MANAGING ACCESS CONTROL USING POLICY EVALUATION MODE

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/21/2026 has been entered. Response to Amendment The amendment filed 01/21/2026 has been entered. Claims 1-2, 11-12, 14-16 and 20 have been amended. No Claims have been canceled. Claims 1-20 remain pending in the application. Response to Arguments Regarding Applicant’s arguments, on page 9 paragraphs 1-3 of the remark filed on 01/21/2026, on the combination being improper for Pugalia et al. (U.S Pub. No. 20220201043) with modifications to incorporate Poiesz et al. (U.S. Pub. No. 20170011215) as it would render inoperable for its intended purpose, arguments are persuasive Regarding Applicant’s arguments, on page 7-12 of the remark filed on 01/21/2026, on the limitations of independent Claim 1: “the policy evaluation mode being activated for the first access control policy, for a threshold amount of time to allow the identity to access the resource for the threshold amount of time, in response to a policy change to the first access control policy indicating that the identity no longer has the access to access the resource;,”, arguments are persuasive. Therefore, the 35 U.S.C. 103 rejection Pugalia et al. (U.S Pub. No. 20220201043) further in view of Poiesz et al. (U.S Pub. No. 20170011215), has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Barboi et al. (U.S. Pub. No. 20190028514), Meriac et al. (U.S. Pub. No. 20170257372) further in view of Chari et al. (U.S. Pub. No. 20140359692)). Please refer to the 35 U.S.C. 103 section below for a detailed explanation. For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 7-12, regarding allowance of the application. Examiner asserts that claims 1-20 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below. Conclusion: Barboi- Meriac-Chari teaches the aforementioned limitations of independent claims 1, 11 and 20 rendering the claim limitations obvious before the effective date of the claimed invention. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification. Claim Objections Claim 1 objected to because of the following informalities: In regards to Claim 1, the applicant recites the limitation “regular mode that allows the identity to access the resource”. This is a typographically error as the end of the claims should have a period “ . ” with the appropriate punctuation. Appropriate correction is required. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 6, 11, 14, 16 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”) and Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”) further in view of Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”). In regards to Claim 1, Barboi teaches a method comprising: receiving, from an identity, a request to access a resource by the identity; (Par. (0005, 0023); receiving a request to access resource from computer device)), (Par. (0040-0041); receiving a request to access resource by the identity (computer device with network account of user)) identifying, from one or more access control policies comprising a permission for the identity to access the resource, (Par. (0049); identifying,(determine), from one or more access control policies (based on applying a policy) comprising a permission for the identity to access the resource (whether network account of user seeking access to the privileged resource should be granted upon obtaining access)) the policy evaluation mode being activated for the first access control policy, for a threshold amount of time to allow the identity to access the resource for the threshold amount of time, (Par. (0049-0050); the policy evaluation mode (authentication and management server that manages privileged access and monitors actions performed by privileged user)) (Par. (0070, 0077-0080); the policy evaluation mode being activated for the first access control policy (authentication and management server performing elements and identifications) for a threshold amount of time to allow the identity to access (policy may set a time duration limit for privileged resource and access and when exceeding time a withdrawal and “no longer access to privileged resource)) in response to a policy change to the first access control policy indicating that the identity no longer has the access to access the resource; (Par. (0079); in response to a policy change (abnormalities detected in activity and policy changes to set time duration limit for privileged on-demand membership, when exceeded privileged withdrawn (indicating no access after time duration limit)), (Par. (0079); identity no longer has the access (determining network account should no longer have access corresponding to monitoring time duration limit and withdrawing privileges)), (Par. (0081); in response to a policy change (granting modification to access token to change to different privileged), policy indicating that the identity no longer has the access (access token is revoked and canceled)) Barboi does not explicitly teach a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission-revoking change to a control policy for a temporary time period and causes a pre-change version of the control policy to be in effect during the temporary time period, determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource Wherein Meriac teaches a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission-revoking change to a control policy for a temporary time period and (Par. (0006-0007); a first access control policy (access control list gives temporary access) that is capable of operating in a policy evaluation mode (electronic component with access control list) that overrides an access-permission-revoking change to a control policy for a temporary time period (granting permission to override and then time-limited override is removed when expiry of time period is over and override back to prior setting after) causes a pre-change version of the control policy to be in effect during the temporary time period, (Par. (0006-0007); when the expiry of time period occurs, the time-limited override is removed, temporary access is gone and access control reverts to a pre-change version (prior