Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite obtaining access decisions, determining a subset of access decisions, receiving user input and determine a new access rule. This judicial exception is not integrated into a practical application because the claims, as drafted, under its broadest reasonable interpretation, covers performance of the limitations in the human mind or on pen and paper. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because other than stating “a plurality of data environments” and “processing system”, nothing in the claim elements precludes the claims from practically being performed in the mind or pen and paper. For example, but for the “processing” language, “obtaining”, “determining” and “receiving” steps, in context of the claims, encompass putting information to pen and paper or performance of the limitations in the mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claims only recites one additional element – using a processor. The processor in both steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function receiving information) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly
more than the judicial exception. As discussed above with respect to integration of the abstract idea
into a practical application, the additional element of using a processor receiving and obtaining access information steps amounts to no more than mere instructions to apply the exception using a
generic computer component. Mere instructions to apply an exception using a generic computer
component cannot provide an inventive concept. The claims are not patent eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-4 and 8-20 are rejected under 35 U.S.C. 103 as being unpatentable over ZHAO et al, CN 115460607 A, and further in view of JP 7240785 B2.
Regarding claim 1, ZHAO teaches a method comprising:
obtaining access decisions responsive to access requests to a plurality of data
environments (S1041: a plurality of access request corresponding to the plurality of different mobile terminal, In this case, the first RAN slice can respectively analyze the plurality of access request, so as to obtain a plurality of analysis result corresponding to the plurality of access request).
ZHAO lacks or does not expressly disclose baseline rules.
However, JP 7240785 B2 discloses determining, based on baseline rules, a subset of the access decisions that should be rejected (claim 24: application of a baseline policy to a set of parameters denies access to a computing resource);
receiving user input indicating additional ones of the access decisions for inclusion in the
subset (Fig. 15 and A first graphical user interface 1502 is shown in FIG. First graphical user interface 1502 may include first input area 1504 , second input area 1506 , button 1508 , and visual display of results 1510 . A first input area 1504 may be an area of the GUI where the client can enter a policy.); and
determining a new access-review rule based on the user input (claim 21: executing a mitigation routine that modifies or overrides the first policy in response to determining that the first propositional formula is more permissive than the second propositional formula).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to include a baseline rule (policy) to deny access to particular decisions, in order to deny access to a computing resource, as taught by, JP 7240785 B2.
Regarding claim 2, ZHAO, as modified above, further discloses the method of claim 1, comprising: enforcing the access decisions on the access requests (“the first RAN slice can send the access success response message to the one or more mobile terminals at the same time, also can sequentially to the one or more mobile terminals respectively sending access success response message”).
Regarding claims 3-4, ZHAO lacks or does not expressly disclose a baseline rules from a privilege graph. However, JP 7240785 B2, teaches
determining at least a portion of the baseline rules from a privilege graph representing data
access authorizations to the plurality of data environments (Claim 1: presenting the first security policy to a privileged user via a graphical user interface to indicate that the first security policy is more permissive than the one or more baseline security policies. “shown in the second graphical user interface 1512, the system selects from the policies contained in the input area 1514 and a mapping that maps the items in the drop-down list to their corresponding policies.”);
wherein determining the subset comprises: determining an access decision of the access decision does not correspond to a data access authorization indicated in the privilege graph; and
including the access decision in the subset (The satisfiability engine is used to verify propositional formula constraints (e.g., constraints resulting from the first propositional formula and the second propositional formula, as well as constraints generated by the satisfiability engine).).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to include a privilege graph from the baseline rules, in order to map the corresponding policies, as taught by, JP 7240785 B2.
Regarding claim 8, ZHAO lacks or does expressly disclose a baseline. However JP 7240785 B2 teaches further discloses the method of claim 1, comprising:
including the new access-review rule in the baseline rules for a subsequent determination
of subsequent access request decisions that should be rejected (”the requestor is given an opportunity to revise or apply the security policy.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to include a baseline rule (policy) and applying a new rule, in order to deny access to a computing resource, as taught by, JP 7240785 B2.
Regarding claim 9-10, ZHAO lacks or does not expressly disclose determining the new access-review rule to a user. However JP 7240785 B2 further discloses the method of claim 1, wherein determining the new access-review rule comprises: suggesting the new access-review rule to a user; and
receiving user input approving the new access-review rule (Fig. 15 and The GUI may also include a button 1508 that, when pressed, may be utilized to analyze the admissibility of policies contained in input areas 1504 and 1506);
wherein determining the new access-review rule comprises: after including the additional ones of the access decisions in the subset, identifying a pattern in the subset; and
creating the new access-review rule to reject subsequent access decisions fitting the pattern (“the admissibility of the first policy contained in the first input area 1504 and the second policy contained in the second input area 1506 may be compared. A computing resource service provider, policy analyzer service, or other suitable system described elsewhere in this disclosure may be utilized to satisfy the request.).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to include suggesting the new access-review rule to a user, in order to analyze the admissibility of the polices, as taught by, JP 7240785 B2.
