DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/19/2022 has been entered.

Applicant's arguments and amendments, filed on 10/19/2022 has been entered and carefully considered. Claims 4 and 8 are cancelled. Claims 1, 5 and 9 are amended. Claims 1-3, 5-7, 9 and 10 have been examined and rejected.

Response to Amendment and Arguments
4.	Applicant’s arguments filed on 10/19/2022 with respect to rejections of claims 11-3, 5-7, 9 and 10 have been considered but are moot in view of the new ground of rejection necessitated by applicant’s amendment.




Claim Rejections - 35 USC § 103
5.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained through the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which the subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

6.	Claims 1-3, 5-7, 9 and 10 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Daily et al. (U.S. PGPub 2009/0089291) in view of Kandasamy et al. (U.S. PGPub 2008/0289036).
As per claims 1 and 5 
Daily teaches a permission granting method (Daily, see para 0021, a utility for defining and maintaining Roles, assign an owner to the Role, grant or revoke Role usage, delete a Role, delete a Role owner, change Role ownership, transfer Role ownership, change a Role attribute, activate or deactivate a Role usage, along with adding or removing a Role to a Group, a user or another Role, system and method for enabling Roles to be implemented as Entities in a system, independent of Groups and users) 
comprising the following sequential steps: creating one or more roles, each role being an independent, which is not a group or class(Daily see para 0021, 0061, "Role" includes an Entity in the computing environment composed of a Role owner attribute and one or more capabilities, parameters, attributes that may be applied to the representation of a user in the computing environment, where a Role as an Entity or object in the system that helps to decouple these characteristics from the Group and user Entities, as shown in fig. 3A, the utility validates the Role setup to ensure that no system or user defined rules have been violated at step 330, then the Role is created in the RDOM system 100 by saving the Role definition to the EDD 175  at step 335) ;
authorizing the one or more roles  respectively  (Daily see para 0062-0064 as shown in fig 3B method 350 by which a RO 110 defines attributes, permissions and relationships for a Role as authorization of the roles, at steps 368 and 380 110 enters initial values for the attributes that attribute that central to a Role-based system are permissions and relationships that can be established between the Role and those other Entities, at step 390 the role setup is validated to authorize the role with final permissions and relationship);
and relating a user to a role (Daily see para 0025, 0033, 0034, 0064 RoleUser class 210 Roles usable by a user include list of Roles that are associated by the user  in usable_Roles 235 which the user permitted to access for the purpose of using the attributes and permissions of the Role where Role class 215 is derived from RoleUser 210,  RoleUser 210 object may access any number of Role objects Role 215 objects enumerated in the usable_Roles association 235 need not be owned by the RoleUser which has a Login-ID class 220 is the collection of properties used to identify each unique user of the computing environment, as shown in fig. 3B step 354  RO 110 specifies the relationships between the Role selected and other Entities such as Login-ID);
Daily fails to exclusively teach wherein said role is configured to be related to the user only during a same period, and the user is configured to be related to one or more roles; wherein said user is configured to obtain one or more permissions of related one or more roles.
In a similar field of endeavor Kandasamy teaches wherein said role is configured to be related to the user only during a same period (Kandasamy see para 0040, 0045-0051 as shown in fig. 6, a role 602 has, privileges 612, authorizations 614 and miscellaneous powers 616, an entity "timing attributes" 618, where timing attributes 618 comprises an object role file that includes various time-based fields that control timing conditions pursuant to which a user is enabled to use the role object format such /etc/attributes.role with attributes "role id" an identifier for a role with authorizations assigned to it, "timeframe" is in hh:mm:ss format, , "role id" represents an identifier for a role with authorizations assigned to it, "timeframe" is in hh:mm:ss format,  that specifies the period of time during which a user is authorized for privilege on the role, user is enabled to invoke the privilege invoke an authorized function or job at any time during the specified timeframe),
and the user is configured to be related to one or more roles (Kandasamy see para 0037,  as shown in fig. 5, a user 500 is assigned a role 502, where user can have multiple roles, each role 502 has some secure attributes including privileges 512, authorizations 514 and miscellaneous powers 516, users are granted membership into roles with the concept of least privilege, therefore restricting each user to a domain with those granted privileges and nothing more);
wherein said user is configured to obtain one or more permissions of related one or more roles (Kandasamy see para 0050, 0056, 0057 "timeframe" is an attribute that specifies the period of time during which a user is authorized for privilege on the role, the user is enabled to invoke the privilege, invoke an authorized function or job at any time during the specified timeframe, if the timeframe is 15:30:00-20:30:00, the user is privileged to use the role anytime during the period 3:30 PM to 8:30 PM, particular user is then authorized to use the defined role subject to the attributes specified for the role at step 704, when the user then attempts to use the role  at step 706, if the user is determined to be authorized to use the role Yes output of step 708, determinations are made whether the timing attributes specified for the role are satisfied). 
It would be obvious to one of ordinary skill in the art at the time of the invention  to combine the teaching of Dily with the teaching of Kandasamy as doing so would provide an efficient way for providing time-based control of user access in a data processing system utilizing a Role-Based Access Control model includes providing at least one timing attribute for a role, wherein each at least one timing attribute specifies a timing condition by which a user is enabled to use the role (Kandasamy,  see para 0010).

