Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCapital One Services LLC › 18534986
Last updated: April 19, 2026
Application No. 18/534,986

SYSTEMS AND METHODS FOR USING ARTIFICIAL INTELLIGENCE TO FACILITATE SECURITY ACCESS MANAGEMENT

Non-Final OA §103
Filed
Dec 11, 2023
Examiner
WRIGHT, BRYAN F
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Capital One Services LLC
OA Round
1 (Non-Final)
78%
Grant Probability
Favorable
1-2
OA Rounds
3y 4m
To Grant
99%
With Interview

Interview Optional

+24.3% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 805 resolved cases, 2023–2026

Examiner Intelligence

WRIGHT, BRYAN F View full profile →
Grants 78% — above average
78%
Career Allow Rate
629 granted / 805 resolved
+20.1% vs TC avg
Strong +24% interview lift
Without
With
+24.3%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
26 currently pending
Career history
831
Total Applications
across all art units

Statute-Specific Performance

§101
12.1%
-27.9% vs TC avg
§103
53.9%
+13.9% vs TC avg
§102
8.6%
-31.4% vs TC avg
§112
10.2%
-29.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 805 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION This action is in response to applicant’s original submittal made on 12/11/2023. Claims 1-20 are pending. Specification (Abstract) Applicant is reminded of the proper content of an abstract of the disclosure. Applicant’s abstract appears to simply recite the claim limitation(s) of applicant’s independent claim 1. A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art. If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps. Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length. See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Choi et al. (US Patent Publication No. 2016/0057150 and Choi hereinafter) in view of Carnahan et al. (US Patent Publication No. 2020/0120101 and Carnahan hereinafter). As to claims 1 and 10, Choi teaches a system for using artificial intelligence to facilitate security access management, the system comprising: one or more memories (i.e. …illustrates in figure 4, figure element(s) 406 memory); and one or more processors (i.e. …illustrates in figure 4, figure element(s) 404 processor), communicatively coupled to the one or more memories (i.e. …illustrates in figure 4, figure element(s) 406 memory), configured to: obtain a user profile that is associated with a user (i.e., …teaches in par. 0027 the following: “event analytics access provision 200 obtains user roles and attributes.”), determine, based on the user profile, and by using a first machine learning model, (i.e., teaches in par. 0017 the following: “Historical reference 122 is a collection of individual user data stored on server 120 for analytical purposes. Historical reference 122 includes individual user data (e.g., username, roles, department, manager, job id, usage, etc.). Historical reference 122 can be implemented with any type of storage device that is capable of storing data that may be accessed and utilized by event analytics access provision 200. In one embodiment, historical reference 122 resides on server 120. In another embodiment, historical reference 122 resides on computing device 110. In other embodiments, historical reference 122 may reside on another server or another computing device connected over network 130, provided that historical reference 122 is accessible to security intelligence system 128, event analytics access provision 200, and event analytics access de-provision 300.”. …teaches in par. 0020 the following: “Security intelligence system 128 may identify risks through unusual patterns of access associated with a user id”. …teaches in par. 0044 the following: “in accordance with an embodiment of the present invention. In the depicted embodiment as shown in FIG. 3, an existing user id's role assignment grants access to managed system 126, but the user id may no longer require the current access provided by the assigned role. For example, a user may only access managed system 126 when required to change a password but does not utilize available resources. The current role and access for the user id can be evaluated to determine the actual user id needs to maintain optimal security on managed system 126.” …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity”); that the user is to be granted a security access (i.e., …teaches in par. 0026 the following: “access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource)”), cause, based on determining that the user is to be granted the security access, the security access to be granted to the user (i.e., …teaches in par. 0054 the following: “the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access.” …teaches in par. 0026 the following: “access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource)”); obtain, based on causing the security access to be granted to the user, user behavior information associated with the user (i.e., …teaches in par. 0049 the following: “…atypical activity refers to the actual recorded audit event activity for a user id not matching an expected defined activity for the user id. For example, an atypical activity may include one user id accessing managed system 126 once every six months to change a password while other user ids access managed system 126 daily …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity, a pre-determined threshold (e.g., minimum activity requirement), and with respect to compliance with policy rules to ensure security by automatically suspending or de-provisioning the roles of a user when criteria is not sustained.”); generate, based on the user behavior information (i.e., …Choi teaches as part of his claim 5 limitation(s) the following: “determining, by one or more computer processors, whether the access activity for the first user id is atypical; and in response to determining the access activity for the first user id is atypical, recommending, by one or more computer processors, at least suspending access for the first user id to a resource”), certification information that