DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
Claims 1-2, 4, 6, 9, 11-12, 14, 16 have been amended and claims 7-8, 17-18 have been canceled.  Claims 1-6, 9-16 and 19-20 are pending.

Claim Objections / Construction
Claims 2, 4, 12, 14 are objected to because of the following informalities: 
Acronym characters should be first spelled out and then enclosed within parentheses.  
For the claim 4, which depends on claim 1, the acronym JSON should be spelled out accordingly.
Appropriate correction is required.

Further, Independent claims recite limitation – “whether the user is permitted to control the data of the object”.  The supporting paragraphs are construed to be [0015] (published version) “determinations concerning fine-grained access control for an object” and [0019] “entitlements may limit who can see the data or not see the data and then control the use of the data”.  Therefore, the “determining whether the user is permitted to control the data of the object” is interpreted as determining whether the user is permitted to control a use of the data of the object.  If the applicant disagrees with such interpretation, the applicant is advise to indicate of what actually constitutes “control the data of the object.”

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9-16 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Plattner et al. (US 2014/0157370) in view of Curtis et al. (US 11,108,828) and in further view of Maker et al. (US 2018/0026984).

Regarding claim 1, Plattner teaches a system that implements an open policy agent bridge for entitlements determination, the system comprising: 
an electronic input that interfaces with a user over a communication network; a first memory component that stores and manages Open Digital Rights Language (ODRL) data; a second memory component that stores and manages policy data; and a policy engine comprising a computer processor and coupled to the electronic input, the first memory and the second memory; the computer processor is further configured to perform the steps of: 
receiving, via a communication network, an entitlement query input associated with an object from a requestor wherein the object relates to a security object ([0268], [0347], [0376]); 
responsive to the entitlement query input, extracting ODRL data corresponding to the object ([0302], [0304], [0311]) at run time ([0265]-[0266], [0274], [0277], [0298] “a query of the inquirer is forwarded to the access control”, [0302] ); 
extracting, at run time ([0266] “possible to change access rights at any time”, [0288], [0291, [0302]]), policy data based on digital rights management (DRM) ([0266], [0274]) corresponding to the object ([0305]); 
generating, via the policy engine, an entitlement determination based on the ODRL data and the policy data ([0306]), wherein the entitlement determination includes determinations of:
whether the user is permitted to see data of the object ([0268], [0288], [0304]), 
whether the user is permitted to control the data of the object ([0321] see “restricts data leakage”, “access rights is the foundation of restricting further access to sensitive business data”, [0417]), 
one or more prohibitions placed on the user for the object ([0268] “owner hides the majority of details from the querying business partner”), one or more actions permitted by the user to perform for the object ([0298] “owner of the event data encrypts it to prevent the client from accessing it unfiltered”, [0304], [0306]), and 
one or more duties that the user is obligated to perform in accordance with the DRM ([0417] “Due to the defined access rules, medical doctors are able to see detailed information of patients to treat. In contrast, medical researchers do not need to access all patient data for their work, e.g. to perform statistical analysis”, wherein treating a patient or reporting (statistical analysis) is an obligated duty); 
generating an entitlements query result ([0265], [0288], [0313]-[0314], [0335]); and 
transmitting, via a communication network, the entitlements query result to a recipient ([0303], [0314]).

Plattner teaches that access to the object is controlled by various policies.  Plattner also teaches preventing a leakage of the object, which is construed to be analogous to control a use of the data of the object (see Claim Construction above).
However, if Plattner does not explicitly teach, Curtis discloses whether the user is permitted to control the data of the object (C34L24-34, C39L30-34). 
It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of Plattner to have entitlement determination include whether the user is permitted to control the data of the object as disclosed by Curtis.  Doing so would provide common, general-purpose policy language (Curtis C30L26-30).

Plattner teaches that different users have different access rights, based on mapping between a user query and a data access policy [0287].  When user retrieves assets (object) an encryption key for the results is generated [0286].  Such encryption key is part of “security extensions” [0304].  Thus, it is reasonable to conclude that requested asset with security extensions and encryption keys is analogous to the “object relates to a security object”.
However, to merely obviate such reasoning, Maker discloses object relates to a security object in [0074], [0081], [0084].  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Plattner to include a security object as disclosed by Maker.  Doing so would provide ability to securely create and share large volumes of content among trusted collaborators (Maker [0003]).

