Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to the communication filed on 04/30/2024.
Claims 1-20 are under examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because the claim(s) 1-20 as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea. The claim(s) 1-20 is/are directed to the abstract idea of the management of operation. The claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more than the judicial exception itself. Claims 1-20 are directed to an abstract idea without significantly more.
Step 1:
Regarding Step 1 of the Subject Matter Eligibility Test for Products and Processes (from the January 2019 §101 Examination Guidelines), claims 1-20 are directed to methods for managing operation. However, these methods do not recite a machine for the execution. In fact, these methods do not need a machine for the execution.
Step 2A Prong 1:
The claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) a human activities/business process. Specifically, the independent claim 1 recites the limitations of assigning a security officer role to a person, notify the person has been assigned the security officer role, waiting a request to be approved by the person and second person with security officer role and execute the operation. Independent claim 9 recites limitations of determining a operation request needs approval from a person with security office role, determining if the operation request has not been pre-approved, waiting for approval from the person and a second person with security officer role and execute the operation afterward. Claim 16 recites similar limitations as claim 9 except it indicated the operation request is approved when the operation request has been pre-approved. Under its broadest reasonable interpretation, these claims cover performance of the limitation in the human activities/business relations (assigning role to a person and require a person with a particular role to approve an operation). That is, nothing in the claim precludes assigning, determining, notification from practically being performed in the basic human activities/business relations. Therefore, the claims recite an abstract idea.
Step 2A Prong 2:
Independent claims 1, 9 and 16 do not recite any additional practical elements. Therefore, these claims are directed to an abstract idea and the judicial exception does not integrate the abstract idea into a practical application.
The dependent claims recite elements that narrow the metes and bounds of the abstract idea but do not provide “something more”. The dependent claims do not remedy these deficiencies.
Therefore, based on the above analysis as conducted based on the Guidance from the United States Patent and Trademark Office the claims are viewed as a court recognized abstract idea, are viewed as a judicial exception, does not integrate the claims into a practical application, and does not provide an inventive concept, therefore the claims are ineligible.
Furthermore, claims 1-20 recite methods. However, these claims do not recite a machine to execute the said methods, and these methods do not need a machine for the execution. Therefore, claim(s) 1-20 are determined to be directed to an abstract idea.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 are rejected under 35 U.S.C. 103 as being unpatentable over Koikara et al. (US 2008/0256606 A1) and Parks et al. (US 2020/0234242 A1).
Regarding claim 1, Koikara et al. discloses A method for managing an operation, the method comprising: receiving a request from a data protection module with respect to assigning a security officer role (SOR) to a person [par. 0037, “The process monitors for requests of privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor”, par. 0038, “The privilege monitor maps a privilege to a user by adding an entry in a user role map”, par. 0062, user role as an information systems security officer]; in response to the request and at a first point-in-time, initiating assignment of the SOR to the person [par. 0051, “User role map 412 is an index mapping users and user roles to one or more privileges. If privilege monitor 410 grants a privilege to a user, such as privilege 414, controller 408 creates an entry in user role map 412 assigning the granted privilege to the given user or user role”]; receiving, at a second point-in-time, a notification from the data protection module indicating that the SOR is assigned to the person, wherein the second point-in-time is after the first point-in-time [par. 0064, “When a user, such as users 502-506 access a data processing system on which privilege monitor 500 is implemented, the user is checked against a user role map to determine if privilege monitor 500 has granted the requested privilege to the user”, par. 0073, “The process maps the user to privilege by adding an entry in a privilege mapping index to indicate that the privilege has been granted to the user or user's role” (add a security officer role to a person in the user role map, and the user rule map indicate the role has been assigned to the person)]; after receiving the notification, sending a second request to the data protection module to execute the operation [par. 0077, “If the user role map indicates that the user or the user's role is mapped to privileges for accessing the requested data, the process grants access to the requested data (step 810) in accordance with the privilege associated with the privileged data”].
Koikara et al. does not explicitly disclose after the sending the second request: making a first determination that the second request has not been approved; waiting, based on the first determination, until the second request is approved by the person or a second person assigned the SOR; making a second determination that the second request is approved by the second person; and continuing, based on the second determination, execution of the operation.
