DETAILED ACTION
This Office Action is in response to amendment filed 10/27/2020 for the application 16/143,781.
Claims 8, 9, 18, 19, and 21 have been canceled.  Claims 1, 10, 11, and 20 have been amended.  Claims 1-7, 10-17, and 20 have been examined and are pending.  Claims 1 and 11 are independent claims.  
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made FINAL.


Response to Arguments
The nonobviousness type double patent rejection of claims 1-21 is withdrawn in light of the terminal disclaimer filed 10/27/2020 which was approved 10/29/2020.
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 10/27/2020, with respect to the rejections of claims 1-7, 10-17, and 20 have been fully considered but are not persuasive.
Applicant asserts as follows:  Claim 1 has been amended to recite the features of “identify a change in access privileges for at least one employee of the organization based on the first indication and the permissions data”, “determine that the change in access privileges requires approval from at least one authorized permissions management entity”, “configure an account at the protected resource that is associated with the at least one 
Examiner respectfully notes that Prokupets, in paragraph 0060, discloses identify a change in access privileges for at least one employee of the organization based on the first indication and the permissions data; in paragraph 0039, determine that the change in access privileges requires approval from at least one authorized permissions management entity; and, in paragraph 0039, receive, from the at least one authorized permissions management entity, an indication of approval for the change in access privileges.  Dasgupta, in paragraph 0028, discloses configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
Applicant argues as follows:  The cited references fail to teach, at least, the feature of “configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges” as set forth in amended claim 1. The Office Action alleged, at pages 13-14, that Dasgupta discloses “wherein the processor is configured to: determine that the change in access privileges requires approval from at least one authorized permissions management entity; and in response to the determining, generate a request to obtain approval for the change in access privileges”. As support for this assertion, the Office Action cited paragraphs [0063] and [0074] of Dasgupta.
Examiner respectfully disagrees.  Dasgupta, in paragraph 0028, discloses configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claim 1, 2, 4-7, 11, 12, and 14-17, and 20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable
Regarding claim 1, Prokupets discloses a computing system, comprising:
a communications module communicable with an external network; a memory (Prokupets, paragraph 0021, “The security server 12 represents a network capable computer system, and memory storing central database 14 may be a hard disk drive, or a separate memory storage unit coupled to the security server 12.  The security server 12 is connected to facility protection systems 22 and information systems 18, via a network 20, in which systems 18 and 22, and security server 12, each have an interface (hardware and software) enabling network communication.”); and
a processor coupled to the communications module and the memory (Prokupets, paragraph 0034, “The security server 12 receives each of the event data packets at an event transaction processor 13 for determination of actions, if any, the system 10 will take, and, depending on the event received, sending action data packets automatically and in real-time to systems 18 and 22 to take appropriate action.”)  , the processor being configured to:
obtain, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first record of the organization, the first record indicating an employee status associated with each of one or more of the employees (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., change in a first employee structure], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If so, the business rules for the affected data are looked up, such as in a table of the central database 14 (step 88a) and then the security server 12 check if it needs to be applied (step 88b).  Business rules represent when the action taken requires that data stored in the HR system's database [i.e., human resources database of an organization] be changed.  If no business rules are found, or if the business rules found require only that notification be provided, the no branch from step 88b is taken to step 90 to send an update transaction to the HR system to notify personnel in HR, such as in a log.  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”);
retrieve permissions data defining access privileges corresponding to one or more employee statuses for accessing a protected resource (Prokupets, paragraph 0047, “If a user record in the User Table is changed (added, deleted, or updated), and such changes may effect security access to information systems 18, especially if the user record is deleted, or fields of the user record associated with access privileges, such as status or employee type, have changed.  Changes in user records effecting security access are downloaded (distributed) to information systems.”);
identify a change in access privileges for at least one employee of the organization based on the first indication and the permissions data (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., permissions data], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.”);
determine that the change in access privileges requires approval from at least one authorized permissions management entity (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
receive, from the at least one authorized permissions management entity, an indication of approval for the change in access privileges  (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
in response to receiving the indication of approval, update a user permissions database associated with the protected resource to indicate the change in access privileges for the at least one employee (Prokupets, paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”);
 the user permissions database indicating access privileges for employees of the organization that are authorized to access the protected resource (Prokupets, paragraph 0045, “Optionally, an information system 18 may use the information about the user provided by the security server 12 to assign access privileges in terms of which resources such user may access, or time of day or specific terminals or computers access is to be made available.  Such assigned privileges by the information system is stored in each respective information system and can be accessed and modified by the security server 12 via a query command in an action data packet with using SIDs or Login ID.”; paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”)).
