Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
Applicant's arguments filed 5/5/2026 have been fully considered, but cannot be held as persuasive.
On pages 7 - 8, Applicant emphasizes the amended claim language and then notes the citations made to Van Phan. Continuing to page 9, Applicant emphasizes that they believe Van Phan does not describe “a pattern, indicated by the quantity, that is associated with a corresponding risk group”. In response, the Examiner notes that the way Applicant has chosen to claim this “pattern” has introduced issues under 35 USC 112. Additionally, the broadest reasonable interpretation of the amended language includes where the amended language corresponds solely to non-functional descriptive material. The rationale behind these newly required rejections is discussed further below. Applicant’s arguments continue through page 11. However, each of the remaining arguments rely on the rationale addressed above, and thus is similarly unpersuasive.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), first paragraph:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1 – 20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph.
Regarding claim 1, said claim is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, because the specification, while being enabling for, e.g., treating users different based on user classification, does not reasonably provide enablement for “an adjustment of security data . . . associated with a mitigation measure associated with the corresponding risk group”. The specification does not enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to use the invention commensurate in scope with these claims. The most relevant section in the specification to the amended language is [18], which recites: “If the user associated with the user device is determined to be classified as a technical user, then events associated with that user device may be treated differently or additional mitigation measures may be imposed.”
This generally associates user classification with “mitigation measures”. However, a singular example of a singular user classification (“technical user”) recited as tied to “additional” mitigation does not support association of “a mitigation measure associated with the corresponding risk group”. Merely supporting an “additional” mitigation does not also show how each of a corresponding risk group is associated with a mitigation measure in the way claimed. Applicant’s specification provides an broad association between classification and group while the claims recite a narrow and particular association, including the implication that mitigation measures correspond to risk group. Merely noting that “additional” measures may correspond to a singular particular group (i.e., “technical user”) does not support how such an association is then made in the manner claimed. Furthermore, the claim implies particular “mitigation measures”, while the specification fails to support or describe any measures other than “additional” measures. While additional security steps and discussion continue past [18] in the specification, there are no further mentions of “mitigation” measures past [18], and thus no determination of how the claimed association is performed can be made. Generally noting “additional” measures may be taken does not support how particular “adjustments” may be made “association with the corresponding risk group” as is claimed. The broad disclosure and support provided in the specification does not support the more narrowly scoped claim language. In other words, the claimed scope of the invention and the disclosed scope of the invention differ to such an extent that issues are raised with regards to compliance under 35 USC 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph.
Regarding claims 8 and 16, said claims contain amended language analogous to the language addressed above in the discussion of claim 1, and thus contain issues analogous to those of claim 1. Claim 8, for example, is even more specific by noting a “mitigation measure associated with each corresponding risk group” (emphasis added). The additional specificity of claim 8 exacerbates the issues noted above (i.e., broad support in the accompanying specification corresponding to narrowly scoped claim language). Regarding claims 2 – 7, 9 – 15, and 17 -20, each of said claims depends on one of claims 1, 8, and 16, and fails to overcome the issues noted above in their respective parent claim. Claims 2 – 7, 9 – 15, and 17 – 20 thus inherit the deficiencies of their respective parent claim.
Claims 1 – 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 1, said claim has been amended to recite:
“wherein the classification is based on a quantity of groups, of the plurality of groups of the enterprise, associated with the user account and a pattern, indicated by the quantity, that is associated with a corresponding risk group”.
