COMPLIANT AND AUDITABLE WAY FOR A USER TO PERFORM AN ACTION WITHOUT SUFFICIENT PRIVILEGES

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/23/2025 has been entered. As per instant Amendment, claims 1, 10 and 17 have been amended; claims 1, 10 and 17 are independent claims. Claims 1-20 have been examined and are pending. This Action is made Non-Final. Response to Arguments Applicant’s arguments with respect to the 35 U.S.C. 101 and amendments presented have been fully considered and are persuasive. The 35 U.S.C. 101 rejection of claim(s) 1-20 have been withdrawn. Applicant’s arguments with respect to the 35 U.S.C. 103 have been fully considered but they are not persuasive. Applicant Argues: To the extent these rejections may be alleged as applicable to the claims as amended herein, Applicant respectfully traverses any such rejections for at least the following reasons. Padmanabhan, Harb, Karunakaran, Matsumoto, and Delacourt, when taken alone or in combination, fail to disclose or suggest all aspects recited in the subject claims. For example, amended independent claim 1 recites, in part, "receiving, from the second user account, a performance response indicating approval of the requested action; and performing, for the second user account on the cloud-computing environment, based on the performance response satisfying the temporal constraint, and in response to approval of the second request, the action without providing the permission to the first user account." Padmanabhan, Harb, Karunakaran, Matsumoto, and Delacourt, when taken alone or in combination, fail to disclose or suggest at least such aspects. The Office Action acknowledges that Padmanabhan fails to disclose the temporal constraint aspects of independent claim 1, and cites Harb in alleged support. Harb, however, is completely silent regarding performing the action based on temporal constraints, as generally recited in amended independent claim 1... Harb, however, fails to disclose or suggest at least "receiving, from the second user account, a performance response indicating approval of the requested action; and performing, for the second user account on the cloud-computing environment, based on the performance response satisfying the temporal constraint, and in response to approval of the second request, the action," as recited in amended independent claim 1. [...] Thus, Harb fails to cure the deficiencies of Padmanabhan with respect to at least "receiving, from the second user account, a performance response indicating approval of the requested action; and performing, for the second user account on the cloud-computing environment, based on the performance response satisfying the temporal constraint, and in response to approval of the second request, the action," as recited in amended independent claim 1. Examiner’s Response: The examiner respectfully disagrees. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. The examiner respectfully notes that Padmanabhan was shown to disclose receiving, from the second user account, a performance response indicating approval of the requested action, and performing, for the second user account on the cloud computing environment, based on the performance response... and in response to approval of the second request, the action without providing the permission to the first user account , see [0029]. Specifically, [0029] discloses “The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation.” The examiner respectfully notes as construed the administrator’s response (i.e., email message) is received, and is noted, to be a performance response, which causes the NAS device to perform the NAS operation. Thus, the teachings of Padmanabhan are “receiving, from the second user account, a performance response indicating approval of the requested action and performing, for the second user account on the cloud computing environment, based on the performance response... and in and in response to approval of the second request, the action without providing the permission to the first user account.” The examiner sought to combine Harb to teach the features of determining, from an action store, a temporal constraint for performing the requested action ([0010] and [0142] and [0152]); and performing ... on the cloud-computing environment, based on [a]... response satisfying the temporal constraint, [in response to approval of the second request... an action] (FIG. 5 and FIG. 11 and [0151]-[0152]). More specifically as construed from the cited sections: a user has a threshold amount of time for a response, see FIG. 5 and [0010], and if given (i.e., to unlock the media asset), see FIG. 11, there is a data structure “change”, i.e., see [0151] - the media guidance application may unblock the media asset ... Additionally, if the other user has stipulated any conditions attached to accessing the media asset, the media guidance application will implement those as well and store them in the data structure described above, thus as construed this teaching reads on performing ... on the cloud computing environment... in response to approval of the second request [an action]. Thus, as explained above Harb reads on “performing ... on the cloud-computing environment, based on [a]... response satisfying the temporal constraint, [in response to approval of the second request... an action].” Thus, when combined the teachings of Harb can be added to features of Padmanabhan which, in combination, teach the argued features of "receiving, from the second user account, a performance response indicating approval of the requested action; and performing, for the second user account on the cloud-computing environment, based on the