However Parks et al. teaches after the sending the second request: making a first determination that the second request has not been approved [par. 0156, approval from multiple approvers may be needed, par. 0173, pending approval state 416, waiting for multiple authorized actors to approve]; waiting, based on the first determination, until the second request is approved by the person or a second person assigned the SOR [par. 0215, “a group of “Security Approvers” is defined as including three reviewers (Security Officers, Carl, and John) and the group may be assigned as “Reviewers” to any data object whose sensitivity classification attribute takes on the value of “Highly Confidential””, par. 0218, “the voting must be unanimous and all of the assigned decision makers are required to approve a pending change for that change to be approved”]; making a second determination that the second request is approved by the second person; and continuing, based on the second determination, execution of the operation [par. 0173, multiple authorized actors approve the proposed edit, in which case the current workflow state transitions to the published state 406, fig. 4C, pending approval 416, decision Approve, then published 406].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Parks et al. into the teaching of Koikara et al. with the motivation to provide data processing system users with precise and concise control over who can edit data, who can access data and when, who can see pending changes, who can approve the dissemination of data as taught by Parks et al. [Parks et al.: par. 0064].
Regarding claim 2, the rejection of claim 1 is incorporated.
Parks further discloses the operation always requires an approval from the person or the second person, wherein the operation is deleting a file system [par. 0218, “the voting must be unanimous and all of the assigned decision makers are required to approve a pending change for that change to be approved”, par. 0085, “a data object may represent a file”, par. 0092, “the data processing system may use the value of the attribute to identify an actor having create, read, update, and/or delete (CRUD) permissions for the data object”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Parks et al. into the teaching of Koikara et al. with the motivation to provide data processing system users with precise and concise control over who can edit data, who can access data and when, who can see pending changes, who can approve the dissemination of data as taught by Parks et al. [Parks et al.: par. 0064].
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Koikara et al. (US 2008/0256606 A1) and Parks et al. (US 2020/0234242 A1) as applied to claims 1-2 above, and further in view of Rath et al. (US 2022/0121620 A1).
Regarding claim 3, the rejection of claim 1 is incorporated.
Parks et al. discloses operation requires an approval from the person or the second person [par. 0156, approval from multiple approvers may be needed, par. 0173, pending approval state 416, waiting for multiple authorized actors to approve].
They do not explicitly disclose a retention-lock compliance (RLC) is enabled for the operation, wherein the operation is synchronizing a network time protocol.
However Rath et al. teaches a retention-lock compliance (RLC) is enabled for the operation, wherein the operation is synchronizing a network time protocol [par. 0025, “The network time protocol is designed to synchronize the clocks on computers and networks across the Internet or LANs”, par. 0048, “These configurable parameters help prevent tampering with the system clock thereby ensuring retention-lock compliance”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Rath et al. into the teaching of Koikara et al. and Parks et al. with the motivation for hardening a system clock to help ensure retention lock compliance as taught by Rath et al. [Rath et al.: par. 0047].
Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Koikara et al. (US 2008/0256606 A1) and Parks et al. (US 2020/0234242 A1) as applied to claims 1-2 above, and further in view of Wolinsky et al. (US 2003/0229549 A1).
Regarding claim 4, the rejection of claim 1 is incorporated.
Koikara et al. further discloses the second request is initiated by a user [par. 0077, “If the user role map indicates that the user or the user's role is mapped to privileges for accessing the requested data, the process grants access to the requested data (step 810) in accordance with the privilege associated with the privileged data”], wherein the user is part of the association of the SOR to the person [par. 0051, “User role map 412 is an index mapping users and user roles to one or more privileges. If privilege monitor 410 grants a privilege to a user, such as privilege 414, controller 408 creates an entry in user role map 412 assigning the granted privilege to the given user or user role”], wherein the person assigns the SOR to the second person [par. 0064, security officer can go through the privilege monitor to obtain privileges, par. 0039, “the process determines if a privilege should be granted to a user based on a user role map”].
