Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This non-final action is responsive to RCE filed on 03/19/2026. Claims 1-8, 10-18 and 20 are pending, with claims 1 and 11 being independent.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/19/2026 has been entered.
Response to Arguments
Rejections under 112(a) and 112(b) have been withdrawn in view of amended claims.
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5, 10-13, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shih et al. (US 2016/0094577, published Mar. 31, 2016), Warner (npl: Read a remote file with logs via SSH, published 2010) and Horowitz (npl: How to Log Off Another Users, published 2019).
As per claim 1, Shih discloses a method (Shih Fig. 2) comprising:
receiving, by a first computer system, log data from a remote server connected to the first computer system by a network (Shih Fig. 1-2 and par. 43, agent 210 may transmit the metadata to privileged account manager 202; Shih par. 5, Metadata may include, for instance, application information, system information, network activity information, textual information, visual information, audio information and the like related to the privileged session);
processing, by the first computer system, the log data to obtain a record of a user session conducted on the remote server (Shih par. 5, The privileged account manager may then be configured to generate a first activity pattern for the privileged session based on the captured metadata); and
invoking, by the first computer system, execution of a workflow to manage the user session on the remote server, the workflow not being executed on the remote server and executed without an agent of the first computer system executing on the remote server (Shih par. 8, the privileged account manager may then be configured to determine an action to be performed [invoking execution of a workflow to perform the action] for the first activity pattern based on the identification of the second activity pattern and transmit an action to a second user on a client device. Exemplary actions for an activity pattern may include, "Warn User," "Warn Admin," "Logout User," "Reboot Machine," "Quarantine machine," "Take no action," and the like).
Shih does not explicitly disclose:
receiving log data by transmitting first instructions to a utility of the remote server without using an agent of the first computer system executing on the remote server;
invoking execution of a workflow by:
establishing a secure command line interface to the utility, the utility being a utility of an operating system of the remote server; and
transmitting second instructions to the remote server over the command line interface.
Warner teaches:
receiving log data by transmitting first instructions to a utility of the remote server without using an agent of the first computer system executing on the remote server (see Warner pg. 1, commands for reading logs from a remote host vis SSH).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Shih with the teaching of Warner because a simple substitution of one known element (obtaining log data of Warner) for another (obtaining log data of Shih) would yield the predictable results of obtaining log data for analysis.
Shih-Warner does not explicitly disclose:
invoking execution of a workflow by:
establishing a secure command line interface to the utility, the utility being a utility of an operating system of the remote server; and
transmitting second instructions to the remote server over the command line interface.
Horowitz teaches:
invoking execution of a workflow by:
establishing a secure command line interface to the utility (see Horowitz pg. 1, establish remote connections to Mac and Linux machines from the command line), the utility being a utility of an operating system of the remote server (see Horowitz pg. 2, enabling ssh by command line); and
transmitting second instructions to the remote server over the command line interface (see Horowitz pg. 2, commands for logging out user).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to further modify the method of Shih with the teaching of Horowitz for invoking execution of a workflow by: establishing a secure command line interface to the utility, the utility being a utility of an operating system of the remote server; and transmitting second instructions to the remote server over the command line interface. One of ordinary skilled in the art would have been motivated because it offers the advantage of managing user session.
As per claim 2, Shih-Warner-Horowitz discloses the method of claim 1, further comprising:
evaluating, by the first computer system, the record of the user session (Shih par. 5, The privileged account manager may then be configured to generate a first activity pattern for the privileged session based on the captured metadata; Shih par. 7, the privileged account manager may then be configured to identify, from a set of stored activity patterns, a second activity pattern that comprises at least a subset of the one or more activities performed by the user during the privileged session); and
determining, by the first computer system, in response to the evaluating, that an action should be taken with respect to the user session (Shih par. 8, the privileged account manager may then be configured to determine an action to be performed [invoking execution of a workflow to execute the action] for the first activity pattern based on the identification of the second activity pattern);
wherein invoking execution of the workflow is performed in response to determining that the action should be taken with respect to the user session (Shih par. 8, the privileged account manager may then be configured to determine an action to be performed [invoking execution of a workflow to execute the action] for the first activity pattern based on the identification of the second activity pattern).
As per claim 3, Shih-Warner-Horowitz discloses the method of claim 2, wherein the action comprises ending the user session (Shih par. 8, Exemplary actions for an activity pattern may include, "Warn User," "Warn Admin," "Logout User," "Reboot Machine," "Quarantine machine," "Take no action," and the like).
As per claim 5, Shih-Warner-Horowitz discloses the method of claim 2, wherein the action comprises limiting access associated with a username associated with the user session (Shih par. 8, Exemplary actions for an activity pattern may include, "Warn User," "Warn Admin," "Logout User," "Reboot Machine," "Quarantine machine," "Take no action," and the like).
As per claim 10, Shih-Warner-Horowitz discloses the method of claim 1, wherein the secure command line interface includes a secure shell (SSH) connection to the remote server (see Horowitz pg. 1, log off another users ssh connection using the command line). The same rationale as in claim 1 applies.
Claims 11-13, 15 and 20 do not teach or further define over the limitations in claims 1-3, and 5 respectively. As such, claims 11-13, 15 and 20 are rejected for the same reasons as set forth in claims 1-3, and 5, respectively.
