DYNAMIC ENTITLEMENT MANAGEMENT AND CONTROL

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/15/2025 has been entered. Response to Arguments Applicant's arguments, see pages 9-10, filed 12/15/2025, with respect to the rejection of claims 1-4, 7-8, 10, 13-15, and 18 under 35 U.S.C. § 103, have been fully considered but they are not persuasive. Since applicant does not give any further explanation as to how the previously cited art differentiates from the claimed invention other than repeating the amendments made to the claim and alleging that the prior art does not teach the new or amended claim limitations, the examiner defers to the rejection below as a response to this argument. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-2, 4-6, 8, 10, 13-15, and 18 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding Claims 1, 10, and 18: Independent claims 1, 10, and 18 respectively recite “detects an assignment of a proxy to access the target entitlement, wherein said proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user”, “wherein the AI engine: … detects an assignment of a supervisory proxy to access the target entitlement, wherein said supervisory proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user”, and “wherein the AI engine: … detects the proxy access rights of the second user to the first restricted entitlement, wherein said second user: is a secondary user who accesses the first restricted entitlement in a supervisory role on behalf of the first user”. This amended claim limitation constitutes new matter and will be rejected on the ground that it recites elements without support in the original disclosure. See Waldemar Link, GmbH & Co. v. Osteonics Corp., 32 F.3d 556, 559, 31 USPQ2d 1855, 1857 (Fed. Cir. 1994); Vas-Cath Inc. v. Mahurkar, 935 F.2d 1555, 1560, 19 USPQ2d 1111, 1114 (Fed. Cir. 1991)(A written-description question often arises when an applicant, after filing a patent application, subsequently adds "new matter" not present in the original application.); In re Rasmussen, 650 F.2d 1212, 211 USPQ 323 (CCPA 1981). Dependent claims fall together accordingly. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-2, 4-6, 8, 10, 13-15, and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The term “a supervisory role” in claims 1, 10, and 18 is a relative term which renders the claim indefinite. The term “a supervisory role” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The metes and bounds of what constitutes “a supervisory role” is not discernable because there is no standard for ascertaining the scope of what would make a “role” a “supervisory” one as opposed to not, and there is no definition of the term provided in the originally filed disclosure. Dependent claims fall together accordingly. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-2, 4-6, 8, 10, 13-15, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Yamane et. al. (US Patent No. US 10,956,300 B1) hereinafter Yamane, in view of Bridge et. al. (US Patent No. US 9,231,935 B1) hereinafter Bridge, further in view of Karaatanassov et. al. (US Publication No. US 2017/0006021 A1) hereinafter Karaatanassov. Regarding Claim 1: Yamane discloses an artificial intelligence ("AI") method for dynamically managing entitlements, the entitlements accessible by software and hardware resources, the method comprising extracting computer readable instructions stored on a non-transitory medium and executing the computer readable instructions on a processor, wherein execution of the computer readable instructions by the processor (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent): detects a first login by a user to access a target entitlement (Yamane Col. 11 line 64 through Col. 12 line 14 “At 310, provider computing system 125 (via, e.g., AI training unit 160) may receive one or more classifications of tasks completed by users for the online application from provider user devices 180 or from classifications of possible tasks stored in memory 145 of provider computing system 125. In some embodiments, classifications of tasks include… logging on, etc. for the online software application of the provider... The classification of tasks may be used to generate datasets to be fed to the AI agent of provider computing system 125 in order to have the AI agent learn how to operate and navigate the online software application.” can give the AI training unit the task of logging in). Yamane does not disclose based on the first login, determines an expiration date when the user will lose access to the target entitlement; based on the expiration date, schedules a target date for effectuating a second login needed to maintain access to the target entitlement after the expiration date; and before the target date, autonomously initiates the second login to the target entitlement; and after initiating the second login and after the expiration date, queries an access a central rights management system for a timestamp of a most recent entitlement update for the user and, if the timestamp indicates that the most recent entitlement update was before the second login, then submits a request to renew access to the target entitlement; wherein if a second login does not provide the user access to the target entitlement, the user is enabled to access the target entitlement by a specialized login; and wherein: the second login autonomously initiated by the processor comprises a username and password and provides a first level of access to an underlying software resource; the first login performed by the user comprises a token and provides a second level of access to the underlying software resource; and the first level of access is more limited than the second level of access; and wherein execution of the computer readable instructions by the processor: monitors email correspondence of the user; based on the email correspondence, detects an assignment of a proxy to access the target entitlement, wherein said proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user; and before the target date, initiates an additional login to the target entitlement on behalf of the proxy. Bridge teaches based on the first login, determines an expiration date when the user will lose access to the target entitlement (Bridge Col. 9 line 58 through Col. 10 line 3 token manager tracks login tokens and expiration dates; although the specific embodiment waits until expiration, one of ordinary skill in the art could configure the time to execute the auto-submit prior to expiration); based on the expiration