Prosecution Insights
Last updated: July 17, 2026
Application No. 18/374,811

GENERATING AUTOMATED WORKFLOWS ASSOCIATED WITH LOCAL ADMINISTRATOR RIGHTS USING ARTIFICIAL INTELLIGENCE TECHNIQUES

Non-Final OA §103
Filed
Sep 29, 2023
Examiner
XIE, THEODORE L
Art Unit
3623
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Dell Products L.P.
OA Round
3 (Non-Final)
43%
Grant Probability
Moderate
3-4
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 43% of resolved cases
43%
Career Allowance Rate
3 granted / 7 resolved
-9.1% vs TC avg
Strong +100% interview lift
Without
With
+100.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
20 currently pending
Career history
44
Total Applications
across all art units

Statute-Specific Performance

§101
6.9%
-33.1% vs TC avg
§103
86.3%
+46.3% vs TC avg
§102
3.9%
-36.1% vs TC avg
§112
2.9%
-37.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 7 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Application This communication is the third action on the merits. In response to Examiner's communication on 11/26/2025, Applicant on 02/26/2026, amended Claim 1, 15, 18, cancelled Claim 3, and added new Claim 21. Claims 1-2, 4-21 are now pending in this application and have been rejected below. Response to Amendment Applicant' s arguments with respect to the rejection of Claims 1-2, 4-21 under 35 USC 103 have been considered but are moot in light of new grounds of rejections necessitated by applicant’s amendments. These rejections have been updated to address the amendments and maintained below. Response to Arguments – 35 USC § 103 Applicant' s arguments with respect to the rejection of Claims 1-20 under 35 USC 103 have been considered but are moot in light of new grounds of rejections necessitated by applicant’s amendments. Applicant’s arguments are firstly directed to the lack of support for replacement of applications. Examiner respectfully disagrees. Herzog is broadly concerned with the correction of “discrepancies”. Notice that updates, encompassing replacement, are part of what may constitute a discrepancy, in Col 1 Lines 27-36, “The corresponding set of software applications may change as new software applications are installed, and/or existing software applications are deleted and/or updated. In some cases, some changes and/or absence of some changes to the set of software applications may be undesirable. For example, installing a malicious software application, failing to update a (non-malicious) software application, and/or failing to delete a software application no longer in use may each be undesirable”. Examiner further notes the new grounds of rejection necessitated by Applicant’s addition of “using at least one large language model”, thus rendering arguments moot. The rejections are updated as outlined below. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 4-6, 8-11,15-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Biazetti(US 8819771 B2) in view of Herzog(US 11831729 B2) in further view of Williams(US 20240333746 A1). Claim 1 Biazetti teaches: A computer-implemented method comprising: obtaining data pertaining to a first set of one or more software applications in association with at least one designated user device In Col 1 Lines 41-49, "In one illustrative embodiment, a method, in a data processing device, is provided for generating user account policies for generating user accounts to access resources of a data processing system. The method comprises determining that a user account policy for an identified resource in the data processing system is to be generated. The method further comprises retrieving configuration information associated with the identified resource from a configuration information database". In Col 8 Lines 1-6, " In one illustrative embodiment, a method, in a data processing device, is provided for generating user account policies for generating user accounts to access resources of a data processing system. The method comprises determining that a user account policy for an identified resource in the data processing system is to be generated. The method further comprises retrieving configuration information associated with the identified resource from a configuration information database". In Col 9 Lines 49-53, " In one illustrative embodiment, a method, in a data processing device, is provided for generating user account policies for generating user accounts to access resources of a data processing system. The method comprises determining that a user account policy for an identified resource in the data processing system is to be generated. The method further comprises retrieving configuration information associated with the identified resource from a configuration information database". from a set of multiple devices associated with at least one designated network; In Col 8 Lines 45-51 of Biazetti, “The CMDB information is actual or real instance information representing discovered services/resources in a data processing system or information technology environment. For a Health Care company, for example, the CMDB may contain information about all its business applications, including a Patient Records application, Payments application, Claims application, and the like”. In Col 9 Lines 33-40, “The CMDB records configuration items (CI) and details about the important attributes and relationships between CIs. As used herein, the term "configuration item" or "CI" refers to a resource that is subject to configuration management. Configuration items may include system resources such as hardware and software configuration items, equipment for providing IT services, documents such as regulation books, work procedures, and configuration diagrams”. It is clear that we administering devices belonging to an organizational network. Per Lines 17-18 of the specification of the application, these networks are not defined by physical proximity but rather by the organization they belong to. identifying, by processing In Col 10 Lines 12-25, "Specifically, service management software may identify configuration items in a distributed network environment, such as servers, clients, an operating system ("OS"), middleware (Web/AP/DBMS/LDAP), package software, management tools, network devices, storage devices, and the like. The service management software may automatically discover and update information regarding each configuration item, such as, for example, information regarding configurations of server and client computers, information regarding applications operating in each computer, information regarding configurations of a network attached storage ("NAS") and a printer connected to each computer, and information regarding configurations of a storage area network ("SAN") and a printer directly connected to a network". Biazetti does not teach: using one or more artificial intelligence techniques However, Herzog teaches: using one or more artificial intelligence techniques In Col 27 Lines 20-28, "Additionally or alternatively, the