Prokupets discloses a record but does not explicitly disclose an employee structure; configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change.
However, in an analogous art, Dasgupta discloses an employee structure (Dasgupta, paragraph 0029, “each organization has a specific hierarchical employee structure, roles and task assignments.  An "employee" is a person (such as, but not limited to, a worker, contractor, officer, agent, independent subcontractor, or other individual) in or connected to the organization who has a role and performs different tasks/activities based on his/her job description.  The "role" is a basis for establishing access control policies or a specific task competency for a user, including, but not limited to, a manager, supervisor, developer, or analyst.  Roles define which individuals are allowed to access specific resources for a specific purpose.”);
configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dasgupta with the system/method of Prokupets to include an employee structure; configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change.

One would have been motivated to provide users with the benefits of greater security and control over access to classified files and documents (Dasgupta: paragraph 0008).
Regarding claim 2, Prokupets and Dasgupta disclose the computing device of (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired, causing an event transaction which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”).
Regarding claim 4, Prokupets and Dasgupta disclose the computing device of claim 1.  Prokupets discloses wherein the processor is further configured to transmit, to the first client server, a request to receive the employee data (Prokupets, paragraph 0034, “An illustration of the process in system 10 for an event data packet transmitted from the access control system 22a to security server 12 is shown in FIG. 2, in which action data packets may be sent to each of the information systems 18 to cause actions to take place in such systems to protect information property, as shown in FIGS. 5A and 5B.”).
Regarding claim 5, Prokupets and Dasgupta disclose the computing device of claim 1.  Dasgupta discloses wherein the permissions data comprises a mapping of employee statuses to corresponding access privileges for accessing the protected resource (Dasgupta, paragraph 0045, “FIG. 5 shows the role-activity mapping for the organization.  Some of the employees in same role can have some common activities.  From the raw data set it can be seen that A3[4] (patch analysis and apply patch) and A3[6] (push OS and DB patch to OS admin) have common employees.  For example, the employee who submits a patch request can also analyze the patch and apply it.  Hence, the intersection of E34 and E36 is non-empty, i.e., (E34.andgate.E36).noteq..PHI..  Detailed information regarding the number of common employees can be seen in FIG. 6.”). The rationale is the same as that of the claim from which this claim depends.
Regarding claim 6, Prokupets and Dasgupta disclose the computing device of claim 1.  Dasgupta discloses wherein the processor is further configured to: receive, from a first user device, a request to access the protected resource; and determine that a user associated with the first user device has access privilege for accessing the protected resource (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”). The rationale is the same as that of the claim from which 
Regarding claim 7, Prokupets and Dasgupta disclose the computing device of claim 6.  Prokupets discloses wherein determining that the user associated with the first user device has access privilege comprises comparing a first employee identifier associated with the user against the user permissions database (Prokupets, paragraph 0038, “For example, user data stored in the central database may include information regarding the type of user (or employee type) as researcher, sales, contractor, or any other type that may characterize particular access privileges to areas of a building and type of information.  An access privileges lookup table in memory of the central database 14 associates user data, such as type of user and/or time periods/shifts, to one of different access privileges in the access control system 22a.”).

Regarding claim 11, Prokupets discloses a method for managing access privileges, comprising:
obtaining, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first record of the organization, the first record indicating an employee status associated with each of one or more of the employees (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., change in a first employee structure], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If so, the business rules for the affected data are looked up, such as in a table of the central database 14 (step 88a) and then the security server 12 check if it needs to be applied (step 88b).  Business rules represent when the action taken requires that data stored in the HR system's database [i.e., human resources database of an organization] be changed.  If no business rules are found, or if the business rules found require only that notification be provided, the no branch from step 88b is taken to step 90 to send an update transaction to the HR system to notify personnel in HR, such as in a log.  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”);
retrieving permissions data defining access privileges corresponding to one or more employee statuses for accessing a protected resource (Prokupets, paragraph 0047, “If a user record in the User Table is changed (added, deleted, or updated), and such changes may effect security access to information systems 18, especially if the user record is deleted, or fields of the user record associated with access privileges, such as status or employee type, have changed.  Changes in user records effecting security access are downloaded (distributed) to information systems.”);
identifying a change in access privileges for at least one employee of the organization based on the first indication and the permissions data (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., permissions data], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.”);
determining that the change in access privileges requires approval from at least one authorized permissions management entity (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
receiving, from the at least one authorized permissions management entity, an indication of approval for the change in access privileges (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
in response to receiving the indication of approval, updating a user permissions database associated with the protected resource to indicate the change in access privileges for the at least one employee, the user permissions database indicating access privileges for employees of the organization that are authorized to access the protected (Prokupets, paragraph 0045, “Optionally, an information system 18 may use the information about the user provided by the security server 12 to assign access privileges in terms of which resources such user may access, or time of day or specific terminals or computers access is to be made available.  Such assigned privileges by the information system is stored in each respective information system and can be accessed and modified by the security server 12 via a query command in an action data packet with using SIDs or Login ID.”; paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”)).