Parks et al. further disclose wherein the user is not part of associating the second person with the SOR [par. 0215, “a group of “Security Approvers” is defined as including three reviewers (Security Officers, Carl, and John) and the group may be assigned as “Reviewers” to any data object whose sensitivity classification attribute takes on the value of “Highly Confidential””, par. 0218, “the voting must be unanimous and all of the assigned decision makers are required to approve a pending change for that change to be approved” (second approver is not the editor who request the changes)].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Parks et al. into the teaching of Koikara et al. with the motivation to provide data processing system users with precise and concise control over who can edit data, who can access data and when, who can see pending changes, who can approve the dissemination of data as taught by Parks et al. [Parks et al.: par. 0064].
They do not explicitly disclose wherein the person assigns the SOR to the second person.
However, Wolinsky et al. teaches wherein the person assigns the SOR to the second person [par. 0189, actor may be a user include content approver, par. 0156, actor assign content approver role to a new user].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Wolinsky et al. into the teaching of Koikara et al. and Parks et al. with the motivation to provide the content management and distribution services as taught by Wolinsky et al. [Wolinsky et al.: par. 0079].
Regarding claim 5, the rejection of claim 4 is incorporated.
Wolinsky et al. further teaches the second person does not need to be physically next to the user in order to approve the second request, wherein the second person uses a different login session than a login session of the user [par. 0192, “The content record is set to be available for approval at step 2416. At step 2418, the service provider content manager module 2303 requests a list of approver(s) for the subscriber 204 and the service provider content manager module 2303 notifies the approver(s) of the content being available for approval. In notifying the approver(s), an e-mail or other notification may be communicated either actively or passively to the approvers at step 2420. Additionally, the service provider content manager module 2303 may mark the content as "awaiting approval"”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Wolinsky et al. into the teaching of Koikara et al. and Parks et al. with the motivation to provide the content management and distribution services as taught by Wolinsky et al. [Wolinsky et al.: par. 0079].
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Koikara et al. (US 2008/0256606 A1) and Parks et al. (US 2020/0234242 A1) as applied to claims 1-2 above, and further in view of Dema (US 2014/0195390 A1).
Regarding claim 6, the rejection of claim 1 is incorporated.
Koikara et al. further discloses the second request is initiated by a user, wherein the second request is to execute the operation on a system [par. 0077, “If the user role map indicates that the user or the user's role is mapped to privileges for accessing the requested data, the process grants access to the requested data (step 810) in accordance with the privilege associated with the privileged data”].
They do not explicitly disclose wherein the system is provided by a vendor to a customer entity, wherein the user is an administrator of the system, is associated with the vendor, and is not associated with the customer entity, and wherein the person or the second person is associated with the customer entity.
Dema disclose wherein the system is provided by a vendor to a customer entity, wherein the user is an administrator of the system, is associated with the vendor, and is not associated with the customer entity [par. 0020, “An administrator such as DEF company 15 will establish and provide record keeping and accounting for the plan”, par. 0045, DEF company is a vendor], and wherein the person or the second person is associated with the customer entity [par. 0008, company employee (“plan members”), ].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Dema into the teaching of Koikara et al. and Parks et al. with the motivation for managing accounting data between one or more clients and one or more administrators and one or more users as taught by Parks et al. [Parks et al.: par. 0064].
Claims 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Koikara et al. (US 2008/0256606 A1) and Parks et al. (US 2020/0234242 A1) as applied to claims 1-2 above, and further in view of Joshi et al. (US 2018/0217996 A1).
Regarding claim 7, the rejection of claim 1 is incorporated.
Parks et al. further discloses the second request is approved by the second person [par. 0173, multiple authorized actors approve the proposed edit, in which case the current workflow state transitions to the published state 406, fig. 4C, pending approval 416, decision Approve, then published 406].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Parks et al. into the teaching of Koikara et al. with the motivation to provide data processing system users with precise and concise control over who can edit data, who can access data and when, who can see pending changes, who can approve the dissemination of data as taught by Parks et al. [Parks et al.: par. 0064].
They do not explicitly disclose approved for a period of time, wherein the period of time is determined based on a user oversight policy set by the second person.
However, Joshi et al. teaches approved for a period of time, wherein the period of time is determined based on a user oversight policy set by the approver [par. 0020, “an administrator can specify time periods or “access windows” during which this policy-approved access can be made”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Joshi et al. into the teaching of Koikara et al. and Parks et al. with the motivation to allow an administrator to define access windows during which the functionality can be modified as taught by Joshi et al. [Joshi et al.: par. 0034].
