DETAILED ACTION
This office action is in response to the application filed on 03/30/2021. Claims 1-20 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s benefit claim is hereby acknowledged of the U.S patent application 16/212,475, filed on 12/06/2018, which papers have been placed on record in the file.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 3-18 and 21-22 of any patents granted on application No. 16/212,475. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both claiming a common subject matter, “using a document-level attribute-based access control (ABAC) service to collect security attributes of a group of users for a first service, map the security attributes to a particular user based on metadata from a second service to determine whether to provide access to a document to the particular user based on the applied mapping.”.

Notes on Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation is: “A system comprising a document-level attribute-based access control service configured to”, in claims 15 and 20 and “wherein the document-level attribute-based access control service is configured to” in claim 17.  
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 15, 17 and 20 are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

The Structure and description of such a system is being illustrated by drawing FIG. 8 and at least description paragraphs [0064] and [0065].

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-2, 4-7, 9, 11-13 and 15-18, are rejected under AIA  35 U.S.C. 102(a) (1) as being unpatentable over Ture et al.  (U.S Pub No. 2007/0208714 A1, referred to as Ture).
Regarding claim 1, Ture teaches:
A computer-implemented method for document-level attribute-based access control (ABAC) (¶ 0019; ¶ 0021- ¶ 0022; ¶ 0146), the computer-implemented method comprising: 
establishing security attributes for a plurality of users, actions, and resources for a first service (¶ 0014; ¶ 0015; ¶ 0019, “Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise (a first service).”; ¶ 0021- ¶ 0022; ¶ 0146); 

mapping the security attributes to a particular user, of the plurality of users, based on metadata of the particular user received from a second service, the metadata providing dynamic input and being indicative of permissions granted to the particular user within the second service as well as information that is indicative of the particular user within the second service (¶ 0021, “The security values can be for attributes such as grant or deny attributes, and can include information such as role, group, or project information associated with the user (metadata).”; ¶ 0022; ¶ 0146; Fig. 3, Item 304; ¶ 0087, “When a user performs a search through the query layer, the database 310 (e.g., through Xbase) uses OID 304 (a second service) to retrieve the list of roles/groups to which the user belongs”; ¶ Fig. 23; Fig. 24; ¶ 0163; ¶ 0164; ¶ 0173, “the URL template can be parameterized such that values for attributes such as “date” and “userid” can be filled in dynamically (dynamic input) at query time.”); 
applying the mapping to a query and a role of the particular user, such that access is restricted to a document, of the first service resulting from the query, based on having each of a set of the security attributes (¶ 0021; ¶ 0084; ¶ 0086; ¶ 0087; ¶ 0091; ¶ 0092); and 
determining whether to provide access to the document to the particular user as a function of the applying of the mapping (¶ 0091; ¶ 0092).

Regarding claim 15, Ture teaches:
A system comprising a document-level attribute-based access control service (¶ 0019; ¶ 0021- ¶ 0022; ¶ 0146), configured to: 
establish a plurality of security attributes to a plurality of users, actions, and resources for a first service (¶ 0014; ¶ 0015; ¶ 0019, “Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise (a first service).”; ¶ 0021- ¶ 0022; ¶ 0146); 
map security attributes of the plurality of security attributes to a particular user, of the plurality of users, based on metadata of the particular user received from a second service; the metadata providing dynamic input and being indicative of permissions granted to the particular user within the second service as well as information that is indicative of the particular user within the second service  (¶ 0021, “The security values can be for attributes such as grant or deny attributes, and can include information such as role, group, or project information associated with the user (metadata).”; ¶ 0022; ¶ 0146; Fig. 3, Item 304; ¶ 0087, “When a user performs a search through the query layer, the database 310 (e.g., through Xbase) uses OID 304 (a second service) to retrieve the list of roles/groups to which the user belongs”; ¶ Fig. 23; Fig. 24; ¶ 0163; ¶ 0164; ¶ 0173, “the URL template can be parameterized such that values for attributes such as “date” and “userid” can be filled in dynamically (dynamic input) at query time.”); 
apply the mapping to a query and a role of the particular user, such that access is restricted to a document, of the first service resulting from the query, based on having each security attribute of a set of the security attributes (¶ 0021; ¶ 0084; ¶ 0086; ¶ 0087; ¶ 0091; ¶ 0092); and 
 
determine whether to provide access to a document to the particular user as a function of the applying of the mapping (¶ 0091; ¶ 0092).