Prokupets discloses a record but does not explicitly disclose an employee structure; configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
However, in an analogous art, Dasgupta discloses an employee structure (Dasgupta, paragraph 0029, “each organization has a specific hierarchical employee structure, roles and task assignments.  An "employee" is a person (such as, but not limited to, a worker, contractor, officer, agent, independent subcontractor, or other individual) in or connected to the organization who has a role and performs different tasks/activities based on his/her job description.  The "role" is a basis for establishing access control policies or a specific task competency for a user, including, but not limited to, a manager, supervisor, developer, or analyst.  Roles define which individuals are allowed to access specific resources for a specific purpose.”);
configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dasgupta with the system/method of Prokupets to include an employee structure; configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
One would have been motivated to provide users with the benefits of greater security and control over access to classified files and documents (Dasgupta: paragraph 0008).
Regarding claim 12, Prokupets and Dasgupta disclose the method of claim 11.  Prokupets discloses further comprising obtaining a second indication of a change in the permissions data, and wherein the user permissions database is updated based on at least one of the first indication and the second indication (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired, causing an event transaction which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”).
Regarding claim 14, Prokupets and Dasgupta disclose the method of claim 11. Prokupets discloses further comprising transmitting, to the first client server, a request to receive the employee data (Prokupets, paragraph 0034, “An illustration of the process in system 10 for an event data packet transmitted from the access control system 22a to security server 12 is shown in FIG. 2, in which action data packets may be sent to each of the information systems 18 to cause actions to take place in such systems to protect information property, as shown in FIGS. 5A and 5B.”).
Regarding claim 15, Prokupets and Dasgupta disclose the method of claim 11.  Dasgupta discloses wherein the permissions data comprises a mapping of employee statuses to corresponding access privileges for accessing the protected resource (Dasgupta, paragraph 0045, “FIG. 5 shows the role-activity mapping for the organization.  Some of the employees in same role can have some common activities.  From the raw data set it can be seen that A3[4] (patch analysis and apply patch) and A3[6] (push OS and DB patch to OS admin) have common employees.  For example, the employee who submits a patch request can also analyze the patch and apply it.  Hence, the intersection of E34 and E36 is non-empty, i.e., (E34.andgate.E36).noteq..PHI..  Detailed information regarding the number of common employees can be seen in FIG. 6.”).  The rationale is the same as that of the claim from which this claim depends.
Regarding claim 16, Prokupets and Dasgupta disclose the method of claim 11.  Dasgupta discloses further comprising: receiving, from a first user device, a request to access the protected resource; and determining that a user associated with the first user device has access privilege for accessing the protected resource (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).    The rationale is the same as that of the claim from which this claim depends.
Regarding claim 17, Prokupets and Dasgupta disclose the method of claim 16.  Prokupets discloses wherein determining that the user associated with the first user device has access privilege comprises comparing a first employee identifier associated with the user against the user permissions database (Prokupets, paragraph 0038, “For example, user data stored in the central database may include information regarding the type of user (or employee type) as researcher, sales, contractor, or any other type that may characterize particular access privileges to areas of a building and type of information.  An access privileges lookup table in memory of the central database 14 associates user data, such as type of user and/or time periods/shifts, to one of different access privileges in the access control system 22a.”)
Claims 3 and 13 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Prokupets (US20030023874), filed July 16, 2001, in view of Dasgupta (US20190312881), filed on April 10, 2018, and further in view of Szor (US7665139), filed December 16, 2005.
Regarding claim 3, Prokupets and Dasgupta disclose the computing device of claim 2.
Prokupets discloses wherein updating the user permissions database comprises: detecting a change in access privileges for at least one employee based on the comparing; and updating the user permissions database to reflect the detected change in access privileges (Prokupets, paragraph 0011, “The security server further updates access privileges to information systems when user data affecting security is changed (added, deleted, or revised) in the central database.  Such changes may be made as a result of changes in an external database or repository such as maintained by a human resources (HR) department of an organization, in which changes in the external database are mapped by the security server to records of tables stored in the central database for such user data.”).

