DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a final office action in response to communications received 03/26/2026. Claims 1-3, 6-13, 16-18 have been amended. Claims 4, 5, 14, 15 have been cancelled. Therefore, claims 1-3, 6-13, 16-20 are pending and addressed below.
Response to Amendment
Applicant’s amendments and response to the claims are NOT sufficient to overcome the 35 USC 101 rejections set forth in the previous office action.
Terminal Disclaimer was filed and approved on 03/25/2026, therefore Examiner withdraws the Double Patenting rejections.
Response to Arguments
Applicant’s arguments filed 03/26/2026 have been fully considered but they are persuasive. Applicant argues that 1) the combination of Vasishth and Ezra does not disclose temporarily granting…the escalated privileges to the user account associated with the identifier for a specified duration, the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges, wherein the at least one activity is not associated with the task requiring the escalated privileges.
In response to argument 1), Examiner respectfully disagrees. Vasishth disclose temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38. Therefore Examiner maintains that Vasishth does disclose this limitation.
Claim Rejections – 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites receiving, from a user of a user account, a request for escalated privileges of the user account to perform a task requiring the escalated privileges…determining that the task requires the escalated privileges…based on determining…temporarily granting the escalated privileges…based on expiration of the specified duration, restoring the specified privileges….The limitations above, as drafted, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “executed by data processing hardware” nothing in the claim element precludes the step from practically being performed in the mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 9, 10-13, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vasishth et al (Pub. No. US 2006/0143447) in view of Ezra et al (Pub. No. US 2017/0006044).
As per claim 1, Vasishth discloses a computer-implemented method executed by data processing hardware that causes the data processing hardware to perform operations comprising: receiving, by data processing hardware and from a user of a user account associated with an identifier, a request for escalated privileges of the user account to perform a task requiring the escalated privileges (…a user is called upon to perform a task…such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted (Examiner interprets in the broadest reasonable interpretation that a request initiated for a user (account) to obtain elevated access to complete a specific task)…when a user is called upon to perform a task on a temporary basis that requires access over and above that held for his/her routine job responsibilities…accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38), the escalated privileges greater than specified privileges assigned to the user account (temporary elevated access can be granted…over and above that held for his/her routine job responsibilities…see par. 36, 38), wherein the task is not permitted for the user account while assigned the specified privileges (…requires access over and above that held for his/her routine job responsibilities…will be used only for the purpose for which they were authorized…see par. 36, 38); determining, by the data processing hardware, whether the task requires the escalated privileges, wherein the escalated privileges, if granted to the user, enable the user to perform the task and, if not granted to the user, prevent the user from performing the task (the task as requiring access over and above routine responsibilities… will be used only for the purpose for which they were authorized (Examiner interprets otherwise it is not allowed since the user lacks authorization by default because it states only for the purpose for which they are authorized)…see par. 36, 38); responsive to determining that the task requires the escalated privileges, temporarily granting, by the data processing hardware, the escalated privileges to the user account associated with the identifier for a specified duration (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis… such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted a specified time period in advance of the task completion date (Examiner interprets that task completion date is based on specific duration in order to meet the completion date)… accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38);
the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges wherein the at least one activity is not associated with the task requiring the escalated privileges (temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38). Vasishth discloses all “permanent” elevated access, is reviewed for business viability every six months…access is updated as necessary to ensure access is commensurate with current job responsibilities…but Vasishth does not explicitly disclose after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier. However Ezra discloses after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier (…these elevated privileges typically include a time limit …the elevated privileges may have predetermined time period (e.g., of one hour)… which would cause the elevated privileges to expire…the privileged identity management system may require a multifactor authentication, a manager approval or another form of security authentication…the approval determination may designate the user, a group of users, or all of the users (approval determination may designate user is interpreted as designate user already was verified based on login or request session)… the user may continue their work session without the elevated privileges …see par. 27, 47-50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ezra in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further improve user accounts’ levels of authorization to computer systems and software applications, see Ezra, par. 1-3.