date, schedules a target date for effectuating a second login needed to maintain access to the target entitlement after the expiration date (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); and before the target date, autonomously initiates the second login to the target entitlement (Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login); and after initiating the second login and after the expiration date, queries an access a central rights management system for a timestamp of a most recent entitlement update for the user (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); and if the timestamp indicates that the most recent entitlement update was before the second login, then submits a request to renew access to the target entitlement (Bridge Col. 5 lines 34-39 “Embodiments enable tracking login tokens associated with various web services used by the user and automatically submitting, without user intervention, login credentials to the appropriate web service upon the expiration of a session/login token, thereby renewing the web service session and login token.”); wherein if a second login does not give the user access to the target entitlement, the user is able to access the target entitlement by a specialized login (Bridge Col. 13 lines 31-52 alternative login options may be used for the user)… and before the target date, initiates an additional login to the target entitlement on behalf of the proxy (Bridge Col. 11 line 13-21 and Col. 11 line 28-36; Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login in this case for the proxy). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane with the auto-login of user credentials taught by Bridge. The prior art found in Bridge has the concept of automatically submitting login credentials to maintain user session based on heuristics instead of through an AI Engine. The substituted component of an AI engine and its function were known in the art as of the time the invention was effectively filed as seen in Yamane. One of ordinary skill in the art could have substituted the heuristic-based method taught by Bridge for the AI agent found in Yamane. The results would have been predictable since instead of allowing heuristics to control decision making of determining when to auto-submit credentials it would utilize artificial intelligence and/or machine learning to make the determinations. Bridge does not teach and wherein: the second login autonomously initiated by the processor comprises a username and password and provides a first level of access to an underlying software resource; the first login performed by the user comprises a token and provides a second level of access to the underlying software resource; and the first level of access is more limited than the second level of access; and wherein execution of the computer readable instructions by the processor: monitors email correspondence of the user; based on the email correspondence, detects an assignment of a proxy to access the target entitlement, wherein said proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user. Karaatanassov teaches and wherein: the second login autonomously initiated by the processor comprises a username and password and provides a first level of access to an underlying software resource (Karaatanassov [0025-0026] may be a username and a password, [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); the first login performed by the user comprises a token and provides a second level of access to the underlying software resource (Karaatanassov [0032] credentials may be transformed to be a compatible format such as SAML tokens or Act-As tokens; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); and the first level of access is more limited than the second level of access (Karaatanassov [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets, [0035-0036] example where only dummy calls are used to maintain a stateful session, but as little as possible is utilized or changed “Preferably, the dummy calls 170 alter as little as possible in the application 150-1 and primarily result in an indication to the application 150-1 that the user 101 is active to prevent session expiration”) wherein execution of the computer readable instructions by the processor: monitors email correspondence of the user (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); based on the email correspondence, detects an assignment of a proxy to access the target entitlement (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets), wherein said proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane further with the API proxies taught by Karaatanassov. The motivation for this combination would be to better organize the activities of the user’s logins by allowing the use of proxies to be included in the auto-submission of credentials to access entitlements. Regarding Claim 2: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI method of claim 1, wherein the execution of the computer readable instructions by the processor (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent): detects a third login to the target entitlement after the first login and before the target date (Yamane Col. 14 line 19-31; Col. 9 line 13-21 AI agent has access to login credentials and historical session logs); and in response to detecting the third login: determines a revised expiration date and a revised target date (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials, e.g., the expiration date of the login was moved by the user, and the token manager then schedules the auto-submission to be closer to the edited expiration date caused by the user logging in after the prior check); and reschedules the second login for a time after the expiration date and before the revised target date (Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login). Regarding Claim 4: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI method of claim 1, wherein the target entitlement is a first target entitlement and the execution of the computer readable instructions by the processor (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent): determines a time window when the user must login to the first target entitlement and a second target entitlement to maintain access to the first target entitlement and to the second target entitlement (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); and during the time window: initiates the second login to the first target entitlement using first credentials (Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login); and