setting)), (Examiner Note: In the specification there is no clear definition as to what pre-change version represents. Therefore it will be broadly and reasonably interpreted in light of the specification that “causes a pre-change version” refers to after a temporary period of access permissions expire and reverting override to a prior access control setting, roll back or previous access control)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi to incorporate the teaching of Meriac to utilize the above feature because of the analogous concept of access control policies and allowing access to resources based on permissions, with the motivation of regulating access based on permissions tampering and compromise can be prevented and the access control list and system can create trustworthy and confident users with access. By creating an override with temporary period of time and pre-change version a hierarchy and level of permission is created and priorities are met by users. (Meriac Par.(0018, 0031 and 0037)) Barboi and Meriac do not explicitly teach determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource Wherein Chari teaches in response to a policy change to the first access control policy indicating that the identity no longer has the access to access the resource; (Par. (0067-0070); access logs with privilege that is denied [..] in response to a policy change to the first access control policy (policy change is analyzed and determined based on access logs) that the identity no longer has the access to access the resource (access policy is changed with removal of an old policy thus negative or deny of access)), (Par. (0067); indicating that the identity no longer has the access to access the resource (policy change correlates to revoke access))(Examiner Note: Both Barboi and Chari teach the condition limitations “in response to a policy change to the first access control policy indicating that the identity no longer has the access to access the resource;” this mapping is to further clarify the condition both ways of “ in response to a policy change [..] determining a lack of further access” stated below) determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and (Par. (0070); determined a policy change and old rule was revoked), (Par. (0070); in a regular mode (general rule) that allows the identity to access the resource (policy change and administrators with error and changes from deny access to grant access)), (Examiner Note: in the instant application the specification states a regular mode to be a default mode for the policy therefore it will be broadly and reasonably interpreted that regular mode corresponds to general rule of the access policy)) authorizing the request using the first access control policy in the policy evaluation mode (Par. (0049); authorizing the user access request based of identified policy items)), (Par. (0084-0087); in the policy evaluation mode (role mining systems with permissions and policies)) based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource (Par. (0070); administrator with error in policy that is not correctly applied changes from negative (deny access) to positive (grant access) after determining the lack of further access (old rule revoked)), (Par. (0070); based on determining the lack of further access control policy in the regular mode (determining error and no access given based on change to general rule of old rule)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of enforcing when a user request access to a resource to verify and monitor usage that reflects high security level policy and ease load for system administrators from giving incorrect policy up-to-date and risk security of employees and organizations. (Chari Par. (0002-0006)) In regards to Claim 6, the combination of Barboi, Meriac and Chari teach the method of claim 1, Barboi further teaches the method of claim 1, wherein the first access control policy allows a plurality of identities to access the resource, (Par. (0046-0049); plurality of computer devices 101 and network accounts of users with determining if access should be granted; policy applied upon authenticating to seek access to privileged resources by computer devices)) the plurality of identities including the identity. (Par. (0054); granting identity (network account of user) read-write access)) In regards to Claim 11, Barboi teaches a system comprising: (Figure 1 label 100; system)) one or more processors and (Par. (0030); processors)) non-transitory computer-readable media comprising instructions that, when executed by the one or more processors, cause operations comprising: Par. (0030); processors and computer-readable media that store software instructions)) receiving, from an identity, a request to access a resource by the identity; (Par. (0005, 0023); receiving a request to access resource from computer device)), (Par. (0040-0041); receiving a request to access resource by the identity (computer device with network account of user)) determining one or more access control policies that correspond to the access to the resource; (Par. (0049); applying a policy and determining whether to grant access to privileged resources)) identifying, from one or more access control policies comprising a permission for the identity to access the resource, (Par. (0049); identifying,(determine) from one or more access control policies (based on applying a policy) comprising a permission for the identity to access the resource (whether network account of user seeking access to the privileged resource should be granted upon obtaining access)) the policy evaluation mode being activated for the first access control policy, for a threshold amount of time to allow the identity to access the resource for the threshold amount of time, (Par. (0049-0050); the policy evaluation mode (authentication and management server that manages privileged access and monitors actions performed by privileged user)) (Par. (0070, 0077-0080); the policy evaluation mode being activated for the first access control policy (authentication and management server performing elements and identifications) for a threshold amount of