Ex Parte MARTINELLIDownload PDFPatent Trial and Appeal BoardJan 29, 201914546018 (P.T.A.B. Jan. 29, 2019) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 14/546,018 11/18/2014 21839 7590 01/31/2019 BUCHANAN, INGERSOLL & ROONEY PC POST OFFICE BOX 1404 ALEXANDRIA, VA 22313-1404 FIRST NAMED INVENTOR Andres MARTINELLI UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 1003301-000502 9356 EXAMINER DESROSIERS, EV ANS ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 01/31/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ADIPDOC 1@BIPC.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Exparte ANDRES MARTINELLI 1 Appeal2017-002776 Application 14/546,018 Technology Center 2400 Before KAL YANK. DESHPANDE, JASON V. MORGAN, and HUNG H. BUI, Administrative Patent Judges. MORGAN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Introduction This is an appeal under 35 U.S.C. § 134(a) from the Examiner's Non- Final Rejection of claims 1-17. Appellant waived a requested oral hearing. Notice of Hearing Response (Sept. 25, 2018). We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 Appellant is the applicant and real party in interest, Axiomatics AB. Appeal Br. 2. Appeal2017-002776 Application 14/546,018 Invention Appellant discloses a permissions provisioning module that includes a policy evaluator to evaluate an access query against an attribute-based access control (ABAC) policy and a data adapter to format permission data into access control lists for deployment in a computer system. Abstract. Illustrative Claim (key limitations emphasized) 1. A permissions provisioning module adapted to interact with a computer system, which comprises: a plurality of resources, each resource being associated with an access control list (ACL) indicating permissions in respect of the resource; memory storing system metadata including metadata associated with the resources or metadata associated with principals of the system or both; an access control mechanism configured to selectively restrict principals' access to a resource in accordance with its associated ACL, wherein the access control mechanism of the computer system operates outside direct influence of the ABAC policy; and a processor configured to perform the functions of: a policy evaluator configured to evaluate an access query against an attribute-based access control (ABAC) policy based on a collection of attribute values at least sufficient to evaluate against the ABAC policy, which is retrievable by the policy evaluator and includes access rules expressed in terms of attributes; a data adapter configured to receive the system metadata and assign values to said attributes in the ABAC policy in accordance with the metadata, the attribute values being arranged resource-wise and principal-wise; and a permissions calculator configured to query the policy evaluator on combinations of resources and principals using the attribute values assigned by the data adapter, and to supply resulting permission data to the data adapter, 2 Appeal2017-002776 Application 14/546,018 wherein the data adapter is configured to arrange said permission data resource-wise, generate system-readable ACLs based thereon and supply the generated ACLsfor deployment in the system. Rejection The Examiner rejects claims 1-17 under 35 U.S.C. § I03(a) as being unpatentable over Creemer et al. (US 7,814,492 Bl; issued Oct. 12, 2010) ("Creemer") and Moran et al. (US 2003/0088786 Al; published May 8, 2003) ("Moran"). Non-Final Act. 3-9. EXAMINER'S DETERMINATIONS AND CONCLUSIONS In rejecting claim 1, the Examiner finds Cree mer' s use of an authorization routine that uses access control lists teaches or suggests "a policy evaluator configured to evaluate an access query against an attribute- based access control (ABAC) policy ... based on a collection of attribute values at least sufficient to evaluate against the ABAC policy, which is retrievable by the policy evaluator and includes access rules expressed in terms of attributes." Non-Final Act. 4 ( citing Creemer Fig. 3, col. 1, 11. 5 3- 62) ( emphasis omitted). The Examiner relies on Moran's process for using enhanced access control lists to teach or suggest a data adapter "configured to arrange said permission data resource-wise, generate system-readable ACLs based thereon and supply the generated ACLs for deployment in the system." Non-Final Act. 5 (citing Moran Fig. 9, ,r,r 114--18). 3 Appeal2017-002776 Application 14/546,018 APPELLANT'S CONTENTIONS AND OUR ANALYSIS Appellant contends the Examiner erred in finding Moran teaches or suggests generating access control lists for deployment in the system because Moran's process "is simply directed towards the use of pre- established ACLs for authorization processes." Appeal Br. 12. That is, Appellant argues "Moran only discloses that existing ACLs may be used ... in authorization processes," rather than disclosing a process for "supplying generated ACLs for deployment." Id. at 13 ( citing Moran ,r 32); see also Reply Br. 6. In response, the Examiner takes the position that Moran's action grouping mechanism, in which each action within an action group is tagged to allow "a more descriptive and extensible permission mechanism" (Moran ,r 29) teaches or suggests the claimed access control list generation because "action permission indicators can be reused for unique action definitions" (Ans. 8 (citing Moran ,r 109) (emphasis omitted)). Appellant's arguments are persuasive of Examiner error. The Examiner's findings show that Creemer teaches using access control lists to determine whether to process a named job and that Moran teaches using enhanced access control lists to determine whether a user, either individually or as a member of a user group, is authorized to perform a requested action on a protected object. See Non-Final Act. 4--5 (citing, e.g., Creemer col. 1, 11. 53---62; Moran ,r,r 32, 114--18). The Examiner does not show, however, that Creemer and Moran teach or suggest the use of a data adapter to generate system-readable access control lists in the claimed manner (i.e., based on arranged permission data supplied by querying an attribute-based access control policy evaluator). 4 Appeal2017-002776 Application 14/546,018 The Examiner's reliance on the combined teachings of Creemer and Moran is particularly problematic because the Examiner relies on Creemer' s access control lists to teach or suggest an attribute-based access control policy (see Ans. 5 ( citing Creemer col. 6, 11. 52-56)), but fails to provide persuasive findings or explanation showing that Moran teaches or suggests querying a policy evaluator that uses access control lists----or data for some other attribute-based access control policy-for purposes of generating enhanced access control lists. Rather, the Examiner merely identifies teachings in Moran related to extended features of enhanced access control lists (see Ans. 8 (citing Moran ,r 109)) and the use of enhanced access control lists in determining whether a user is authorized to perform a requested action on a protected resource (see Non-Final Act. 5 (citing Moran ,r,r 32, 114--18, Fig. 9)). For these reasons, we agree with Appellant that the Examiner's findings do not show that the combination of Creemer and Moran teaches or suggests the disputed recitations of claim 1. See Appeal Br. 12-13. Claim 14---reciting a computer system that further comprises "the permissions provisioning module of claim I "-includes the disputed recitations of claim 1. Claims 16 and 1 7 similarly recite "arranging said permission data resource-wise and generating system-readable ACLs based thereon." The Examiner unpersuasively rejects these claims for similar reasons to claim 1. See Non-Final Act. 9. Accordingly, we do not sustain the Examiner's 35 U.S.C. § I03(a) rejection of claims 1, 14, 16, 17, and dependent claims 2-13 and 15. 5 Appeal2017-002776 Application 14/546,018 DECISION We reverse the Examiner's decision rejecting claims 1-17. REVERSED 6 Copy with citationCopy as parenthetical citation