word vectors may be provided as input to an ANN, a support vector machine, a decision tree, or some other machine learning algorithm in order to classify or cluster corresponding software applications and/or computing devices, to determine a level of similarity between corresponding software applications and/or computing devices, and/or to perform some other processing task with respect to corresponding software applications and/or computing devices". Biazetti teaches: , data associated with one or more additional user devices from the set of multiple devices related to the at least one designated user device, a second set of one or more software applications related to at least a portion of the first set of one or more software applications; In Col 9 Lines 33-49, " The CMDB records configuration items (CI) and details about the important attributes and relationships between CIs. As used herein, the term "configuration item" or "CI" refers to a resource that is subject to configuration management. Configuration items may include system resources such as hardware and software configuration items, equipment for providing IT services, documents such as regulation books, work procedures, and configuration diagrams. The configuration diagrams may relate to the operation of IT services, services such as maintenance information, processes, and human resources. Configuration managers usually describe CIs using three configurable attributes: technical, ownership, and relationship. The technical attributes are attributes that represent the configuration of the CI with regard to the functionalities, capabilities, physical configuration, connections, etc. of the particular hardware and/or software component that the CI represents". generating one or more automated workflows comprising one or more local administrator rights granted exclusively for the at least one designated user device, In Col 8 Lines 65-67 - Col 9 Lines 1-8, "The user account policy, once generated using the mechanisms of the illustrative embodiments, may be utilized by a computing device, such as data processing system 200 in FIG. 2, for example, to provision user accounts for accessing the various data processing system or information technology environment resources, such as may be provided in system 100. The generation of user account policies may be performed automatically, for example, in response to a system administrator or other user requesting that user account policies be generated for a particular IT resource, e.g., a particular application, service, or other IT resource". In Col 15 Lines 3-13, " The user interface 542 provides an input/output mechanism through which a system administrator, or other authorized user, can provide input and receive output from the user account management system 540. Via this user interface 542, the system administrator may trigger the user account policy generation by the user account policy generator 544. In addition, this user interface 542 may be used to present the generated user account policy to the system administrator and receive input from the system administrator to finalize the generated user account policy and submit it to the user/identity management engine 549". In Col 14 Lines 9-32, " The user interface 542 provides an input/output mechanism through which a system administrator, or other authorized user, can provide input and receive output from the user account management system 540. Via this user interface 542, the system administrator may trigger the user account policy generation by the user account policy generator 544. In addition, this user interface 542 may be used to present the generated user account policy to the system administrator and receive input from the system administrator to finalize the generated user account policy and submit it to the user/identity management engine 549". In Col 15 Lines 45-51, "The user account policy templates in the user account policy template database 546 include such information as the password policy and password synchronization mechanism, an access control model to be used (role based, discretionary, mandatory, etc.), access provisioning model (role based, request based, etc.), user account and access request workflows, and the like. ". In Col 1 Lines 46-54, "The method further comprises retrieving configuration information associated with the identified resource from a configuration information database. The method also comprises retrieving a predefined user account policy template from a user account policy template database system. Moreover, the method comprises generating a user account policy data structure based on the retrieved configuration information and the retrieved predefined user account policy template.". In Figure 7, in steps 730 and 750 we can see the retrieval of user account policy template, with automatic generation of user policies accordingly. wherein the at least one designated user device represents less than an entirety of the set of multiple devices It is implicit in the structure of the database that there is support for a plurality of user devices; as outlined above with reference to the CMDB and its management to the plurality of resources in an organization. In Col 9 Lines 33-40, “The CMDB records configuration items (CI) and details about the important attributes and relationships between CIs. As used herein, the term "configuration item" or "CI" refers to a resource that is subject to configuration management. Configuration items may include system resources such as hardware and software configuration items, equipment for providing IT services, documents such as regulation books, work procedures, and configuration diagrams”. wherein the one or more automated workflows pertain to one or more operations to be carried out in connection with the at least one designated user device and at least one of the first set of one or more software applications and the second set of one or more software applications; In Col 14 Lines 9-32, "For example, templates may be generated, in accordance with the illustrative embodiments, for a plurality of components including an electronic mail application, a patent database system, an employee directory application, and the like. The CMDB 305 may store information for a "Patent Business Application" which includes the dependencies between this software resource and other software/hardware resources. For example, the CMDB 305 may indicate that the "Patent Business Application" depends on an electronic mail application A, a patent database B, and an employee directory application C. The mechanisms of the illustrative embodiments, when a user account policy is to be generated for the "Patent Business Application" may automatically retrieve the templates associated with the dependencies of the Patent Business Application and use them to generate a user account policy for the Patent Business Application. For example, the mechanisms of the illustrative embodiments may