DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/19/2021 has been entered.

The following is a non-final office action in response to communications received 01/19/2021. Claims 1-5, 8-22 are pending and addressed below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
Claim 5 recites “…monitoring for another indication…a periodic job of inspecting specified objects on one or more target server nodes…”. There is insufficient antecedent basis for this limitation in the claim. Examiner suggests changing “one or more target server nodes” to “the one or more server nodes”. Appropriate correction is required. Also Examiner suggests to clarify the claim language reciting “another one of the one or more prohibited activities…another remediation…” and if they are different from prohibited activities and remediation cited in claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-22 are rejected under 35 U.S.C. 103 as being unpatentable over Fleischman et al (Pub. No. US 2012/0254946) in view of Seigel et al (Pub. No. US 2017/0161503) and in further view of Parimi et al (Pub. No. US 2017/0295197). 

As per claims 1, 21, 22, Fleischman discloses a method comprising:
by a computing device, providing a computing environment comprising a plurality of user accounts, wherein each of the user accounts is assigned specified privileges to execute particular commands or programs (…see fig. 1, user accounts with each user1, user2, user3…having specific levels of privileges…see par. 21); by the computing device, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, wherein the request comprises an identifier of the user account, requested privileges, and the specified duration (…see fig.2 &3 , a second entity may request to register a user account to elevate a privilege level of the particular user account…and may submit an asset identifier…and verification ticket including duration restriction…see par. 26-27, 40); by the computing device, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges (verification tickets may be generated with one or more verification ticket restrictions that limit the use of the verification ticket in or more ways…such verification ticket restrictions may be selected from a verification ticket restriction set, including a verification ticket duration restriction that limits the period of time…see par. 40). Fleischman does not explicitly disclose by the computing device, during the specified duration, monitoring for an indication that the user account has attempted one of the one or more prohibited activities by performing a periodic job of inspecting specified objects on one or more target server nodes; by the computing device, while performing the periodic job of inspecting the specified objects on the one or more target server nodes during the specified duration, detecting the indication that the user account attempted the one of the one or more prohibited activities when the user account with the escalated privileges modified one of the specified objects on the one or more target server nodes. However Seigel discloses by the computing device, during the specified duration, monitoring for an indication that the user account has attempted one of the one or more prohibited activities by performing a periodic job of inspecting specified objects on one or more target server nodes; by the computing device, while performing the periodic job of inspecting the specified objects on the one or more target server nodes during the specified duration, detecting the indication that the user account attempted the one of the one or more prohibited activities when the user account with the escalated privileges modified one of the specified objects on the one or more target server nodes (…a risk indicator may be determined for individual user accounts that have relatively high access privileges by analyzing event logs generated as a result of activities performed by the user accounts within a period of time…a risk indicator may be determined for each activity identified by an event log…the risk indicators and the cumulative risk indicators may take into account one or more event logs generated within a particular time period, resources that were accessed by the activities, a frequency with which the resources were accessed within the a particular time period, a classification (e.g. public, internal, confidential, restricted) associated with the resources that were accessed…see par. 28-29…the software application may determine information associated with each event log, such as a type of activity that was performed, …a classification of the resource…and may determine a risk indicator associated with each event log…see par. 60-61). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in Fleischman for including the above limitations because one ordinary skill in the art would recognize it would further maintain a security system by recognizing legitimate activities from unauthorized access of data, see Seigel, par. 4. The combination of Fleischman and Seigel does not explicitly disclose by the computing device, initiating an automated remediation corresponding to the indication. However Parimi discloses by the computing device, initiating an automated remediation corresponding to the indication (…the infrastructure security configuration may be analyzed based on the security rule…operations may be performed to detect violation of security rules…the infrastructures and a set of common vulnerabilities and exposures…are monitored using infrastructure security server…a set of devices and a user are alerted about any violations…and modifications are suggested as a remediation for the violation…see par. 61). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Parimi in the combination of Fleischman and Seigel for including the above limitations because one ordinary skill in the art would recognize it would further improve the security issues that should be addressed to prevent vulnerabilities, see Parimi par. 5.


As per claim 2, the combination of Fleischman, Seigel and Parimi discloses starting a timer for the specified duration upon granting the requested privileges (Fleischman: see two weeks from the date of generation…par. 40).


As per claim 3, the combination of Fleischman, Seigel and Parimi discloses upon expiration of the timer, restoring privileges for the one of the user accounts to the previous privileges assigned to the one of the user accounts before the escalation of privileges (Fleischman: see par. 40).


As per claim 4, the combination of Fleischman, Seigel and Parimi discloses receiving a request to extend the specified duration to an extended duration; determining whether the request is allowable; and resetting, in response to the determination, the timer for the extended duration (Seigel: see par. 18). The motivation for claim is the same motivation set forth for claim 1 above.


