International Business Machines Corporation

Patent Trials and Appeals Board

Mar 1, 2022

2021000591 (P.T.A.B. Mar. 1, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/795,048 10/26/2017 Vincent Burckhardt P201704605US01 8923 138363 7590 03/01/2022 IBM CORP. (Shackelford) c/o Shackelford, Bowen, McKinley & Norton, LLP 9201 N. Central Expressway Fourth Floor DALLAS, TX 75231 EXAMINER NOAMAN, BASSAM A ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 03/01/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): rvoigt@shackelford.law PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte VINCENT BURCKHARDT, ANDRE FISCHER, OLGIERD PIECZUL, JÜRGEN SCHMIDT, and XIAO F. YU ____________________ Appeal 2021-000591 Application 15/795,048 Technology Center 2400 ____________________ Before ROBERT E. NAPPI, MARC S. HOFF, and JOYCE CRAIG, Administrative Patent Judges. NAPPI, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 8 through 21. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). According to Appellant, International Business Machines Corporation is the real party in interest. Appeal Br. 1. Appeal 2021-000591 Application 15/795,048 2 INVENTION The invention is directed to managing microservice-based applications where a permissions validator is used to compute effective permissions in response to client requests. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions. Abstr. Claim 8 is illustrative of the invention and is reproduced below. 8. A computer program product to support management of an application for clients, the clients being available for use by system actors, and the application providing one or more resources for clients, each resource being associated with at least one application, and each application comprising a plurality of microservices, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising the programming instructions for: receiving a request by a client, made under instruction of a system actor, to access a resource in order to perform a function; computing a set of effective permissions in response to the request from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions, the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the resource’s requestable functions for said system actor; and granting or denying the request conditional on the effective permissions being at least a subset of the permissions required to be given by any of the application’s microservices that are needed for the resource being requested. Appeal Br. 45 (Claims App.). Appeal 2021-000591 Application 15/795,048 3 EXAMINER’S REJECTION2 The Examiner has rejected claims 8 through 21 under 35 U.S.C. § 103 as unpatentable over Jones (US 2018/0302391 A1; pub. Oct. 18, 2018) and Lander (US 2017/0331829 A1; pub. Nov. 16, 2017). Final Act. 28-35. ANALYSIS We have reviewed Appellant’s arguments in the Briefs, the Examiner’s rejection, and the Examiner’s response to Appellant’s arguments. Appellant’s arguments have persuaded us of error in the Examiner’s rejection of claims 8 through 21. Appellant presents several arguments with respect to the Examiner’s rejection of independent claims 8 and 15. Appeal Br. 4-20. The dispositive issue presented by Appellant’s arguments is did the Examiner err in finding the combination of Jones and Lander teaches “computing a set of effective permissions in response to the request from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions, the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the 2 Throughout this Decision we refer to the Appeal Brief filed July 28, 2020 (“Appeal Br.”); Reply Brief, filed October 29, 2020 (“Reply Br.”); Final Office Action mailed April 9, 2020 (“Final Act.”); and the Examiner’s Answer mailed September 10, 2020 (“Ans.”). Appeal 2021-000591 Application 15/795,048 4 resource’s requestable functions for said system actor” as recited in claim 8 and similarly recited in claim 15? Appeal Br. 5-10. The Examiner finds that Jones teaches the claimed method of computing permissions. Final Act. 29 (citing Jones Fig. 2B, ¶¶ 28-30), Ans. 5- 7 (citing Jones Fig. 2B, ¶¶ 23, 28, 29). Specifically, the Examiner equates the user identity of Jones to the claimed client/user permission; the user roles in Jones to the claimed actor permissions; and the permissions of Jones to the claimed resource permissions. Ans. 5. The Examiner states: A particular user/client and the associated identity is mapped against the associated roles, where the resulting roles are mapped against their associated permissions, resulting into a final mapping, which results into the user associated with a set of permission resources, construed as effective permission. Phrased differently. in terms of Logic gates and Venn diagram, Jone[s]’s disclosure determines the intersection between 1) the particular user of a number of users on clients, 2) associated roles out of a number of roles, and 3) associated permissions out of many permission resources in order to determine the effective permission associated with the particular user. i.e. (Users identity on client ∩ user’s role ∩ permissions). Examiner further asserts that when a user initiates a request to access resources, the ability for the user to be allocated a permission, i.e. effective permission, is based on the computer, computing/ mapping/correlating/determining the intersection of the aforementioned parameters, i.e. the computer determining the user’s identity on a client computer out of many users, roles out of many roles and permissions out of many permissions. Ans. 6-7. We have reviewed the cited teachings of Jones and disagree with the Examiner’s finding that Jones teaches the claimed feature of computing effective permissions from an intersection of a set of client Appeal 2021-000591 Application 15/795,048 5 permissions, a set of resource permissions and actor permissions. Each of independent claims 8 and 15 recites that the effective permission is computed from the intersection of three sets of permissions. Both of the independent claims also recite that “the actor permissions being permissions assigned to a system actor, the client permissions being permissions assigned to a client for said system actor; and the resource permissions being permissions assigned to the resource’s requestable functions for said system actor.” The Examiner’s analogy shows that Jones determines permissions of a client based upon clients being assigned to roles. However, the Examiner has not cited sufficient evidence to show that Jones teaches that there are three sets of permissions (i.e., a set of permissions assigned to an actor, a set assigned to the client, and a set assigned to the resources), and that the intersection of these three sets is used to compute the effective permissions. Accordingly, we do not sustain the Examiner’s rejection of independent claims 8 and 15 or dependent claims 9 through 14, and 16 through 21 similarly rejected based upon the combination of Jones and Lander. CONCLUSION We reverse the Examiner’s rejection of claims 8 through 21. Appeal 2021-000591 Application 15/795,048 6 DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 8-21 103 Jones, Lander 8-21 REVERSED