time to allow the identity to access (policy may set a time duration limit for privileged resource and access and when exceeding time a withdrawal and “no longer access to privileged resource)) in response to a policy change to the first access control policy;(Par. (0079); in response to a policy change (abnormalities detected in activity and policy changes to set time duration limit for privileged on-demand membership, when exceeded privileged withdrawn (indicating no access after time duration limit)), (Par. (0079); identity no longer has the access (determining network account should no longer have access corresponding to monitoring time duration limit and withdrawing privileges)), (Par. (0081); in response to a policy change (granting modification to access token to change to different privileged), policy indicating that the identity no longer has the access (access token is revoked and canceled)) Barboi does not explicitly teach identifying, from the one or more access control policies, (i) a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission- revoking change to a control policy for a temporary time period and causes a pre-change version of the control policy to be in effect during the temporary time period, determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. Wherein Meriac teaches identifying, from the one or more access control policies, (Par. (0048) identifying ACL (access control list) different permissions to different levels and priorities of users/owners)), (Par. (0019); identifying one or more policies (access control list with permissions and access right to users for objects) to access the resource (accessing objects)) (i) a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission- revoking change to a control policy for a temporary time period and (Par. (0006-0007); a first access control policy (access control list gives temporary access) that is capable of operating in a policy evaluation mode (electronic component with access control list) that overrides an access-permission-revoking change to a control policy for a temporary time period (granting permission to override and then time-limited override is removed when expiry of time period is over and override back to prior setting after) causes a pre-change version of the control policy to be in effect during the temporary time period, (Par. (0006-0007); when the expiry of time period occurs, the time-limited override is removed, temporary access is gone and access control reverts to a pre-change version (prior setting)), (Examiner Note: In the specification there is no clear definition as to what pre-change version represents. Therefore it will be broadly and reasonably interpreted in light of the specification that “causes a pre-change version” refers to after a temporary period of access permissions expire and reverting override to a prior access control setting, roll back or previous access control)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi to incorporate the teaching of Meriac to utilize the above feature because of the analogous concept of access control policies and allowing access to resources based on permissions, with the motivation of regulating access based on permissions tampering and compromise can be prevented and the access control list and system can create trustworthy and confident users with access. By creating an override with temporary period of time and pre-change version a hierarchy and level of permission is created and priorities are met by users. (Meriac Par.(0018, 0031 and 0037)) Barboi and Meriac do not explicitly teach determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. Wherein Chari teaches determining a lack of further access control policy in a regular mode that allows the identity to access the resource; and (Par. (0070); determined a policy change and old rule was revoked), (Par. (0070); in a regular mode (general rule) that allows the identity to access the resource (policy change and administrators with error and changes from deny access to grant access)), (Examiner Note: in the instant application the specification states a regular mode to be a default mode for the policy therefore it will be broadly and reasonably interpreted that regular mode corresponds to general rule of the access policy)) authorizing the request using the first access control policy in the policy evaluation mode (Par. (0049); authorizing the user access request based of identified policy items)), (Par. (0084-0087); in the policy evaluation mode (role mining systems with permissions and policies)) based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. (Par. (0070); administrator with error in policy that is not correctly applied changes from negative (deny access) to positive (grant access) after determining the lack of further access (old rule revoked)), (Par. (0070); based on determining the lack of further access control policy in the regular mode (determining error and no access given based on change to general rule of old rule)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of enforcing when a user request access to a resource to verify and monitor usage that reflects high security level policy and ease load for system administrators from giving incorrect policy up-to-date and risk security of employees and organizations. (Chari Par. (0002-0006)) In regards to Claim 14, the combination of Barboi, Meriac and Chari teach the system of claim 11, Chari further teaches generating a different access control policy based on a detected change to the first access control policy. (Par. (0029); different access control policies (different policies/multiple policies such as first and second policy item for same resource)), (Par. (0061); based on a detected change to the first access control policy (administrative error and policy changes) , generating a different access control policy (policy items with different access control (override, revocation, granting)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of detecting policy changes and preventing error and redundancy based on different policy items created. (Chari Par. (0061-0064)) In regards to Claim 