performance response satisfying the temporal constraint, and in response to approval of the second request, the action." Motivation was further cited for such a combination. Therefore, as the metes and bounds of the claim have been met by the combination of Padmanabhan in view of Harb; therefore, the examiner finds this argument not persuasive. Applicant Argues: Thus, Karunakaran, Matsumoto, and Delacourt also fail to cure the deficiencies of Padmanabhan and Harb with respect to at least such aspects of amended independent claim 1. Independent claims 10 and 17 are amended herein and also recite similar aspects to those highlighted above, which are not disclosed or suggest by the art of record. For at least these reasons, amended independent claims 1, 10, and 17 are patentable over the art of record. Therefore, it is requested that the rejection of amended independent claims 1, 10, and 17 be withdrawn. Dependent claims 2-9, 11-16, and 18-20 are also allowable at least based on their respective dependency to the above discussed independent claims 1, 10, and 17, and because they recite a combination of subject matter that has not been shown as disclosed or suggested by the cited references. Examiner’s Response: The examiner disagrees for the reasons set forth above as the metes and bounds of the claim have been met by the combination of Padmanabhan in view of Harb; therefore, the examiner finds this argument not persuasive. Applicant Argues: For example, claim 3 recites, in part, "logging, in an audit log of the cloud-computing environment, performance of the action by the second user account on behalf of the request from the first user account." The Office Action cites Padmanabhan in alleged support of some aspects, asserting that Padmanabhan discloses "the NAS device 210 may provide the results of the one or more NAS operations to the message processing module 206 . . . may also send another email message to the user with the results of the one or more NAS operations." Office Action, pages 11 and 12. This email message, however, is not "logging, in an audit log of the cloud-computing environment, performance of the action as being performed by the second user account on behalf of the first user account," as recited in claim 3. The Office Action also cites Karunakaran in alleged support of "logging, in an audit log of the cloud-computing environment." Just because Karunakaran may disclose an audit log and a limited list of fields that can be included in the audit log, there is no disclosure or suggestion, based on Padmanabhan or otherwise, to add a field to the audit log of "performance of the action by the second user account on behalf of the request from the first user account," as recited in claim 3. For at least the above reasons, it is requested that rejection of dependent claims 2-9, 11-16, and 18-20 be withdrawn as well. Examiner’s Response: The examiner respectfully disagrees. The examiner notes as reasonably construed Padmanabhan disclosure of messaging and indicating the results of one or more NAS operations, is a form of, “logging” see [0032]. Nonetheless, the examiner sought to combine, Karunakaran teaches to teach ...logging, in an audit log of an cloud-computing environment [performance of an action] ([0049] - In the example shown, cloud service provider audit log 400 includes for each access (e.g., login/attempt) or other logged event (e.g., each row) a date/time stamp, a user (e.g., username, display name, etc.) associated with the event, a device type and/or identifier, a user email address, an IP address, an action (e.g., login, used new app to log in, etc.) and an item/name and/or details field that provides further information about the event (e.g., browser or other software used, etc.). The examiner notes such concepts of an “audit log” as taught by Karunakaran, as Karunakaran discuses other logged events can be stored in an audit log and thus can be combined to Padmanabhan’s features of “a performance of the action by the second user account on behalf of the request from the first user account” (i.e., results sent as an indication of the NAS operation) as the form of “other logged events.” Motivation was further cited for such a combination. Therefore, as the metes and bounds of the claim have been met by the combination of Padmanabhan in view of Harb and Karunakaran; therefore, the examiner finds this argument not persuasive. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 2, 4, 10, 11, 13, 17, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Padmanabhan (US 2015/0372962 A1) in view of Harb (US 2017/0228550 A1). Regarding Claim 1; Padmanabhan teaches a method for controlling, by a cloud security module, permissions for performing actions in a cloud-computing environment ([0009] and [0029]), comprising: receiving, from a first user account of the cloud computing environment, a first request to perform an action on the cloud computing environment ([0009] - For example, a NAS device may include hardware, software, or a combination of such elements, configured such that the NAS device operates as a file server. NAS devices/systems can provide a convenient mechanism for sharing data among multiple computers and/or remotely accessing data stored on the NAS devices/systems. As compared to traditional file servers, benefits of NAS devices/systems may include the ability to access data from various locations (e.g., remote locations), faster data access, easier administration, and/or simpler configuration and [0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation); determining that the first user account does not have permission to perform the action ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation); identifying a second user account of the cloud computing environment having permission to perform the action ([0009] and [0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation); transmitting, to the second user account, a second request for approval to perform the action ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation); receiving, from the second user account, a performance response indicating approval of the requested action ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation. The message processing module 206 may also update the database 225 with data indicating that the user has permission to perform the NAS operation). performing, for the second user account on the cloud computing environment, based on the performance response... and in response to approval of the second request, the action without providing the permission to the first user account ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation. The message processing module 206 may also update the database 225 with data indicating that the user has permission to perform the NAS operation). As construed the administrator’s response (i.e., email message), which is noted to be the performance response, causes the NAS device to perform the NAS operation. Padmanabhan fails to explicitly disclose ...determining, from an action store, a temporal constrain for performing the requested action; and performing ... on the cloud-computing environment, based on [a]... response satisfying the temporal constraint. However, in an analogous art, Harb teaches...determining, from an action store, a temporal constraint for performing the requested action ([0010] - Alternatively or additionally, if the media guidance application determines that the second user has not responded for a threshold amount of time, the media guidance application may query the first profile associated with the first user for a third user with authority to approve access to the blocked media for the first user. For example, if the media guidance application transmits a notification to a user device stored in a profile corresponding to “Mom,” but does not receive a response for a certain period of time (e.g. five minutes), the media guidance application may determine another user, as described above, that can allow access to the media asset and transmit the notification to a user equipment device stored in their profile (e.g. a user equipment device stored as a variable in the profile “Dad123”) and [0142] and [0152]); and performing ... on the cloud-computing environment, based on [a]... response satisfying the temporal constraint, [in response to approval of the second request... an action] (FIG. 5 – John has requested to watch: Game of Thrones and FIG. 11 – Unlock the media asset... and [0010] - ...a certain period of time (e.g. five minutes)... and [0151]-[0152] - For example, after the other user has approved access by the first user of the media asset, the media guidance application may unblock the media asset and allow the first user to access the media asset. Additionally, if the other user has stipulated any conditions attached to accessing the media asset, the media guidance application will implement those as well and store them in the data structure described above...). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Harb to the request/action of Padmanabhan to include ...determining, from an action store, a temporal constrain for performing the requested action; and performing ... on the cloud-computing environment, based on [a]... response satisfying the temporal constraint based on [a]... response satisfying the temporal constraint, [in response to approval of the second request... an action]. One would have been motivated to combine the teachings of Harb to Padmanabhan to do so as it provides / allows enabling a user to access a blocked ... asset by add[ing] a layer of security (Harb, [0002]). Regarding Claim 2; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan teaches wherein the permission permits the action over a plurality of resources, and performing the action comprises performing the action over a resource of the plurality of resources and not over other resources of the plurality of resources ([0023] - The NAS device 210 may perform various operations that may be related to the management of the NAS device 210 and/or accessing data (e.g., reading data, writing data, modifying data, etc.) on the NAS device 210. These operations may be referred to as NAS operations. In one embodiment, a NAS operation may be any operations, function, action, activity, act, etc., that may be performed by the NAS device 210. Examples of NAS operations include, but are not limited to, reading data, writing data, modifying data, moving data, obtaining usage statistics and/or the status of the NAS device 210 (as discussed later below), performing a diagnostic test, etc. and [0028]-[0029] – ...path... and [0039] - The message processing module 311 may allow users (e.g., end users, system administrators, technical support staff, etc.) to access and/or manage the NAS device 310 using email messages.). Regarding Claim 4; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan further discloses further comprising: transmitting a notification to the first user account indicating performance of the action ([0029] and [0031] and [0032] - In one embodiment, the message processing module 206 may identify one or more NAS operations that the NAS device 210 should perform. The message processing module 206 may generate and/or send an email message to a user (e.g., an administrator) indicating the one or more NAS operations. Based on a response