DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1, 4-8, 11-15 and 18-20 are currently amended.
Claims 2-3, 9-10 and 16-17 are cancelled.
Claims 21-24 are newly added.
Claims 1, 4-8, 11-15 and 18-24 are pending.

Response to Remarks
35 U.S.C. § 101
Applicant first contents that the claimed subject matter does not fall into the enumerated subject matter grouping of "certain methods of organizing human activity". Specifically, Applicant contends that the independent claim limitations of “disabling a first feature of the application based on a first entry of the plurality of entries of the permissions vector for the first account” and “providing a second feature of the application based on a second entry of the plurality of entries of the permissions vector for the first account" are not directed to “certain methods of organizing human activity,” as these limitations expressly recite a computer component providing access to an application feature and similarly restricting access to another application feature based on the permissions of the requesting account. Examiner respectfully disagrees. These amended claim limitations identified by Applicant merely further recite (i.e., sets forth or describes) the abstract idea of access control based upon permissions and outcomes. Specifically, but for the additional elements, the independent claims under their broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the claim recites a process that deals with commercial or legal interactions, and also managing personal behavior or relationships or interactions between people. For instance, the claimed disabling of a feature and providing a feature based upon permissions is an example of commercial or legal interactions because it involves business relations of resource management. Additionally, the claimed disabling of a feature and providing a feature based upon permissions is an example of managing personal behavior or relationships or interactions between people because it involves following rules of permissions and decryption outcomes. Moreover, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. Specifically, the additional elements in the amended claim language of “of the application” merely serve as a tool to perform the abstract idea. Accordingly, this contention is unpersuasive.
Applicant next contends that the claimed subject matter, if considered a judicial exception, integrates the judicial exception into a practical application, includes subject matter that imposes a meaningful limit on the judicial exception, and is more than a drafting effort designed to monopolize the judicial exception. Specifically, Applicant contends that the claimed subject matter includes additional elements that improve the security controls associated with managing access to computing resources, such as different application features, in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Examiner respectfully disagrees. What applicant contends is an improvement is merely an improvement in an abstract idea of managing access to computing resources, and not an improvement in the functioning of computers, nor technology, nor a technical field. Moreover, a general-purpose computer would be capable of performing these same operations of a mere improvement in an abstract idea. Accordingly, this contention is unpersuasive.
Applicant next contends that claimed features operate in a non-conventional and non-generic way for “granting the first account access to the application based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account,” “disabling a first feature of the application based on a first entry of the plurality of entries of the permissions vector for the first account,” and “providing a second feature of the application based on a second entry of the plurality of entries of the permissions vector for the first account.” Furthermore, Applicant submits that the claimed invention recites limitations that provide improvements to a technology or technical field. Examiner respectfully disagrees. The additional elements, taken individually and in combination, do not result in the independent claims, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible. Also, as previously mentioned, what applicant contends is an improvement is merely an improvement in an abstract idea of managing access to computing resources, and not an improvement in the functioning of computers, nor technology, nor a technical field. Moreover, a general-purpose computer would be capable of performing these same operations of a mere improvement in an abstract idea. Accordingly, this contention is unpersuasive. Accordingly, this ground of rejection is maintained.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 4-8, 11-15 and 18-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims have been evaluated for patent subject matter eligibility under 35 U.S.C. 101 using the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

Claims 1 and 4-7:
Step 1
Claims 1 and 4-7 are directed to a computer-implemented system (i.e. machine). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 1 recites (i.e., sets forth or describes) an abstract idea of access control based upon permissions and outcomes. Specifically, but for the additional elements, Claim 1 under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the claim recites a process that deals with commercial or legal interactions, and also managing personal behavior or relationships or interactions between people. For instance, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of commercial or legal interactions because it involves business relations of resource management. Additionally, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of managing personal behavior or relationships or interactions between people because it involves following rules of permissions and decryption outcomes. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
a processor circuit; and 
a memory storing instructions that when executed by the processor circuit, cause the processor circuit to perform the steps of: 
receiving a first request comprising a first account and an application
receiving a cryptogram from a contactless card
transmitting the cryptogram to an authentication server
receiving, from the authentication server, a result that the authentication server decrypted the cryptogram
receiving, from the authentication server, a permissions vector of the first account, the permissions vector comprising a plurality of entries
determining, based on the permissions vector of the first account, that the first account is permitted access to the application
granting the first account access to the application based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account
disabling a first feature of the application based on a first entry of the plurality of entries of the permissions vector for the first account
providing a second feature of the application based on a second entry of the plurality of entries of the permissions vector for the first account