As per claim 5, the combination of Fleischman, Seigel and Parimi discloses during the specified duration: by the computing device, monitoring for another indication that the user account has attempted another one of the one or more prohibited activities by performing a periodic job of inspecting specified objects on one or more target server nodes; by the computing device, while performing the periodic job of inspecting specified objects on the one or more target server nodes during the specified duration, detecting another indication that the user account attempted the one of the one or more prohibited activities when the user account with the escalated privileges modified one of the specified objects on the one or more target server nodes (…a risk indicator may be determined for individual user accounts that have relatively high access privileges by analyzing event logs generated as a result of activities performed by the user accounts within a period of time…a risk indicator may be determined for each activity identified by an event log…the risk indicators and the cumulative risk indicators may take into account one or more event logs generated within a particular time period, resources that were accessed by the activities, a frequency with which the resources were accessed within the a particular time period, a classification (e.g. public, internal, confidential, restricted) associated with the resources that were accessed…see par. 28-29…the software application may determine information associated with each event log, such as a type of activity that was performed, …a classification of the resource…and may determine a risk indicator associated with each event log…see par. 60-61). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in Fleischman for including the above limitations because one ordinary skill in the art would recognize it would further maintain a security system by recognizing legitimate activities from unauthorized access of data, see Seigel, par. 4. The combination of Fleischman and Seigel does not explicitly disclose by the computing device, initiating another automated remediation corresponding to the indication. However Parimi discloses by the computing device, initiating another automated remediation corresponding to the indication (…the infrastructure security configuration may be analyzed based on the security rule…operations may be performed to detect violation of security rules…the infrastructures and a set of common vulnerabilities and exposures…are monitored using infrastructure security server…a set of devices and a user are alerted about any violations…and modifications are suggested as a remediation for the violation…see par. 61). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Parimi in the combination of Fleischman and Seigel for 


As per claim 8, the combination of Fleischman, Seigel and Parimi discloses wherein an interval for the periodic job is determined such that the indication can be detected with a delay less than a threshold (Seigel: see par. 18). The motivation for claim is the same motivation set forth for claim 1 above.

9.    (Currently Amended) The method of Claim[[ 5]]J_, wherein the particular event comprises creating a new administrator account (Fleischman: see par. 21).

10.    (Currently Amended) The method of Claim 9, wherein the automated remediation corresponding to the other indication comprises deleting the created new administrator account (Parimi: see par. 41). The motivation for claim is the same motivation set forth for claim 1 above.


11.    (Currently Amended) The method of Claim[[ 5]]J_, wherein the particular event comprises deleting another administrator account (Parimi: see par. 41). The motivation for claim is the same motivation set forth for claim 1 above.


12.    (Currently Amended) The method of Claim 11, wherein the automated remediation corresponding to the other indication comprises re-creating another administrator account with identical privileges as before (Parimi: see par. 67). The motivation for claim is the same motivation set forth for claim 1 above.


As per claim 13, the combination of Fleischman, Seigel and Parimi discloses wherein the specified objects comprise one or more system configuration files (Fleischman: see par. 28).


As per claim 14, the combination of Fleischman, Seigel and Parimi discloses wherein the automated remediation corresponding to the indication comprises restoring the one or more system configuration files to their previous states (Fleischman: see par. 32).


As per Claim 15, the combination of Fleischman, Seigel and Parimi discloses backing up the one or more system configuration files before granting the requested privileges (Fleischman: see par. 32).

As per claim 16, the combination of Fleischman, Seigel and Parimi discloses wherein the automated remediation corresponding to the indication comprises providing alerts to one or more registered system administrators (Parimi: see par. 61). The motivation for claim is the same motivation set forth for claim 1 above.


As per claim 17, the combination of Fleischman, Seigel and Parimi discloses wherein the request comprises an identifier for a task that needs to be performed by the one of the user accounts during the specified duration (Seigel: see par. 18). The motivation for claim is the same motivation set forth for claim 1 above.


As per claim 18, the combination of Fleischman, Seigel and Parimi discloses evaluating whether the requested privileges are required to perform the task and whether temporarily granting the requested privileges to the one of the user accounts is allowable; and rejecting the request if the requested privileges are not required to perform the task or if temporarily granting the requested privileges to the one of the user accounts is not allowable (Fleischman: see par. 44-45).


As per claim 19, the combination of Fleischman, Seigel and Parimi discloses wherein the computing environment comprises a plurality of management components, the request comprises request for escalation of privileges for any combination of the plurality of management components (Fleischman: 26-27, 40).


As per claim 20, the combination of Fleischman, Seigel and Parimi discloses wherein an external computing environment is connected to the computing environment, privileges of users in the external computing environment are lowered, and wherein privileges of the user in the external computing environment are escalated upon a request (Fleischman: see par. 40, 44).




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to user account management in cloud computing environments.

Mehr et al (Pub. No. US 2013/0086641); “System and Method for Validating Users Using Social Network or Other Information from a Web Site”
-Teaches granting at least one privilege to a user on a first web site, the system including a registration manager having an input coupled for receiving information that can be sued to access the user’s account on a second web site (see par. 56-57).

Bailor et al (Pub. No US 2015/0310195); “Characterizing User Behavior via Intelligent Identity Analytics”
-Teaches a basis for automated reviews of user accounts for reasonability by using behavioral analysis to identify and protect against outlier activities, identify credential data attributes, and access privileges (see par. 141-142).




Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479.  The examiner can normally be reached on Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436