Prosecution Insights
Last updated: July 17, 2026
Application No. 18/777,146

Escalating User Privileges in Cloud Computing Environments

Final Rejection §101§103
Filed
Jul 18, 2024
Priority
Sep 19, 2018 — continuation of 11/128,629 +1 more
Examiner
SHEHNI, GHAZAL B
Art Unit
2499
Tech Center
2400 — Computer Networks
Assignee
Google LLC
OA Round
2 (Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
5m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 87% — above average
87%
Career Allowance Rate
940 granted / 1079 resolved
+29.1% vs TC avg
Moderate +13% lift
Without
With
+12.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 5m
Avg Prosecution
24 currently pending
Career history
1101
Total Applications
across all art units

Statute-Specific Performance

§101
2.3%
-37.7% vs TC avg
§103
66.3%
+26.3% vs TC avg
§102
19.1%
-20.9% vs TC avg
§112
2.4%
-37.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 1079 resolved cases

Office Action

§101 §103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following is a final office action in response to communications received 03/26/2026. Claims 1-3, 6-13, 16-18 have been amended. Claims 4, 5, 14, 15 have been cancelled. Therefore, claims 1-3, 6-13, 16-20 are pending and addressed below. Response to Amendment Applicant’s amendments and response to the claims are NOT sufficient to overcome the 35 USC 101 rejections set forth in the previous office action. Terminal Disclaimer was filed and approved on 03/25/2026, therefore Examiner withdraws the Double Patenting rejections. Response to Arguments Applicant’s arguments filed 03/26/2026 have been fully considered but they are persuasive. Applicant argues that 1) the combination of Vasishth and Ezra does not disclose temporarily granting…the escalated privileges to the user account associated with the identifier for a specified duration, the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges, wherein the at least one activity is not associated with the task requiring the escalated privileges. In response to argument 1), Examiner respectfully disagrees. Vasishth disclose temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38. Therefore Examiner maintains that Vasishth does disclose this limitation. Claim Rejections – 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites receiving, from a user of a user account, a request for escalated privileges of the user account to perform a task requiring the escalated privileges…determining that the task requires the escalated privileges…based on determining…temporarily granting the escalated privileges…based on expiration of the specified duration, restoring the specified privileges….The limitations above, as drafted, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “executed by data processing hardware” nothing in the claim element precludes the step from practically being performed in the mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 9, 10-13, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vasishth et al (Pub. No. US 2006/0143447) in view of Ezra et al (Pub. No. US 2017/0006044). As per claim 1, Vasishth discloses a computer-implemented method executed by data processing hardware that causes the data processing hardware to perform operations comprising: receiving, by data processing hardware and from a user of a user account associated with an identifier, a request for escalated privileges of the user account to perform a task requiring the escalated privileges (…a user is called upon to perform a task…such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted (Examiner interprets in the broadest reasonable interpretation that a request initiated for a user (account) to obtain elevated access to complete a specific task)…when a user is called upon to perform a task on a temporary basis that requires access over and above that held for his/her routine job responsibilities…accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38), the escalated privileges greater than specified privileges assigned to the user account (temporary elevated access can be granted…over and above that held for his/her routine job responsibilities…see par. 36, 38), wherein the task is not permitted for the user account while assigned the specified privileges (…requires access over and above that held for his/her routine job responsibilities…will be used only for the purpose for which they were authorized…see par. 36, 38); determining, by the data processing hardware, whether the task requires the escalated privileges, wherein the escalated privileges, if granted to the user, enable the user to perform the task and, if not granted to the user, prevent the user from performing the task (the task as requiring access over and above routine responsibilities… will be used only for the purpose for which they were authorized (Examiner interprets otherwise it is not allowed since the user lacks authorization by default because it states only for the purpose for which they are authorized)…see par. 36, 38); responsive to determining that the task requires the escalated privileges, temporarily granting, by the data processing hardware, the escalated privileges to the user account associated with the identifier for a specified duration (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis… such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted a specified time period in advance of the task completion date (Examiner interprets that task completion date is based on specific duration in order to meet the completion