As per claim 11, Vasishth discloses a system comprising: data processing hardware; and memory hardware in communication with the data processing hardware (see fig.3), the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to: receive from a user of a user account associated with an identifier, a request for escalated privileges of the user account to perform a task requiring the escalated privileges (…a user is called upon to perform a task…such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted (Examiner interprets in the broadest reasonable interpretation that a request initiated for a user (account) to obtain elevated access to complete a specific task)…when a user is called upon to perform a task on a temporary basis that requires access over and above that held for his/her routine job responsibilities…accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38), the escalated privileges greater than specified privileges assigned to the user account (temporary elevated access can be granted…over and above that held for his/her routine job responsibilities…see par. 36, 38), wherein the task is not permitted for the user account while assigned the specified privileges (…requires access over and above that held for his/her routine job responsibilities…will be used only for the purpose for which they were authorized…see par. 36, 38); determine whether the task requires the escalated privileges, wherein the escalated privileges, if granted to the user, enable the user to perform the task and, if not granted to the user, prevent the user from performing the task (the task as requiring access over and above routine responsibilities… will be used only for the purpose for which they were authorized (Examiner interprets otherwise it is not allowed since the user lacks authorization by default because it states only for the purpose for which they are authorized)…see par. 36, 38); responsive to determining that the task requires the escalated privileges, temporarily grant the escalated privileges to the user account associated with the identifier for a specified duration (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis… such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted a specified time period in advance of the task completion date (Examiner interprets that task completion date is based on specific duration in order to meet the completion date)… accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38); the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges wherein the at least one activity is not associated with the task requiring the escalated privileges (temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38). Vasishth discloses all “permanent” elevated access, is reviewed for business viability every six months…access is updated as necessary to ensure access is commensurate with current job responsibilities…but Vasishth does not explicitly disclose after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier. However Ezra discloses after expiration of the specified duration, restore the specified privileges to the user account associated with the identifier (…these elevated privileges typically include a time limit …the elevated privileges may have predetermined time period (e.g., of one hour)… which would cause the elevated privileges to expire…the privileged identity management system may require a multifactor authentication, a manager approval or another form of security authentication…the approval determination may designate the user, a group of users, or all of the users (approval determination may designate user is interpreted as designate user already was verified based on login or request session)… the user may continue their work session without the elevated privileges …see par. 27, 47-50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ezra in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further improve user accounts’ levels of authorization to computer systems and software applications, see Ezra, par. 1-3.
As per claims 2, 12, the combination of Vasishth and Ezra discloses wherein the operations further comprise, upon granting the escalated privileges, starting a timer set to expire after an amount of time equal to the specified duration (Ezra: see par. 47). The motivation for claims 2, 12 is the same motivation as in claims 1, 11 above.
As per claims 3, 13, the combination of Vasishth and Ezra discloses wherein the operations further comprise, prior to expiration of the timer: receiving an extension request to extend the specified duration to an extended duration; determining that the extension request is allowable; and based on determining that the extension request is allowable, setting the expiration of the timer to an amount of time equal to the extended duration (Ezra: see par. 37, 47). The motivation for claims 3, 13 is the same motivation as in claims 1, 11 above.
As per claims 9, 19, the combination of Vasishth and Ezra discloses wherein the task comprises upgrading software (Vasishth: see par. 37).
As per claims 10, 20, the combination of Vasishth, Ezra and Reich disclose wherein the task executes on a private cloud (Ezra: see par. 43). The motivation for claims 10, 20 is the same motivation as in claims 1, 11 above.
Claims 6-8, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Vasishth et al (Pub. No. US 2006/0143447) in view of Ezra et al (Pub. No. US 2017/0006044) as applied to claims 1, 11 above, and further in view of Reich et al (Pub. No. US 2020/0065494).
As per claims 6, 16, the combination of Vasishth and Ezra does not explicitly disclose detecting an attempt by the user account to perform the at least one activity. However Reich discloses detecting an attempt by the user account to perform the at least one activity (Reich: see par. 43). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in the combination of Vasishth and Ezra for including the above limitations because one ordinary skill in the art would recognize it would further protect the database from security breaches and passing database compliance audits…see Reich, par. 4.
As per claims 7, 17, the combination of Vasishth, Ezra and Reich further comprising responsive to detecting the attempt by the user account to perform the at least one activity, revoking the escalated privileges granted to the user account associated with identifier (Reich: see par. 32). The motivation for claims 7, 17 is the same motivation as in claims 6, 16 above.
As per claims 8, 18, the combination of Vasishth, Ezra and Reich disclose wherein revoking the escalated privileges granted to the user account comprises revoking the escalated privileges before the specified duration has expired (Reich: see par. 40). The motivation for claims 8, 18 is the same motivation as in claims 6, 16 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to escalating user privileges in cloud computing environments.
Goodridge et al (Pub. No. US 2019/0080081); “Computer Device and Method for Controlling Process Components”;
-Teaches implementing a least-privilege access security model, whereby each user is granted only a minimal set of access privileges for their user account…see par. 60-61.
Wang et al (Pub. No. US 2021/0320927); “System Mode Override During Flow Execution”;
-Teaches creating an employee record for the user during execution of sub-flow…similarly, sub-flows have each been configured with a run as system mode, resulting in escalation of the user’s privileges during the duration of the respective flow…see par. 44.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499