Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the request for Continued Examination (RCE) filed on 11/20/2020, in which Claim(s) 1-4, 7-15 and 18-20 are presented for examination.
Claim(s) 5-6, 16-17 are cancelled.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/20/2020 has been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Attorney Peter Stewart at 704.331.1164 on 01/08/2021.
The application has been amended as follows:
1.  (Currently Amended)  An access control system, comprising:
one or more computer processors; 
a memory, wherein the memory comprises (1) an entitlement database of a resource access manager and (2) a local copy of a distributed electronic ledger; 
a network communication device; and 
an access control module stored in the memory, executable by the one or more computer processors, and configured to perform the steps of:
receiving a request to add one or more entitlement data records to [[a]] the distributed electronic ledger, the distributed electronic ledger comprising a plurality of other entitlement data records, wherein the one or more entitlement data records include one or more permissions for one or more users within an information system to access one or more computing resources of the information system, wherein the one or more entitlement data records comprise one or more digital signatures;
validating the one or more entitlement data records comprises validating the one or more digital signatures;
appending the one or more entitlement data records to the distributed electronic ledger; and
verifying a first entitlement data recordthe local copy of the distributed electronic ledger, wherein the first entitlement data record and the first corresponding entitlement data record are both associated with a first user, wherein the first corresponding entitlement data record comprises a first hash value computed by applying to data about an entitlement of the first user, wherein verifying the first entitlement data record comprises:
calculating, using the hash function, a second hash value based on the first entitlement data record;

identifying a discrepancy between the first hash value and the second hash value; and
in response to identifying the discrepancy between the first hash value and the second hash value, performing an information security action to remediate the discrepancy, wherein the information security action comprises suspending, modifying, or removing one or more entitlements of the first user.

2.  (Previously Presented)  The access control system according to claim 1, wherein verifying the first entitlement data record comprises:
identifying a discrepancy between the first entitlement data record and the first corresponding entitlement data record; and
in response to identifying the discrepancy between the first entitlement data record and the first corresponding entitlement data record, performing an information security action to remediate the discrepancy.  

3.  (Canceled)

4.  (Original)  The access control system according to claim 2, wherein the information security action comprises updating the entitlement database to eliminate the discrepancy.  

5-6. (Canceled) 

7.  (Previously Presented)  The access control system according to claim 1, wherein:
the first corresponding entitlement data record stored in the distributed electronic ledger comprises encrypted data; and
verifying the first entitlement data record comprises:
decrypting the encrypted data; and
comparing the decrypted data with data from the first entitlement data record.



9.  (Canceled) 

10.  (Original)  The access control system according to claim 1, wherein the distributed electronic ledger is a blockchain.

11.  (Original)  The access control system according to claim 1, wherein:
the one or more entitlement data records are associated with provisioning and/or de-provisioning one or more entitlements; and 
the access control system is the resource access manager.

12.  (Currently Amended)	A computer program product for managing user entitlements to computing resources, the computer program product comprising a non-transitory computer-readable storage medium having computer-executable instructions for causing a computer processor to perform the steps of:
receiving a request to add one or more entitlement data records to a distributed electronic ledger, the distributed electronic ledger comprising a plurality of other entitlement data records, wherein the one or more entitlement data records include one or more permissions for one or more users within an information system to access one or more computing resources of the information system, wherein the one or more entitlement data records comprise one or more digital signatures;
validating the one or more entitlement data records comprises validating the one or more digital signatures;
appending the one or more entitlement data records to the distributed electronic ledger; and
verifying a first entitlement data recorda local copy of the by applying to data about an entitlement of the first user, wherein verifying the first entitlement data record comprises:
calculating, using the hash function, a second hash value based on the first entitlement data record;
comparing the first hash value and the second hash value;
identifying a discrepancy between the first hash value and the second hash value; and
in response to identifying the discrepancy between the first hash value and the second hash value, performing an information security action to remediate the discrepancy, wherein the information security action comprises suspending, modifying, or removing one or more entitlements of the first user.

13.  (Previously Presented)  The computer program product according to claim 12, wherein verifying the first entitlement data record comprises:
identifying a discrepancy between the first entitlement data record and the first corresponding entitlement data record; and
in response to identifying the discrepancy between the first entitlement data record and the first corresponding entitlement data record, performing an information security action to remediate the discrepancy.  