date)… accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38); the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges wherein the at least one activity is not associated with the task requiring the escalated privileges (temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38). Vasishth discloses all “permanent” elevated access, is reviewed for business viability every six months…access is updated as necessary to ensure access is commensurate with current job responsibilities…but Vasishth does not explicitly disclose after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier. However Ezra discloses after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier (…these elevated privileges typically include a time limit …the elevated privileges may have predetermined time period (e.g., of one hour)… which would cause the elevated privileges to expire…the privileged identity management system may require a multifactor authentication, a manager approval or another form of security authentication…the approval determination may designate the user, a group of users, or all of the users (approval determination may designate user is interpreted as designate user already was verified based on login or request session)… the user may continue their work session without the elevated privileges …see par. 27, 47-50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ezra in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further improve user accounts’ levels of authorization to computer systems and software applications, see Ezra, par. 1-3. As per claim 11, Vasishth discloses a system comprising: data processing hardware; and memory hardware in communication with the data processing hardware (see fig.3), the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to: receive from a user of a user account associated with an identifier, a request for escalated privileges of the user account to perform a task requiring the escalated privileges (…a user is called upon to perform a task…such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted (Examiner interprets in the broadest reasonable interpretation that a request initiated for a user (account) to obtain elevated access to complete a specific task)…when a user is called upon to perform a task on a temporary basis that requires access over and above that held for his/her routine job responsibilities…accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38), the escalated privileges greater than specified privileges assigned to the user account (temporary elevated access can be granted…over and above that held for his/her routine job responsibilities…see par. 36, 38), wherein the task is not permitted for the user account while assigned the specified privileges (…requires access over and above that held for his/her routine job responsibilities…will be used only for the purpose for which they were authorized…see par. 36, 38); determine whether the task requires the escalated privileges, wherein the escalated privileges, if granted to the user, enable the user to perform the task and, if not granted to the user, prevent the user from performing the task (the task as requiring access over and above routine responsibilities… will be used only for the purpose for which they were authorized (Examiner interprets otherwise it is not allowed since the user lacks authorization by default because it states only for the purpose for which they are authorized)…see par. 36, 38); responsive to determining that the task requires the escalated privileges, temporarily grant the escalated privileges to the user account associated with the identifier for a specified duration (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis… such temporary tasks are considered to be scheduled work and therefore an associated request must be submitted a specified time period in advance of the task completion date (Examiner interprets that task completion date is based on specific duration in order to meet the completion date)… accounts will be set to required 2-factor authentication, must use a password of 15 or more characters (Examiner interprets authentication relies on Identifier such as username or user ID linked to user account since accounts are required to do 2-factor authentication…so when the user logs to submit the request, they need to provide the Identifier so that the system can verify their 15-character password and then proceed with the 2-factor authentication…), see par. 32-38); the escalated privileges temporarily granted to the user account comprising a restriction prohibiting at least one activity associated with the escalated privileges wherein the at least one activity is not associated with the task requiring the escalated privileges (temporary elevated access can be granted when a user is called upon to perform a task on a temporary basis …will be used only for the purpose for which they were authorized (since will be used ONLY for which they are authorized, therefore Examiner interprets that any activity outside of that will be prohibited), see par. 36, 38). Vasishth discloses all “permanent” elevated access, is reviewed for business viability every six months…access is updated as necessary to ensure access is commensurate with current job responsibilities…but Vasishth does not explicitly disclose after expiration of the specified duration, restoring, by the data processing hardware, the specified privileges to the user account associated with the identifier. However Ezra discloses after expiration of the specified duration, restore the specified privileges to the user account associated with the identifier (…these