email message from the user, the message).processing module 206 may cause the NAS device to perform the one or more NAS operations. The NAS device 210 may provide the results of the one or more NAS operations to the message processing module 206 (e.g., transmit a message to the message processing module 206) and the message processing module 206 may also send another email message to the user with the results of the one or more NAS operation). Regarding Claim(s) 10 and 11; claim(s) 10 and 11 is/are directed to a/an device associated with the method claimed in claim(s) 1 and 2. Claim(s) 10 and 11 is/are similar in scope to claim(s) 1 and 2, and is/are therefore rejected under similar rationale. As construed a NAS acts as a cloud device, see [0010]. Regarding Claim 13; Padmanabhan and Harb disclose the method to Claim 1. Harb further teaches wherein the permission provides access to a resource for a first predetermined period of time to perform the action (FIG. 5 – John has requested to watch: Game of Thrones – Allow (As noted no associated time limit)). the one or more processors are configured to: provide access to the resource for a second predetermined period of time that is less than the first predetermined period of time (FIG. 5 – John has requested to watch: Game of Thrones – Allow for two hours (As noted an associated time limit that is less than allow)). Similar rationale and motivation is noted for the combination of Harb to Padmanabhan and Harb, as per claim 1, above. Regarding Claim(s) 17 and 18; claim(s) 17 and 18 is/are directed to a/an computer-readable device associated with the method claimed in claim(s) 1 and 2. Claim(s) 17 and 18 is/are similar in scope to claim(s) 1 and 2, and is/are therefore rejected under similar rationale. Claim(s) 3, 12, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Padmanabhan (US 2015/0372962 A1) in view of Harb (US 2017/0228550 A1) and further in view of Karunakaran et al. (US 2018/0288045 A1). Regarding Claim 3; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan teaches further comprising: “logging” in... the cloud-computing environment.... performance of the action by the second user account on behalf to the request from the first user account ([0009] and [0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation and [0031] – ...statistics... and [0032] - In one embodiment, the message processing module 206 may identify one or more NAS operations that the NAS device 210 should perform. The message processing module 206 may generate and/or send an email message to a user (e.g., an administrator) indicating the one or more NAS operations. Based on a response email message from the user, the message).processing module 206 may cause the NAS device to perform the one or more NAS operations. The NAS device 210 may provide the results of the one or more NAS operations to the message processing module 206 (e.g., transmit a message to the message processing module 206) and the message processing module 206 may also send another email message to the user with the results of the one or more NAS operation and [0037]). Padmanabhan and Harb fail to explicitly disclose ...logging, in an audit log of the cloud-computing environment... However, in an analogous art, Karunakaran teaches ...logging, in an audit log of an cloud-computing environment [performance of an action] ([0049] - In the example shown, cloud service provider audit log 400 includes for each access (e.g., login/attempt) or other logged event (e.g., each row) a date/time stamp, a user (e.g., username, display name, etc.) associated with the event, a device type and/or identifier, a user email address, an IP address, an action (e.g., login, used new app to log in, etc.) and an item/name and/or details field that provides further information about the event (e.g., browser or other software used, etc.). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Karunakaran to the logging of Padmanabhan and Harb to include ...logging, in an audit log of an cloud-computing environment [performance of an action] One would have been motivated to combine the teachings of Karunakaran to Padmanabhan and Harb to do so as it provides / allows capture and provide secure access to a cloud service (Karunakaran, [0049]). Regarding Claim(s) 12; claim(s) 12is/are directed to a/an device associated with the method claimed in claim(s) 3. Claim(s) 12 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale. As construed a NAS acts as a cloud device, see [0010]. Regarding Claim(s) 19; claim(s) 19 is/are directed to a/an computer-readable device associated with the method claimed in claim(s) 3. Claim(s) 19 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale. Claim(s) 5 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Padmanabhan (US 2015/0372962 A1) in view of Harb (US 2017/0228550 A1) and further in view of Matsumoto et al. (US 2020/0219179 A1). Regarding Claim 5; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan and Harb fail to explicitly disclose wherein the permission provides access to a resource for a first predetermined period of time, and wherein performing the action comprises providing access to the resource for a second predetermined period of time that is less than the first predetermined period of time However, in an analogous art, Matsumoto teaches [similar concepts related to resources] wherein the permission provides access to a resource for a first predetermined period of time, and wherein performing the action comprises providing access to the resource for a second predetermined period of time that is less than the first predetermined period of time ([0065] - When the request acquiring unit 432a