Step 2A Prong Two
Claim 1 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements above of “a processor circuit”, “a memory storing instructions that when executed by the processor circuit, cause the processor circuit to perform the steps of”, “a contactless card”, “an authentication server” and “the application” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. 

Step 2B
The additional elements, taken individually and in combination, do not result in claim 1, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 4-7 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 4 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving a second request comprising the first account, a second account, and the application
receiving a second cryptogram from a second contactless card associated with the second account
receiving a permissions vector for the second account from the second contactless card
transmitting the permissions vector and the second cryptogram to the authentication server
receiving, from the authentication server, a result that the authentication server decrypted the second cryptogram
receiving, from the authentication server, the permissions vector of the first account
determining, based on the permissions vector of the first account, that the first account was granted access to the application responsive to the second request
Claim 5 recites the following underlined claim elements as abstract ideas. The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas.
receiving a second request comprising the first account and a resource
determining, based on the permissions vector for the first account, that the first account does not have access to the resource
rejecting the second request based on the determination that the first account does not have access to the resource
Claim 6 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving a second request comprising the first account and a resource
receiving, from the contactless card, a second cryptogram
transmitting the second cryptogram to the authentication server
receiving, from the authentication server, a second result that the authentication server did not decrypt the second cryptogram
rejecting the second request based on the second result
Claim 7 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The claim also recites additional details of the type of data included in the application and permissions vector, thus reciting additional abstract ideas grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the application comprises a plurality of features including the first and second features
wherein the permissions vector comprises a respective entry for each feature of the plurality of features of the application
wherein granting access to the application comprises granting or denying access to each feature of the application based on the respective entry of the permissions vector



Claims 8 and 11-14:
Step 1
Claims 8 and 11-14 are directed to a non-transitory computer-readable storage medium (i.e. manufacture). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 8 recites (i.e., sets forth or describes) an abstract idea of access control based upon permissions and outcomes. Specifically, but for the additional elements, Claim 8 under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the claim recites a process that deals with commercial or legal interactions, and also managing personal behavior or relationships or interactions between people. For instance, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of commercial or legal interactions because it involves business relations of resource management. Additionally, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of managing personal behavior or relationships or interactions between people because it involves following rules of permissions and decryption outcomes. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
A non-transitory computer-readable storage medium storing computer-readable program code that when executed by a processor causes the processor to perform the steps of:
receiving a first request comprising a first account and an application
receiving a cryptogram from a contactless card
transmitting the cryptogram to an authentication server
receiving, from the authentication server, a result that the authentication server decrypted the cryptogram
receiving, from the authentication server, a permissions vector of the first account, the permissions vector comprising a plurality of entries
determining, based on the permissions vector of the first account, that the first account is permitted access to the application
granting the first account access to the application based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account
disabling a first feature of the application based on a first entry of the plurality of entries of the permissions vector for the first account
providing a second feature of the application based on a second entry of the plurality of entries of the permissions vector for the first account

Step 2A Prong Two
Claim 8 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements above of “A non-transitory computer-readable storage medium storing computer-readable program code that when executed by a processor causes the processor to perform the steps of”, “a contactless card”, “an authentication server” and “the application” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. 

Step 2B
The additional elements, taken individually and in combination, do not result in claim 8, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.