Regarding claim 8, the rejection of claim 7 is incorporated.
Parks et al. further discloses based on the first determination, an error message is displayed to a user, wherein the error message specifies a type of the operation and at least a portion of the user oversight policy that is associated with the operation [see fig. 5, instruction 514, approval required to access user data].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Parks et al. into the teaching of Koikara et al. with the motivation to provide data processing system users with precise and concise control over who can edit data, who can access data and when, who can see pending changes, who can approve the dissemination of data as taught by Parks et al. [Parks et al.: par. 0064].
Claims 9, 11, 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1) and Elmenshawy et al. (US 2024/0364707 A1).
Regarding claim 9, Parks et al. disclose A method for managing an operation, the method comprising: receiving a request from a user that wants to perform an operation [par. 0174, user submit delete request]; in response to the request, making a first determination that the request requires a person’s approval [par. 0156, approval from multiple approvers may be needed], wherein the person is assigned with a security officer role (SOR) [par. 0215, “a group of “Security Approvers” is defined as including three reviewers (Security Officers, Carl, and John)…”]; notifying, in response to the second determination, the person and a second person assigned the SOR to indicate that the request is pending for approval [par. 0156, approval from multiple approvers may be needed, par. 0173, pending approval state 416, waiting for multiple authorized actors to approve]; verifying that the request has been approved by the second person [par. 0215, “a group of “Security Approvers” is defined as including three reviewers (Security Officers, Carl, and John) and the group may be assigned as “Reviewers” to any data object whose sensitivity classification attribute takes on the value of “Highly Confidential””, par. 0218, “the voting must be unanimous and all of the assigned decision makers are required to approve a pending change for that change to be approved”]; and in response to the verifying, initiating notification of the user to indicate that the request is approved by the second person [par. 0173, multiple authorized actors approve the proposed edit, in which case the current workflow state transitions to the published state 406, fig. 4C, pending approval 416, decision Approve, then published 406].
Parks et al. do not explicitly disclose making, based on the first determination, a second determination that the request is not a preapproved request.
However, Elmenshawy et al. teaches making, based on the first determination, a second determination that the request is not a preapproved request [par. 0148, “The example consent workflow 1118 may be configured to allow the actor to access a target set of resources only upon approval by a designated granter. The example consent workflow 1118 evaluates a condition that is based on state data at a time of the consent request. In another example consent workflow 1118, consent has been pre-approved and additional approvals are not needed”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Elmenshawy et al. into the teaching of Parks et al. with the motivation to use a combination of consent workflows and access policies to manage access to resources as taught by Elmenshawy et al. [Elmenshawy et al.: par. 0030].
Regarding claim 11, the rejection of claim 9 is incorporated.
Parks further discloses the operation always requires an approval from the person or the second person, wherein the operation is deleting a file system [par. 0218, “the voting must be unanimous and all of the assigned decision makers are required to approve a pending change for that change to be approved”, par. 0085, “a data object may represent a file”, par. 0092, “the data processing system may use the value of the attribute to identify an actor having create, read, update, and/or delete (CRUD) permissions for the data object”].
Regarding claim 16, Parks et al. disclose A method for managing an operation, the method comprising: receiving a request from a user that wants to perform an operation [par. 0174, user submit delete request]; in response to the request, making a first determination that the request requires an approval of a person assigned a security officer role (SOR) [par. 0156, approval from multiple approvers may be needed, par. 0215, “a group of “Security Approvers” is defined as including three reviewers (Security Officers, Carl, and John)…”].
Parks et al. do not explicitly disclose making, based on the first determination, a second determination that the request is a preapproved request; and initiating, based on the second determination, notification of the user to indicate that the request is approved by the person.
However, Elmenshawy et al. teaches making, based on the first determination, a second determination that the request is a preapproved request; and initiating, based on the second determination, notification of the user to indicate that the request is approved by the person [par. 0148, “The example consent workflow 1118 may be configured to allow the actor to access a target set of resources only upon approval by a designated granter. The example consent workflow 1118 evaluates a condition that is based on state data at a time of the consent request. In another example consent workflow 1118, consent has been pre-approved and additional approvals are not needed”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Elmenshawy et al. into the teaching of Parks et al. with the motivation to use a combination of consent workflows and access policies to manage access to resources as taught by Elmenshawy et al. [Elmenshawy et al.: par. 0030].