As per claims 2 and 6
Daily in view of Kandasamy teaches the permission granting method according to claim 1, wherein when said one or more roles are created, a department is selected, said one or more roles belong to said department only (Daily see para 0023, 0064, 0068, RO 110 specifies the relationships between the Role selected and other Entities Login-IDs, Roles and Groups,  defining and configuring Roles 215, defining the characteristics, attributes represent almost anything of interest to an Entity in a system such as the birth date of a user, the related department with the mailing address of a department, the term "Group" includes an Entity in the computing environment composed of zero or more members Login-IDs, Roles which can be understood one with the skill in the art as department Group x "uses" Role y)
 and said one or more roles are authorized  according to work content of said one or more roles (Daily see para 0068, defining and configuring Roles 215, defining the characteristics, capabilities and limitations, attributes represent permission, defining permissions for Role attribute composite values are easily used to determine a permission for a given Role, a value that evaluates to True implies that the permission is granted, and any other value implies that the permission is denied,  another embodiment, a permission may also be implemented as a list of potential actions or a list of Entities to act upon, if the desired combination of Entity and action is present in the composite attribute, permission is granted)

As per claims 3 and 7
Daily in view of Kandasamy teaches permission granting method according to claim 2, further comprising a cross-department transfer management step, comprising: canceling the relation between said user and said one or more roles  in an original department; and relating said user to one or more roles in a new department (Daily see para 0064, the RDM utility 155 allows the appropriate user to change the Role owner, transfer Role ownership, grant or revoke Role usage to another Role, grant or revoke Role usage to a Login-ID and to activate or deactivate a Role usage).  