indicates whether the security access is to be renewed or revoked (i.e., …teaches in par. 0053 the following: “event analytics access de-provision 300 notifies the user and the resource owner of an account status change…”. …teaches in par. 0054 the following: “…the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126.” … further teaches in par. 0054 the following: “the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126”); and cause, based on the certification information, one of: the security access to be renewed when the certification information indicates that the security access is to be renewed (i.e., …teaches in par. 0054 the following: “the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access.” …further in teaches in par. 0054 the following: “Identity manager system 124 reactivates the user id”) or the security access to be revoked when the certification information indicates that the security access is to be revoked (i.e., …teaches in par. 0052 the following: “event analytics access de-provision 300 provides identity manager system 124 with an instruction to suspend access of a specific user (i.e., changes user id access authorization to suspended status) pending resource owner action. In one embodiment, in response to receipt of the suspension order, identity manager system 124 temporarily automatically suspends access to managed system 126 for the user id associated with the audit event.” …teaches in par. 0054 the following: “and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”). The system of Choi does not expressly teach: “by using a second machine learning model”. In this instance the examiner notes the teachings of prior art reference Carnahan. Carnahan teaches as part of his claim 4 limitation(s) the following: “inputting the second data set into a second trained machine-learning model”). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Choi with the teachings of Carnahan by having their system comprise an enhanced access rights determination process. One would have been motivated to do so to provide a simple and effective means to dynamically control access, wherein the enhanced access rights determination process helps facilitate stronger security within the network and makes it easier to configure access rights. As to claim 2, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to obtain the user profile that is associated with the user (i.e., …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity”), are configured to: monitor a data structure that stores user profiles associated with a plurality of users (i.e., …teaches in par. 0010 the following: “monitor and store existing user id access activity to the provisioned resource”); determine, based on monitoring the data structure, update information associated with the data structure (i.e., …teaches in par. 0025 the following: “updates a system that records activity within the enterprise environment …teaches in par. 0010 the following: “monitor and store existing user id access activity to the provisioned resource”), wherein the update information indicates that the user profile associated with the user has been added to the data structure or that the user profile has been modified within the data structure (i.e., …teaches in par. 0010 the following: “monitor and store existing user id access activity to the provisioned resource” …teaches in par. 0028 the following: “updates an audit event log and historical reference 122” …teaches in par. 0028 the following: “updates the audit event log with the user roles and attributes within, for example, security intelligence system 128, for correlation with user actions taken on managed system 126 by the user id.”. …teaches in par. 0025 the following: “updates a system that records activity within the enterprise environment”); and obtain, based on the update information, the user profile from the data structure (i.e., …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity, a pre-determined threshold (e.g., minimum activity requirement), and with respect to compliance with policy rules to ensure security by automatically suspending or de-provisioning the roles of a user when criteria is not sustained.”). As to claim 3, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to obtain the user profile that is associated with the user (i.e., …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity”), are configured to: receive a security access grant request for the user (i.e., …teaches in par. 0020 the following: “user access is controlled through a login in which access is granted to the enterprise computing environment through credentials and the assignment of roles (roles may also be referred to as permissions, access rights, and/or privileges)” …teaches in par. 0024 the following: “a user attempts to access managed system 126 through user interface 112. Event analytics access provision 200 receives a notification of an audit event (e.g., login attempt, authorization event) from managed system 126. In one embodiment, event analytics access provision 200 receives a notification of a successful audit event (e.g., access granted).”); identify, based on the security access grant request, identification information associated with the user (i.e. …teaches as part of his abstract the following: “determining access activity associated with the first user id.”); and obtain, based on the identification information, the user profile from a data structure that stores user profiles associated with a plurality of users (i.e., …teaches in par. 0010 the following: “compare the existing user id activity against criteria, such as previous user id activity, a pre-determined threshold (e.g., minimum activity requirement), and with respect to compliance with policy rules to ensure security by automatically suspending or de-provisioning the roles of a user when criteria is not sustained.” …teaches in par. 0034 the following: “compares the attributes of the user id associated with the failed audit event with the attributes of the user ids and successful audit events from historical reference 122.”). As to claims 4 and 11, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to cause the security access to be granted to the user (i.e., …teaches in par. 0023 the following: “granting user access…”), are configured to: update a data structure that stores security access grant information to indicate that the user is granted the security access (i.e., …teaches in par. 0043 the following: “updates the user id with the new role assignment.” …teaches in par. 0054 the following: “modifies the user id roles and assigns a new role based on the results comparison identifying a more similar role based on matching attributes. Identity manager system 124 updates the roles assigned to the user id and restores modified access to managed system 126.”