The claim thus recites a classification based on a quantity. The underlined newly presented language further specifies the presence of a “pattern” in a manner that suggests linkages to the “classification” step. However, the pattern is claimed as being “indicated by the quantity”. Given that the classification is already claimed as being “based on [the] quantity”, the presence of a pattern that may also be “indicated” by this quantity value would logically have no impact on the “classification” determination step, and thus the fact that there is an indicated pattern would correspond to non-functional descriptive material. The same is true regarding the “that is associated with a corresponding risk group.” Whatever associations may or may not exist are recited in such a matter that they have no bearing on the classification step, and thus this “associated” language also corresponds to non-functional descriptive material (or some intended result or post-solution activity that has no impact on the claimed method of claim 1). However, the language chosen by Applicant to express these limitations (along with the arguments presented with the present claim amendments) suggest a different intention regarding the scope of the amended language. In other words, Applicant has phrased the limitations in a manner that makes their intended scope unclear and indefinite. As the Examiner is tasked with utilizing the broadest reasonable interpretation of the claims, the above language has been interpreted as non-functional descriptive material that is not given patentable weight. An alternative reading suggests the above noted new language could also be interpreted as being inherently achieved by virtue of the “classification based on the quantity of groups”, as once the quantity is considered, both the claimed classification occurs along with the indication of whatever pattern is present. In other words, the quantity is claimed as being the basis for the “classification” and the indicator of the “pattern”, and thus both the “classification” and the “pattern” are accounted for when the quantity is addressed.
Regarding claims 2 – 7, each of said claims depends on claim 1 and fails to clarify the issues noted above. Regarding claim 8, said claim has been amended to recite “classification” based on a “quantity of groups” and “a pattern indicated by the quantity”; i.e., claim 8 contains amended language analogous to that addressed above in the discussion of claim 1. Claim 8 thus contains issues analogous to those of claim 1.
Regarding claims 9 – 15, each of said claims depends on claim 8 and fails to clarify the issues noted above.
Regarding claim 16, said claim has been amended to recite “classification” based on a “quantity of groups” and “a pattern indicated by the quantity”; i.e., claim 16 contains amended language analogous to that addressed above in the discussion of claims 1 and 8. Claim 16 thus contains issues analogous to those of claims 1 and 8. Further regarding claim 16, said claim concludes with the amended claim language:
“processing, based on the classification of the user account being associated with more enterprise-related responsibilities than a different classification and a mitigation measure associated with the corresponding risk group, the event.”
The phrasing and structure chosen by Applicant has resulted in an unclear and indefinite recitation. For example, it is unclear if the “processing” is “based on the classification of the user account . . .” and a “mitigation measure”, or alternatively if the “processing” is “based on the classification of the user account . . .”, where this classification is “associated with more enterprise-related responsibilities . . . and a mitigation measure”. In other words, it is unclear precisely what language “and a mitigation measure . . .” is intended to further limit. Regarding claims 17 - 20, each of said claims depends on claim 16 and fails to clarify the issues noted above.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 - 5 are rejected under 35 U.S.C. 103 as being unpatentable over Scheidler (US-10681060-B2) in view of Kolman (US-9699196-B1), Van Phan (US-20160255501-A1), and Joshi (US-10949541-B1).
Regarding claim 1, Scheidler shows a method comprising: using group membership data for a user (col. 19 lines 6-38, col. 26 lines 16-35, col. 27 lines 5-8) account (Abstract, col. 8 lines 26-36), wherein the group membership data indicates at least a plurality of groups associated with the user account (col. 10 lines 55-58, col. 11 lines 33-35, col. 13 lines 15-21, col. 14 lines 6-22); determining, based on inputting the group membership data (col. 19 lines 6-38, col. 55 lines 2-6) into a model, a classification of the user account (col. 10 lines 55-68), wherein the model is trained to classify user accounts according to group membership data for the user accounts (col. 19 lines 6-38); causing, based on the classification of the user account, an adjustment of security data associated with the user account (col. 9 lines 60-65, col. 10 lines 60-68, col. 11 line 21) wherein the adjustment is associated with a mitigation measure associated with the corresponding risk group (this language is not given patentable weight as the claimed “adjustment” has been addressed by the preceding citations; what the adjustment is “associated with” (and what that “associated with” item is further “associated with”) corresponds to either non-functional descriptive material that is not accorded patentable weight, and/or functionality inherently achieved by showing anticipation of the adjustment step/function itself; further discussion is provided in the preceding rejections made under 35 USC 112). Scheidler does not show where the data is enterprise data and use of enterprise-related responsibilities associated with group membership data for users. Kolman shows where the group membership data is enterprise data (col. 3 line 61 – col. 4 line 10, col. 5 lines 2 - 19) and use of enterprise-related responsibilities associated with group membership data for users (col. 5 lines 2-19, col. 6 lines 19-23 and lines 28-32, col. 6 line 66-col. 7 line 14).