elevated privileges typically include a time limit …the elevated privileges may have predetermined time period (e.g., of one hour)… which would cause the elevated privileges to expire…the privileged identity management system may require a multifactor authentication, a manager approval or another form of security authentication…the approval determination may designate the user, a group of users, or all of the users (approval determination may designate user is interpreted as designate user already was verified based on login or request session)… the user may continue their work session without the elevated privileges …see par. 27, 47-50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Ezra in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further improve user accounts’ levels of authorization to computer systems and software applications, see Ezra, par. 1-3. As per claims 2, 12, the combination of Vasishth and Ezra discloses wherein the operations further comprise, upon granting the escalated privileges, starting a timer set to expire after an amount of time equal to the specified duration (Ezra: see par. 47). The motivation for claims 2, 12 is the same motivation as in claims 1, 11 above. As per claims 3, 13, the combination of Vasishth and Ezra discloses wherein the operations further comprise, prior to expiration of the timer: receiving an extension request to extend the specified duration to an extended duration; determining that the extension request is allowable; and based on determining that the extension request is allowable, setting the expiration of the timer to an amount of time equal to the extended duration (Ezra: see par. 37, 47). The motivation for claims 3, 13 is the same motivation as in claims 1, 11 above. As per claims 9, 19, the combination of Vasishth and Ezra discloses wherein the task comprises upgrading software (Vasishth: see par. 37). As per claims 10, 20, the combination of Vasishth, Ezra and Reich disclose wherein the task executes on a private cloud (Ezra: see par. 43). The motivation for claims 10, 20 is the same motivation as in claims 1, 11 above. Claims 6-8, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Vasishth et al (Pub. No. US 2006/0143447) in view of Ezra et al (Pub. No. US 2017/0006044) as applied to claims 1, 11 above, and further in view of Reich et al (Pub. No. US 2020/0065494). As per claims 6, 16, the combination of Vasishth and Ezra does not explicitly disclose detecting an attempt by the user account to perform the at least one activity. However Reich discloses detecting an attempt by the user account to perform the at least one activity (Reich: see par. 43). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in the combination of Vasishth and Ezra for including the above limitations because one ordinary skill in the art would recognize it would further protect the database from security breaches and passing database compliance audits…see Reich, par. 4. As per claims 7, 17, the combination of Vasishth, Ezra and Reich further comprising responsive to detecting the attempt by the user account to perform the at least one activity, revoking the escalated privileges granted to the user account associated with identifier (Reich: see par. 32). The motivation for claims 7, 17 is the same motivation as in claims 6, 16 above. As per claims 8, 18, the combination of Vasishth, Ezra and Reich disclose wherein revoking the escalated privileges granted to the user account comprises revoking the escalated privileges before the specified duration has expired (Reich: see par. 40). The motivation for claims 8, 18 is the same motivation as in claims 6, 16 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892). The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to escalating user privileges in cloud computing environments. Goodridge et al (Pub. No. US 2019/0080081); “Computer Device and Method for Controlling Process Components”; -Teaches implementing a least-privilege access security model, whereby each user is granted only a minimal set of access privileges for their user account…see par. 60-61. Wang et al (Pub. No. US 2021/0320927); “System Mode Override During Flow Execution”; -Teaches creating an employee record for the user during execution of sub-flow…similarly, sub-flows have each been configured with a run as system mode, resulting in escalation of the user’s privileges during the duration of the respective flow…see par. 44. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499
Read full office action

Prosecution Timeline

Show 2 earlier events
Feb 17, 2026
Interview Requested
Mar 04, 2026
Applicant Interview (Telephonic)
Mar 04, 2026
Examiner Interview Summary
Mar 26, 2026
Response Filed
May 19, 2026
Final Rejection mailed — §101, §103
Jun 29, 2026
Interview Requested
Jul 08, 2026
Applicant Interview (Telephonic)
Jul 08, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12682039
Concept for Monitoring Software Containers
4y 4m to grant Granted Jul 14, 2026
Patent 12675567
EMBEDDED SYSTEM STARTUP METHOD, STARTUP PROGRAM, AND EMBEDDED SYSTEM
1y 11m to grant Granted Jul 07, 2026
Patent 12664238
Remote Access Control For Digital Hardware
2y 5m to grant Granted Jun 23, 2026
Patent 12652179
BATTERY SYSTEM AND METHOD OF CONFIGURING THE SAME
2y 5m to grant Granted Jun 09, 2026
Patent 12651072
VULNERABILITY MITIGATION USING A RUNTIME AGENT
2y 4m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
99%
With Interview (+12.7%)
2y 5m (~5m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 1079 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month