16, the combination of Barboi, Meriac and Chari teach the system of claim 11, Barboi further teaches the system of claim 11, wherein the another access control policy allows a plurality of identities to access the resource, (Par. (0046-0049); plurality of computer devices 101 and network accounts of users with determining if access should be granted; policy applied upon authenticating to seek access to privileged resources by computer devices)), (Par. (0050); another access control policy (plurality of policies used by authentication and management server for access control)) the plurality of identities including the identity. (Par. (0054); granting identity (network account of user) read-write access)) In regards to Claim 20, Barboi teaches a non-transitory computer-readable medium comprising instructions that, when executed by one or more hardware processors of a device, cause the device to perform operations comprising: (Par. (0030); processors and computer-readable media that store software instructions)) receiving, from an identity, a request to access a resource by the identity; (Par. (0005, 0023); receiving a request to access resource from computer device)), (Par. (0040-0041); receiving a request to access resource by the identity (computer device with network account of user)) determining one or more access control policies that correspond to the access to the resource; (Par. (0049); applying a policy and determining whether to grant access to privileged resources)) identifying, from one or more access control policies comprising a permission for the identity to access the resource, (Par. (0049); identifying,(determine) from one or more access control policies (based on applying a policy) comprising a permission for the identity to access the resource (whether network account of user seeking access to the privileged resource should be granted upon obtaining access)) the policy evaluation mode being activated for the first access control policy, for a threshold amount of time to allow the identity to access the resource for the threshold amount of time, (Par. (0049-0050); the policy evaluation mode (authentication and management server that manages privileged access and monitors actions performed by privileged user)) (Par. (0070, 0077-0080); the policy evaluation mode being activated for the first access control policy (authentication and management server performing elements and identifications) for a threshold amount of time to allow the identity to access (policy may set a time duration limit for privileged resource and access and when exceeding time a withdrawal and “no longer access to privileged resource)) in response to a policy change to the first access control policy; (Par. (0079); in response to a policy change (abnormalities detected in activity and policy changes to set time duration limit for privileged on-demand membership, when exceeded privileged withdrawn (indicating no access after time duration limit)), (Par. (0079); identity no longer has the access (determining network account should no longer have access corresponding to monitoring time duration limit and withdrawing privileges)), (Par. (0081); in response to a policy change (granting modification to access token to change to different privileged), policy indicating that the identity no longer has the access (access token is revoked and canceled)) Barboi does not explicitly teach identifying, from one or more access control policies comprising a permission for the identity to access the resource, a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission-revoking change to a control policy for a temporary time period and causes a pre-change version of the control policy to be in effect during the temporary time period, determining a lack of further access control policy in a regular mode that allows the identity access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. Wherein Meriac teaches identifying, from one or more access control policies comprising a permission for the identity to access the resource, (Par. (0048) identifying ACL (access control list) different permissions to different levels and priorities of users/owners)), (Par. (0019); identifying one or more policies (access control list with permissions and access right to users for objects) to access the resource (accessing objects)) a first access control policy that is capable of operating in a policy evaluation mode that overrides an access-permission-revoking change to a control policy for a temporary time period and (Par. (0006-0007); a first access control policy (access control list gives temporary access) that is capable of operating in a policy evaluation mode (electronic component with access control list) that overrides an access-permission-revoking change to a control policy for a temporary time period (granting permission to override and then time-limited override is removed when expiry of time period is over and override back to prior setting after) causes a pre-change version of the control policy to be in effect during the temporary time period, (Par. (0006-0007); when the expiry of time period occurs, the time-limited override is removed, temporary access is gone and access control reverts to a pre-change version (prior setting)), (Examiner Note: In the specification there is no clear definition as to what pre-change version represents. Therefore it will be broadly and reasonably interpreted in light of the specification that “causes a pre-change version” refers to after a temporary period of access permissions expire and reverting override to a prior access control setting, roll back or previous access control)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi to incorporate the teaching of Meriac to utilize the above feature because of the analogous concept of access control policies and allowing access to resources based on permissions, with the motivation of regulating access based on permissions tampering and compromise can be prevented and the access control list and system can create trustworthy and confident users with access. By creating an override with temporary period of time and pre-change version a hierarchy and level of permission is created and priorities are met by users. (Meriac Par.