retrieve the templates for the electronic mail application, the patent database system, and the employee directory application, and use those templates, along with configuration information from CI instances associated with the dependent resources, to generate a user account policy. This process is described in more detail hereafter" In this case, the operations pertain to the granting of account privileges and associated dependent resources. Biazetti does not teach: wherein generating the one or more automated workflows comprises granting one or more local administrator rights for replacing at least a portion of the first set of one or more software applications with at least a portion of the second set of one or more software applications on the at least one designated user device. However, Herzog teaches: wherein generating the one or more automated workflows comprises granting one or more local administrator rights for replacing at least a portion of the first set of one or more software applications with at least a portion of the second set of one or more software applications on the at least one designated user device In Col 2 Lines 66-67 - Col 3 Lines 1-19, "Comparing the software applications installed on a particular computing device to software applications installed on the reference computing device may reveal a disparity (e.g., difference or discrepancy) between these two sets of software applications. For example, the disparity may indicate compliant software applications that are installed on both the particular computing device and the reference computing device, missing software applications that are installed on the reference computing device but are not installed on the particular computing device, and/or unauthorized software applications that are installed on the particular computing device but are not installed on the reference computing device. The disparity may be saved and/or a visual representation of the disparity may be displayed by way of a user interface. The disparity may be used as a basis for suggesting one or more modifications to software applications of the particular computing device intended to reduce the disparity. The suggested modifications may be executed manually by a user, and/or automatically by a software application based on and/or in response to a user selection of one or more of the modifications". Notice that updates, encompassing replacement, are part of the modifications, in Col 1 Lines 27-36, “The corresponding set of software applications may change as new software applications are installed, and/or existing software applications are deleted and/or updated. In some cases, some changes and/or absence of some changes to the set of software applications may be undesirable. For example, installing a malicious software application, failing to update a (non-malicious) software application, and/or failing to delete a software application no longer in use may each be undesirable”. Biazetti combined with Herzog does not teach: the at least a portion of the second set of one or more software applications being identified at least in part using at least one large language model (LLM); However, Williams teaches: the at least a portion of the second set of one or more software applications being identified at least in part using at least one large language model (LLM); See [0088] regarding the ML engine’s usage of a large language model. Regarding the identification of vulnerabilities in software in [0083], “The training data 320 may include security vulnerability documents. The security vulnerability documents may comprise descriptions of security vulnerabilities in source code, applications, or software”. Regarding providing such vulnerability information and measures for correction in [0093], “Once the identified security vulnerabilities 350 and/or the corrected source code 360 are generated by the ML model 310, they may be provided to the client device 102 or to another user device. For example, the server 105 may provide the identified security vulnerabilities 350 and/or the corrected source code 360 via a mobile app to mobile device, in an email, a website, via a chatbot (such as the chatbot 315), and/or in any other suitable manner. The client device 102 may cause existing source code in a project or existing application to be replaced with the corrected source code 360. The client device 102 may cause the corrected source code 360 to be compiled to generate a new version of the existing application”. Biazetti does teach: and to perform one or more automated actions based at least in part on the one or more automated workflows, In Col 14 Lines 9-32, "For example, templates may be generated, in accordance with the illustrative embodiments, for a plurality of components including an electronic mail application, a patent database system, an employee directory application, and the like. The CMDB 305 may store information for a "Patent Business Application" which includes the dependencies between this software resource and other software/hardware resources. For example, the CMDB 305 may indicate that the "Patent Business Application" depends on an electronic mail application A, a patent database B, and an employee directory application C. The mechanisms of the illustrative embodiments, when a user account policy is to be generated for the "Patent Business Application" may automatically retrieve the templates associated with the dependencies of the Patent Business Application and use them to generate a user account policy for the Patent Business Application. For example, the mechanisms of the illustrative embodiments may retrieve the templates for the electronic mail application, the patent database system, and the employee directory application, and use those templates, along with configuration information from CI instances associated with the dependent resources, to generate a user account policy. This process is described in more detail hereafter". In Col 14 Lines 3-8, "The user account policy generator maps this information to a user account policy template in order to automatically generate a user account policy. The user account policy may then be utilized to create user accounts for the particular resources of the distributed data processing system 100 for which the user account policy is automatically generated." In this case, the operations pertain to the granting of account privileges and associated dependent resources, and the automated actions pertain to creating needed accounts on the basis of template information. Biazetti does not teach: wherein performing the one or more automated actions comprises:automatically transmitting at least one executable file, configured to enable performance of the one or more operations, to the at least one designated user device and automatically executing the at least one executable file on the at least one designated user device; However, Herzog teaches: wherein performing the one or more automated actions