Regarding claim 18, it recites limitations like claim 11. The reason for the rejection of claim 11 is incorporated herein.
Claims 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1) and Elmenshawy et al. (US 2024/0364707 A1) as applied to claims 9, 11, 16 and 18 above, and further in view of DeGraaf et al. (US 2023/0351007 A1).
Regarding claim 10, the rejection of claim 9 is incorporated.
Elmenshawy et al. discloses the second determination is made based on a plurality of preapproved requests.
They do not explicitly disclose the second determination is made based on a plurality of preapproved requests recorded in a database, wherein the user has a limited access to the database, wherein each of the person and the second person has a full access to the database.
DeGraaf et al. discloses the second determination is made based on a plurality of preapproved requests recorded in a database [par. 0242, a data operation indicated by the electronic request being on a list of preapproved data operations, par. 0229, marking the electronic request as being in the approved state may include changing a designation associated with the electronic request in a list or database being managed by the MAV system], wherein the user has a limited access to the database, wherein each of the person and the second person has a full access to the database [par. 0126, only authorized approvers can place the request into an approved state (thus update the database)].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of DeGraaf et al. into the teaching of Parks et al. and Elmenshawy et al. with the motivation to help prevent unauthorized entities from performing data operations on the data objects as taught by DeGraaf et al. [DeGraaf et al..: par. 0034].
Regarding claim 17, it recites limitations like claim 10. The reason for the rejection of claim 10 is incorporated herein.
Claims 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1) and Elmenshawy et al. (US 2024/0364707 A1) as applied to claims 9, 11, 16 and 18 above, and further in view of Rath et al. (US 2022/0121620 A1).
Regarding claim 12, the rejection of claim 9 is incorporated.
Parks et al. discloses operation requires an approval from the person or the second person [par. 0156, approval from multiple approvers may be needed, par. 0173, pending approval state 416, waiting for multiple authorized actors to approve].
They do not explicitly disclose a retention-lock compliance (RLC) is enabled for the operation, wherein the operation is synchronizing a network time protocol.
However Rath et al. teaches a retention-lock compliance (RLC) is enabled for the operation, wherein the operation is synchronizing a network time protocol [par. 0025, “The network time protocol is designed to synchronize the clocks on computers and networks across the Internet or LANs”, par. 0048, “These configurable parameters help prevent tampering with the system clock thereby ensuring retention-lock compliance”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Rath et al. into the teaching of Parks et al. and Elmenshawy et al. with the motivation for hardening a system clock to help ensure retention lock compliance as taught by Rath et al. [Rath et al.: par. 0047].
Regarding claim 19, it recites limitations like claim 12. The reason for the rejection of claim 12 is incorporated herein.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1) and Elmenshawy et al. (US 2024/0364707 A1) as applied to claims 9, 11, 16 and 18 above, and further in view of Koikara et al. (US 2008/0256606 A1).
Regarding claim 13, the rejection of claim 9 is incorporated.
Parks et al. disclose the person is assigned the SOR.
They do not explicitly disclose the person is assigned the SOR before the second person is assigned the SOR, wherein the user assigns the SOR to the person, and wherein the person assigns the SOR to the second person.
However, Koikara et al. teaches the person is assigned the SOR before the second person is assigned the SOR, wherein the user assigns the SOR to the person, and wherein the person assigns the SOR to the second person [par. 0037, “The process monitors for requests of privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor”, par. 0038, “The privilege monitor maps a privilege to a user by adding an entry in a user role map”, par. 0062, user role as an information systems security officer, par. 0064, security officer can go through the privilege monitor to obtain privileges].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Koikara et al. into the teaching of Parks et al. and Elmenshawy et al. with the motivation for managing privileges on a data processing system as taught by Koikara et al. [Koikara et al.: abs.].
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1) and Elmenshawy et al. (US 2024/0364707 A1) as applied to claims 9, 11, 16 and 18 above, and further in view of Wolinsky et al. (US 2003/0229549 A1).
Regarding claim 14, the rejection of claim 9 is incorporated.
Parks et al. disclose second person approve the request.
They do not explicitly disclose the second person does not need to be physically next to the user in order to approve the request.