(0018, 0031 and 0037)) Barboi and Meriac not explicitly teach determining a lack of further access control policy in a regular mode that allows the identity access the resource; and authorizing the request using the first access control policy in the policy evaluation mode based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. Wherein Chari teaches determining a lack of further access control policy in a regular mode that allows the identity access the resource; and (Par. (0070); determined a policy change and old rule was revoked), (Par. (0070); in a regular mode (general rule) that allows the identity to access the resource (policy change and administrators with error and changes from deny access to grant access)), (Examiner Note: in the instant application the specification states a regular mode to be a default mode for the policy therefore it will be broadly and reasonably interpreted that regular mode corresponds to general rule of the access policy)) authorizing the request using the first access control policy in the policy evaluation mode (Par. (0049); authorizing the user access request based of identified policy items)), (Par. (0084-0087); in the policy evaluation mode (role mining systems with permissions and policies)) based on determining the lack of further access control policy in the regular mode that allows the identity to access the resource. (Par. (0070); administrator with error in policy that is not correctly applied changes from negative (deny access) to positive (grant access) after determining the lack of further access (old rule revoked)), (Par. (0070); based on determining the lack of further access control policy in the regular mode (determining error and no access given based on change to general rule of old rule)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of enforcing when a user request access to a resource to verify and monitor usage that reflects high security level policy and ease load for system administrators from giving incorrect policy up-to-date and risk security of employees and organizations. (Chari Par. (0002-0006)) Claim(s) 2, 5 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”) and Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) further in view of Masjuan et al. (U.S. Pub. No. 20220086157, hereinafter referred to as “Masjuan”). In regards to Claim 2, the combination of Barboi, Meriac and Chari do not explicitly teach generating a policy evaluation log based on the request being authorized using the first access control policy. Wherein Masjuan teaches generating a policy evaluation log based on the request being authorized using the first access control policy. (Par. (0031-0033); generating a policy evaluation log (generating an authorization policy record) based on the request being authorized (based on request an authorization is given) using the first access control policy (authorization policy)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Masjuan to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of implementing policy evaluation logs to establish a trust period to determine which request are made with which service to create a secure authorization with policies and avoid error prone entries. (Masjuan Par. (0018)) In regards to Claim 5, the combination of Barboi, Meriac and Chari do not explicitly teach wherein the policy evaluation log is an authorization record. Wherein Masjuan teaches wherein the policy evaluation log is an authorization record. (Par. (0031-0033); policy evaluation log (an authorization policy record) is an authorization (authorization policy)), (Par. (0043); the policy evaluation log (authorization policy record) is an authorization (permits request to service)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Masjuan to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of implementing policy evaluation logs to establish a trust period to determine which request are made with which service to create a secure authorization with policies and avoid error prone entries. (Masjuan Par. (0018)) In regards to Claim 12, the combination of Barboi, Meriac and Chari do not explicitly teach in response to authorizing the request to access the resource, generating a regular log indicating that the request to access the resource by the identity is authorized for the identity to access to the resource. Wherein Masjuan teaches in response to authorizing the request to access the resource, (Par. (0031); policy authorizes request), (Par. (0029); the request to access the resource (permits request to service)) generating a regular log indicating that the request to access the resource by the identity is authorized for the identity to access to the resource. (Par. (0031-0033); generating a regular log (generating an authorization policy record) based on indicating that the request to access the resource by the identity is authorized (based on request an authorization is given) to access to the resource (authorization policy that permits request)), (Par. (0037-0038); to access to the resource (authorization policy that includes permitted request to service)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Masjuan to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of implementing policy evaluation logs to establish a trust period to determine which request are made with which service to create a secure authorization with policies and avoid error prone entries. (Masjuan Par. (0018)) Claim(s) 3 and 13, is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”), Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”), Masjuan et al. (U.S. Pub. No. 20220086157, hereinafter referred to as “Masjuan”) further in view of Price et al. (U.S. Pub. No. 20130246470, hereinafter referred to as “Price”). In regards to Claim 3, the combination of Barboi, Meriac, Chari and Masjuan do not explicitly teach in response to determining that a threshold time period has elapsed since a last policy evaluation log has been generated for the resource, deleting the first access control policy that is operating in the