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Shih et al. (US 2016/0094577, published Mar. 31, 2016), Warner (npl: Read a remote file with logs via SSH, published 2010), Horowitz (npl: How to Log Off Another Users, published 2019) and Satish et al. (US 2016/0164892, published Jun. 9, 2016).
As per claim 4, Shih-Warner-Horowitz discloses the method of claim 2, but does not explicitly disclose the action comprises preventing future logins using a username associated with the user session.
Satish teaches:
the action comprises preventing future logins using a username associated with the user session (Satish par. 28, In response to identifying the threat, advisement system 330 retrieves related communication information from other computing systems and assets within the environment. These related communications may possess the same source username as new threat 305… Once the information is obtained from email server 320 and asset 312, advisement system 330 may determine actions based on the communication interactions; Satish par. 30, administrator 340 may be provided with action options to block communications from a particular username).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Shih with the teaching of Satish for the action comprises preventing future logins using a username associated with the user session. One of ordinary skilled in the art would have been motivated because it offers the advantage of providing appropriate course of action to handle a security threat.
Claim 14 does not teach or further define over the limitations in claim 4. As such, claim 14 is rejected for the same reasons as set forth in claim 4.
Claims 6-7 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Shih et al. (US 2016/0094577, published Mar. 31, 2016), Warner (npl: Read a remote file with logs via SSH, published 2010), Horowitz (npl: How to Log Off Another Users, published 2019) and Reed et al. (US 2022/0360600, published Nov. 10, 2022).
As per claim 6, Shih-Warner-Horowitz discloses the method of claim 1, wherein processing, by the first computer system, the log data to obtain the record of the user session (Shih par. 5, The privileged account manager may then be configured to generate a first activity pattern for the privileged session based on the captured metadata) but does not explicitly disclose obtaining a process identifier (PID) of a user session process from the log data.
Reed teaches:
obtaining a process identifier (PID) of a user session process from the log data (Reed par. 117, Below are additional examples of data that an agent, such as agent 112, can collect and provide to data platform 12; Reed par. 133, Application Data: command line, PID (process ID), start time, UID (user ID), EUID (effective UID), PPID (parent process ID), PGID (process group ID), SID (session ID), exe path, username, container ID; Reed Fig. 3H, Use the received data to identify a user login activity at 363).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Shih with the teaching of Reed for obtaining a process identifier (PID) of a user session process from the log data. One of ordinary skilled in the art would have been motivated because it offers the advantage of tracking user session to detect an anomaly.
As per claim 7, Shih-Warner-Horowitz-Reed discloses the method of claim 6, wherein processing, by the first computer system, the log data to obtain the record of the user session (Shih par. 5, The privileged account manager may then be configured to generate a first activity pattern for the privileged session based on the captured metadata) comprises obtaining a start time, end time, and username associated with the PID (Reed par. 117, Below are additional examples of data that an agent, such as agent 112, can collect and provide to data platform 12; Reed par. 121, User Login Data: user name, hostname, IP address, start time, TTY (terminal), UID (user ID), GID (group ID), process, end time; Reed Fig. 3H, Use the received data to identify a user login activity at 363). The same rationale as in claim 6 applies.
Claims 16-17 do not teach or further define over the limitations in claims 6-7 respectively. As such, claims 16-17 are rejected for the same reasons as set forth in claims 6-7, respectively.
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Shih et al. (US 2016/0094577, published Mar. 31, 2016), Warner (npl: Read a remote file with logs via SSH, published 2010), Horowitz (npl: How to Log Off Another Users, published 2019) and Atur et al. (US 2021/0406079, filed Jun. 29, 2020).
As per claim 8, Shih-Warner-Horowitz discloses the method of claim 1, but does not explicitly disclose wherein invoking execution of the workflow comprises selecting a worker from a worker pool and instructing the worker to execute the workflow.
Atur teaches:
invoking execution of the workflow comprises selecting a worker from a worker pool and instructing the worker to execute the workflow (Atur abstract, Function calls, such as function calls from a workflow, may be added to queues. Function calls are selected from the queue and executed by workers of a worker pool… The workers may be of different types and function calls may require execution by a worker of a specific type).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify the method of Shih with the teaching of Atur for invoking execution of the workflow comprises selecting a worker from a worker pool and instructing the worker to execute the workflow. One of ordinary skilled in the art would have been motivated because it offers the advantage of improving processing workflow by using worker of appropriate type for execution.
Claim 18 does not teach or further define over the limitations in claim 8. As such, claim 18 is rejected for the same reasons as set forth in claim 8.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20230062052 A1; Session Management System
The present specification generally relates to management of sessions established in a secure computing environment, and more specifically to capturing sessions and generating models for users associated with those sessions where the models are used to perform management and/or security operations.
US 20120221715 A1; Apparatus, System, And Method Of Processing Log Data, And Recording Medium Storing Log Data Processing Program
The present invention generally relates to processing log data regarding communications performed or being performed among a plurality of communication terminals.
US 11349714 B1; Cognitive Command Line Interface For Configuring Devices
The disclosure relates generally to command line interfaces and more specifically to automatically providing a set of command line interface commands for configuring a managed device in a network to a user via a cognitive command line interface based on retrieved information from the managed device such as model and operating system version of the managed device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837. The examiner can normally be reached Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, RUPAL DHARIA can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHANG DO/Primary Examiner, Art Unit 2492
Prosecution Insights