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the data management and grouping techniques of Scheidler with the enterprise data management and user role/responsibility tracking of Kolman in order to utilize addition data regarding system users, thus facilitating more detailed analysis options and more accurate grouping results. The above combination does not show wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account. Van Phan shows wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account ([57], where a user, represented by their mobile station/user equipment identification, is selected to be a security agent, [5-6,28], after evaluating who is “a member of the highest number of user groups”; note that Van Phan also shows the classification being based on a pattern indicated by the quantity that is associated with a corresponding risk group as anticipation and use of the claimed quantity provides basis for both the “classification” and the “pattern” given the manner in which the claim has been structured; further discussion on claim interpretation is provided in the rejections made under 35 USC 112 presented in the preceding sections). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the user-related evaluation techniques of Van Phan in order to provide a pre-determined and consistent (and thus predictable) mechanism for evaluating and classifying user accounts, ensuring high priority user roles are associated with user who are already performing or otherwise associated with high priority tasks. The above combination does not show: reception of the membership data for a user account. Joshi shows reception of the membership data for a user account (col. 5 line 45 – col. 6 line 24).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the user account data management and use of Joshi in order to improve the data management and storage options of the resultant disclosure (e.g., facilitating easy importation of new data and improving data tracking/association capabilities).
Regarding claim 2, the above combination further shows wherein the model is a machine learning model (Scheidler, col. 3 lines 20-24, col. 8 lines 7-16) that comprises one or more of a support vector machine, a binary classifier, or a model configured to classify user accounts based on the enterprise-related responsibilities (Scheidler, col. 19 lines 6-38, and Kolman, col. 5 lines 2-19, col. 6 lines 19-23 and lines 28-32, col. 6 line 66-col. 7 line 14).
Regarding claim 3, the above combination further shows wherein the groups of the enterprise (Kolman, col. 3 line 61 – col. 4 line 10, col. 5 lines 2-19) are assigned on an enterprise level using a service configured to manage associations between user accounts and enterprise groups (Joshi, col. 5 line 45 – col. 6 line 35).
Regarding claim 4, the above combination further shows wherein the model is updated based on updates in associations of the groups of the enterprise (Kolman, col. 3 line 61 – col. 4 line 10, col. 5 lines 2-19) with corresponding user accounts (Joshi, col. 5 line 61 – col. 6 line 34).
Regarding claim 5, the above combination further shows wherein the adjustment of security data associated with the user account comprises at least one of: adding an authentication process to the user account; or monitoring activity of the user account (Scheidler, col. 9 lines 60-65, col. 10 lines 60-68).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Scheidler in view of Kolman, Van Phan, and Joshi, as applied to claim 1 above, further in view of Ullegaddi (US-9892280-B1).
Regarding claim 6, the above combination shows claim 1. The above combination does not show: wherein the classification of the user account is based on at least one of: a type of groups of the plurality of groups of the enterprise associated with the user account; a quantity of permissions associated with the enterprise-related responsibilities of the user account; or a type of permission associated with the enterprise-related responsibilities of the user account. Ullegaddi shows wherein the classification of the user account is based on at least one of: a type of groups of the plurality of groups of the enterprise associated with the user account (Ullegaddi, col. 2 lines 1-3, col. 4 lines 42-47, col. 5 lines 17-23); a quantity of permissions associated with the enterprise-related responsibilities of the user account; or a type of permission associated with the enterprise-related responsibilities of the user account
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the group management techniques of Ullegaddi in order to enable additional grouping mechanisms and techniques, thus enabling enhanced user analysis mechanisms and resultant associations and insights.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Scheidler in view of Kolman, Van Phan, and Joshi, as applied to claim 1 above, further in view of Wilson (US-20250111335-A1).
Regarding claim 7, the above combination shows claim 1. The above combination does not explicitly show wherein the user account of the enterprise is associated with an employee of the enterprise. Wilson shows wherein the user account of the enterprise is associated with an employee of the enterprise ([145,147]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the employee management of Wilson in order to further specialize the resultant disclosure for operation in corporate environments, facilitating improved results and ease of use for a common type of software customer.
