by the processor, cause the access control device  to read data from a memory of the access control device, which caches data from a server of the credential organization  (col. 9: 28-49; when the security server 206 determines that the user is authorized, it transmits the authorization to the security kiosk 202, which in turn may allow access to the physical resource 208 by unlocking the door or other means.  In this fashion, the security server 206 and its access control 110 system may efficiently utilize the roles defined to control access to various physical resources; Examiner interprets kiosk 202 to include memory means because 202 receives the authorization from the server in order to allow physical access, i.e. open a lock). The motivation is the same as claim 1.

Regarding claim 14, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device according to claim 11, and Whitson further teaches wherein the instructions to obtain a set of site roles assigned to the user identity comprise instructions that, when executed by the processor, cause the access control device to read data from a memory of the access control device, which caches data from a server of a site owner, owning the physical space (col. 9: 28-49; when the security server 206 determines that the user is authorized, it transmits the authorization to the security kiosk 202, which in turn may allow access to the physical resource 208 by unlocking the door or other means.  In this fashion, the security server 206 and its access control 110 system may efficiently utilize the roles defined to control access to various physical resources; Examiner interprets kiosk 202 to include memory means since 202 receives the authorization from the server in order to allow physical access, i.e. authorization as in a command/instruction to open lock). The motivation is the same as claim 1.

Regarding claim 17, Elfstrom, Kuenzi and Whitson, in combination, teach an access control system comprising a plurality of access control devices according to claim 9 and Whitson further teaches a site management system server storing site role to user identity assignments and site role to permission assignments (col. 9: 6-39; security server 206 @ Fig. 2). The motivation is the same as claim 1.

Regarding claim 18, Elfstrom teaches a non-transitory computer readable means comprising a computer program stored thereon for determining whether a user with a credential should be granted access to a physical space, the computer program comprising computer program code which, when run on an access control device  (¶028, Figs. 1-2; access control system 100 including communication network 104 connecting a plurality of access control modules 116 and a credential programming system 128 to an administrative device 108 or control panel for providing physical access to secured rooms in a multi-room facility and  (¶040-¶041, Fig. 2; the processor 204 includes a microprocessor, a random number generator, and a cryptographic coprocessor... processor 204 is capable of properly modulating/demodulating data sent to and received from external devices such as the credential 136...  processor 204 controls and determines how the access control module 116 behaves when a credential 136 is presented to it… processor 204 may include any general-purpose programmable processor, digital signal processor (DSP) or controller for executing application programming); and 
storing instructions for operation (¶043-¶044, Fig. 2 memory 208). The remainder of the claim is interpreted and rejected the same as claim 1.

Regarding claim 19, Elfstrom teaches a computer program product (90) comprising a computer program according to claim 18 and the non-transitory computer readable means on which the computer program is stored (¶043-¶044, Fig. 2 memory 208). 

Claims 4, 7, 12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Elfstrom et al. (U.S. Patent Application Pub. 2014/0247111) in view of Kuenzi et al. (U.S. Patent Application Pub. 2012/0180123) further in view of Whitson (U.S. Patent 7,650,633) and still further in view of Wahl (U.S. Patent Application Pub. 2009/0313079).   

Regarding claim 4, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim 1, but all three are silent on wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the access control device to grant access when and only when all available validity times of one or more of the assignments indicate validity.
Wahl from an analogous art teaches, in concept, a system for managing the granting of access rights (¶031-¶032, ¶038; Fig. 2) and teaches that the access rights of users in one or more roles associated with the project may be valid between the start time and end time or a portion thereof.  Access rights may be granted to users in one or more roles associated with the project when the start time occurs and may be revoked from one or more of those users when the end time occurs (¶041; Examiner: also see ¶042-¶045 for more contextual details). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to combine Elfstrom and Whitson with the concept, as taught by Wahl above, for the advantage of having access rights be granted to users in one or more roles based on valid timeframes (¶041). 

Regarding claim 7, Elfstrom, Kuenzi and Whitson, in combination, teach the method according to claim 1, and Wahl further teaches wherein granting access comprises reading data of assignments of permissions to site roles from a memory of the access control device, which caches data from a server of the site owner, owning the physical space (¶045 with ¶078-¶079, Fig. 2, Examiner: also see ¶076-¶077 for more contextual details). The motivation would have been to include access rights data at access control devices in addition to the servers for overall redundancy as a back-up for when server becomes inactive for whatever reason, to convenience users.

Regarding claim 12, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device according to claim 9, but all are silent on wherein the instructions to grant access further comprise instructions that, when executed by the processor, cause the access control device to grant access when and only when all available validity times of one or more of the assignments indicate validity.
Wahl from an analogous art teaches, in concept, a system for managing the granting of access rights (¶031-¶032, ¶038; Fig. 2) and teaches that the access rights of users in one or more roles associated with the project may be valid between the start time and end time or a portion thereof.  Access rights may be granted to users in one or more roles associated with the project when the start time occurs and may be revoked from one or more of those users when the end time occurs (¶041; Examiner: also see ¶042-¶045 for more contextual details). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to combine Elfstrom and Whitson with the concept, as taught by Wahl above, for the advantage of having access rights be granted to users in one or more roles based on valid timeframes (¶041). 