As per claim 9
Daily teaches a permission granting system
a role creation unit (Daily, see para 0030, 0062 RDM system 100 is used to define, store and maintain Roles, Login-IDs and Groups as objects, RDM utility 155 queries the EDD 175 and presents the PA 105 with a list of attributes that are assigned to a Role),
 a role authorization unit (Daily, see para 0062  RDM utility 155 determines the Roles for which Login-ID is specified as a RoleOwner, RDM utility 155 validates the Role definition to ensure that no system or user defined rules have been violated), 
 and a user-role relation unit (Daily, see para 0028 Entity Definition Database EDD 175 stores the definitions of all the system Entities Login-IDs, Groups and Role) and the relationships that exist between the system Entities, the User, Role & Group Data 170 stores the data associated with the Entities), 
 wherein said role creation unit configured to perform role layout according to posts, and create one or more system roles (Daily see para 0023 "Group" includes an Entity or posts in the computing environment composed of zero or more include Login-IDs, Roles or other Groups, control over and use of an Entity such as a Role or Group. "Control over" includes owning a system Entity  such as "Role owner", Role Owner RO interacts with RDOM system 100 to define and/or maintain Roles,  the ADE utility 150 queries the EDD 175 and presents the existing Role ownership, membership, relationships and attributes at step 380, relationships that can be established between the Role and those other Entities Login-IDs, Roles and Groups, the RDM utility 155 allows the appropriate user to change the Role owner, transfer Role ownership to a Login-ID ), 
each of which is independent, which is not a group/class (Daily see para 0021, 0061, "Role" includes an Entity in the computing environment composed of a Role owner attribute and one or more capabilities, parameters, attributes that may be applied to the representation of a user in the computing environment, where a Role as an Entity or object in the system that helps to decouple these characteristics from the Group and user Entities, as shown in fig. 3A, the utility validates the Role setup to ensure that no system or user defined rules have been violated at step 330, then the Role is created in the RDOM system 100 by saving the Role definition to the EDD 175  at step 335); 
said role authorization unit is configured to grant permissions to the one or more 3system roles according to work content of the one or more roles (Daily see para 0062-0064, 0068 as shown in fig 3B method 350 by which a RO 110 defines attributes, permissions and relationships for a Role as authorization of the roles, at steps 368 and 380 110 enters initial values for the attributes that attribute that central to a Role-based system are permissions and relationships  that can be established between the Role and those other Entities, at step 390 the role setup is validated to authorize the role with final permissions and relationship, defining permissions for Role attribute composite values are easily used to determine a permission for a given Role, a value that evaluates to True implies that the permission is granted, and any other value implies that the permission is denied,  another embodiment, a permission may also be implemented as a list of potential actions or a list of Entities to act upon, if the desired combination of Entity and action is present in the composite attribute, permission is granted); 
and said user-role relation unit is configured to relate a user to a role (Daily see para 0025, 0033, 0034, 0064 RoleUser class 210 Roles usable by a user include list of Roles that are associated by the user  in usable_Roles 235 which the user permitted to access for the purpose of using the attributes and permissions of the Role where Role class 215 is derived from RoleUser 210,  RoleUser 210 object may access any number of Role objects Role 215 objects enumerated in the usable_Roles association 235 need not be owned by the RoleUser which has a Login-ID class 220 is the collection of properties used to identify each unique user of the computing environment, as shown in fig. 3B step 354  RO 110 specifies the relationships between the Role selected and other Entities such as Login-ID);
Daily fails to exclusively teach wherein said role is configured to be related to said user only during a same period, and said user is configured to be related to one or more roles; wherein said user is configured to obtain one or more permissions of related one or more roles.
In a similar field of endeavor Kandasamy teaches wherein said role is configured to be related to the user only during a same period (Kandasamy see para 0040, 0045-0051 as shown in fig. 6, a role 602 has, privileges 612, authorizations 614 and miscellaneous powers 616, an entity "timing attributes" 618, where timing attributes 618 comprises an object role file that includes various time-based fields that control timing conditions pursuant to which a user is enabled to use the role object format such /etc/attributes.role with attributes "role id" an identifier for a role with authorizations assigned to it, "timeframe" is in hh:mm:ss format, , "role id" represents an identifier for a role with authorizations assigned to it, "timeframe" is in hh:mm:ss format,  that specifies the period of time during which a user is authorized for privilege on the role, user is enabled to invoke the privilege invoke an authorized function or job at any time during the specified timeframe),
and the user is configured to be related to one or more roles (Kandasamy see para 0037,  as shown in fig. 5, a user 500 is assigned a role 502, where user can have multiple roles, each role 502 has some secure attributes including privileges 512, authorizations 514 and miscellaneous powers 516, users are granted membership into roles with the concept of least privilege, therefore restricting each user to a domain with those granted privileges and nothing more);
wherein said user is configured to obtain one or more permissions of related one or more roles (Kandasamy see para 0050, 0056, 0057 "timeframe" is an attribute that specifies the period of time during which a user is authorized for privilege on the role, the user is enabled to invoke the privilege, invoke an authorized function or job at any time during the specified timeframe, if the timeframe is 15:30:00-20:30:00, the user is privileged to use the role anytime during the period 3:30 PM to 8:30 PM, particular user is then authorized to use the defined role subject to the attributes specified for the role at step 704, when the user then attempts to use the role  at step 706, if the user is determined to be authorized to use the role Yes output of step 708, determinations are made whether the timing attributes specified for the role are satisfied). 

As per claim 10 
Daily in view of Kandasamy teaches the permission granting system based on one-to-one correspondence between roles and users according to claim 9, wherein said system role is composed of: a post name [ 14+ ] a post number (Daily see 0023, 0065, term "Group" includes an Entity in the computing environment composed of zero or more members with  Login-IDs, Roles or other Groups, where groups use role such as "Use" of a system Entity Group x "uses" Role y, role represent the post and y represent the post number, moreover Login-ID class 220 is the collection of properties used to identify each unique user of the computing environment a number of attributes describing the user, all of the members of a school's staff may be assigned the Role "Staff" as post  and related individual Login-ID 220 as “staff” no to use the Role ).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANJOY K ROY whose telephone number is (571)270-0675.  The examiner can normally be reached on 9 AM - 5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SANJOY ROY/
Examiner, Art Unit 2443


/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443