Claims 8 – 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Ullegaddi in view of Scheidler, Van Phan, Marano (US-20090292930-A1), Kolman, and Juncker (US-20180375891-A1).
Regarding claim 8, Ullegaddi shows a method comprising: determining training (col. 8 lines 25-36) data associated with a plurality of user accounts (col. 2 lines 1-3, col. 4 lines 42-47, col. 5 lines 17-23);
training, based on the training data, a model to classify user accounts according to group membership data for the user accounts (col. 2 lines 1-3, col. 4 lines 42-47, col. 5 lines 17-23, col. 8 lines 25-36); processing, based on data classified using the model, a plurality of requests to access a service (col. 12 lines 11-25). Ullegaddi does not show: wherein the group membership data indicates a plurality of groups of the enterprise associated with the user accounts. Scheidler shows wherein the group membership data indicates a plurality of groups of associated with the user accounts (col. 10 lines 55-58, col. 11 lines 33-35, col. 13 lines 15-21, col. 14 lines 6-22).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the training, classification and account management techniques of Ullegaddi with the multiple group management of Scheidler in order to enable enhanced user association flexibility, furthering the number and types of insights possible from the related user analysis and grouping techniques of Ullegaddi and Scheidler. The above combination does not show wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account. Van Phan shows wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account ([57], where a user, represented by their mobile station/user equipment identification, is selected to be a security agent, [5-6,28], after evaluating who is “a member of the highest number of user groups”; note that Van Phan also shows the classification being based on a pattern indicated by the quantity that is associated with a corresponding risk group as anticipation and use of the claimed quantity provides basis for both the “classification” and the “pattern” given the manner in which the claim has been structured; further discussion on claim interpretation is provided in the rejections made under 35 USC 112 presented in the preceding sections). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the user-related evaluation techniques of Van Phan in order to provide a pre-determined and consistent (and thus predictable) mechanism for evaluating and classifying user accounts, ensuring high priority user roles are associated with user who are already performing or otherwise associated with high priority tasks. The above combination does not show: wherein a first portion of the requests associated with a user account having a first classification are associated with a first level of security data and a second portion of the requests associated with another user account having a second classification are associated with a second level of security data. Marano shows wherein a first portion of the requests ([65]) associated with a user account having a first classification are associated with a first level of security data and a second portion of the requests associated with another user account having a second classification are associated with a second level of security data ([24-25, 28-29, 31]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the group and account management of the above combination with the security classification and analysis of Marano in order to improve the secure protections and management of the environments utilizing the resultant disclosure.
The above combination does not show where the data is enterprise data and use of enterprise-related responsibilities associated with group membership data for users. Kolman shows where the group membership data is enterprise data (col. 3 line 61 – col. 4 line 10, col. 5 lines 2 - 19) and use of enterprise-related responsibilities associated with group membership data for users (col. 5 lines 2-19, col. 6 lines 19-23 and lines 28-32, col. 6 line 66-col. 7 line 14).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the data management and grouping techniques of Scheidler with the enterprise data management and user role/responsibility tracking of Kolman in order to utilize addition data regarding system users, thus facilitating more detailed analysis options and more accurate grouping results. The above combination does not show where the processing is based on a mitigation measure associated with each corresponding risk group. Juncker shows where the processing is based on a mitigation measure associated with each corresponding risk group (Abstract, discussing identification of “a user-specific security risk . . . and applies a privilege mitigation measure based on the user-specific security risk”; see further discussion in [82,94]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the security mitigation techniques of the above combination with the user risk awareness of Juncker in order to ensure more privileged and thus more risky accounts are locked down appropriately when they may be compromised, thus better ensuring protection of the monitored network. Regarding claim 9, the above combination further shows wherein the training data (Ullegaddi, col. 8 lines 25-36) comprises, for each user account, an indication of a classification of the user account (Scheidler, col. 10 lines 65-68) and an indication of which enterprise groups the user account is associated with (Ullegaddi, col. 8 lines 20-55).
Regarding claim 10, the above combination further shows wherein the model is a machine learning model (Scheidler, col. 3 lines 20-24, col. 8 lines 7-16) that comprises one or more of a support vector machine, a binary classifier, or a model configured to classify user accounts based on the enterprise-related responsibilities (Scheidler, col. 19 lines 6-38, and Kolman, col. 5 lines 2-19, col. 6 lines 19-23 and lines 28-32, col. 6 line 66-col. 7 line 14).