14.  (Canceled)

15.  (Original)  The computer program product according to claim 13, wherein the information security action comprises updating the entitlement database to eliminate the discrepancy.  

16-17. (Canceled) 


the first corresponding entitlement data record stored in the distributed electronic ledger comprises encrypted data; and
verifying the first entitlement data record comprises:
decrypting the encrypted data; and
comparing the decrypted data with data from the first entitlement data record.

19.  (Original)  The computer program product according to claim 12, wherein the one or more entitlement data records are appended to the distributed electronic ledger in response to validating the one or more entitlement data records.  

20.  (Currently Amended)  A method of managing user entitlements to computing resources, comprising:
receiving, via a computer processor, a request to add one or more entitlement data records to a distributed electronic ledger, the distributed electronic ledger comprising a plurality of other entitlement data records, wherein the one or more entitlement data records include one or more permissions for one or more users within an information system to access one or more computing resources of the information system, wherein the one or more entitlement data records comprise one or more digital signatures;
validating, via a computer processor, the one or more entitlement data records comprises validating the one or more digital signatures;
appending, via a computer processor, the one or more entitlement data records to the distributed electronic ledger; and
verifying, via a computer processor, a first entitlement data recorda local copy of the distributed electronic ledger, wherein the first entitlement data record and the first corresponding entitlement data record are both associated with a first user, wherein the first corresponding entitlement data record comprises a first hash value computed by applying to data about an entitlement of the first user, wherein verifying the first entitlement data record comprises:
calculating, using the hash function, a second hash value based on the first entitlement data record;
comparing the first hash value and the second hash value;
identifying a discrepancy between the first hash value and the second hash value; and
in response to identifying the discrepancy between the first hash value and the second hash value, performing an information security action to remediate the discrepancy, wherein the information security action comprises suspending, modifying, or removing one or more entitlements of the first user.

Allowable Subject Matter
Claims 1-2, 4, 7-8, 10-13, 15 and 18-20 are allowed.

The following is an examiner’s statement of reasons for allowance: 
Independent Claim(s) and their respective dependent claims are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:
In regards to claim(s) 1, 12 and 20, the prior art of record (Amancherla (Pub. No.: US 2015/0120539 A1; hereinafter Primary Reference) in view Sardesai et al. (Pub. No.: US 2018/0248880 A1; Secondary Reference)) does not disclose:
“receiving a request to add one or more entitlement data records to the distributed electronic ledger, the distributed electronic ledger comprising a plurality of other entitlement data records, wherein the one or more entitlement data records include one or more permissions for one or more users within an information system to access one or more computing resources of the information system, wherein the one or more entitlement data records comprise one or more digital signatures;
validating the one or more entitlement data records comprises validating the one or more digital signatures;
verifying a first entitlement data record stored in the entitlement database by comparing the first entitlement data record with a first corresponding entitlement data record stored in the local copy of the distributed electronic ledger, wherein the first entitlement data record and the first corresponding entitlement data record are both associated with a first user, wherein the first corresponding entitlement data record comprises a first hash value computed by applying a hash function to data about an entitlement of the first user, wherein verifying the first entitlement data record…” in combination with other limitations recited as specified in the independent claim(s). Rather, the primary reference discloses a systems for securely monitoring a balance of a payment account include storing, in a first database, ledger data and storing, in a second database, wallet data.  Wallet data includes a wallet balance value for the payment account.  When a transaction is initiated using the payment account, an access operation is performed on the wallet table.  Illicit or improper modifications can be detected by deriving a ledger comparison value from the ledger data and comparing the derived ledger comparison value to a wallet comparison value from the wallet data. Similarly, the secondary reference discloses a smart contract for permissions to access a service, wherein the smart contract is in an initial block for authorizations in a shared ledger.  The network device receives, from an authorization server device, an update to the shared ledger, wherein the update is a proposed block in the shared ledger requiring validation.  The network device stores, in a local memory, a copy of the shared ledger with the update, when the update is validated by the distributed consensus network.  .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/DAO Q HO/Primary Examiner, Art Unit 2432