DETAILED ACTION
Claims 1-20 have been examined and are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) associating a parameter with a user . This judicial exception is not integrated into a practical application because is a method of organizing human activity. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2025/0307361 to Khare et al. (hereinafter “Khare”) and further in view of US Pub. No. 2019/0266320 to Singh (hereinafter “Singh”).
As to Claim 1, Khare discloses a method for managing data access, the method comprising:
receiving a data access request for a user, the data access request including a resource indication of a data resource (Paragraph [0148] of Khare discloses based on a request from the user for access of the data resource);
providing the user a membership of an access group associated with the data resource (Paragraph [0055] of Khare discloses users gain access to SaaS applications based on their group or role membership);
determining a member temporal parameter associated with the data resource based on one or more temporal parameters associated with the access group (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors); and
associating the member temporal parameter with the user (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors);
wherein the method is performed by one or more processors (Paragraph [0156] of Khare discloses executed by one or more processors).
Khare does not explicitly disclose temporal parameters associated with the access group.
However, Singh disclose this. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users.
It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the permissions system as disclosed by Khare, with temporal parameters associated with a group as disclosed by Singh. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Khare and Singh are directed toward permission systems and as such it would be obvious to use the techniques of one in the other. Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors. Paragraph [0149] of Khare discloses update an access permission based on the employees' roles.
As to Claim 2, Khare-Singh discloses the method of claim 1, wherein the one or more temporal parameters associated with the access group include at least one selected from a group consisting of an access duration, an access latest expiration, an access maximum duration, a membership duration, an access expiration, a membership expiration, and a membership maximum duration (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 3, Khare-Singh discloses the method of claim 1, wherein the one or more temporal parameters include a first temporal parameter and a second temporal parameter, wherein the first temporal parameter is different from the second temporal parameter, wherein the member temporal parameter is the first temporal parameter and the second temporal parameter (Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 4, Khare-Singh discloses the method of claim 1, wherein the one or more temporal parameters include a first temporal parameter and a second temporal parameter; wherein the first temporal parameter is different from the second temporal parameter, wherein the first temporal parameter is set to a first time value and the second temporal parameter is set to a second time value; wherein the determining a member temporal parameter includes: determining a specific time value based on the first time value and the second time value; and set the specific time value to the member temporal parameter (Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 5, Khare-Singh discloses the method of claim 4, wherein the specific time value is an earlier time value between the first time value and the second time value (Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 6, Khare-Singh discloses the method of claim 1, wherein the determining a member temporal parameter includes: traversing a group hierarchy associated with the access group, the group hierarchy including a plurality of groups, the plurality of groups including the access group; determining one or more temporal parameters associated with the plurality of groups; and determining the member temporal parameter based at least in part on the one or more temporal parameters associated with the plurality of groups (Paragraph [0083] of Khare discloses A userGroup can be a member of one or more roles. Roles can be nested. Roles can have child roles. Roles can have permission to one or more data resources. The relationship between an applicationAccount and a resource may be specified by an accessTo data object that specifies the role that has access permission to the resource. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 7, Khare-Singh discloses the method of claim 1, wherein the data resource is a first data resource and the member temporal parameter is a first member temporal parameter; wherein the method further comprises: determining a second member temporal parameter associated with a second data resource different from the first data resource; wherein the second member temporal parameter is different than the first member temporal parameter in a parameter type and/or a parameter value (Paragraph [0083] of Khare discloses A userGroup can be a member of one or more roles. Roles can be nested. Roles can have child roles. Roles can have permission to one or more data resources. The relationship between an applicationAccount and a resource may be specified by an accessTo data object that specifies the role that has access permission to the resource).
As to Claim 8, Khare-Singh discloses the method of claim 1, wherein the member temporal parameter is associated with a first predetermined access; wherein the member temporal parameter has a first time value associated with the first predetermined access of the user; wherein the method further comprises: determining a second time value associated with a second predetermined access of the user for the member temporal parameter, the second predetermined access being different from the first predetermined access, the second time value being different from the first time value (Paragraph [0035] of Khare discloses user authentication details may include user accounts, roles, or unique identifiers, while timestamps indicate the exact date and time of access).
As to Claim 9, Khare-Singh discloses the method of claim 1, further comprising: auditing a plurality of data accesses associated with a plurality of members in the access group; and determining a compliance to the plurality of data accesses for the plurality of members in the access group (Paragraph [0152] of Khare discloses determines an employ does not meet the compliance and/or training requirement, the data management server 130 may revoke the access of related resources and/or notify the employees and their managers).
As to Claim 10, Khare-Singh discloses the method of claim 1, wherein the data access request includes a time-based value; wherein the determining a member temporal parameter for the user includes determining the member temporal parameter based at least in part on the time-based value (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors).