Regarding claim 11, the above combination further shows wherein the enterprise groups are assigned on an enterprise (Kolman, col. 3 line 61 – col. 4 line 10, col. 5 lines 2-19) level using a service configured to manage associations between user accounts and enterprise (Kolman, col. 3 line 61 – col. 4 line 10, col. 5 lines 2-19) groups (Ullegaddi, col. 2 lines 1-16, col. 4 lines 42-55, col. 7 lines 56-67, col. 8 lines 56-67).
Regarding claim 14, the above combination further shows wherein the classifying the user accounts is based on at least one of: a quantity of groups of the plurality of groups of the enterprise associated with that user account (Van Phan, [57]); a type of groups of the plurality of groups of the enterprise associated with that user account (Ullegaddi, col. 2 lines 1-3, col. 4 lines 42-47, col. 5 lines 17-23); a quantity of permissions associated with the enterprise-related responsibilities of that user account; or a type of permission associated with the enterprise-related responsibilities of that user account.
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Ullegaddi in view of Scheidler, Van Phan, Marano, Kolman, and Juncker, as applied to claim 8 above, further in view of Huang (US-20230177543-A1).
Regarding claim 12, the above combination shows enterprise grouping and associations (Kolman, col. 3 line 61 – col. 4 line 10, col. 5 lines 2-19 and Ullegaddi, col. 2 lines 1-16, col. 4 lines 42-55, col. 7 lines 56-67, col. 8 lines 56-67) The above combination does not show: updating associations of groups with corresponding user accounts and retraining the model based on the updated associations. Huang shows updating associations of groups with corresponding user accounts ([21-22]) and retraining the model based on the updated associations ([75]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the model adaptation of Huang in order to facilitate continuous improvement in the accuracy of the resultant user groupings and evaluations.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Ullegaddi in view of Scheidler, Van Phan, Marano, Kolman, and Juncker, as applied to claim 8 above, further in view of Co (US-9882914-B1).
Regarding claim 13, the above combination shows claim 8. The above combination does not show: wherein the first level of security data comprises requesting a first credential of the user account, and wherein the second level of security data comprises requesting the first credential and a second credential of the user account. Co shows: wherein the first level of security data comprises requesting a first credential of the user account, and wherein the second level of security data comprises requesting the first credential and a second credential of the user account (col. 2 lines 7-60).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the multi-level security evaluation of Co in order to enable enhanced protection for the user’s most important data.
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Ullegaddi in view of Scheidler, Van Phan, Marano, Kolman, and Juncker, as applied to claim 8 above, further in view of Wilson. Regarding claim 15, the above combination shows claim 8. The above combination does not explicitly show wherein the user account of the enterprise is associated with a plurality of employees of the enterprise. Wilson shows wherein the user account of the enterprise is associated with a plurality of employees of the enterprise ([145,147]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the employee management of Wilson in order to further specialize the resultant disclosure for operation in corporate environments, facilitating improved results and ease of use for a common type of software customer.
Claims 16 – 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kilday (US-7984066-B1) in view of Scheidler, Van Phan, and Juncker.