Dependent Claims
Claims 11-14 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 11 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving a second request comprising the first account, a second account, and the application
receiving a second cryptogram from a second contactless card associated with the second account
receiving a permissions vector for the second account from the second contactless card
transmitting the permissions vector and the second cryptogram to the authentication server
receiving, from the authentication server, a result that the authentication server decrypted the second cryptogram
receiving, from the authentication server, the permissions vector of the first account
determining, based on the permissions vector of the first account, that the first account was granted access to the application responsive to the second request
Claim 12 recites the following underlined claim elements as abstract ideas. The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas.
receiving a second request comprising the first account and a resource
determining, based on the permissions vector for the first account, that the first account does not have access to the resource
rejecting the second request based on the determination that the first account does not have access to the resource
Claim 13 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving a second request comprising the first account and a resource
receiving, from the contactless card, a second cryptogram
transmitting the second cryptogram to the authentication server
receiving, from the authentication server, a second result that the authentication server did not decrypt the second cryptogram
rejecting, by the application, the second request based on the second result
Claim 14 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The claim also recites additional details of the type of data included in the application and permissions vector, thus reciting additional abstract ideas grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein the application comprises a plurality of features including the first and second features
wherein the permissions vector comprises a respective entry for each feature of the plurality of features of the application
wherein granting access to the application comprises granting or denying access to each feature of the application based on the respective entry of the permissions vector

Claims 15 and 18-24:
Step 1
Claims 15 and 18-24 are directed to a computer-implemented method (i.e. process). Therefore, these claims fall within the four statutory categories of invention.

Step 2A Prong One
Claim 15 recites (i.e., sets forth or describes) an abstract idea of access control based upon permissions and outcomes. Specifically, but for the additional elements, Claim 15 under its broadest reasonable interpretation recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas because the claim recites a process that deals with commercial or legal interactions, and also managing personal behavior or relationships or interactions between people. For instance, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of commercial or legal interactions because it involves business relations of resource management. Additionally, the claimed granting access to a resource based upon permissions and an outcome of a cryptogram being decrypted, as well as disabling of a feature and providing a feature based upon permissions is an example of managing personal behavior or relationships or interactions between people because it involves following rules of permissions and decryption outcomes. More specifically, the following underlined claim elements recite abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). 
receiving, by a first application executing on a computer processor, a first request comprising a first account and a second application
receiving, by the first application, a cryptogram from a contactless card
transmitting, by the first application, the cryptogram to an authentication server
receiving, by the first application from the authentication server, a result that the authentication server decrypted the cryptogram
receiving, by the first application from the authentication server, a permissions vector of the first account, the permissions vector comprising a plurality of entries
determining, by the first application based on the permissions vector of the first account, that the first account is permitted access to the second application
granting, by the first application, the first account access to the second application based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account
disabling, by the first application, a first feature of the second application based on a first entry of the plurality of entries of the permissions vector for the first account
providing, by the first application, a second feature of the second application based on a second entry of the plurality of entries of the permissions vector for the first account

Step 2A Prong Two
Claim 15 as a whole, looking at the additional elements individually and in combination, does not integrate the judicial exception into a practical application. First, the non-underlined additional elements above of “a first application executing on a computer processor”, “a contactless card”, “an authentication server” and “the second application” merely serve as a tool to perform the abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. 

Step 2B
The additional elements, taken individually and in combination, do not result in claim 15, as a whole, amounting to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely serve as a tool to perform an abstract idea. Therefore, the claim does not provide an inventive concept, and thus, is not patent eligible.


