INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM

§101 §103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the Preliminary Amendment filed 06/25/2024. In the instant Amendment, claims 1-8 were amended, claims 1, 9 and 10 are independent claims. Claims 1-10 are pending in this application. Information Disclosure Statement The information disclosure statement (IDS) submitted on 06/25/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 2-7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AlA), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AlA, the applicant regards as the invention. Regarding claim 2, claim 2 recites “highest degree of importance,” (emphasis added). The specification does not provide any standard for measurement for the term “high- level abstraction” enabling the public to determine the scope of the claims. At most, in page 21 lines 13-18 the specification states “Then, it is possible to request the user to input the action for the pattern of the element having the highest degree of importance or the pattern of the element having the degree of importance within a predetermined ranking from the top. As an example of definition of the pattern having the high degree of importance level, the following pattern is assumed. Nowhere does the specification provide any standard for measurement enabling the public to distinguish what level of abstraction is considered as high-level of abstraction. Therefore, the aforementioned limitation is vague and indefinite as such term is relative and/or subjective term. See MPEP 2173.05(b). See also in re Marosi, 710 F. 2d 799, 218 USPQ 289 (Fed. Cir. 1983). Regarding claim 3, claim 3 recites “higher in degree of importance,” (emphasis added). The specification does not provide any standard for measurement for the term “higher in degree of importance” enabling the public to determine the scope of the claims. At most, in page 23, lines 30-32 the specification states “this is because it is likely that the pattern having the higher degree of importance at the time of the second input request becomes different as the action and pattern finally decided by the first input request become different.” Nowhere does the specification provide any standard for measurement enabling the public to distinguish what level of abstraction is considered as high-level of abstraction. Therefore, the aforementioned limitation is vague and indefinite as such term is relative and/or subjective term. See MPEP 2173.05(b). See also in re Marosi, 710 F. 2d 799, 218 USPQ 289 (Fed. Cir. 1983). Regarding claim 5, claim 5 is dependent upon claim 2 is also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AlA), second paragraph, for the same reasons addressed above Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-10 are rejected under 35 U.S.C. 101 as being directed to non- statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more. Regarding claims 1, 9 and 10, the claims are directed to an abstract idea reciting the limitations “requesting a user to input an action [],” (claims 1, 9 and 10). The aforementioned steps are a mental process as broadly interpreted said steps could be performed in the human mind or by hand with a pen and paper. Accordingly, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize “requesting a user to input an action [].” It's noted that the claims recite the limitation “acquire a data set [].” Said steps are not sufficient to consider that the abstract idea is being interpreted into a practical application as said steps are recited at a high level of generality in gathering/processing/storing information, which are a form of insignificant extra-solution activity. As discussed in the specification in paragraphs [0013],” The acquisition unit 11 acquires a data set in which a plurality of combinations of a pattern including a plurality of elements indicating an access attribute (hereinafter, also simply referred to as a pattern) and an access control action associated with the pattern are defined,” which is insufficiently considered as “being interpreted the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. It’s also noted that the claims recited additional elements (i.e. memory, processor (claim 1). However, said additional elements are recited at a high level of generality (i.e. generic computing device/processor performing generic computing functions such as “acquire a data set []” such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic functions (i.e. acquiring a data set). See US Application by US 20080225753 by Khemani et al (See “Khemani,” [0119], [0187]-[0193], [0221]-[0226]) for claims 1, 9 and 10. As discussed above, the additional elements recited as a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application nor significantly more. Regarding claims 2-8, claims 2-8 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea and the claims do not positively recite any other operations that could be considered as the abstract idea is being integrated into a practical application or significantly more. It's noted that claim 2 recites the limitations “determining the degree of importance []’. Similar to analysis discussed above, the limitation “determining the degree of importance []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “determining the degree of importance []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 3 recites the limitations “determine that the pattern []. Similar to analysis discussed above, the limitation “determining that the pattern []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “determining that the pattern []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 4 recites the limitations “determine the degree of importance []. Similar to analysis discussed above, the limitation “determining that the degree of importance []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “determining that the degree of importance []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 5 recites the limitations “change the pattern of the element []”. Similar to analysis discussed above, the limitation “change the pattern of the element []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “change the pattern of the element []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 6 recites the limitations “determine the degree of importance []”. Similar to analysis discussed above, the limitation “determine the degree of importance []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “determine the degree of importance []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 7 recites the limitations “generate an access control policy []”. Similar to analysis discussed above, the limitation “generate an access control policy []” is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “generate an access control policy []” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). It's noted that claim 8 recites the limitations “present to the user, information []”. Similar to analysis discussed above, the limitation “present to the user, information is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “present to the user, information [],” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC v. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea... to another abstract idea .. . does not render the claim non- abstract.”). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Khemani et al (“Khemani,” US 20080225753) and further in view of Kliger et al (“Kliger,” US 20200053090) Regarding claim 1, Khemani discloses an information processing apparatus comprising: at least one memory configured to store instructions; and (Khemani describes [0086] at least one memory configured to store instructions) at least one processor configured to execute the instructions to: (Khemani [0086] describes at least one processor configured to execute the instructions to:) acquire a data set in which a plurality of combinations of a pattern of a plurality of elements indicating an access attribute and an access control action associated with the pattern of the elements are defined; and (Khemani describes [0119], [0187]-[0193] describes a policy that specifies actions to be applied on the basis of packet port, protocol type, a header and a field. A configuration interface prompts a user to input an action to be taken if a policy action for the received packet is undefined; also see [0221]-[0226]) Khemani fails to explicitly disclose and request a user to input an action associated with a pattern of an element not covered by the data set in a case in which the data set does not cover an action associated with one or more assumed patterns of an element. However, in an analogous art, Kliger discloses and request a user to input an action associated with a pattern of an element not covered by the data set in a case in which the data set does not cover an action associated with one or more assumed patterns of an element, (Kliger describes and request a user to input an action [0033], [0062], [0077] associated with a pattern of an element not covered by the data set in a case in which the data set does not cover an action associated with one or more assumed patterns of an element, [0036], [0047]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include and request a user to input an action associated with a pattern of an element not covered by the data set in a case in which the data set does not cover an action associated with one or more assumed patterns of an element. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 2, Khemani and Kliger disclose the information processing apparatus according to claim 1. Kliger further discloses wherein, in a case in which there are a plurality of patterns of elements not covered by the data set, the at least one processor is further configured to determine the degree of importance of final action decision in the patterns of the elements not covered, and request the user to input at least an action associated with a pattern of an element with the highest degree of importance, (Kliger describes wherein, in a case in which there are a plurality of patterns of elements not covered by the data set [0036], [0047], the at least one processor is further configured to determine the higher weight [degree of importance of final action decision] [0074] in the patterns of the elements not covered [0036], [0047], and request the user to input at least an action associated with a pattern of an element [0033], [0062], [0077] with the higher weight [highest degree of importance] [0074]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include wherein, in a case in which there are a plurality of patterns of elements not covered by the data set, the at least one processor is further configured to determine the degree of importance of final action decision in the patterns of the elements not covered, and request the user to input at least an action associated with a pattern of an element with the highest degree of importance. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 3, Khemani and Kliger disclose the information processing apparatus according to claim 2. Kliger further discloses wherein, in a case in which, in patterns of first and second elements not covered by the data set, when the action associated with the pattern of the first element is finally decided, a constraint condition of an action of the pattern of the second element is decided, but the reverse does not hold true, the at least one processor is further configured to determine that the pattern of the first element is higher in the degree of importance than the pattern of the second element, (Kliger describes wherein, in a case in which, in patterns of first and second elements not covered by the data set [0036], [0047], when the action associated with the pattern of the first element is finally decided [0036], [0047], a constraint condition of an action of the pattern of the second element is decided (FIG 5A), but the reverse does not hold true (FIG 5A), the at least one processor is further configured to determine that the pattern of the first element is higher weight [higher in the degree of importance] [0074] than the pattern of the second element as described in [0074]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include wherein, in a case in which, in patterns of first and second elements not covered by the data set, when the action associated with the pattern of the first element is finally decided, a constraint condition of an action of the pattern of the second element is decided, but the reverse does not hold true, the at least one processor is further configured to determine that the pattern of the first element is higher in the degree of importance than the pattern of the second element. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 4, Khemani and Kliger disclose the information processing apparatus according to claim 3. Kliger further discloses wherein the at least one processor is further configured to determine the degree of importance on the basis of at least one of the number of patterns of elements covered by the data set, an action acquired by an input request to the user, and a pattern of an element associated therewith, a ratio of the number of patterns of the elements covered to the number of one or more assumed patterns of the elements, or the reliability of an access control policy generated by using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith, (Kliger, wherein the at least one processor is further configured to determine the weight [degree of importance] [0074] on the basis of at least one of the number of patterns of elements covered by the data set (FIG 5B), an action acquired by an input request to the user [0033], [0062], [0077], and a pattern of an element associated therewith, denial rate [a ratio of the number of patterns of the elements covered to the number of one or more assumed patterns of the elements] (FIG 5A), or validate access control rule based on validation data set [the reliability of an access control policy generated by using the data set] (FIG 5A), the action acquired by the input request to the user, and the pattern of the element associated therewith as described in [0074]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include wherein the at least one processor is further configured to determine the degree of importance on the basis of at least one of the number of patterns of elements covered by the data set, an action acquired by an input request to the user, and a pattern of an element