However, Wolinsky et al. teaches the second person does not need to be physically next to the user in order to approve the request [par. 0192, “The content record is set to be available for approval at step 2416. At step 2418, the service provider content manager module 2303 requests a list of approver(s) for the subscriber 204 and the service provider content manager module 2303 notifies the approver(s) of the content being available for approval. In notifying the approver(s), an e-mail or other notification may be communicated either actively or passively to the approvers at step 2420. Additionally, the service provider content manager module 2303 may mark the content as "awaiting approval"”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Wolinsky et al. into the teaching of Koikara et al. and Parks et al. with the motivation to provide the content management and distribution services as taught by Wolinsky et al. [Wolinsky et al.: par. 0079].
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1), Elmenshawy et al. (US 2024/0364707 A1) and Wolinsky et al. (US 2003/0229549 A1) as applied to claim 14 above, and further in view of Ren et al. (US 2022/0232288 A1).
Regarding claim 15, the rejection of claim 14 is incorporated.
Koikara et al. discloses the user send the request.
They do not explicitly disclose the user is allowed to send the request only once.
However, Ren et al. teaches the user is allowed to send the request only once [par. 0081, “the first user may only be allowed to request the virtual resource from the second user only once”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Ren et al. into the teaching of Koikara et al., Parks et al., and Wolinsky et al. with the motivation to improve the probability and experience effect for the first user to acquire the virtual resources as taught by Ren et al. [Ren et al.: par. 0072].
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Parks et al. (US 2020/0234242 A1), Elmenshawy et al. (US 2024/0364707 A1) and Rath et al. (US 2022/0121620 A1) as applied to claims 12 and 19 above, and further in view of Koikara et al. (US 2008/0256606 A1).
Regarding claim 20, the rejection of claim 19 is incorporated.
Parks et al. disclose the person is assigned the SOR.
They do not explicitly disclose the person is assigned the SOR before the second person is assigned the SOR, wherein the user initiated the assignment of the SOR to the person, and wherein the person assigns the SOR to the second person.
However, Koikara et al. teaches the person is assigned the SOR before the second person is assigned the SOR, wherein the user initiated the assignment of the SOR to the person, and wherein the person assigns the SOR to the second person [par. 0037, “The process monitors for requests of privileges. In response to detecting a request from a user for a privilege, the process selectively assigns the privilege to the user through the privilege monitor”, par. 0038, “The privilege monitor maps a privilege to a user by adding an entry in a user role map”, par. 0062, user role as an information systems security officer, par. 0064, security officer can go through the privilege monitor to obtain privileges].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Koikara et al. into the teaching of Parks et al., Elmenshawy et al. and Rath et al. with the motivation for managing privileges on a data processing system as taught by Koikara et al. [Koikara et al.: abs.].
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20240195692 A1 NETWORK MANAGEMENT APPARATUS, NETWORK MANAGEMENT METHOD AND NETWORK MANAGEMENT SYSTEM
US 20230401337 A1 TWO PERSON RULE ENFORCEMENT FOR BACKUP AND RECOVERY SYSTEMS
US 20230229792 A1 RUNTIME RISK ASSESSMENT TO PROTECT STORAGE SYSTEMS FROM DATA LOSS
US 20220345457 A1 ANOMALY-BASED MITIGATION OF ACCESS REQUEST RISK
US 20220179976 A1 SYSTEMS AND METHODS FOR PROCESSING REQUESTS FOR ACCESS
US 20220174126 A1 DATA TRANSMITTING APPARATUS, CONTROL METHOD THEREOF, AND STORAGE MEDIUM
US 11144676 B1 Security Object Management System
US 20170201525 A1 EVIDENCE-BASED ROLE BASED ACCESS CONTROL
US 20160132803 A1 INFORMATION PRESENTING METHOD AND INFORMATION PRESENTING DEVICE
US 7610614 B1 Cryptographic Control And Maintenance Of Organizational Structure And Functions
US 20050114243 A1 Method And System For Object-oriented Workflow Management Of Multi-dimensional Data
US 20020184535 A1 Method And System For Accessing A Resource In A Computing System
US 20020059512 A1 Method And System For Managing An Information Technology Project
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393. The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JASON CHIANG/Primary Examiner, Art Unit 2431