However, in an analogous art, Szor discloses generating a first permissions list based on associating the one or more employees with access privileges corresponding to their respective employee status using the permissions data  (Szor, col. 3, lines 34-44, “If a reference copy of the critical token has been generated, the call to the open token function is completed (operation 230).  Alternatively, if a reference copy of the critical token has not been generated, the initial privilege list is obtained (operation 226).  A reference copy of the initial privilege list is generated (operation 228) and the call is completed, e.g., the caller is returned to (operation 230).  In one embodiment, the reference copy includes a copy of the initial privilege list and is associated with the token handle, which is used as the identifier of the reference copy and saved as an entry in a memory structure, such as a reference copy database.”; col. 8, lines 44-50, “In GENERATE REFERENCE COPY operation 228, a reference copy of the initial privilege list returned in operation 226 is generated.  In one embodiment, the reference copy together with an identifier is saved as an entry to a reference copy database.  In one embodiment, the associated token handle is the identifier of the reference copy.”);
comparing the first permissions list with a second permissions list, the second permissions list indicating previously approved access privileges for the employees (Szor, col. 3, lines 45-59, “Different from a call to an open token function, when a call to a set token function is received (operations 208, 210 and 214), in one embodiment, the method further includes stalling the call to the set token function (operation 234) and determining whether the call to the set token function identifies an access token having a saved reference copy (operation 236).  If the call to the set token function does not identify an access token having a saved reference copy, the call is released and allowed to complete (operation 242).  Alternatively, if the call to the set token function identifies an access token having a saved reference copy, the current privilege list identified in the call to the set token function is compared to the initial privilege list in the reference copy (operation 238) to identify any changes in the current privilege list from the initial privilege list.”; col. 9, line 59, through col. 10, line 3, “In COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, the current privilege list identified in the call to the set token function is compared to the initial privilege list of the reference copy to determine any changes.  In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.  From COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, processing transitions to a MALICIOUS CHANGE(S) check operation 240.”). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Szor with the system/method of Prokupets and Dasgupta to include generating a first permissions list based on associating the one or more employees with access privileges 
One would have been motivated to provide users with the benefits of detecting and preventing malicious changes to tokens (Szor: col. 1, lines 9-12).
Regarding claim 13, Prokupets and Dasgupta disclose the method of claim 12.  
Prokupets discloses wherein updating the user permissions database comprises: detecting a change in access privileges for at least one employee based on the comparing; and updating the user permissions database to reflect the detected change in access privileges.(Prokupets, paragraph 0011, “The security server further updates access privileges to information systems when user data affecting security is changed (added, deleted, or revised) in the central database.  Such changes may be made as a result of changes in an external database or repository such as maintained by a human resources (HR) department of an organization, in which changes in the external database are mapped by the security server to records of tables stored in the central database for such user data.”).
Prokupets and Dasgupta do not explicitly disclose generating a first permissions list based on associating the one or more employees with access privileges corresponding to their respective employee status using the permissions data; comparing the first permissions list with a second permissions list, the second permissions list indicating 
However, in an analogous art, Szor discloses generating a first permissions list based on associating the one or more employees with access privileges corresponding to their respective employee status using the permissions data (Szor, col. 3, lines 34-44, “If a reference copy of the critical token has been generated, the call to the open token function is completed (operation 230).  Alternatively, if a reference copy of the critical token has not been generated, the initial privilege list is obtained (operation 226).  A reference copy of the initial privilege list is generated (operation 228) and the call is completed, e.g., the caller is returned to (operation 230).  In one embodiment, the reference copy includes a copy of the initial privilege list and is associated with the token handle, which is used as the identifier of the reference copy and saved as an entry in a memory structure, such as a reference copy database.”; col. 8, lines 44-50, “In GENERATE REFERENCE COPY operation 228, a reference copy of the initial privilege list returned in operation 226 is generated.  In one embodiment, the reference copy together with an identifier is saved as an entry to a reference copy database.  In one embodiment, the associated token handle is the identifier of the reference copy.”);
comparing the first permissions list with a second permissions list, the second permissions list indicating previously approved access privileges for the employees for accessing the protected resource (Szor, col. 3, lines 45-59, “Different from a call to an open token function, when a call to a set token function is received (operations 208, 210 and 214), in one embodiment, the method further includes stalling the call to the set token function (operation 234) and determining whether the call to the set token function identifies an access token having a saved reference copy (operation 236).  If the call to the set token function does not identify an access token having a saved reference copy, the call is released and allowed to complete (operation 242).  Alternatively, if the call to the set token function identifies an access token having a saved reference copy, the current privilege list identified in the call to the set token function is compared to the initial privilege list in the reference copy (operation 238) to identify any changes in the current privilege list from the initial privilege list.”; col. 9, line 59, through col. 10, line 3, “In COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, the current privilege list identified in the call to the set token function is compared to the initial privilege list of the reference copy to determine any changes.  In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.  From COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, processing transitions to a MALICIOUS CHANGE(S) check operation 240.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Szor with the system/method of Prokupets and Dasgupta to include generating a first permissions list based on associating the one or more employees with access privileges corresponding to their respective employee status using the permissions data; comparing the first permissions list with a second permissions list, the second permissions list indicating previously approved access privileges for the employees for accessing the protected resource.