Dependent Claims
Claims 18-24 have also been analyzed according to the 2019 PEG. However, the subject matter of these claims also fails to recite patent eligible subject matter for the following reasons:
Claim 18 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving, by the first application, a second request comprising the first account, a second account, and the second application
receiving, by the first application, a second cryptogram from a second contactless card associated with the second account
receiving, by the first application, a permissions vector for the second account from the second contactless card
transmitting, by the first application, the permissions vector and the second cryptogram to the authentication server
receiving, by the first application from the authentication server, a result that the authentication server decrypted the second cryptogram
receiving, by the first application from the authentication server, the permissions vector of the first account
determining, by the first application based on the permissions vector of the first account, that the first account was granted access to the second application responsive to the second request
Claim 19 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving, by the first application, a second request comprising the first account and a resource
determining, by the first application based on the permissions vector for the first account, that the first account does not have access to the resource
rejecting, by the first application, the second request based on the determination that the first account does not have access to the resource
Claim 20 recites the following underlined claim elements as abstract ideas. The claim recites additional details of the type of data included in the second application and permissions vector, thus reciting additional abstract ideas grouped within the “certain methods of organizing human activity” grouping of abstract ideas.
wherein the second application comprises a plurality of features including the first and second features
wherein the permissions vector comprises a respective entry for each feature of the plurality of features of the second application
Claim 21 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of access control based upon permissions and outcomes. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
wherein granting access to the second application comprises granting or denying access to each feature of the second application based on the respective entry of the permissions vector
Claim 22 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of processing of a purchase transaction based upon available funds and based upon access control. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving, by the second application, a request to complete a purchase using funds associated with the first account
determining, by the second application, that an amount of the purchase does not exceed an amount of the funds associated with the first account
processing, by the second application, the purchase using the funds associated with the first account based on the determination that the amount of the purchase does not exceed the amount of the funds associated with the first account and the granting of the access to the funds associated with the first account based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account
Claim 23 recites the following underlined claim elements as abstract ideas while the non-underlined claim elements recite additional elements according to MPEP 2106.04(a). The claim recites the abstract idea of processing of a purchase transaction based upon available funds and based upon access control. In other words, it recites limitations grouped within the “certain methods of organizing human activity” grouping of abstract ideas. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely serves as a tool to perform the abstract idea.
receiving, by the second application, a request to complete a purchase using funds associated with the first account
determining, by the second application, that an amount of the purchase exceeds an amount of the funds associated with the first account
rejecting, by the second application, the purchase using the funds associated with the first account based on the determination that the amount of the purchase exceeds the amount of the funds associated with the first account and the granting of the access to the funds associated with the first account based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account
Claim 24 recites the following underlined claim elements as abstract ideas. The claim recites additional details of the type of data included in the first and second features, thus reciting additional abstract ideas grouped within the “certain methods of organizing human activity” grouping of abstract ideas.
wherein the first and second features comprise a first interface and a second interface of the second application, respectively

Allowable Subject Matter
Claims 1, 4-8, 11-15 and 18-24 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 101 set forth in this Office action. The closest prior art of record is US 2020/0286071 A1 to Oepping (hereinafter “Oepping”). Oepping teaches:
a processor circuit (Fig.2 item 120, Fig.3 item 120; para 47)
a memory storing instructions that when executed by the processor circuit, cause the processor circuit to perform the steps of (Fig.2 item 122; paras 47, 84-85)
receiving a cryptogram from a contactless card (Fig.5 item 212; paras 41-44, 66-67)
transmitting the cryptogram to an authentication server (Fig.5 item 214; paras 44, 67)
US 2015/0332266 A1 to Friedlander et al. (hereinafter “Friedlander”) is also of interest. Friedlander teaches: 
receiving a first request comprising a first account and an application (paras 25-26, 70)
receiving, from the authentication server, a permissions vector of the first account, the permissions vector comprising a plurality of entries (paras 32, 39-41)
determining, based on the permissions vector of the first account, that the first account is permitted access to the application (paras 26, 32, 72, 78-81, 86-87, 92)
US 2011/0271108 A1 to Kale et al. (hereinafter "Kale") is also of interest. Kale teaches:
disabling a first feature of the application based on a first entry of the plurality of entries of the permissions vector for the first account (paras 62-64)
providing a second feature of the application based on a second entry of the plurality of entries of the permissions vector for the first account (paras 62-64)
Therefore, the prior art does not teach, neither singly nor in combination the following:
receiving, from the authentication server, a result that the authentication server decrypted the cryptogram
granting the first account access to the application based on the result that the authentication server decrypted the cryptogram and the permissions vector of the first account

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Ari Shahabi/Examiner, Art Unit 3685 

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685