acquires data regarding a use request, the rental permission unit 432b searches the use plan created by the reservation management unit 431 for vehicle reservable time periods not included in the reserved vehicle use dates and times, and when a retrieved time period is within a first predetermined time period Δta (e.g., 1 hour) and not shorter than a second predetermined time period Δtb (e.g., 30 minutes), the rental permission unit 432b permits use of the vehicle 1 for the second predetermined time period Δtb within said time period. This is based on the reasoning that if a vehicle unreserved time period is 1 hour, for instance, the station manager can be allowed to use the vehicle 1 for a certain period within 1 hour (e.g., for 30 minutes). The station manager is thus able to use the vehicle 1 for short periods within periods when the vehicle 1 is not reserved. So even without owning a car, the station manager has access to one (the vehicle 1) to use for, for example, local shopping or transporting family or friends to or from a local station, and can therefore effectively utilize the vehicle 1, even if only occasionally). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Matsumoto to the permission of Padmanabhan and Harb to include wherein the permission provides access to a resource for a first predetermined period of time, and wherein performing the action comprises providing access to the resource for a second predetermined period of time that is less than the first predetermined period of time. One would have been motivated to combine the teachings of Matsumoto to Padmanabhan and Harb to do so as it provides / allows utilize a resource effectively (as gleaned from Matsumoto, [0065]). Regarding Claim(s) 20 claim(s) 20 is/are directed to a/an computer-readable device associated with the method claimed in claim(s) 5. Claim(s) 20 is/are similar in scope to claim(s) 5, and is/are therefore rejected under similar rationale. Claim(s) 6-9 and 14-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Padmanabhan (US 2015/0372962 A1) in view of Harb (US 2017/0228550 A1) and further in view of Delacourt et al. (US 10,552,796 B1). Regarding Claim 6; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan further discloses [concepts of] performing in response to approval of the ... request, the ...action without providing the permission to the first user account ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation. The message processing module 206 may also update the database 225 with data indicating that the user has permission to perform the NAS operation). As construed “[...] may also update the database 225 with data indicating that the user has permission to perform the NAS operation [...]” as construed is a step that may also not occur as may is expressed as a possibility. Padmanabhan further discloses multiple users (e.g., end users, system administrators, technical support staff/personnel, etc.) to access and/or manage) ([0024); however, Padmanabhan and Harb fail to explicitly disclose wherein the action is a first action, and further comprising: receiving, from the first user account, a third request to perform a second action; determining that the first user account does not have permission to perform the second action; identifying a third user account having permission to perform the second action; identifying, based on a resource associated with the second action, an alternative action to the second action; transmitting, to the third user account, a fourth request for approval to perform the second action or the alternative action to the second action; and performing, in response to approval of the fourth request, the second action or the alternative to the second action [...]. However, in an analogous art, Delacourt teaches wherein the action is a first action, and further comprising: receiving, from the first user account, a third request to perform a second action (col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”); determining that the first user account does not have permission to perform the second action (col. 32, lines 9-20 - For example, in a system that employs the actionable notification messages described herein, if an end user attempts to perform on operation that the end user does not have permission to perform (e.g., to access a service or other resource that the end user is not authorized to access), rather than just returning a denial of the request, an actionable notification message may be returned to the end user that presents multiple available actions the end user can take. In this example, those actions may include requesting permission to perform the operation, retrying the operation, or cancelling the request); identifying a third user account having permission to perform the second action (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template); identifying, based on a resource associated with the second action, an alternative action to the second action (col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”));; transmitting, to the third user account, a fourth request for approval to perform the second action or the alternative action to the second action (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template and col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”); and performing, in response to approval of the fourth request, the second action or the alternative to the second action [...] (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template and col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Delacourt to the permission of Padmanabhan and Harb to include wherein the action is a first action, and further comprising: receiving, from the first user account, a third request to perform a second action; determining that the first user account does not have permission to perform the second action; identifying a third user account having permission to perform the second action; identifying, based on a resource associated with the second action, an alternative action to the second action; transmitting, to the third user account, a fourth request for approval to perform the second action or the alternative action to the second action; and performing, in response to approval of the fourth request, the second action or the alternative to the second action [...]