Regarding claim 16, Kilday shows a method comprising receiving group membership (Fig. 7) data for a user (col. 2 lines 38-42) account of an enterprise (col. 7 lines 14-32), wherein the group membership data indicates at least a plurality of groups of the enterprise associated with the user account (Fig. 9 step 906);
determining, for the user account, a classification of that user account (col. 4 lines 25-30), wherein the model is trained to classify user accounts according to enterprise-related responsibilities associated with the group membership data of the user accounts (col. 5 line 44 – col. 6 line 25, col. 6 lines 45-49, col. 7 lines 14-59);
detecting an event associated with user activity (Fig. 9, col. 2 lines 38-43) of the user account (col. 4 lines 24-28); and
processing, based on the classification of the user account being associated with more enterprise-related responsibilities than a different classification, the event (Fig. 9, col. 2 lines 38-67, col. 5 line 44 – col. 6 line 25, col. 7 lines 14 - 59). Kilday does not show where the determining is based on inputting group membership data into a model, wherein the model is trained. Scheidler shows determining is based on inputting group membership data into a model, wherein the model is trained (col. 19 lines 6-38, col. 55 lines 2-6).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the user grouping and management of Kilday with the ML membership analysis of Scheidler in order to enable further automation of the resultant user grouping data analysis. The above combination does not show wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account. Van Phan shows wherein the classification is based on an quantity of groups of the plurality of groups associated with the user account ([57], where a user, represented by their mobile station/user equipment identification, is selected to be a security agent, [5-6,28], after evaluating who is “a member of the highest number of user groups”; note that Van Phan also shows the classification being based on a pattern indicated by the quantity that is associated with a corresponding risk group as anticipation and use of the claimed quantity provides basis for both the “classification” and the “pattern” given the manner in which the claim has been structured; further discussion on claim interpretation is provided in the rejections made under 35 USC 112 presented in the preceding sections). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the user-related evaluation techniques of Van Phan in order to provide a pre-determined and consistent (and thus predictable) mechanism for evaluating and classifying user accounts, ensuring high priority user roles are associated with user who are already performing or otherwise associated with high priority tasks. The above combination does not show: wherein a first portion of the requests associated with a user account having a first classification are associated with a first level of security data and a second portion of the requests associated with another user account having a second classification are associated with a second level of security data.
The above combination does not show where the processing is based on a mitigation measure associated with each corresponding risk group. Juncker shows where the processing is based on a mitigation measure associated with each corresponding risk group (Abstract, discussing identification of “a user-specific security risk . . . and applies a privilege mitigation measure based on the user-specific security risk”; see further discussion in [82,94]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the security mitigation techniques of the above combination with the user risk awareness of Juncker in order to ensure more privileged and thus more risky accounts are locked down appropriately when they may be compromised, thus better ensuring protection of the monitored network. Regarding claim 17, the above combination further shows wherein processing the event comprises one or more of: increasing the security data associated with the user account; filtering the event for a security service; generating an indication of potential threat for the security service (Scheidler, col. 4 lines 35-38, col. 9 lines 18-22); sending an alert to the security service; or ignoring the event (Scheidler, col. 14 lines 50-62).
Regarding claim 18, the above combination further shows wherein the model is a machine learning model (Scheidler, col. 3 lines 20-24, col. 8 lines 7-16) that comprises one or more of a support vector machine, a binary classifier, or a model configured to classify user accounts based on the enterprise-related responsibilities (Scheidler, col. 19 lines 6-38 and Kilday, col. 7 lines 14-32).
Regarding claim 20, the above combination further shows wherein the classification of the user account is based on at least one of: a quantity of groups of the plurality of groups of the enterprise associated with that user account (Van Phan, [57]); a type of groups of the plurality of groups of the enterprise associated with that user account; a quantity of permissions associated with the enterprise-related responsibilities of the user account; or a type of permission associated with the enterprise-related responsibilities of the user account (Kilday, col. 5 line 54 – col. 6 line 25, col. 7 lines 14-58).
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Kilday in view of Scheidler, Van Phan, and Juncker, as applied to claim 16 above, further in view of Ullegaddi.
Regarding claim 19, the above combination shows consideration of enterprise groupings (Kilday, Figs. 7 and 9, col. 7 lines 14-32). The above combination does not show: where the groups are assigned on an level using a service configured to manage associations between user accounts and groups. Ullegaddi shows where the groups are assigned on an level using a service configured to manage associations between user accounts and groups (col. 2 lines 1-16, col. 4 lines 42-55, col. 7 lines 56-67, col. 78 lines 56-67).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the group management techniques of Ullegaddi in order to enable additional grouping mechanisms and techniques, thus enabling enhanced user analysis mechanisms and resultant associations and insights.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN M MACILWINEN whose telephone number is (571)272-9686. The examiner can normally be reached Monday - Friday, 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached at (571) 272 - 3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
JOHN MACILWINEN
Primary Examiner
Art Unit 2442
/JOHN M MACILWINEN/Primary Examiner, Art Unit 2454