. …teaches in par. 0054 the following: “reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126”). As to claim 5, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to cause the security access to be granted to the user (i.e., …teaches in par. 0023 the following: “granting user access…”), are configured to: update a data structure that stores security access grant information to indicate that the user is recommended to be granted the security access (i.e. …teaches in par. 0054 the following: “upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126.”), wherein updating the data structure allows a notification to be provided to another device that is associated with another user (i.e., …teaches in par. 0042 the following: “provides a submission message to multiple user ids (e.g., resource owner, requester, managers) through combinations of the aforementioned notifications or through other notification methods not mentioned.” …teaches in par. 0043 the following: “provides an approved notification of the resource access request.”.), which allows the other user to interact with the other device to cause the other device to update the data structure to indicate that the user is granted the security access (i.e., …teaches in par. 0026 the following: “Upon entering a valid user id and password, access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource).”). As to claims 6 and 13, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to generate the certification information (i.e., …teaches in par. 0053 the following: “event analytics access de-provision 300 notifies the user and the resource owner of an account status change…”), are configured to: determine, by processing the user behavior information using the second machine learning model, a user behavior classification (i.e., …teaches in par. 0049 the following: “, atypical activity refers to the actual recorded audit event activity for a user id not matching an expected defined activity for the user id. For example, an atypical activity may include one user id accessing managed system 126 once every six months to change a password while other user ids access managed system 126 daily.”); and generate, based on the user behavior classification, the certification information (i.e.., …teaches in par. 0050 the following: “determines the access is atypical (decision 314, yes branch), event analytics access de-provision 300 continues to step 316. If event analytics access de-provision 300 determines the access is not atypical (decision 314, no branch), event analytics access de-provision 300 completes and user id roles remain unchanged.” …teaches in par. 0051 the following: “creates an access resource change request. Event analytics access de-provision 300 creates an access resource change request for the user id associated with the audit event. Event analytics access de-provision 300 includes the results of the comparison from decision 314 in the access resource change request for identity manager system 124. In some embodiments, event analytics access de-provision 300 may also include a recommended permanent action (e.g., change of user id role, remove access) to identity manager system 124.”), wherein the certification information indicates that the security access is to be renewed when the user behavior classification indicates normal user behavior (i.e., ...teaches in par. 0054 the following: “the resource owner of identity manager system 124 performs manual actions in order for permanent role assignments to be implemented for the user id associated with the audit event. In one embodiment, the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126. In another embodiment, the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, modifies the user id roles and assigns a new role based on the results comparison identifying a more similar role based on matching attributes.”), and wherein the certification information indicates that the security access is to be revoked when the user behavior classification indicates not normal user behavior (i.e., …teaches in par. 0054 the following: “the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”). As to claim 7, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to generate the certification information (i.e., …teaches in par. 0053 the following: “event analytics access de-provision 300 notifies the user and the resource owner of an account status change…”), are configured to: a temporal indicator of usage of the security access by the user (i.e., …teaches in par. 0052 the following: “identity manager system 124 temporarily automatically suspends access to managed system 126 for the user id associated with the audit event”); and generate, based on the temporal indicator, the certification information, wherein the certification information indicates that the security access is to be renewed when the temporal indicator indicates recent usage of the security access by the user (i.e., …teaches in par. 0054 the following: “the resource owner of identity manager system 124 performs manual actions in order for permanent role assignments to be implemented for the user id associated with the audit event. In one embodiment, the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126. In another embodiment, the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, modifies the user id roles and assigns a new role based on the results comparison identifying a more similar role based on matching attributes.”), and wherein the certification information indicates that the security access is to be revoked when the temporal indicator indicates not recent usage of the security access by the user (i.e., …teaches in par. 0054 the following: “the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”). The system of Choi does not expressly teach: “determine, by processing the user behavior information using the second machine learning model”. In this instance the examiner notes the teachings of prior art reference Carnahan. Carnahan teaches par. 0027 the following: “user data (described in greater detail herein) associated with a particular user may be evaluated using a machine-learning model.