Regarding claim 11, ZHAO lacks or does not expressly disclose determining the new access-review rule to a user. However JP 7240785 B2 further discloses the method of claim 1, wherein determining the new access-review rule comprises: accessing one or more previous subsets of previous access decisions that should be rejected from previously obtained access decisions;
after including the additional ones of the access decisions in the subset, identifying a pattern
in the subset and the one or more previous subsets; and creating the new access-review rule to reject subsequent access decisions fitting the pattern (the admissibility of the first policy contained in the first input area 1504 and the second policy contained in the second input area 1506 may be compared. A computing resource service provider, policy analyzer service, or other suitable system described elsewhere in this disclosure may be utilized to satisfy the request. a set of parameters including an authentication subject and a computing resource action may have different effects (e.g., access is denied) when a second security policy is applied to the same set of parameters, whereas the first may be described such that applying the security policy of to a set of parameters produces a first effect (eg, access is granted).). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to access previous decisions, in order to analyze the admissibility of the polices, as taught by, JP 7240785 B2.
Regarding claim 12 ZHAO lacks or does not expressly disclose determining the new access-review rule to a user. However JP 7240785 B2 further discloses the method of claim 11, wherein the pattern is one of a plurality of identified patterns, the method comprising: suggesting the plurality of identified patterns to a user; receiving a selection of the pattern from the user; and creating the new access-review rule in response to the selection (customer logic that is selected based on information obtained about the request—eg, custom logic may determine security policies may vary based on the type of resource the policy applies to). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO with JP 7240785 B2, to include receiving a selection, in order to determine a custom logic security policy as taught by, JP 7240785 B2.
Regarding claim 13, ZHAO, as modified above, further discloses the method of claim 1, comprising:
identifying a second entity having environments similar to a first entity having the plurality
of data environments; and enforcing the new access-review rule for the second entity (S1032: determining that the initial configuration information received by the mobile terminal is different from the initial configuration information of the first RAN slice, and/or, when the network service type of the mobile terminal is different from the network service type corresponding to the first RAN slice, obtaining the second analysis result representing that the mobile terminal does not satisfy the access condition).
Regarding claim 14, ZHAO, as modified above, further discloses the method of claim 1, comprising:
calculating potential access decisions for an access request of the access requests at
different timestamps; and presenting the potential access decisions to a user for review (S1041: the first RAN slice can at the same time or in a period of time receiving a plurality of different mobile terminal sent, and a plurality of access request corresponding to the plurality of different mobile terminal, In this case, the first RAN slice can respectively analyze the plurality of access request, so as to obtain a plurality of analysis result corresponding to the plurality of access request, and one or more analysis result in the plurality of analysis result represents one or more mobile terminal satisfy to the access condition).
As per claims 15-19, this is an apparatus version of the claimed method discussed above in claims 1-14 wherein all claimed limitations have also been addressed and/or cited as set forth above.
Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over ZHAO et al, CN 115460607 A, in view of JP 7240785 B2, as applied to claims 1, 15 and 20 above, and further in view of Moloian et al, US 9,916,450.
Regarding claim 5-7, ZAHO, as modified above, lacks or fails to expressly disclose dividing the access decisions among users for review.
However, Moloian teaches dividing the access decisions among users for review; and
receiving the user input from the users (claim 5: “a review of access rights provisioned for the user, receive user input at the list selecting one of the users included in the list, and initiate performance of the one or more reconciliation tasks for the user selected).
providing a list including a portion of the access decisions to a user of the users, wherein
the list identifies each of the access requests by attributes of an access request (claim 11: each user included in the list having been flagged for a review of access rights provisioned for the user; receiving user input at the list selecting one of the users included in the list; and initiating performance of the one or more reconciliation tasks for the user selected.); wherein the attributes include a user making the access request, a
resource being requested by the access request, and an indication of whether the access request
was allowed or denied (col. 27, lines 57-61: the requested access rights do match the access rights of one of the defined roles (block 607: Y), then the QA module 422 may deny the access request (block 611)). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify ZHAO, as modified above, with Moloian to teach dividing the access decisions among users for review, in order to provision or revoke access rights, as taught by Moloian, abstract.
Allowable Subject Matter
Claim 20 is objected to as being rejected under 35 USC 101. Allowability cannot be determined until the rejection is resolved. Any reasons for allowance would be issued at the time of allowance of the application.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AUBREY H WYSZYNSKI/Primary Examiner, Art Unit 2434