. One would have been motivated to combine the teachings of Delacourt to Padmanabhan and Harb to do so as it provides / allows an uncomplicated approach for provisioning, administering, and managing the physical computing resources (as gleaned from Delacourt, col. 1, lines 5-59). Regarding Claim 7; Padmanabhan and Harb discloses the method to Claim 1. Padmanabhan further discloses [concepts of] performing in response to approval of the ... request, the ...action without providing the permission to the first user account ([0029] - In one embodiment, the message processing module 206 may determine whether a user associated with the sender email address (e.g., the sender of the email message) has permission to request the NAS device 210 to perform the one or more NAS operations. For example, the message processing module 206 may access the database 225 to determine whether the user associated with the sender email address is allowed to request the NAS device 210 to perform the NAS operation. If the user is not allowed to request the NAS device 210 to perform the NAS operation, the message processing module 206 may optionally send a second email message to an administrator of the NAS device 210 indicating that the user has requested the NAS device 210 to perform the NAS operation. The administrator may respond to the second email message indicating that the user should be allowed to request the NAS operation. The message processing module 206 may receive the administrator's response (e.g., email message) and may cause the NAS device 210 to perform the NAS operation (e.g., may transmit a message to the NAS device 210 instructing the NAS device 210 to perform the NAS operation. The message processing module 206 may also update the database 225 with data indicating that the user has permission to perform the NAS operation). As construed “[...] may also update the database 225 with data indicating that the user has permission to perform the NAS operation [...]” as construed is a step that may also not occur as may is expressed as a possibility. Padmanabhan further discloses multiple users (e.g., end users, system administrators, technical support staff/personnel, etc.) to access and/or manage) ([0024]); however, Padmanabhan and Harb fail to explicitly disclose wherein the action is a first action, and further comprising: receiving, from the first user account, at a second service, a third request to perform a second action; determining that the first user account does not have permission to perform the second action; identifying a third user account having permission to perform the second action; transmitting, to the third user account, a fourth request for approval to perform the second action; denying, based on the fourth request, performance of the second action; and notifying the first user account of denial of the third request. However, in an analogous art, Delacourt teaches wherein the action is a first action, and further comprising: receiving, from the first user account, at a second service (col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”); determining that the first user account does not have permission to perform the second action (col. 32, lines 9-20 - For example, in a system that employs the actionable notification messages described herein, if an end user attempts to perform on operation that the end user does not have permission to perform (e.g., to access a service or other resource that the end user is not authorized to access), rather than just returning a denial of the request, an actionable notification message may be returned to the end user that presents multiple available actions the end user can take. In this example, those actions may include requesting permission to perform the operation, retrying the operation, or cancelling the request); identifying a third user account having permission to perform the second action (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template); denying, based on the fourth request, performance of the second action (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template and col. 3, lines 62-col. 4, lines 9 - As described in more detail herein, in some embodiments, the approval service may employ a notification service that is provided by the service provider system to manage actionable notification messages that include approval requests. In such embodiments, members of various approval groups may retrieve approval requests from specific message inboxes (e.g., one per approval group) and may respond to them by selecting one of several available actions (e.g., by selecting “approve”, “deny”, or “request more information”); and notifying the first user account of denial of the third request (col. 36, lines 22-25 - In this example, selecting the action “deny” may initiate the return of a notification to the end user (through the desktop application fulfillment platform) that the request has been denied). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Delacourt to the permission of Padmanabhan and Harb to include wherein the action is a first action, and further comprising: receiving, from the first user account, at a second service, a third request to perform a second action; determining that the first user account does not have permission to perform the second action; identifying a third user account having permission to perform the second action; transmitting, to the third user account, a fourth request for approval to perform the second action; denying, based on the fourth request, performance of the second action; and notifying the first user account of denial of the third request. One would have been motivated to combine the teachings of Delacourt to Padmanabhan and Harb to do so as it provides / allows an uncomplicated approach for provisioning, administering, and managing the physical computing resources (as gleaned from Delacourt, col. 1, lines 5-59). Regarding Claim 8; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan further discloses multiple users (e.g., end users, system administrators, technical support staff/personnel, etc.) to access and/or manage) ([0024]); however, Padmanabhan and Harb fail to explicitly disclose wherein identifying the second user account having permission to perform the action, comprises: determining that the second user account is an owner or contributor to a resource that is an object of the action. However, in an analogous art, Delacourt teaches wherein identifying [a] second user account having permission to perform the action, comprises: determining that the second user account is an owner or contributor to a resource that is an object of the action (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Delacourt to the permission of Padmanabhan and Harb to include wherein identifying [a] second user account having permission to perform the action, comprises: determining that the second user account is an owner or contributor to a resource that is an object of the action One would have been motivated to combine the teachings of Delacourt to Padmanabhan and Harb to do so as it provides / allows an uncomplicated approach for provisioning, administering, and managing the physical computing resources (as gleaned from Delacourt, col. 1, lines 5-59). Regarding Claim 9; Padmanabhan and Harb disclose the method to Claim 1. Padmanabhan further discloses multiple users (e.g., end users, system administrators, technical support staff/personnel, etc.) to access and/or manage) ([0024]); however, Padmanabhan and Harb fail to explicitly disclose wherein a third user account corresponds to an owner of a resource that is an object of the action, and identifying the second user account having permission to perform the action, comprises: determining that the third user account has not responded to a third request to perform the action; and identifying the second user account based on the second user account being an administrator of a plurality of resources including the resource. However, in an analogous art, Delacourt teaches wherein a third user account corresponds to an owner of a resource that is an object of the action . (col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template), and identifying [a] second user account having permission to perform the action, comprises: determining that the third user account has not responded to a third request to perform the action (col. 10, lines 25-50 - In some embodiments, the approval service may support an auto-escalation feature. In embodiments in which this feature is enabled for all approval requests (or for a given request, as specified in the associated approval template), if not enough responses to a given approval request are received from the members of the approval group associated with the given approval request to be able to determine whether the request should be approved or denied within a pre-determined time period, the approval request may be escalated to the next approval level in the sequence of approval levels defined in the associated approval template (assuming one exists)); and identifying the second user account based on the second user account being an administrator of a plurality of resources including the resource(col. 3, lines 39-61 – template... single approval... For example, the IT administrator may associate an approval template with a given approval request (or with multiple requests) and may associate different approval groups (e.g., first level team leaders, IT administrators, legal team members, or second level managers) with each approval level defined in the approval template); Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Delacourt to the permission of Padmanabhan and Harb to include wherein a third user account corresponds to an owner of a resource that is an object of the action, and identifying [a] second user account having permission to perform the action, comprises: determining that the third user account has not responded to a third request to perform the action; and identifying the second user account based on the second user account being an administrator of a plurality of resources including the resource. One would have been motivated to combine the teachings of Delacourt to Padmanabhan and Harb to do so as it provides / allows an uncomplicated approach for provisioning, administering, and managing the physical computing resources (as gleaned from Delacourt, col. 1, lines 5-59). Regarding Claim(s) 14-16; claim(s) 14-16 is/are directed to a/an device associated with the method claimed in claim(s) 7-9. Claim(s) 14-16 is/are similar in scope to claim(s) 7-9, and is/are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KARI L SCHMIDT/Primary Examiner, Art Unit 2439