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Choi with the teachings of Carnahan by having their system comprise an enhanced access rights determination process. One would have been motivated to do so to provide a simple and effective means to dynamically control access, wherein the enhanced access rights determination process helps facilitate stronger security within the network and makes it easier to configure access rights. As to claim 8, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to cause the security access to be revoked (i.e., …teaches in par. 0044 the following: “…revoking access), are configured to: update a data structure that stores security access grant information to indicate that the user is not granted the security access (i.e., …teaches in par. 0044 the following: “modifying existing user access (e.g., suspension of access, revoking access, changing roles) executing within the distributed data processing environment 100”). As to claim 9, the system of Choi and Carnahan as applied to claim 1 above teaches access control, specifically Choi teaches a system of claim 1, wherein the one or more processors, to cause the security access to be revoked (i.e., …teaches in par. 0044 the following: “…revoking access), are configured to: update a data structure that stores security access grant information to indicate that the user is not recommended to be granted the security access (i.e., …teaches in par. 0054 the following: “upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”), wherein updating the data structure allows a notification to be provided to another device that is associated with another user (i.e., …teaches in par. 0042 the following: “provides a submission message to multiple user ids (e.g., resource owner, requester, managers) through combinations of the aforementioned notifications or through other notification methods not mentioned.” …teaches in par. 0043 the following: “provides an approved notification of the resource access request.”), which allows the other user to interact with the other device to cause the other device to update the data structure to indicate that the user is not granted the security access (i.e., …teaches in par. 0054 the following: “upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”). As to claim 12, the system of Choi and Carnahan as applied to claim 10 above teaches access control, specifically Choi teaches a non-transitory computer-readable medium of claim 10, wherein the one or more processors, to cause the security access to be granted to the user (i.e., …teaches in par. 0026 the following: “access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource)”), are configured to: cause a data structure to be updated to indicate that the user is recommended to be granted the security access (i.e., …teaches in par. 0054 the following: “upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access.”), wherein causing the data structure to be updated allows another device to update the data structure to indicate that the user is granted the security access (i.e., …teaches in par. 0054 the following: “upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access. Identity manager system 124 reactivates the user id and restores access to managed system 126. In another embodiment, the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, modifies the user id roles and assigns a new role based on the results comparison identifying a more similar role based on matching attributes.”). As to claim 14, the system of Choi and Carnahan as applied to claim 13 above teaches access control, specifically Choi teaches a non-transitory computer-readable medium of claim 13, wherein the certification information indicates that the security access is to be revoked when the user information indicates at least one: a behavior of the user is not normal user behavior, or a usage of the security access by the user is not a recent usage (i.e., …Applicant’s usage of the term “at least one of” places the above limitation in alternative form. As such with regards to applicant’s alternative limitation of, “a behavior of the user is not normal user behavior”, Choi taches in par. 0049 the following: “, event analytics access de-provision 300 determines if access is atypical. In one embodiment, atypical activity refers to the actual recorded audit event activity for a user id not matching an expected defined activity for the user id. For example, an atypical activity may include one user id accessing managed system 126 once every six months to change a password while other user ids access managed system 126 daily. In another embodiment, atypical activity refers to a user id utilizing managed system 126 in a manner in violation of the policy rules. ...teaches in par. 0044 the following: “event analytics access de-provision 300 for evaluating and modifying existing user access (e.g., suspension of access, revoking access, changing roles) executing within the distributed data processing environment”). As to claim 15, the system of Choi and Carnahan as applied to claim 10 above teaches access control, specifically Choi teaches a non-transitory