As to Claim 11, Khare-Singh discloses the method of claim 1, wherein the access group is a first access group and the member temporal parameter is a first member temporal parameter, wherein the method further comprises: determining a second member temporal parameter for the user associated with a second access group different from the first access group; wherein the second member temporal parameter is different than the first member temporal parameter in a parameter type and/or a parameter value (Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 12, Khare-Singh discloses the method of claim 1, wherein the determining a member temporal parameter includes: determining the member temporal parameter using a machine-learning model based at least in part on at least one selected from a group consisting of the access group, the data resource, one or more temporal parameters associated with the access group, and the data access request (Paragraph [0170] of Khare discloses the graph engine 280 may categorize users into sub-groups based on their usage patterns, such as how they utilize access permissions. Methods like K-Means clustering, hierarchical clustering, and machine learning models may be employed to cluster users (e.g., named entities) according to similarities in their access utilization patterns. Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors).
As to Claim 13, Khare-Singh discloses the method of claim 12, wherein the machine-learning model includes a large language model (Paragraph [0172] of Deep learning techniques such as neural networks, including convolutional neural networks (CNN), recurrent neural networks (RNN) and long short-term memory networks (LSTM), may also be used).
As to Claim 14, Khare-Singh discloses the method of claim 1, further comprising: generating an access explanation using a machine-learning model based at least in part on at least one selected from a group consisting of the access group, the data resource, the data access request, and the member temporal parameter (Paragraph [0170] of Khare discloses the graph engine 280 may categorize users into sub-groups based on their usage patterns, such as how they utilize access permissions. Methods like K-Means clustering, hierarchical clustering, and machine learning models may be employed to cluster users (e.g., named entities) according to similarities in their access utilization patterns. Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors).
As to Claim 15, Khare-Singh discloses the method of claim 14, wherein the machine-learning model includes a large language model (Paragraph [0172] of Deep learning techniques such as neural networks, including convolutional neural networks (CNN), recurrent neural networks (RNN) and long short-term memory networks (LSTM), may also be used).
As to Claim 16, Khare-Singh discloses the method of claim 1, further comprising: based on the member temporal parameter, automatically removing the user from the access group (Paragraph [0165] of Khare discloses a policy may define, based on the least permission principle, that an access to a data resource should be revoked after a non-use for a threshold period of time).
As to Claim 17, Khare discloses a system for managing data access, the system comprising: one or more memories comprising instructions stored thereon; and one or more processors configured to execute the instructions and perform operations comprising:
receiving a data access request for a user, the data access request including a resource indication of a data resource (Paragraph [0148] of Khare discloses based on a request from the user for access of the data resource);
providing the user a membership of an access group associated with the data resource (Paragraph [0055] of Khare discloses users gain access to SaaS applications based on their group or role membership);
determining a member temporal parameter associated with the data resource based on one or more temporal parameters associated with the access group (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors); and
associating the member temporal parameter with the user (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors).
Khare does not explicitly disclose temporal parameters associated with the access group.
However, Singh disclose this. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users.
Examiner recites the same rationale to combine used for claim 1.
As to Claim 18, Khare-Singh discloses the system of claim 17, wherein the one or more temporal parameters associated with the access group include at least one selected from a group consisting of an access duration, an access expiration, an access maximum duration, a membership expiration, a membership duration, and a membership maximum duration (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 19, Khare-Singh discloses the system of claim 17, wherein the one or more temporal parameters include a first temporal parameter and a second temporal parameter; wherein the first temporal parameter is different from the second temporal parameter, wherein the first temporal parameter is set to a first time value and the second temporal parameter is set to a second time value; wherein the determining a member temporal parameter includes: determining a specific time value based on the first time value and the second time value; and set the specific time value to the member temporal parameter (Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users. Set the time/day/week/month/year for use for an individual user with these permissions being subject to, and only more restrictive than their associated group permissions).
Examiner recites the same rationale to combine used for claim 1.
As to Claim 20, Khare discloses a non-transitory computer-readable storage medium having instructions for managing data access that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
receiving a data access request for a user, the data access request including a resource indication of a data resource (Paragraph [0148] of Khare discloses based on a request from the user for access of the data resource);
providing the user a membership of an access group associated with the data resource (Paragraph [0055] of Khare discloses users gain access to SaaS applications based on their group or role membership);
determining a member temporal parameter associated with the data resource based on one or more temporal parameters associated with the access group (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors); and
associating the member temporal parameter with the user (Paragraph [0148] of Khare discloses the access permission may be limited in scope, time, duration, or by other factors).
Khare does not explicitly disclose temporal parameters associated with the access group.
However, Singh disclose this. Paragraph [0048] of Singh discloses set the time/day/week/month/year for use for each of the groups of users.
Examiner recites the same rationale to combine used for claim 1.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KEVIN S MAI/Primary Examiner, Art Unit 2499