Regarding claim 2, Ture teaches all the features of claims 1, as outlined above.
Ture further teaches:
wherein the first service comprises a search engine service and the second service comprises a directory service (¶ 0014; ¶ 0015; ¶ 0019; Fig. 3, Item 304; ¶ 0087).

Regarding claim 4, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
receiving an access request for the first service from a computing device associated with the particular user (Fig. 42; ¶ 0279; ¶ 0281, “Such servers may be used to process requests from user computers 4212, 4214, 4216, 4218. The applications can also include any number of applications for controlling access to resources of the servers 4202, 4204, 4206”).

Regarding claim 5, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
wherein the applying the mapping comprises: evaluating the security attributes for a query regarding the particular user of the users and the first service (Fig. 13; ¶ 0130, “A security filter (evaluate), such as may be in the form of a stored query expression (SQE), is generated to represent the user, and filter is used along with the search query to retrieve documents securely”; Fig. 14, steps 1408, 1410; ¶ 0131).
determining, based at least in part on the metadata for the user, whether, in a received command, the security attributes for the particular user meet each of a plurality of specified conditions (Fig. 13; ¶ 0130, “Only documents with security attributes (each of a plurality of specified conditions) matching the security filter are returned.”; Fig. 14, steps 1408, 1410; ¶ 0131); and
 based on the determining that the security attributes for the particular user do not satisfy each of the plurality of specified conditions, not authorizing access to actions and resources of the first service specified in the command (Fig. 13; ¶ 0130, “Only documents with security attributes matching the security filter are returned.”; Fig. 14, step 1412; ¶ 0131; ¶ 0140).

Regarding claim 6, Ture teaches all the features of claim 5, as outlined above.
Ture further teaches:
further comprising based on the determining that the security attributes for the particular user do satisfy each of the plurality of specified conditions, authorizing access to actions and resources, as specified in the command, of the first service (Fig. 13; ¶ 0130, “Only documents with security attributes matching the security filter are returned.”; Fig. 14, step 1412; ¶ 0131; ¶ 0140).

Regarding claim 7, Ture teaches all the features of claim 5, as outlined above.
Ture further teaches:
wherein the specified conditions comprise matching a plurality of terms and corresponding security attributes for the particular user (Fig. 13; ¶ 0130; Fig. 14, step 1412; ¶ 0131; ¶ 0140, “Only documents with security attribute values that match the security filter will be returned to the user. In this way the GRANT and DENY attributes are opened up to admin and data source implementers.”).

Regarding claim 9, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
wherein the query comprises an aggregation or a search query (¶ 0130).

Regarding claim 11, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
wherein the determining comprises restricting access to the resources to the particular user as a function of the mapping and a combination of the security attributes (Fig. 13; ¶ 0130; Fig. 14, step 1412; ¶ 0131; ¶ 0140, “Only documents with security attribute values that match the security filter will be returned to the user. In this way the GRANT and DENY attributes are opened up to admin and data source implementers.”).

Regarding claim 12, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
wherein the determining comprises restricting access of the particular user to one or more of the actions (¶ 0018, “the enterprise application business components can have a variety of different attributes that can specify whether a particular user can see a particular action or document.”).

Regarding claim 13, Ture teaches all the features of claim 1, as outlined above.
Ture further teaches:
wherein the security attributes for the particular user include at least one of: a membership, a certification, years of service, and physical location (¶ 0018, “These attributes can include, for example, date, user ID, location, etc.”).

Regarding claim 16, Ture teaches all the features of claim 15, as outlined above.
Ture further teaches:
wherein the document-level attribute-based access control service is distinct from and communicatively coupled to the first service and the second service (¶ 0014; ¶ 0015; ¶ 0019, “Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise (first service).”; ¶ 0021- ¶ 0022; ¶ 0146), the directory service managing user information and permissions for users(¶ 0021, “The security values can be for attributes such as grant or deny attributes, and can include information such as role, group, or project information associated with the user (metadata).”; ¶ 0022; ¶ 0146; Fig. 3, Items 302, 304, 306 (Crawler) (a document-level attribute-based access control service); ¶ 0087, “When a user performs a search through the query layer, the database 310 (e.g., through Xbase) uses OID 304 (second service) to retrieve the list of roles/groups to which the user belongs”.).