policy evaluation mode. Wherein Price teaches in response to determining that a threshold time period has elapsed since a last policy evaluation log has been generated for the resource, (Par. (0032); in response to determining that a threshold time period has elapsed (determining elapsed time period since a requesting user or access and comparing of inactivity time) a last policy evaluation log (ACL entry and elapsed time period via ACL entry reflected by access time) for the resource (object metadata)), (Par. (0005); a last policy evaluation log (Access control entry (ACL entry) that indicates the granted access)) deleting the first access control policy that is operating in the policy evaluation mode. (Par. (0032); after elapsed time period and inactivity a deleting of the first access control policy (ACL rule permission and removing of an ACL entry with rule after specified time of inactivity and compared with elapsed time period )), (Par. (0034); ACL rule determines time period and ACL entry is removed based on “user does not need access anymore)), (Par. (0035); last access date is older than defined rule in ACL a removal or invalidating step of entry is performed associated to first access control policy (ACL rule with entry)), (Par. (0029-0030); operating in the policy evaluation mode. (administrators and access control evaluation process corresponding to time and access)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, Chari and Masjuan to incorporate the teaching of Price to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of implementing policies that are periodically evaluated to prevent problems, burdens and accesses that are no longer warranted to maintain permission of entities and save time and expenses. (Price Par. (0002)) In regards to Claim 13, the combination of Barboi, Meriac, Chari and Masjuan do not explicitly teach in response to determining that a threshold time period has elapsed since a last policy evaluation log has been generated for the resource, deleting the first access control policy that is operating in the policy evaluation mode. Wherein Price teaches in response to determining that a threshold time period has elapsed since a last policy evaluation log has been generated for the resource, (Par. (0032); in response to determining that a threshold time period has elapsed (determining elapsed time period since a requesting user or access and comparing of inactivity time) a last policy evaluation log (ACL entry and elapsed time period via ACL entry reflected by access time) for the resource (object metadata)), (Par. (0005); a last policy evaluation log (Access control entry (ACL entry) that indicates the granted access)) deleting the first access control policy that is operating in the policy evaluation mode. (Par. (0032); after elapsed time period and inactivity a deleting of the first access control policy (ACL rule permission and removing of an ACL entry with rule after specified time of inactivity and compared with elapsed time period )), (Par. (0034); ACL rule determines time period and ACL entry is removed based on “user does not need access anymore)), (Par. (0035); last access date is older than defined rule in ACL a removal or invalidating step of entry is performed associated to first access control policy (ACL rule with entry)), (Par. (0029-0030); operating in the policy evaluation mode. (administrators and access control evaluation process corresponding to time and access)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, Chari and Masjuan to incorporate the teaching of Price to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of implementing policies that are periodically evaluated to prevent problems, burdens and accesses that are no longer warranted to maintain permission of entities and save time and expenses. (Price Par. (0002)) Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”), Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) and Masjuan et al. (U.S. Pub. No. 20220086157, hereinafter referred to as “Masjuan”) further in view of Kaushik et al. (U.S. Pub. No. 20180268126, hereinafter referred to as “Kaushik”). In regards to Claim 4, the combination of Barboi, Meriac,, Chari and Masjuan do not explicitly teach in response to authorizing the request using the first access control policy, generating a system notification based on the policy evaluation log. Wherein Kaushik teaches in response to authorizing the request using the first access control policy, (Par. (0006-0007); request for access and identifying policy to allow access), (Par. (0004); based on policy to determine access)) generating a system notification based on the policy evaluation log. (Par. (0006-0007); sends notification that instructs device to allow access)), (Par. (0008); based on policy evaluation log (information that identifies policy govern access)), (Par. (0028); based on the policy evaluation log (information retrieved from applicable policy and policies 201 that indicates user information to particular group with access permissions)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, Chari and Masjuan to incorporate the teaching of Kaushik to utilize the above feature because of the analogous concept of access control policies and time-based comparisons with threshold limits in a system, with the motivation of implementing a notification to allow system administrators regulating access to block or grant to appropriate users. This allows the system to detect based on policy governing and determine authorized access. (Kaushik Par. (0006-0007)) Claim(s) 7, 10, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”) and Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) further in view of Gladwin et al. (U.S. Pub. No. 20210133196, hereinafter referred to as “Gladwin”). In regards to Claim 7, the combination of Barboi, Meriac, and Chari do not explicitly teach wherein the identity is a service. Wherein Gladwin teaches wherein the identity is a service. (Par. (0077) the entity (data provider) is a service (company associated with data provider entity services)), (Par. (0108 and 0148-0149); identity (data provider) that is verified for