comprises:automatically transmitting at least one executable file, configured to enable performance of the one or more operations, to the at least one designated user device and automatically executing the at least one executable file on the at least one designated user device; In Col 3 Lines 14-20, “The disparity may be used as a basis for suggesting one or more modifications to software applications of the particular computing device intended to reduce the disparity. The suggested modifications may be executed manually by a user, and/or automatically by a software application based on and/or in response to a user selection of one or more of the modifications”. In Col 33 Lines 48-61, “Based on and/or in response to reception of the request at arrow 836, mapping application 600 may be configured to generate instructions to execute the one or more modifications, as indicated by block 838…In another example, the instructions may include software instructions configured to cause automated execution of the one or more modifications by the corresponding computing devices. For example, the instructions may include scripts configured to install and/or uninstall relevant software applications from the corresponding computing devices”. In Fig. 9B, we see at step 930 the electronic transmission of the representations of the disparities. Biazetti does teach: wherein the method is performed by at least one processing device comprising a processor coupled to a memory. In Col 1 Lines 41-43, "In one illustrative embodiment, a method, in a data processing device, is provided for generating user account policies for generating user accounts to access resources of a data processing system". In Col 4 Lines 15-22, "These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks". Biazetti discloses a system for automatically generating user account policies and managing IT resources. Herzog discloses a system meant to generate and manage recommendations for applications. Each reference discloses a system for information technology resource management. Extending the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti is applicable as Biazetti already provides means to manage access to information technology resources, Herzog merely incorporates the recommendation and adoption of particular software applications. It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from the fact that the claim is plainly directed to the predictable result of combining known items in the prior art, with the expected benefit that adoption would enable administrators to have more granular control over the resources of users. Biazetti combined with Herzog discloses a system for automatically generating user account policies and managing IT resources. Williams discloses a system meant to perform security analysis with aid of an ML engine. Each reference discloses a system for information technology resource management. Extending the LLM enabled scanning to the IT resource management of Biazetti combined with Herzog is applicable as Williams leverages the pattern recognition and history cache of large language models to the task of cybersecurity, enabling broader and more accurate scanning. It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the LLM enabled probing to the IT system of Biazetti combined with Herzog. Motivation to do so comes from the fact that the claim is plainly directed to the predictable result of combining known items in the prior art, with the expected benefit that the pattern recognition and history cache of large language models as applied to the the task of cybersecurity would facilitate broader and more accurate scanning. Claims 15 and 18 are rejected as disclosing substantially similar limitations as Claim 1. Claim 2 As to Claim 2, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 1, wherein generating the one or more automated workflows comprises granting one or more local administrator rights for installing at least a portion of the first set of one or more software applications on the at least one designated user device. In Col 33 Lines 48-61, "Based on and/or in response to reception of the request at arrow 836, mapping application 600 may be configured to generate instructions to execute the one or more modifications, as indicated by block 838. In one example, the instructions may include written instructions addressed to one or more programmers, administrators, and/or other users within managed network 300 requesting manual execution of the one or more modifications. In another example, the instructions may include software instructions configured to cause automated execution of the one or more modifications by the corresponding computing devices. For example, the instructions may include scripts configured to install and/or uninstall relevant software applications from the corresponding computing devices". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claims 16 and 19 are rejected as presenting substantially similar limitations as Claim 2. Claim 4 As to Claim 4, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 1, wherein generating the one or more automated workflows comprises granting one or more local administrator rights for updating one or more of at least a portion of the first set of one or more software applications and at least a portion of the second set of one or more software applications on the at least one designated user device. In Col 1 Lines 27-39, "The corresponding set of software applications may change as new software applications are installed, and/or existing software applications are deleted and/or updated. In some cases, some changes and/or absence of some changes to the set of software applications may be undesirable. For example, installing a malicious software application, failing to update a (non-malicious) software application, and/or failing to delete a software application no longer in use may each be undesirable. Thus, the corresponding set of software applications may deviate from a reference, or target, set of software applications that is desired and/or intended to be installed on the respective computing device.". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claim 5 As to Claim 5, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 1, wherein performing one or more automated actions comprises initiating at least one of the one or more automated workflows on the at least one designated user device. In Col 33 Lines 48-61, "Based on and/or in response to reception of the request at arrow 836, mapping application 600 may be configured to generate instructions to execute the one or more modifications, as indicated by block 838. In one example, the instructions may include written instructions addressed to one or more programmers, administrators, and/or other users within managed network 300 requesting manual execution of the one or more modifications. In another example, the instructions may include software instructions configured to cause automated execution of the one or more modifications by the corresponding computing devices. For example, the instructions may include scripts configured to install and/or uninstall relevant software applications from the corresponding computing devices". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claims 17 and 20 are rejected as presenting substantially limitations as Claim 5. Claim 6 As to Claim 6, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 1, wherein performing one or more automated actions comprises automatically training at least a portion of the one or more artificial intelligence techniques using feedback related to at least one of the one or more automated workflows. In Col 40-51, "In order to reconcile the discrepancy between the reference set of software applications and the set of software applications actually installed on the computing device, a discovery process may be executed to collect information about the software applications installed on each computing device. For example, the collected information may include various attributes associated with software processes corresponding to a given software application. The collected information may be processed to generate, for each respective software application, a corresponding representation thereof, which may be referred to as an application fingerprint". In Col 28 Lines 51-67 - Col 29 Lines 1-13, "The similarity calculations described above may also be used to cluster similar fingerprints. Such clustering may be performed to provide a variety of benefits. For example, clustering may be applied to a set of fingerprints in order to identify patterns or groups within the set of fingerprints that have relevance to the operation of a system or organization. Such groups may facilitate the tracking of application and/or device configuration changes by measuring a time-dependence of fingerprints assigned to a particular cluster. Additionally, such groups may facilitate the early identification of unauthorized and/or missing software applications. In some examples, clustering may allow similar applications and/or devices (e.g., applications and/or devices corresponding to the same clusters) to be manipulated in common, in order to reduce the time required to carry out a desired modification. Clustering may be performed in an unsupervised manner in order to generate clusters without the requirement of manually-labeled fingerprints, to identify previously unidentified clusters within the fingerprints, or to provide some other benefit. A variety of methods and/or ML algorithms could be applied to identify clusters within a set of fingerprints and/or to assign fingerprints (e.g., fingerprints of newly-discovered applications and/or devices) to already-identified clusters. For example, decision trees, ANNs, k-means, support vector machines, independent component analysis, principal component analysis, or some other method could be trained based on a set of available fingerprints in order to generate an ML model to classify the available fingerprints and/or to classify fingerprints not present in the training set of available fingerprints.". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claim 8 As to Claim 8, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 1, wherein identifying a second set of one or more software applications related to the at least a portion of the first set of one or more software applications comprises determining one or more similarity values between the at least a portion of the first set of one or more software applications and multiple additional software applications using one or more cosine similarity techniques. In Col 26 Lines 66-67 - Col 27 Lines 1-19, "A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings (which may be considered to form words) contained in the process attributes on which the fingerprint is based. A word vector may be determined for each word present in a corpus of textual records such that words having similar meanings (or semantic content) are associated with word vectors that are near each other within a semantically encoded vector space. Such vectors may have dozens, hundreds, or more elements and thus may be an n-space where n is a number of dimensions. These word vectors allow the underlying meaning of words to be compared or otherwise operated on by a computing device (e.g., by determining a distance, a cosine similarity, or some other measure of similarity between the word vectors). Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context.". In Col 21 Lines 15-34, " Thus, the process attributes may include, for example, a process name, an executable file name, a file system path, an execution command, and/or input arguments, among other information contained in the software process data. The process name may be a name associated with the corresponding software process. The executable file name may indicate the name of an executable file that (i) stores instructions that define at least part of the corresponding software application and/or (ii) is selected and/or used to execute at least part of the corresponding software application. The file system path may indicate a location and/or address within a file system of the computing device at which the executable file and/or another file related to the corresponding software application is stored. The execution command may indicate a command provided to, for example, an operating system shell to cause/initiate execution of the corresponding software application. The input arguments may indicate one or more inputs provided to the corresponding software application upon initiation of execution thereof and/or during execution thereof.". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claim 21 is rejected as disclosing substantially similar limitations as Claim 8. Claim 9 As to Claim 9, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 8, wherein determining one or more similarity values comprises processing, using the one or more cosine similarity techniques, one or more of attribute data associated with the at least a portion of the first set of one or more software applications and the multiple additional software applications, and functionality data associated with the at least a portion of the first set of one or more software applications and the multiple additional software applications. In Col 26 Lines 66-67 - Col 27 Lines 1-19, "A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings (which may be considered to form words) contained in the process attributes on which the fingerprint is based. A word vector may be determined for each word present in a corpus of textual records such that words having similar meanings (or semantic content) are associated with word vectors that are near each other within a semantically encoded vector space. Such vectors may have dozens, hundreds, or more elements and thus may be an n-space where n is a number of dimensions. These word vectors allow the underlying meaning of words to be compared or otherwise operated on by a computing device (e.g., by determining a distance, a cosine similarity, or some other measure of similarity between the word vectors). Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context.". In Col 21 Lines 15-34, " Thus, the process attributes may include, for example, a process name, an executable file name, a file system path, an execution command, and/or input arguments, among other information contained in the software process data. The process name may be a name associated with the corresponding software process. The executable file name may indicate the name of an executable file that (i) stores instructions that define at least part of the corresponding software application and/or (ii) is selected and/or used to execute at least part of the corresponding software application. The file system path may indicate a location and/or address within a file system of the computing device at which the executable file and/or another file related to the corresponding software application is stored. The execution command may indicate a command provided to, for example, an operating system shell to cause/initiate execution of the corresponding software application. The input arguments may indicate one or more inputs provided to the corresponding software application upon initiation of execution thereof and/or during execution thereof.". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claim 10 As to Claim 10, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Herzog teaches: The computer-implemented method of claim 8, wherein determining one or more similarity values comprises processing, using the one or more cosine similarity techniques, In Col 26 Lines 66-67 - Col 27 Lines 1-19, "A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings (which may be considered to form words) contained in the process attributes on which the fingerprint is based. A word vector may be determined for each word present in a corpus of textual records such that words having similar meanings (or semantic content) are associated with word vectors that are near each other within a semantically encoded vector space. Such vectors may have dozens, hundreds, or more elements and thus may be an n-space where n is a number of dimensions. These word vectors allow the underlying meaning of words to be compared or otherwise operated on by a computing device (e.g., by determining a distance, a cosine similarity, or some other measure of similarity between the word vectors). Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context.". In Col 21 Lines 15-34, " Thus, the process attributes may include, for example, a process name, an executable file name, a file system path, an execution command, and/or input arguments, among other information contained in the software process data. The process name may be a name associated with the corresponding software process. The executable file name may indicate the name of an executable file that (i) stores instructions that define at least part of the corresponding software application and/or (ii) is selected and/or used to execute at least part of the corresponding software application. The file system path may indicate a location and/or address within a file system of the computing device at which the executable file and/or another file related to the corresponding software application is stored. The execution command may indicate a command provided to, for example, an operating system shell to cause/initiate execution of the corresponding software application. The input arguments may indicate one or more inputs provided to the corresponding software application upon initiation of execution thereof and/or during execution thereof.". content pertaining to the at least a portion of the first set of one or more software applications and the multiple additional software applications automatically generated using one or more language models. In Col 38 Lines 26-33, "In some embodiments, determining the device fingerprint and the reference device fingerprint may include determining the device fingerprint by processing the first plurality of representations by a machine learning model that has been trained to generate device fingerprints based on representations of software applications, and determining the reference device fingerprint by processing the second plurality of representations by the machine learning model". In Col 26 Lines 57-65, "ML techniques can include determining, by artificial neural networks (ANNs) and/or other deep learning algorithms, vector representations of fingerprint (e.g., application fingerprints and/or device fingerprints) from process attributes represented as character strings. These techniques are used to determine a similarity between fingerprints, to group multiple fingerprints together, to determine statistical associations between fingerprints, and/or to perform some other fingerprint processing task.". Claim 11 As to Claim 11, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 8 as discussed above. Herzog also teaches: The computer-implemented method of claim 8, wherein determining one or more similarity values comprises: representing each of the at least a portion of the first set of one or more software applications and the multiple additional software applications as a vector; and calculating similarity values between the vectors representing the at least a portion of the first set of one or more software applications and the multiple additional software applications. In Col 26 Lines 66-67 - Col 27 Lines 1-19, "A fingerprint vector may include, be based on, and/or be represented using one or more word vectors associated with one or more character strings (which may be considered to form words) contained in the process attributes on which the fingerprint is based. A word vector may be determined for each word present in a corpus of textual records such that words having similar meanings (or semantic content) are associated with word vectors that are near each other within a semantically encoded vector space. Such vectors may have dozens, hundreds, or more elements and thus may be an n-space where n is a number of dimensions. These word vectors allow the underlying meaning of words to be compared or otherwise operated on by a computing device (e.g., by determining a distance, a cosine similarity, or some other measure of similarity between the word vectors). Since the corpus of textual records may be based on process attributes of software applications and/or other computer-generated character strings, some of the words may be non-dictionary words that have semantic meaning in the context of one or more computing devices and/or systems, but that might not be meaningful outside of this context.". In Col 21 Lines 15-34, " Thus, the process attributes may include, for example, a process name, an executable file name, a file system path, an execution command, and/or input arguments, among other information contained in the software process data. The process name may be a name associated with the corresponding software process. The executable file name may indicate the name of an executable file that (i) stores instructions that define at least part of the corresponding software application and/or (ii) is selected and/or used to execute at least part of the corresponding software application. The file system path may indicate a location and/or address within a file system of the computing device at which the executable file and/or another file related to the corresponding software application is stored. The execution command may indicate a command provided to, for example, an operating system shell to cause/initiate execution of the corresponding software application. The input arguments may indicate one or more inputs provided to the corresponding software application upon initiation of execution thereof and/or during execution thereof.". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Claim(s) 7 is rejected under 35 U.S.C. 103 as being unpatentable over Biazetti(US 8819771 B2) in view of Herzog(US 11831729 B2) in further view of Williams(US 20240333746 A1) in further view of Stamper(US 20070044085 A1). Claim 7 As to Claim 7, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as outlined above. Biazetti does not expressly disclose the remaining limitations. However, Herzog teaches: The computer-implemented method of claim 1, wherein identifying a second set of one or more software applications related to at least a portion of the first set of one or more software applications comprises determining at least one of one or more substitute software applications for the at least a portion of the first set of one or more softwareapplications In Col 1 Lines 32-39, "For example, installing a malicious software application, failing to update a (non-malicious) software application, and/or failing to delete a software application no longer in use may each be undesirable. Thus, the corresponding set of software applications may deviate from a reference, or target, set of software applications that is desired and/or intended to be installed on the respective computing device". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the means for managing software recommendations as recorded in Herzog to the access control system of Biazetti. Motivation to do so comes from same rationale as outlined in Claim 1 above. Biazetti combined with Herzog does not expressly disclose the remaining limitations. However, Stamper teaches: and one or more complimentary software applications to the at least a portion of the first set of one or more software applications. In [0026], "In certain embodiments, the retrieval software 100 assigns the add-on 110 one of three possible ratings: Safe To Instantiate; Hazardous To Instantiate; or Unknown Status. Safe To Instantiate indicates that the retrieval software 100 determined that the add-on 110 will be of benefit (e.g., program toolbar or program extension) to the computer user's use and enjoyment of the computer. Hazardous To Instantiate indicates that the retrieval software 100 determined that the add-on 110 poses a nuisance (e.g., adware), or a likely hazard (e.g., spyware or virus) to the user's computer. Unknown Status indicates that the collection software 120 was unable to retrieve any, or enough, data on the add-on 110 for the retrieval software 100 to rate the add-on 110". Biazetti and Herzog disclose systems for facilitating control management with respect to IT resources. Stamper discloses a system meant to evaluate software add ons for efficacy, applicability, and security. Each reference discloses means for managing resources in IT environments. Extending the add on analysis as recorded in Stamper to the system of Biazetti combined with Herzog is applicable as both are concerned with the management of resources in an IT setting. It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the additional software analysis as taught in Stamper and apply that to the system of Biazetti combined with Herzog. Motivation to do so comes from the fact that the claim is plainly directed to the predictable result of combining known items in the prior art, with the expected benefit that adopting such analysis would enable stakeholders to streamline the evaluation of additional software to acquire. Claim(s) 12 is rejected under 35 U.S.C. 103 as being unpatentable over Biazetti(US 8819771 B2) in view of Herzog(US 11831729 B2) in further view of Williams(US 20240333746 A1) in further view of Tree-Based Methods for Statistical Learning(Greenwell, 2022).. Claim 12 As to Claim 12, Biazetti combined with Herzog and Williams teaches all the limitations of Claim 1 as discussed above. Biazetti teaches: The computer-implemented method of claim 1, wherein identifying a second set of one or more software applications related to the at least a portion of the first set of one or more software applications comprises processing data pertaining to the at least a portion of the first set of one or more software applications and multiple additional software applications In Col 10 Lines 12-25, "Specifically, service management software may identify configuration items in a distributed network environment, such as servers, clients, an operating system ("OS"), middleware (Web/AP/DBMS/LDAP), package software, management tools, network devices, storage devices, and the like. The service management software may automatically discover and update information regarding each configuration item, such as, for example, information regarding configurations of server and client computers, information regarding applications operating in each computer, information regarding configurations of a network attached storage ("NAS") and a printer connected to each computer, and information regarding configurations of a storage area network ("SAN") and a printer directly connected to a network". Biazetti does not teach: using at least one random forest tree-based classifier. However, Tree-Based Methods for Statistical Learning(Greenwell, 2022) teaches: using at least one random forest tree-based classifier. In Col 27 Lines 20-28 of Herzog, "Additionally or alternatively, the word vectors may be provided as input to an ANN, a support vector machine, a decision tree, or some other machine learning algorithm in order to classify or cluster corresponding software applications and/or computing devices, to determine a level of similarity between corresponding software applications and/or computing devices, and/or to perform some other processing task with respect to corresponding software applications and/or computing devices". Citing the attached NPL, it is clear that a random forest tree-based classifier would fundamental to one of ordinary skill in the art - on page 1, "For example, users will be exposed to writing their own random forest and gradient tree boosting functions using simple for loops