One would have been motivated to provide users with the benefits of detecting and preventing malicious changes to tokens (Szor: col. 1, lines 9-12).
Claim 10 and 20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Prokupets (US20030023874), filed July 16, 2001, in view of Dasgupta (US20190312881), filed on April 10, 2018, and further in view of Tian (US20090177741), filed March 13, 2009.
Regarding claim 10, Prokupets and Dasgupta disclose the computing device of claim 8.  Dasgupta discloses wherein the processor is further configured to transmit the generated request as a message to the at least one authorized permissions management entity (Dasgupta, paragraph 0074, “When a user requests such an access, the approver component gets activated, selects a set of users from the organization (based on the organization structure and role of the user) who are eligible and available to give permission to this access request.  The approver component is to prevent data abuse by privileged users and also help in auditing sensitive record-storing systems.”; paragraph 0028, “it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).  When all of the selected approvers 50 grant the request (Step 5), the requesting user 10 obtains access to the classified document (Step 6)”.).  The rationale is the same as that of the claim from which this claim depends.
, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.
However, in an analogous art, Tian discloses wherein the processor is further configured to transmit, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges (Tian, paragraph 0052, “Step 601: A user A (i.e., the service user terminal) transmits a registration request message to the authorization management server so as to request to register a user B (i.e., the service subscription authorizer terminal) as an authoring user of the user A, or to modify the authorization permission of the user B with respect to user A.”; paragraph 0059, “Step 701: The user B transmits a message to the authorization management server to request to be the service subscription authorizer terminal of the user A (i.e., the service user terminal).  Alternatively, the user B requests the authorization management server to modify its service subscription management permission over the user A, such as, which services the user A may subscribe to freely, which services the user A may not subscribe to, and which services the user A may subscribe to only with the permission of the user B. The message may include the user ID of at least one of the user A or B, as well as information about the authorized permission.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Tian with the system/method/ computing device of Prokupets and Dasgupta to include wherein the processor is further configured to transmit, to the at least one authorized permissions , a message requesting to obtain approval for the change in access privileges.

One would have been motivated to provide users with the benefits of subscribing to a service (Tian: paragraph 0001).
Regarding claim 20, Prokupets and Dasgupta disclose the method of claim 18.  Dasgupta discloses further comprising transmitting the generated request as a message to the at least one authorized permissions management entity (Dasgupta, paragraph 0074, “When a user requests such an access, the approver component gets activated, selects a set of users from the organization (based on the organization structure and role of the user) who are eligible and available to give permission to this access request.  The approver component is to prevent data abuse by privileged users and also help in auditing sensitive record-storing systems.”; paragraph 0028, “it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).  When all of the selected approvers 50 grant the request (Step 5), the requesting user 10 obtains access to the classified document (Step 6)”.).  The rationale is the same as that of the claim from which this claim depends.
Prokupets and Dasgupta do not explicitly disclose further comprising transmitting, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.
, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges (Tian, paragraph 0052, “Step 601: A user A (i.e., the service user terminal) transmits a registration request message to the authorization management server so as to request to register a user B (i.e., the service subscription authorizer terminal) as an authoring user of the user A, or to modify the authorization permission of the user B with respect to user A.”; paragraph 0059, “Step 701: The user B transmits a message to the authorization management server to request to be the service subscription authorizer terminal of the user A (i.e., the service user terminal).  Alternatively, the user B requests the authorization management server to modify its service subscription management permission over the user A, such as, which services the user A may subscribe to freely, which services the user A may not subscribe to, and which services the user A may subscribe to only with the permission of the user B. The message may include the user ID of at least one of the user A or B, as well as information about the authorized permission.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Tian with the system/method/ computing device of Prokupets and Dasgupta to include further comprising transmitting, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.

One would have been motivated to provide users with the benefits of subscribing to a service (Tian: paragraph 0001).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/W.J.M/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439