computer-readable medium of claim 10, wherein the one or more processors, to cause the security access to be revoked (i.e., …teaches in par. 0044 the following: “event analytics access de-provision 300 for evaluating and modifying existing user access (e.g., suspension of access, revoking access, changing roles) executing within the distributed data processing environment”), are configured to: cause a data structure to be updated to indicate that the user is not granted the security access (i.e., …teaches in par. 0051 the following: “event analytics access de-provision 300 may also include a recommended permanent action (e.g., change of user id role, remove access) to identity manager system 124.”). As to claim 16, the system of Choi and Carnahan as applied to claim 10 above teaches access control, specifically Choi teaches a non-transitory computer-readable medium of claim 10, wherein the one or more processors, to cause the security access to be revoked (i.e., …teaches in par. 0044 the following: “event analytics access de-provision 300 for evaluating and modifying existing user access (e.g., suspension of access, revoking access, changing roles) executing within the distributed data processing environment”), are configured to: cause a data structure to be updated to indicate that the user is not recommended to be granted the security access (i.e., …teaches in par. 0051 the following: “event analytics access de-provision 300 may also include a recommended permanent action (e.g., change of user id role, remove access) to identity manager system 124.”), wherein causing the data structure to be updated allows another device to update the data structure to indicate that the user is not granted the security access (i.e., …teaches in par. 0043 the following: “Identity manager system 124 updates the user id with the revised role assignment.” …teaches in par. 0054 the following: “the resource owner, upon review of the request and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”.). As to claim 17, Choi teaches a method, comprising: certification information that indicates whether a security access granted to a user is to be renewed or revoked (i.e., …teaches in par. 0053 the following: “event analytics access de-provision 300 notifies the user and the resource owner of an account status change…”. …teaches in par. 0054 the following: “the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access.” …teaches in par. 0052 the following: “event analytics access de-provision 300 provides identity manager system 124 with an instruction to suspend access of a specific user (i.e., changes user id access authorization to suspended status) pending resource owner action. In one embodiment, in response to receipt of the suspension order, identity manager system 124 temporarily automatically suspends access to managed system 126 for the user id associated with the audit event.” …teaches in par. 0054 the following: “and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”); and causing, by the system and based on the certification information, one of: the security access to be renewed when the certification information indicates that the security access is to be renewed (i.e., …teaches in par. 0054 the following: “the resource owner, upon review of the results comparison and recommendations made by event analytics access de-provision 300, reinstates user id access.” ), or the security access to be revoked when the certification information indicates that the security access is to be revoked (i.e., …teaches in par. 0052 the following: “event analytics access de-provision 300 provides identity manager system 124 with an instruction to suspend access of a specific user (i.e., changes user id access authorization to suspended status) pending resource owner action. In one embodiment, in response to receipt of the suspension order, identity manager system 124 temporarily automatically suspends access to managed system 126 for the user id associated with the audit event.” …teaches in par. 0054 the following: “and recommendations made by event analytics access de-provision 300, revokes access to managed system 126. Identity manager system 124 removes the role associated with the user id, and the user id no longer has access to managed system 126.”). The system of Choi does not expressly teach: “generating, by a system for using artificial intelligence to facilitate security access management, and by using one or more machine learning models”. In this instance the examiner notes the teachings of prior art reference Carnahan. Carnahan teaches par. 0232 the following: “The engine 1320 can implement the machine-learning techniques to compute…”. Carnahan teaches as part of his claim 4 claim limitation(s) the following: “and generating the resource-affinity parameter based on a combination of a first output of the first trained machine-learning model and a second output of the second trained machine-learning model.”. Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Choi with the teachings of Carnahan by having their system comprise an enhanced access rights determination process. One would have been motivated to do so to provide a simple and effective means to dynamically control access, wherein the enhanced access rights determination process helps facilitate stronger security within the network and makes it easier to configure access rights. As to claim 18, the system of Choi and Carnahan as applied to claim 17 above teaches access control, specifically Choi teaches a method of claim 17, further comprising: determining, prior to generating the certification information, that the user is to be granted a security access (i.e., …teaches in par. 0026 the following: “For example, an existing user id requests access to managed system 126. Upon entering a valid user id and password, access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource).”); and causing, based on determining that the user is to be granted the security access, the security access to be granted to the user (i.e., …teaches