associated therewith, a ratio of the number of patterns of the elements covered to the number of one or more assumed patterns of the elements, or the reliability of an access control policy generated by using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 5, Khemani and Kliger disclose the information processing apparatus according to claim 2. Kliger further discloses wherein, in a case in which it is possible to sequentially request the user to input the action associated with the pattern of the element not covered by the data set twice or more, the at least one processor is further configured to change the pattern of the element associated with the action of requesting the input in a second request after a first request in accordance with the content of the action input from the user in response to the first request, (Kliger describes further discloses wherein, in a case in which it is possible to sequentially request the user to input the action [0022] associated with the pattern of the element not covered by the data set twice or more [0036], [0047], the at least one processor [0028] is further configured to change the pattern of the element associated with the action of requesting the input in a second request after a first request in accordance with the content of the action input from the user in response to the first request as described in [0036], [0047], [0049]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include wherein, in a case in which it is possible to sequentially request the user to input the action associated with the pattern of the element not covered by the data set twice or more, the at least one processor is further configured to change the pattern of the element associated with the action of requesting the input in a second request after a first request in accordance with the content of the action input from the user in response to the first request. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 6, Khemani and Kliger disclose the information processing apparatus according to claim 5. Kliger further discloses wherein, in a case in which it is possible to sequentially request the user to input the action associated with the pattern of the element not covered by the data set twice or more, the at least one processor is further configured to determine the degree of importance on the basis of the number of input requests of an action which is necessary for having reliability of an access control policy, which is generated using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith, to be equal to or greater than a predetermined threshold value, (Klinger describes wherein, in a case in which it is possible to sequentially request the user to input the action [0022] associated with the pattern of the element not covered by the data set twice or more [0036], [0047], the at least one processor [0028] is further configured to determine the degree of importance [0074] on the basis of the number of input requests of an action which is necessary for having validate access control rule based on validation data set [the reliability of an access control policy] (FIG 5A), which is generated using the data set, the action acquired by the input request to the user [0033], [0062], [0077], and the pattern of the element associated therewith, to be equal to or greater than a predetermined threshold value [0036]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani to include wherein, in a case in which it is possible to sequentially request the user to input the action associated with the pattern of the element not covered by the data set twice or more, the at least one processor is further configured to determine the degree of importance on the basis of the number of input requests of an action which is necessary for having reliability of an access control policy, which is generated using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith, to be equal to or greater than a predetermined threshold value. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 7, Khemani and Kliger disclose the information processing apparatus according to claim 1. Khemani further discloses disclose wherein the at least one processor is further configured to generate an access control policy by using the data set, the action input from the user, and the pattern of the element associated therewith, wherein a totally ordered set indicating the degree of influence on the action is defined for the pattern of the element, and the action is also defined by the totally ordered set, and the at least one processor is configured to generate the access control policy so that the totally ordered set associated with the pattern of the element and the totally ordered set associated with the action become order-isomorphic, (Khemani further discloses wherein the at least one processor [0108] is further configured to generate an access control policy by using the data set [0107], the action input from the user [0033], [0042], and the pattern of the element associated therewith [0036], [0047], wherein a totally ordered set indicating the degree of influence on the action is defined for the pattern of the element [0070], [0076], [0074], and the action is also defined by the totally ordered set, and the at least one processor is configured to generate the access control policy [0107] so that the totally ordered set [0233] associated with the pattern of the element and the totally ordered set [0233] associated with the action become order-isomorphic, [0233]) Regarding claim 8, Khemani and Kliger disclose the information processing apparatus according to claim 1. Kliger further discloses wherein the at least one processor is further configured to present, to the user, information regarding the reliability of the access control policy generated using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith, (Kliger describes wherein the at least one processor [0131] is further configured to present, to the user [0031], information regarding the reliability [0051] of the access control policy [0027] generated using the data set [0031], the action acquired by the input request to the user [0033], [0077], and the pattern of the element associated therewith [0036]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kliger with the method/system of Khemani and include wherein the at least one processor is further configured to present, to the user, information regarding the reliability of the access control policy generated using the data set, the action acquired by the input request to the user, and the pattern of the element associated therewith. One would have been motivated to reduce the attack surface for a system or machine by automatically generating access control rules to limit access to computer resources based on historical user access data (Kliger, [0006]). Regarding claim 9, claim 9 is directed to an information processing method. Claim 9 is similar in scope to claim 1 and is therefore, rejected under similar rationale. Regarding claim 10, claim 10 is directed to a non-transitory computer readable medium. Claim 10 is similar in scope to claim 1 and is therefore, rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES J WILCOX/Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439