and basic tree fitting software (like rpart and party/partykit), and more". Biazetti and Herzog disclose systems for facilitating control management with respect to IT resources. Tree-Based Methods for Statistical Learning(Greenwell, 2022) discloses means for performing statistical analysis. Extending the methodology of Greenwell to the system of is applicable as the means for performing dependency analysis is left unspecified in Biazetti, while we have broad support for the application of artificial intelligence techniques in Herzog; further, Greenwell discloses that such a mechanism would be fundamental to one of ordinary skill in the art. It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to apply the tree-based statistical analysis of Greenwell and apply that to the system of . Motivation to do so comes from the fact that the claim is plainly directed to the predictable result of combining known items in the prior art, with the expected benefit that adopting the tree-based analysis would enable streamlined dependency analysis. Claim(s) 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Biazetti(US 8819771 B2) in view of Herzog(US 11831729 B2) in further view of Williams(US 20240333746 A1) in further view of Lee(US 20190394099 A1). Claim 13 As to Claim 13, Biazetti combined with Herzog teaches all the limitations of Claim 1 as discussed above. Biazetti does not teach: The computer-implemented method of claim 1, wherein obtaining data comprises identifying a list of one or more software applications required for use by at least one user associated with the at least one user device. However, Lee teaches: The computer-implemented method of claim 1, wherein obtaining data comprises identifying a list of one or more software applications required for use by at least one user associated with the at least one designated user device. In [0044], "Referring to FIG. 7, a screen that is shown to a user displays an HQ recommendation list 710 and a Dealer recommendation list 720. As described above, the HQ recommendation list 710 and the Dealer recommendation list 720 have been set by higher level users within the same user group. Accordingly, only the service that a corresponding user requires may be shown according to a user group, and thus, an efficient service may be provided". Biazetti and Herzog disclose systems for facilitating control management with respect to IT resources. Lee discloses a system meant to analyze user hierarchies and manage software on the basis of it. Each reference discloses a system for managing IT resources. Extending the means for recommending software applications as recorded in Lee to include is applicable to the system of Biazetti combined with Herzog as Biazetti and Herzog already provide means to manage access to information technology resources, Lee merely incorporates the recommendation and adoption of particular software applications. It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to adopt the means for application recommendations as taught in Lee and apply that to the system as taught in Biazetti. Motivation to do so comes from the fact that the claim is plainly directed to the predictable result of combining known items in the prior art, with the expected benefit that adoption would enable administrators to have more granular control over the resources of users. Claim 14 As to Claim 14, Biazetti combined with Herzog and Lee teaches all the limitations of Claim 13 as discussed above. Lee teaches: The computer-implemented method of claim 13, wherein identifying the list of one or more software applications required for use by the at least one user associated with the at least one designated user device comprises processing data pertaining to software applications used by one or more additional users related to the at least one user on a basis of one or more of user work domain, user work function, and user work experience. In [0042], "Referring to FIG. 6, a user having a Dealer level, which is a lower user level than the HQ level, may select an application that is to be recommended to users having a lower user level than that of the user within an authority. The user having the Dealer level may select an application that is to be recommended to the users having a lower user level than the user within an authority that is assigned by higher users to the user, that is, applications that may be selected by the user. In this regard, the user having the Dealer level may select an application by selecting at least one of application icons shown on a user terminal and dragging the at least one into a Dealer recommendation box 620. Also, the user having the Dealer level may edit and reset an application list 610 recommended by a user having a higher user level, for example, the user having the HQ level. The server may provide a recommended application to lower level users according to selection or editing of the user having the Dealer level. Since the Dealer level has ITDM as a lower level, an application recommended by the user having the Dealer level may be shown to users having an ITDM level. The recommended application may be shown to users that have a lower user level within the same user group. That is, different recommended applications may be shown to the users having the ITDM level when the users belong to different user groups from each other". It would have been obvious to one having ordinary skill in the art at the effective filling date of the invention to adopt the means for application recommendations as taught in Lee and apply that to the system as taught in Biazetti. Motivation to do so comes from the same rationale as outlined above with respect to Claim 13. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to THEODORE L XIE whose telephone number is (571)272-7102. The examiner can normally be reached M-F 9-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rutao Wu can be reached at 571-272-6045. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /THEODORE XIE/Examiner, Art Unit 3623 /CHARLES GUILIANO/Primary Examiner, Art Unit 3623
Read full office action

Prosecution Timeline

Show 6 earlier events
Nov 26, 2025
Non-Final Rejection mailed — §103
Feb 03, 2026
Interview Requested
Feb 25, 2026
Examiner Interview Summary
Feb 25, 2026
Applicant Interview (Telephonic)
Feb 26, 2026
Response Filed
Apr 22, 2026
Final Rejection mailed — §103
Jun 14, 2026
Interview Requested
Jun 22, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12604796
METHOD AND SYSTEM FOR PROVIDING A SITE-SPECIFIC FERTILIZER RECOMMENDATION
2y 1m to grant Granted Apr 21, 2026
Patent 12591576
DRILLING PERFORMANCE ASSISTED WITH AN ARTIFICIAL INTELLIGENCE ENGINE
1y 7m to grant Granted Mar 31, 2026
Study what changed to get past this examiner. Based on 2 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
43%
Grant Probability
99%
With Interview (+100.0%)
2y 6m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 7 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month