in par. 0026 the following: “For example, an existing user id requests access to managed system 126. Upon entering a valid user id and password, access to the system is granted (i.e., user id exists, authentication and authorization criteria are met, and assigned role grants access to restricted resource).”). Choi does not expressly teach: “by using another machine learning model”. In this instance the examiner notes the teachings of prior art reference Carnahan. With regards to applicant’s claim limitation element(s) of, “by using another machine learning model”, Carnahan teaches in par. 00237 the following: “inputted into the same machine-learning model or a different machine-learning model” … Carnahan teaches as part of his claim 4 limitations the following: “inputting the second data set into a second trained machine-learning model”); Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Choi with the teachings of Carnahan by having their system comprise an enhanced access rights determination process. One would have been motivated to do so to provide a simple and effective means to dynamically control access, wherein the enhanced access rights determination process helps facilitate stronger security within the network and makes it easier to configure access rights. As to claim 19, the system of Choi and Carnahan as applied to claim 17 above teaches access control, specifically Choi teaches a method of claim 17, wherein generating the certification information comprises: and generating, based on the user information (i.e., …Choi teaches as part of his claim 5 limitation(s) the following: “determining, by one or more computer processors, whether the access activity for the first user id is atypical; and in response to determining the access activity for the first user id is atypical, recommending, by one or more computer processors, at least suspending access for the first user id to a resource”), the certification information (i.e., …teaches in par. 0053 the following: “event analytics access de-provision 300 notifies the user and the resource owner of an account status change…”). Choi does not expressly teach: “determining, using the one or more machine learning models, user information”. In this instance the examiner notes the teachings of prior art reference Carnahan. With regards to applicant’s claim limitation element(s) of, “determining, using the one or more machine learning models, user information”, Carnahan teaches in par. 0027 the following: “user data (described in greater detail herein) associated with a particular user may be evaluated using a machine-learning model.”). Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Choi with the teachings of Carnahan by having their system comprise an enhanced access rights determination process. One would have been motivated to do so to provide a simple and effective means to dynamically control access, wherein the enhanced access rights determination process helps facilitate stronger security within the network and makes it easier to configure access rights. As to claim 20, the system of Choi and Carnahan as applied to claim 19 above teaches access control, specifically Choi teaches a method of claim 19, wherein the certification information indicates that the security access is to be revoked when the user information indicates that at least one of: a behavior of the user is not normal user behavior, a usage of the security access by the user is not a recent usage, or the user does not continue to need grant of the security access (i.e., …Applicant’s usage of the term “at least one of” places the above limitation in alternative form. As such with regards to applicant’s alternative limitation of, “a behavior of the user is not normal user behavior”, Choi taches in par. 0049 the following: “, event analytics access de-provision 300 determines if access is atypical. In one embodiment, atypical activity refers to the actual recorded audit event activity for a user id not matching an expected defined activity for the user id. For example, an atypical activity may include one user id accessing managed system 126 once every six months to change a password while other user ids access managed system 126 daily. In another embodiment, atypical activity refers to a user id utilizing managed system 126 in a manner in violation of the policy rules. ...teaches in par. 0044 the following: “event analytics access de-provision 300 for evaluating and modifying existing user access (e.g., suspension of access, revoking access, changing roles) executing within the distributed data processing environment”). Art Made of Record The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Esibov et al. (US Patent No. 11,768,699), Wolff et al. (US Patent Publication No. 2020/0259852), Wilson et al. (US Patent Publication No. 2024/0037584) and Limaye et al. (US Patent Publication No. 2021/0344668). Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRYAN F WRIGHT/ Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Dec 11, 2023
Application Filed
Feb 04, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/527,163
Patent 12598234
DRONE ELECTRONIC MESH FOR ONLINE NETWORK SERVICES (DEMONS) IMPLEMENTING CRYPTOGRAPHIC OPERATIONS
2y 5m to grant Granted Apr 07, 2026
18/005,728
Patent 12591675
METHODS AND SYSTEMS FOR SECURING COMPUTER SYSTEMS OR NETWORKS AGAINST SUSPECT BINARY FILES
2y 5m to grant Granted Mar 31, 2026
18/091,138
Patent 12587506
INTELLIGENT ROUTING AND REDIRECTION TECHNIQUES FOR OPTIMAL SECURE ACCESS TO RESOURCES
2y 5m to grant Granted Mar 24, 2026
17/991,691
Patent 12579271
CROSS-ARCHITECTURE AUTOMATIC DETECTION METHOD AND SYSTEM FOR THIRD-PARTY COMPONENTS AND SECURITY RISKS RELATED TO FIRMWARE IN INTERNET OF THINGS DEVICES THEREOF
2y 5m to grant Granted Mar 17, 2026
18/174,882
Patent 12580747
COMMUNICATION SYSTEM, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
78%
Grant Probability
99%
With Interview (+24.3%)
3y 4m
Median Time to Grant
Low
PTA Risk
Based on 805 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month