access and corresponding to access and ruleset)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, and Chari to incorporate the teaching of Gladwin to utilize the above feature because of the analogous concept of access control policies and permissions based on time threshold and limits, with the motivation of utilizing a service such as a company, data provide etc. to enhance the analytics and accessing system to allow interactions facilitate entries more effectively. (Gladwin Par. (0077 and 0115) In regards to Claim 10, the combination of Barboi, Meriac, and Chari do not explicitly teach configuring a threshold number of the one or more access control policies to operate in the policy evaluation mode for the resource. Wherein Gladwin teaches configuring a threshold number of the one or more access control policies to operate in the policy evaluation mode for the resource. (Par. (0423); a threshold number of the one or more access control policies (threshold number of rules in response to admin)), (Par. (0381 and 0385-0386); to operate in the policy evaluation mode (record-based access limits compliance module tracking accesses and executing)) for the resource ( rule associated with record-based access limit and data based on rule)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, and Chari to incorporate the teaching of Gladwin to utilize the above feature because of the analogous concept of access control policies and permissions based on time threshold and limits, with the motivation of implementing a predefined or threshold number of rules the rule and access system can periodically receive request from administrators and regulate requirements thus indicating compliance and accessioning limits based on rules can be tracked, compared and recorded.(Gladwin Par. (0381-0383 and 0423)) In regards to Claim 17, the combination of Barboi, Meriac and Chari do not explicitly teach wherein the identity is a service. Wherein Gladwin teaches wherein the identity is a service. (Par. (0077) the entity (data provider) is a service (company associated with data provider entity services)), (Par. (0108 and 0148-0149); identity (data provider) that is verified for access and corresponding to access and ruleset)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Gladwin to utilize the above feature because of the analogous concept of access control policies and permissions based on time threshold and limits, with the motivation of utilizing a service such as a company, data provide etc. to enhance the analytics and accessing system to allow interactions facilitate entries more effectively. (Gladwin Par. (0077 and 0115) Claim(s) 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”) and Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) further in view of Kruse et al. (U.S No. 10986131, hereinafter referred to as “Kruse”) In regards to Claim 8, the combination of Barboi, Meriac and Chari teach the method of claim 1, Chari further teaches wherein the resource is associated with a plurality of access control policies, and (Par. (0034-0036); plurality of access policies (user policies and group policies) corresponding to determining matching policies to grant permission request of resource)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of creating a hierarchy and levels of access with groups of users to create specific policy items over certain resources. (Chari Par. (0033)) Barboi, Meriac and Chari do not explicitly teach wherein each access control policy from the plurality of access control policies is associated with a resource field, an action field, an identity field, and a mode field. Wherein Kruse teaches wherein each access control policy from the plurality of access control policies is associated with a resource field, an action field, an identity field, and a mode field. (Figure 3 label 312-318; each access control policy (each policy with permissions)), (Fig. 4 labels 408, 412, 416 and 420; each policy includes permissions with field ( action field, resource field, identity field (principal with user 406)), (Col. 13 lines 25-35 and 35-55; mode field ( set of permissions with default policy))( (Examiner note: in the instant application the specification states on Par. (0054) that mode field is corresponding to a default field or default mode therefore it will be broadly and reasonably interpreted as such)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Kruse to utilize the above feature because of the analogous concept of access control policies in a system, with the motivation of having fields such as action and identity fields to group different users with different permissions and regulate members without having concerns of granting access that leads to failure and malfunction of entities. (Kruse Col. 1 lines 15-50 and Col. 14 lines 15-55) In regards to Claim 18, the combination of Barboi, Meriac and Chari teach the system of claim 11, Chari further teaches wherein the resource is associated with a plurality of access control policies, and (Par. (0034-0036); plurality of access policies (user policies and group policies) corresponding to determining matching policies to grant permission request of resource)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, and Meriac to incorporate the teaching of Chari to utilize the above feature because of the analogous concept of access control policies and permissions with accessing resource by an identity, with the motivation of creating a hierarchy and levels of access with groups of users to create specific policy items over certain resources. (Chari Par. (0033)) Barboi, Meriac and Chari do not explicitly teach wherein each access control policy from the plurality of access control policies is associated with a resource field, an action field, an identity field, and a mode field. Wherein Kruse teaches wherein each access control policy from the plurality of access control policies is associated with a resource field, an action field, an identity field, and a mode field. (Figure 3 label 312-318; each access control policy (each policy with permissions)), (Fig. 4 labels 408, 412, 416 and 420; each policy includes