Regarding claim 11, Plattner teaches a method that implements an open policy agent bridge for entitlements determination, the method comprising the steps of: receiving, via a communication network, an entitlement query input associated with an object from a requestor wherein the object relates to a security object; responsive to the entitlement query input, extracting Open Digital Rights Language (ODRL) data corresponding to the object from a first memory component; extracting policy data based on digital rights management (DRM) corresponding to the object from a second memory component; generating, via a policy engine, an entitlement determination based on the ODRL data and the policy data, wherein the entitlement determination includes determinations of: whether the user is permitted to see data of the object, whether the user is permitted to control the data of the object, one or more prohibitions placed on the user for the object, one or more actions permitted by the user to perform for the object, and one or more duties that the user is obligated to perform in accordance with the DRM; generating an entitlements query result; and transmitting, via a communication network, the entitlements query result to a recipient.
Claim 11 recites substantially the same limitations as claim 1, and is rejected for substantially the same reasons.

Regarding claims 2 and 12, Plattner as modified teaches the system and the method, wherein the entitlement query input is in JSON (JavaScript Object Notation) format (Plattner [0417], Maker [0084]).

Regarding claims 3 and 13, Plattner as modified teaches the system and the method, wherein the ODRL data covers market data (Plattner [0005] “globalized market, supply chains”, [0012], [0064], [0414], F9).

Regarding claims 4 and 14, Plattner as modified teaches the system and the method wherein the ODRL data is in JSON or YAML (Yet Another Markup Language) format (Plattner [0417], Maker [0084]).

Regarding claims 5 and 15, Plattner as modified teaches the system and the method, wherein the policy data relates to market data (Plattner [0005] “globalized market, supply chains”, [0012], [0064], [0414], F9).

Regarding claims 6 and 16, Plattner as modified does not explicitly teach, however Curtis discloses the system and the method, wherein the policy data is in a rights expression language (C30L26-30).
It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of Plattner as modified to include policy data is in a rights expression language as disclosed by Curtis.  Doing so would provide common, general-purpose policy language (Curtis C30L26-30).

Regarding claims 9 and 19, Plattner as modified teaches the system and the method, wherein the entitlement determination further identifies whether the object can be used or accessed in a specified manner (Plattner [0317], Maker [0058], [0087]).

Regarding claims 10 and 20, Plattner as modified teaches the system and the method, wherein the entitlement determination is based at least in part on corporate structure (Plattner [0270], Maker [0056], [0091]) 
Plattner as modified does not explicitly teach, however Curtis discloses corporate structure (C26L59-62, C28L61-67) and hierarchy data (C8L26-44).
It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of Plattner as modified to include hierarchy data as disclosed by Curtis.  Doing so would provide various types of data storage and structure.

Response to Arguments
Applicant's arguments filed 11/30/2022 have been fully considered but they are not persuasive. The applicant argues that a newly amended limitations, specifically “one or more duties that the user is obligated to perform in accordance with the DRM.”  However, it is noted that Plattner discloses a business system, wherein any job is an obligational duty by an employee.  Plattner teaches taking into an account a job position for a querying user.  A doctor, surely have an obligational duty to the patient, as at least by taking a Hippocratic Oath historically taken by physicians.  Plattner also teaches a different rights for a statistician performing data analysis, which surely a reporting duties, analogous to the applicant’s own specification.  
It is also noted that the new amendments are somewhat repetitive. The permission to see object, prohibitions placed on the user for the object or controlling the usage of the object are essentially the same thing.
Applicant's remaining arguments in regard to the presently amended claims are addressed in the updated rejections to the claims above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to POLINA G PEACH whose telephone number is (571)270-7646. The examiner can normally be reached Monday-Friday, 9:30 - 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on 571-270-1760. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/POLINA G PEACH/Primary Examiner, Art Unit 2165                                                                                                                                                                                                        December 14, 2022