Regarding claim 15, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device according to claim 9, and Wahl further teaches, in concept, wherein the instructions to grant access comprise instructions that, when executed by the processor, cause the access control device to read data of assignments of permissions to site roles from a memory of the access control device, which caches data from a server of the site owner, owning the physical space (¶045 with ¶078-¶079, Fig. 2, Examiner: also see ¶076-¶077 for more contextual details). The motivation would have been to include access rights data at access control devices in addition to the servers for overall redundancy as a back-up for when server becomes inactive for whatever reason, to convenience users.

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Elfstrom et al. (U.S. Patent Application Pub. 2014/0247111) in view of Kuenzi et al. (U.S. Patent Application Pub. 2012/0180123) further in view of Whitson (U.S. Patent 7,650,633) and still further in view of Daily (U.S. Patent Application Pub. 2009/0089291).   
Regarding claim 8, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device according to claim 1, and Whitson further teaches wherein obtaining a set of site roles comprises, for each site role, determining an organizational role, from a server of the credential organization (6:36-38 with col. 9:6-39, Fig. 2; Examiner: as per rationale detailed in claim 1 above).  
Elfstrom, Kuenzi and Whitson, alone or in combination, are all silent on:  determining, from a server of the site owner, a site role associated with the organizational role. Daily from an analogous art teaches a system and method for efficiently defining and maintaining the complex interrelation of Login-IDs, Groups and Roles in a system where users can be a member of many different Groups and where user permissions may vary depending on what Role is active for the Login-ID (¶001). Daily further teaches, in concept, the feature: determine, from a server of the site owner, , a site role associated with the organizational role. ((¶030, Fig. 1; RDOM system 100), a site role associated with the organizational role. (¶030, Fig. 1; downstream systems 197-199 represent any system, application, network and/or other Entity that access the Entities defined and stored in RDOM system 100.  In an exemplary embodiment, RDOM system 100 is used to define, store and/or maintain Roles, Login-IDs and Groups as objects.  RDOM system 100 also passes these objects to downstream systems (e.g. upon request).  For instance, a school may have one application that provides the administrative functions of the school.  All the school's departments, students, teachers, organizational hierarchies, and functional Role definitions may be defined, stored and maintained in RDOM system 100 and passed downstream to the administrative system as needed, Examiner: also see ¶049). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to combine Elfstrom, Kuenzi and Whitson, with the concept, as taught by Daily above, for the advantage of gathering defined, stored and/or maintained Roles, Login-IDs and Groups as objects in server based systems. 
Regarding claim 16, Elfstrom, Kuenzi and Whitson, in combination, teach the access control device according to claim 9, and Whitson further teaches that the instructions to obtain a set of site roles comprise instructions that, when executed by the processor, cause the access control device to, for each site role, determine an organizational role, from a server of the credential organization (6:36-38 with col. 9:6-39, Fig. 2; Examiner: as per rationale detailed in claim 1 above).  
Elfstrom, Kuenzi and Whitson, alone or in combination, are all silent on: determine, from a server of the site owner, a site role associated with the organizational role. Daily from an analogous art teaches a system and method for efficiently defining and maintaining the complex interrelation of Login-IDs, Groups and Roles in a system where users can be a member of many different Groups and where user permissions may vary depending on what Role is active for the Login-ID (¶001). Daily further teaches, in concept, the feature: determine, from a server of the site owner, a site role associated with the organizational role. ((¶030, Fig. 1; RDOM system 100), a site role associated with the organizational role. (¶030, Fig. 1; downstream systems 197-199 represent any system, application, network and/or other Entity that access the Entities defined and stored in RDOM system 100.  In an exemplary embodiment, RDOM system 100 is used to define, store and/or maintain Roles, Login-IDs and Groups as objects.  RDOM system 100 also passes these objects to downstream systems (e.g. upon request).  For instance, a school may have one application that provides the administrative functions of the school.  All the school's departments, students, teachers, organizational hierarchies, and functional Role definitions may be defined, stored and maintained in RDOM system 100 and passed downstream to the administrative system as needed, Examiner: also see ¶049). Therefore, it would have been obvious for one of ordinary skill in the art at the time of filing the invention to combine Elfstrom, Kuenzi and Whitson, with the concept, as taught by Daily above, for the advantage of gathering defined, stored and/or maintained Roles, Login-IDs and Groups as objects in server based systems. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MANCIL H LITTLEJOHN JR whose telephone number is (571)270-3718. The examiner can normally be reached M-F 8:30-5 (CST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Quan-Zhen Wang can be reached on (571) 272-3114. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MANCIL LITTLEJOHN JR/Examiner, Art Unit 2684                                                                                                                                                                                                        
						/QUAN ZHEN WANG/                                                                       Supervisory Patent Examiner, Art Unit 2684