Regarding claim 17, Ture teaches all the features of claim 15, as outlined above.
Ture further teaches:
wherein the document-level attribute-based access control service is configured to function as an application programming interface between the first service and the second service, the document-level attribute-based access control service providing the mapping and an assignment of security attributes and roles to the users (¶ 0020, The framework can include a plurality of application program interfaces (APIs) that each allow the user to be authenticated against a different application or secure data source; ¶ 0085, “The crawling component has an extensible plug-in API  (document-level attribute-based access control service is configured to function as an application programming interface), which allows various crawlers to be plugged into the SES system. SES can provide basic/default crawlers 202 out of the box for crawling web sources, database tables, file systems, and other such resources 204. An SES data store 206 can accept a document (that may be virtual) and a set of attributes corresponding to that document”).

Regarding claim 18, Ture teaches all the features of claim 15, as outlined above.
Ture further teaches:
wherein the first service comprises a search engine service and the second service comprises an attribute management directory service of a network protocol layer (¶ 0280).




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was.


Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Ture in view of Roever et al. (U.S Pub No. 2013/0036476A1, referred to as Roever).

Regarding claim 8, Ture teaches all the features of claim 1, as outlined above.
Ture does not explicitly disclose, however Roever teaches:
wherein the mapping utilizes a Mustache template such that the metadata for the particular user is provided to a Mustache engine for evaluating the Mustache template (Roever: Fig. 5; Fig. 7; ¶ 0059- ¶ 0061; ¶ 0072; ¶ 0074- ¶ 0076; ¶ 0092; ¶ 0111; ¶ 0129- ¶ 0150). 
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ture by Roever and provide a user with a Mustache template to use for submitting a request in order for an authorization server to generate a token which is used to produce a valid voucher. (Roever: Fig. 5; ¶ 0059- ¶ 0061).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Ture in view of Ellison et al. (U.S Pub No. 2008/0313712 A1, referred to as Ellison).

Regarding claim 14, Ture teaches all the features of claim 1, as outlined above.
Ture does not explicitly disclose, however Ellison teaches:
wherein the security attributes include a period for which the certification is valid for the particular user, the 24PA9128USdetermining comprising restricting access to the user if the certification is no longer valid or has lapsed (Ellison: Fig. 3; ¶ 0062; Fig. 10; ¶ 0085).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Ture by Ellison to include a certificate validation process, in order to allow access to resources only after determining that the certificate is valid. (Fig. 10; ¶ 0085).

Allowable Subject Matter
Claims 3, 10 and 19 would be allowable, should Applicant overcome the Non-Statutory Double Patenting rejection set forth in this office action and if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim 20 would be allowable, should Applicant overcome the Non-Statutory Double Patenting rejection set forth in this office action.

The following is an examiner’s statement of reasons for identifying allowable subject matter.	

The closest prior arts made of records are, Ture et al.  (U.S Pub No. 2007/0208714 A1, referred to as Ture) and Ellison et al. (U.S Pub No. 2008/0313712 A1, referred to as Ellison).

Ture discloses architecture, which allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. 

Ellison discloses systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates.
However, regarding claim 3, the prior art of Ture and Ellison when taken in the context of the claim as a whole do not disclose nor suggest, “wherein the mapping of the security attributes is defined by a domain-specific language having parameters that match with one or more of the security attributes assigned to the particular user from the second service.”.

Regarding claim 10, the prior art of Ture and Ellison when taken in the context of the claim as a whole do not disclose nor suggest, “wherein, based on the security attributes, the users can only take an action from a resource if: the particular user of the users is allowed to take the action, and the resource is at an attribute specified physical location, and security training of the particular user is up to date.”.
  
Regarding claim 19 and 20, the prior art of Ture and Ellison when taken in the context of the claim as a whole do not disclose nor suggest, “wherein, based on the security attributes, the users take an action from a resource if the particular user of the users is allowed to take the action, the resource is at an attribute specified physical location, and security training of the particular user is up to date.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HASSAN SAADOUN/Examiner, Art Unit 2435                                                                                                                                                                                                        
/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435