Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 2 and 12 are objected to because of the following informalities: the claims recite “based on based on”. Appropriate correction is required.
Claim Rejections - 35 USC § 101
Claims 1-6, 8, 10-16, 18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception without significantly more. The claim(s) 1, 10, and 11 recite(s) “identifying a plurality of interactions”, “aggregating the plurality of interactions”, “determining an owner of each computing identity”.
The limitation of “identifying a plurality of interactions”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “a processing circuitry” and “a memory”, nothing in the claim element precludes the step from practically being performed in the mind. Similarly, the limitation of “aggregating the plurality as interactions”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. “Aggregating” in the context of this claim encompasses merely extra-solution activity of data gathering. The limitation of “determining an owner”, as drafted, is a process that covers performance of the limitation in the mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Claims 2-5 and 12-15 are rejected for similar rationale as provided above. Claims 6-9, 17-19 integrate the idea into a practical application.
This judicial exception is not integrated into a practical application. In particular, the claim only recites the additional element(s) – using a processing circuitry to perform the steps. The processing circuitry in the steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using processing circuitry to perform the steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-5, 7-8, 10-15, 17-18 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Saraf et al. (US 2025/0030712) hereafter Saraf.
1. Saraf discloses a method for identity ownership determination, comprising:
identifying a plurality of interactions performed with respect to a plurality of computing identities, wherein each interaction is performed by a respective entity of a plurality of entities and with respect to a respective computing identity of the plurality of computing identities (para 78-89; see also para 50-54);
aggregating the plurality of interactions in order to create at least one set of aggregated interactions, wherein each set of aggregated interactions includes a subset of the plurality of interactions performed with respect to one of the plurality of computing identities, wherein the plurality of interactions includes a plurality of modifications of data used to manage access activities of the plurality of computing identities (para 88-103; see also para 50-54); and
determining an owner of each computing identity based on the at least one set of aggregated interactions, wherein the owner of each computing identity is one of the plurality of entities (para 91-103).
2. Saraf discloses the method of claim 1, further comprising: analyzing a plurality of uses of permissions with respect to the computing identity (fig. 15 and corresponding text; see further para 54, 81, 87, 92, 96, 98); and determining a plurality of identity management actions among the plurality of interactions based on based on the plurality of uses of permissions with respect to the computing identity, wherein each of the plurality of identity management actions includes one of the plurality of modifications of data, wherein the owner of the computing identity is determined based further on the plurality of identity management actions (para 54, 81, 87, 92, 96-98, rules can detect when credentials are created for a privileged service principal, because the credentials can be used to access an account from the internet, thus bypassing authentication controls. Further, rules can detect when a bucket object level encryption key is set to an external key).
3. Saraf discloses the method of claim 2, wherein the plurality of identity management actions include at least one of: changing a password, assigning a role, and assigning permissions (para 96).
4. Saraf discloses the method of claim 1, further comprising: generating a plurality of ownership scores for the computing identity, wherein the owner of the computing identity is determined based further on the plurality of ownership scores (fig. 15 and corresponding text).
5. Saraf discloses the method of claim 4, wherein the plurality of ownership scores is determined based on at least one: a type of each interaction, a recency of each interaction, an amount of interactions, and an explicit indication of ownership for the computing identity (para 54).
7. Saraf discloses the method of claim 1, further comprising: assigning at least one remediation task to the determined owner, wherein the at least one remediation task is to remediate a cybersecurity event involving the computing identity (para 78-81).
8. Saraf discloses the method of claim 1, further comprising: generating a secret for the computing identity (para 96); and sending a notification indicating the generated secret to the determined owner (para 78-87).
Claims 10-15, 17-18 are similar in scope to claims 1-5, 7-8 and are rejected under similar rationale.
Allowable Subject Matter
Claims 9 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES R TURCHEN/Primary Examiner, Art Unit 2439