permissions with field ( action field, resource field, identity field (principal with user 406)), (Col. 13 lines 25-35 and 35-55; mode field ( set of permissions with default policy))( (Examiner note: in the instant application the specification states on Par. (0054) that mode field is corresponding to a default field or default mode therefore it will be broadly and reasonably interpreted as such)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Kruse to utilize the above feature because of the analogous concept of access control policies in a system, with the motivation of having fields such as action and identity fields to group different users with different permissions and regulate members without having concerns of granting access that leads to failure and malfunction of entities. (Kruse Col. 1 lines 15-50 and Col. 14 lines 15-55)) Claim(s) 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”), Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) and Kruse et al. (U.S No. 10986131, hereinafter referred to as “Kruse”) further in view of Li et al. (U.S Pub. No. 20230370466, hereinafter referred to as “Li”) In regards to Claim 9, the combination of Barboi, Meriac, Chari and Kruse do not explicitly teach wherein the identity field includes one or more identifiers of identities that are allowed to access one or more resources indicated by the resource field. Wherein Li teaches wherein the identity field includes one or more identifiers of identities that are allowed to access one or more resources indicated by the resource field. (Figure 3 label 312 and Figure 4 label 404; identity field (Role ID in field)), (Par. (0031); identity field includes one or more identifiers (role field with role ID that identifies a predefined role, based on Role ID and Role1 access control entry grants permission to read/write)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, Chari and Kruse to incorporate the teaching of Li to utilize the above feature because of the analogous concept of regulating levels of access and permissions associated with resources, with the motivation of defining roles and access control for each resource based off identifying information for a security group member preventing overexposure of resources. (Li Par. (0019-0021)) In regards to Claim 19, the combination of Barboi, Meriac, Chari and Kruse do not explicitly teach wherein the identity field includes one or more identifiers of identities that are allowed to access one or more resources indicated by the resource field. Wherein Li teaches wherein the identity field includes one or more identifiers of identities that are allowed to access one or more resources indicated by the resource field. (Figure 3 label 312 and Figure 4 label 404; identity field (Role ID in field)), (Par. (0031); identity field includes one or more identifiers (role field with role ID that identifies a predefined role, based on Role ID and Role1 access control entry grants permission to read/write)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac, Chari and Kruse to incorporate the teaching of Li to utilize the above feature because of the analogous concept of regulating levels of access and permissions associated with resources, with the motivation of defining roles and access control for each resource based off identifying information for a security group member preventing overexposure of resources. (Li Par. (0019-0021)) Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barboi et al. (U.S. Pub. No. 20190028514, hereinafter referred to as “Barboi”), Meriac et al. (U.S. Pub. No. 20170257372, hereinafter referred to as “Meriac”) and Chari et al. (U.S. Pub. No. 20140359692, hereinafter referred to as “Chari”) further in view of Byrne et al. (U.S. Pub. No. 20200252431, hereinafter referred to as “Byrne”). In regards to Claim 15, the combination of Barboi, Meriac, and Chari do not explicitly teach wherein the different access control policy is a test policy. Wherein Byrne teaches wherein the different access control policy is a test policy. (Par. (0016-0018); different access control policy (ruleset of plurality of rulesets) is a test policy (each list of membership list corresponds to ruleset and updating of the rulesets) and granting access based on ruleset and corresponding list of members)), (Par. (0003-0004); different access control policy (ruleset) is a test policy (updating of rulesets)), (Examiner Note: in the specification there is not definition of what a test policy is, only what a test policy includes after a detected change stated on Par. (0016) and (0039) describing a test policy to include an updated list of identities granted access, therefore it will be broadly and reasonably interpreted that test policy is an updates access ruleset that includes a list of members and identity information that are authorized to access resource)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Barboi, Meriac and Chari to incorporate the teaching of Byrne to utilize the above feature because of the analogous concept of access control policies and allowing access to resources based on permissions, with the motivation of implementing a test policy with update rulesets and list of members to dynamically refine request and update rulesets to detect which access warrants which permission such as emergency state or low usage state. (Byrne Par. (0031)) Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Cook; John (U.S Pub. No. 20190007418) “SECURITY POLICY MONITORING SERVICE”. Considered this reference because it addressed authorization of requests and various changes in security policies . Hicks; Raymond (U.S Pub. No. 20210294903) “GENERATION OF A PROTECTION EVALUATION REGARDING A SYSTEM ASPECT OF A SYSTEM”. Considered this application because it relates to the verification of logs and analyzing access control policies Griffin; Leigh (U.S Pub. No. 20230275931) “DYNAMIC MANAGEMENT OF ROLE-BASED ACCESS CONTROL SYSTEMS”. Considered this application because it addressed access permissions and determining policies based on identifiers and resources. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HASSAN A HUSSEIN/Examiner, Art Unit 2497