initiates a third login to the second target entitlement using second credentials (Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login). Regarding Claim 8: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI method of claim 1 (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent), wherein the execution of the computer readable instructions by the processor determines the expiration date based on a first time zone associated with the target entitlement and a second time zone associated with the user (Bridge Col. 11 line 13-36 current/expiration date or time may be derived internal or system clock or an online service over the network). Regarding Claim 10: Yamane discloses an artificial intelligence ("AI") system for managing entitlements for a user, the system comprising (Yamane Col. 23 line 15-39 system enumerated): a processor; a non-transitory computer-readable medium which contains instructions that when executed by the processor manages entitlements for the user by using (Yamane Col. 22 line 56 through Col. 23 line 39 processor and computer readable medium enumerated): an AI engine that determines: a plurality of entitlements associated with the user, the plurality of entitlements accessible by software and hardware resources (Yamane Col. 11 line 64 through Col. 12 line 14 “At 310, provider computing system 125 (via, e.g., AI training unit 160) may receive one or more classifications of tasks completed by users for the online application from provider user devices 180 or from classifications of possible tasks stored in memory 145 of provider computing system 125. In some embodiments, classifications of tasks include… logging on, etc. for the online software application of the provider... The classification of tasks may be used to generate datasets to be fed to the AI agent of provider computing system 125 in order to have the AI agent learn how to operate and navigate the online software application.”); a level of access that is needed by the user for each of the plurality of entitlements (Yamane Col. 9 lines 3-15 login credentials are provided to the AI agent). Yamane does not disclose a system including an expiration date for each of the plurality of entitlements; and based on the expiration date for each of the plurality of entitlements, a target date for accessing each of the plurality of entitlements and thereby maintaining access to the plurality of entitlements; and a user interface that allows the user to: assign a proxy to access the entitlement; search for a target entitlement; submit a request for access to the target entitlement; and authorize the AI engine to effectuate access to each of the plurality of entitlements before the expiration date for each of the plurality of entitlements; wherein if the user does not have access to the plurality of target entitlements, the user is able to access the plurality of target entitlements by a specialized login; and the user interface further allows the user to: search for co-workers that have access to a target entitlement; revoke the proxy from a first co-worker and reassign the proxy to a second co-worker; assign the proxy based on an out-of-office reply set by the user; and revoke the proxy based on the out-of-office reply; wherein the AI engine: prompts the user for a first set of credentials via the user interface; and in response to authenticating the first set of credentials, autonomously formulates, using a second set of credentials, a login request for each of the plurality of entitlements before the expiration date for each of the plurality of entitlements; and wherein: a first login request formulated by the AI engine for at least one of the plurality of entitlements comprises a username and password and provides a first level of access to an underlying software resource; a second login request formulated by the user for the at least one of the plurality of entitlements comprises a token and provides a second level of access to the underlying software resource; and the first level of access is more limited than the second level of access; and wherein the AI engine: monitors email correspondence of the user; based on the email correspondence, detects an assignment of a supervisory proxy to access the target entitlement, wherein said supervisory proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user; and before the target date, initiates an additional login to the target entitlement on behalf of the supervisory proxy. Bridge teaches a system that includes an expiration date for each of the plurality of entitlements (Bridge Col. 9 line 58 through Col. 10 line 3 token manager tracks login tokens and expiration dates; although the specific embodiment waits until expiration, one of ordinary skill in the art could configure the time to execute the auto-submit prior to expiration); and based on the expiration date for each of the plurality of entitlements, formulate a target date for accessing each of the plurality of entitlements and thereby maintaining access to the plurality of entitlements (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); … submit a request for access to the target entitlement (Bridge Col. 11 line 13-21 and Col. 11 line 28-36; Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login in this case for the proxy); and authorize the AI engine to effectuate access to each of the plurality of entitlements before the expiration date for each of the plurality of entitlements (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); wherein if the user does not have access to the plurality of target entitlements, the user is able to access the plurality of target entitlements by a specialized login (Bridge Col. 13 lines 31-52 alternative login options may be used for the user) … and before the target date, initiates an additional login to the target entitlement on behalf of the supervisory proxy (Bridge Col. 11 line 13-21 and Col. 11 line 28-36; Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login in this case for the proxy). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane with the auto-login of user credentials taught by Bridge. The prior art found in Bridge has the concept of automatically submitting login credentials to maintain user session based on heuristics instead of through an AI Engine. The substituted component of an AI engine and its function were known in the art as of the time the invention was effectively filed as seen in Yamane. One of ordinary skill in the art could have substituted the heuristic-based method taught by Bridge for the AI agent found in Yamane. The results would have been predictable since instead of allowing heuristics to control decision making of determining when to auto-submit credentials it would utilize artificial intelligence and/or machine learning to make the determinations. Bridge does not teach a system that includes a user interface that allows the user to: assign a proxy to access the entitlement; search for a target entitlement… and the user interface further allows the user to: search for co-workers that have access to a target entitlement; revoke the proxy from a first co-worker and reassign the proxy to a second co-worker; assign the proxy based on an out-of-office reply set by the user; and revoke the proxy based on the out-of-office reply; wherein the AI engine: prompts the user for a first set of credentials via the user interface; and in response to authenticating the first set of credentials, autonomously formulates, using a second set of credentials, a login request for each of the plurality of entitlements before the expiration date for each of the plurality of entitlements; and wherein: a first login request formulated by the AI engine for at least one of the plurality of entitlements comprises a username and password and provides a first level of access to an underlying software resource; a second login request formulated by the user for the at least one of the plurality of entitlements comprises a token and provides a second level of access to the underlying software resource; and the first level of access is more limited than the second level of access; and wherein the AI engine: monitors email correspondence of the user; based on the email correspondence, detects an assignment of a supervisory proxy to access the target entitlement, wherein said supervisory proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user; and before the target date, initiates an additional login to the target entitlement on behalf of the supervisory proxy. Karaatanassov teaches a system that includes a user interface that allows the user to: assign a proxy to access the entitlement (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf); search for a target entitlement (Karaatanassov [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets)… and the user interface further allows the user to: search for co-workers that have access to a target entitlement (Karaatanassov [0021] “when the user terminates her session with the API proxy, e.g., by logging out, the API proxy can terminate sessions with all applications.”; [0046]); revoke the proxy from a first co-worker; reassign the proxy to a second co-worker (Karaatanassov [0021] “when the user terminates her session with the API proxy, e.g., by logging out, the API proxy can terminate sessions with all applications.”; [0046]); assign the proxy based on an out-of-office reply set by the user (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); and revoke the proxy based on the out-of-office reply (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); wherein the AI engine: prompts the user for a first set of credentials via the user interface (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf); and in response to authenticating the first set of credentials, autonomously formulates, using a second set of credentials, a login request for each of the plurality of entitlements before the expiration date for each of the plurality of entitlements (Karaatanassov [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets; [0027] different mechanisms may be used to provide authenticated sessions, [0020] “the API proxy manages the sessions according to the different session expiration policies of the multiple applications on behalf of the client. For example, for applications that employ idle expiration, the API proxy can send dummy signals to prevent the applications from terminating the session”); and wherein: a first login request formulated by the AI engine for at least one of the plurality of entitlements comprises a username and password and provides a first level of access to an underlying software resource (Karaatanassov [0025-0026] may be a username and a password, [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); a second login request formulated by the user for the at least one of the plurality of entitlements comprises a token and provides a second level of access to the underlying software resource (Karaatanassov [0032] credentials may be transformed to be a compatible format such as SAML tokens or Act-As tokens; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); and the first level of access is more limited than the second level of access (Karaatanassov [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets, [0035-0036] example where only dummy calls are used to maintain a stateful session, but as little as possible is utilized or changed “Preferably, the dummy calls 170 alter as little as possible in the application 150-1 and primarily result in an indication to the application 150-1 that the user 101 is active to prevent session expiration”); and wherein the AI engine: monitors email correspondence of the user (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); based on the email correspondence, detects an assignment of a supervisory proxy to access the target entitlement (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets), wherein said supervisory proxy: is a secondary user who accesses the target entitlement in a supervisory role on behalf of the user (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane further with the API proxies taught by Karaatanassov. The motivation for this combination would be to better organize the activities of the user’s logins by allowing the use of proxies to be included in the auto-submission of credentials to access entitlements. Regarding Claim 13: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI system of claim 10, wherein (Yamane Col. 23 line 15-39 system enumerated): the first set of credentials comprises a token stored locally on a device of the user (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 token manager); and the second set of credentials comprises credentials for each of the plurality of entitlements (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 token manager). Regarding Claim 14: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI system of claim 10, wherein (Yamane Col. 23 line 15-39 system enumerated): the first set of credentials comprises a token stored locally on a device of the user (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 token manager); and the second set of credentials comprises credentials manually entered by the user (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf). Regarding Claim 15: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI system of claim 10, wherein the AI engine (Yamane Col. 23 line 15-39 system enumerated): after the expiration date for each of the plurality of entitlements, attempts to access each of the plurality of entitlements using the second set of credentials (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials; Col. 11 line 37-53 auto-submit module effectuates the scheduled login); and in response to receiving a failure to access at least one of the plurality of entitlements, submits a request to an access rights management system for access to the at least one of the plurality of entitlements (Bridge Fig. 3 and 8 login endpoints; Col. 17 line 45 through Col. 18 line 7 once token is expired, travel to the endpoint and request/acquire a new token; Col. 18 line 28-31 “Step 816 may include replacing the expired login token in the existing association, as described above, with the new login token.”). Regarding Claim 18: Yamane discloses a system architecture for managing entitlements of users, the entitlements accessible by software and hardware resources, the system architecture comprising: a processor, a first restricted entitlement; a second restricted entitlement; a non-transitory computer-readable medium which contains instructions that when executed by the processor manages entitlements of users by using: a user interface that presents (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent): primary access rights of a first user to the first restricted entitlement (Yamane Col. 9 lines 3-15 login credentials are provided to the AI agent); secondary access rights of the first user to the second restricted entitlement (Yamane Col. 9 lines 3-15 login credentials are provided to the AI agent); … and an artificial intelligence ("AI") engine (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent). Yamane does not disclose a system which includes proxy access rights of a second user to the first restricted entitlement; … that maintains: the primary access rights and the secondary access rights of the first user; and the proxy access rights of the second user; and wherein if the first user and the second user do not have access to the first restricted entitlement and the second restricted entitlement, the first user and the second user are able to access the first restricted entitlement and the second restricted entitlement by a specialized login; the system architecture further comprises a plugin a plugin that integrates the user interface into: a first virtual assistant application of the first user; and a second virtual assistant application of the second user; and the AI engine autonomously logs into the first restricted entitlement and second restricted entitlement to maintain: the primary access rights and the secondary access rights of the first user; and the proxy access rights of the second user; and wherein: the login autonomously performed by the AI engine comprises a username and password and provides a first level of access to an underlying software resource; a login performed by the user comprises a token and provides a second level of access to the underlying software resource; and the first level of access is more limited than the second level of access; and wherein the AI engine: monitors email correspondence of the first user; based on the email correspondence, detects the proxy access rights of the second user to the first restricted entitlement, wherein said second user: is a secondary user who accesses the first restricted entitlement in a supervisory role on behalf of the first user; and initiates an additional login to the first restricted entitlement on behalf of the second user to maintain the proxy access rights of the second user to the first restricted entitlement. Karaatanassov teaches a system that includes proxy access rights of a second user to the first restricted entitlement (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets)… the system architecture further comprises a plugin a plugin that integrates the user interface into: a first virtual assistant application of the first user (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); and a second virtual assistant application of the second user (Karaatanassov [0028] scope includes interfacing with other virtual applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets) and wherein: the login autonomously performed by the AI engine comprises a username and password and provides a first level of access to an underlying software resource (Karaatanassov [0025-0026] may be a username and a password, [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); a login performed by the user comprises a token and provides a second level of access to the underlying software resource (Karaatanassov [0032] credentials may be transformed to be a compatible format such as SAML tokens or Act-As tokens; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); and the first level of access is more limited than the second level of access (Karaatanassov [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets, [0035-0036] example where only dummy calls are used to maintain a stateful session, but as little as possible is utilized or changed “Preferably, the dummy calls 170 alter as little as possible in the application 150-1 and primarily result in an indication to the application 150-1 that the user 101 is active to prevent session expiration”); and wherein the AI engine: monitors email correspondence of the first user (Karaatanassov [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets); based on the email correspondence, detects the proxy access rights of the second user to the first restricted entitlement (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0028] scope includes interfacing with email applications; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets), wherein said second user: is a secondary user who accesses the first restricted entitlement in a supervisory role on behalf of the first user (Karaatanassov [0019] user logs into an API proxy who submits credentials on their behalf; [0034-0035] API proxy can maintain multiple sessions and adhere to multiple policy sets). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane with the API proxies taught by Karaatanassov. The motivation for this combination would be to better organize the activities of the user’s logins by allowing the use of proxies to be included in the auto-submission of credentials to access entitlements. Karaatanassov does not teach a system that maintains: the primary access rights and the secondary access rights of the first user; and the proxy access rights of the second user; and wherein if the first user and the second user do not have access to the first restricted entitlement and the second restricted entitlement, the first user and the second user are able to access the first restricted entitlement and the second restricted entitlement by a specialized login… and the AI engine autonomously logs into the first restricted entitlement and second restricted entitlement to maintain: the primary access rights and the secondary access rights of the first user; and the proxy access rights of the second user; … and initiates an additional login to the first restricted entitlement on behalf of the second user to maintain the proxy access rights of the second user to the first restricted entitlement. Bridge teaches a system that maintains: the primary access rights and the secondary access rights of the first user (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); and the proxy access rights of the second user (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 the manager checks periodically, on a predetermined basis, or according to the stored expiration when to automatically submit the credentials); and wherein if the first user and the second user do not have access to the first restricted entitlement and the second restricted entitlement, the first user and the second user are able to access the first restricted entitlement and the second restricted entitlement by a specialized login (Bridge Col. 13 lines 31-52 alternative login options may be used for the user)… and the AI engine autonomously logins into the first restricted entitlement and second restricted entitlement to maintain: the primary access rights and the secondary access rights of the first user; and the proxy access rights of the second user (Bridge Col. 5 lines 34-39 “Embodiments enable tracking login tokens associated with various web services used by the user and automatically submitting, without user intervention, login credentials to the appropriate web service upon the expiration of a session/login token, thereby renewing the web service session and login token.”)… and initiates an additional login to the first restricted entitlement on behalf of the second user to maintain the proxy access rights of the second user to the first restricted entitlement (Bridge Col. 11 line 13-21 and Col. 11 line 28-36; Bridge Col. 11 line 37-53 auto-submit module effectuates the scheduled login in this case for the proxy). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane further with the auto-login of user credentials taught by Bridge. The prior art found in Bridge has the concept of automatically submitting login credentials to maintain user session based on heuristics instead of through an AI Engine. The substituted component of an AI engine and its function were known in the art as of the time the invention was effectively filed as seen in Yamane. One of ordinary skill in the art could have substituted the heuristic-based method taught by Bridge for the AI agent found in Yamane. The results would have been predictable since instead of allowing heuristics to control decision making of determining when to auto-submit credentials it would utilize artificial intelligence and/or machine learning to make the determinations. Claim(s) 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Yamane, Bridge, and Karaatanassov as applied to claims 1-4, 7-8, 10, 13-15, and 18 above, and further in view of Senftleber et. al. (US Publication No. US 2020/0120096 A1). Regarding Claim 5: The combination of Yamane, Bridge, and Karaatanassov further teaches the AI method of claim 1 (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent), … and access to the target entitlement via the second login only maintains access of the user to the target entitlement after the expiration date and does not require two-factor authentication (Bridge Col. 11 line 13-21 and Col. 11 line 28-36 configure the manager such that it logs in before multi-factor authentication is required). The combination of Yamane, Bridge, and Karaatanassov does not teach wherein access to functionality provided by the target entitlement requires two-factor authentication. Senftleber teaches wherein access to functionality provided by the target entitlement requires two-factor authentication (Senftleber [0035] credential module may handle multi-factor authentication and provide MFA codes without requiring external user input; [0054-0057] a proxied browsing session on behalf of a user is described and capable of handling multi-factor authentication). It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the AI agent disclosed by Yamane with the handling of multi-factor authentication (MFA) taught by Senftleber. The motivation for this combination would be to prevent errors in the cases where MFA may be required by certain services connected to the credentials. Regarding Claim 6: The combination of Yamane, Bridge, Karaatanassov, and Senftleber further teaches the AI method of claim 5, wherein the execution of the computer readable instructions by the processor (Yamane Col. 23 line 15-39 system enumerated; Fig. 3 method of receiving tasks to perform by AI agent): detects initiation of a threshold number of initiations of the second login (Senftleber [0046] user interface can provide login data and the like); and on the target date, presents a login screen that requires two-factor authentication (Senftleber [0035] credential module may handle multi-factor authentication and provide MFA codes without requiring external user input; [0054-0057] a proxied browsing session on behalf of a user is described and capable of handling multi-factor authentication; [0046] “a display element may be presented on a graphical user interface to provide information associated with the session such as a login status, time to expiration of the session, or interactive features such as a button to renew the session (or initiate a request to renew the current session) or request access to other data not previously authorized for access based on the current set of credentials, authentication data, login data, or the like (510).”). Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496