Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 15/937,647 is presented for examination by the examiner.  Claims 1-20 were pending.  Claims 13-20 are canceled.  Claims 1-12 are currently pending.

Response to Amendment


Claim Rejections - 35 USC § 101
The current amendments overcome the previous rejections under this statute.



Response to Arguments
Applicant's arguments filed 11/18/20 have been fully considered but they are not persuasive.  Applicant alleges the prior art Viavant is silent in explicitly teaching a number of claim 1’s limitations as follows.
(i)  Applicant argues Viavant does not explicitly teach “an authorization message is received by the secure access processor from the second system administrator” on page 7 of the remarks.  Examiner respectfully disagrees.   Each quorum members is authenticated to the security manager and the fact that they authorized members of the 
(ii) Applicant argues Viavant does not explicitly teach “an indication by the secure access processor that a notification message is transmitted by the secure access processor to the second system administrator”.  It should be pointed out that this limitation and the limitation (i) do not both need to be taught by the prior.  The claim is its current form only requires at least one of (i) and (ii).  Nevertheless, Viavant teaches the security manager sends out notification messages to all of the quorum members that a command has been executed on the system (0143).  The claim does not require more than this teaching.    The argument merely states this has nothing to do with the claim but that is not a persuasive argument.  The second administrator is the claim’s second quorum member and it along with all of the other members receiving receipt of command execution is more than sufficient to anticipate a broad “notification message”.  Applicant argues the notification message is related to seeking authorization for the first system administrator.  However the claim states the notification message is the 
(iii)  The Applicant argues Viavant does not explicitly teach wherein the first authorization is denied in response to the second system administrator connectable to the secure access processor not being connected to the secure access processor. The argument seems to take a narrow interpretation of what connected to means.  In the system of Viavant all of the quorum members are connectable to the security manager else it would not be able to send them messages seeking authorizations.  Paragraph 0125 teaches the system has rules that govern how the security manager will proceed.  In paragraph 0134 the second quorum user is required approve the command.  It then stands to reason, that if the member is not actively in a position to respond the request the security manager will deny it because it will not have received the approval response.  In other words if the second quorum member does not authorize the command, it will not be executed similar to when the second member actively denies the request (0134).  This negative limitation does not require more than what is taught by the prior art.                                                                                                                                            

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.






Claims 1 and 4-6 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP Application Publication 2007/0261103 to Viavant et al hereinafter Viavant.

As per claim 1, Viavant teaches a secure access control system comprising: 
a secure access processor [SM 140] configured to issue a first authorization in response to a first concert of action between a first system administrator (0123) connected to the secure access processor and a second system administrator connectable to the secure access processor (0049), 
wherein the first authorization comprises authorizing the first system administrator to access a secured data associated with at least one of a user, a user device, and an access session (0005 and 0120), 
wherein the first concert of action comprises at least one of: 
an authorization message is received by the secure access processor from the second system administrator (0120), and 
an indication by the secure access processor that a notification message is transmitted by the secure access processor to the second system administrator (0143), 
wherein the notification message comprises an indication of the first authorization (0143), and 
wherein the first authorization is denied in response to the second system administrator connectable to the secure access processor not being connected to the secure access processor (0125, 0127, and 0134).

As per claim 4, Viavant teaches the first authorization is granted in response to receiving by the secure access processor a message from the second system administrator (0134 and 0135).
As per claim 5, Viavant teaches wherein the accessing the secured data by the first system administrator comprises changing a user credential in the secured data (0095).
As per claim 6, Viavant teaches wherein the accessing the secured data by the first system administrator comprises resetting a user credential in the secured data (0095).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Viavant in view of USP Application Publication  2009/0064297 to Selgas et al hereinafter Selgas.  
As per claim 2, Viavant is silent in explicitly teaching the secured data comprises electronic mail.  On the other hand Selgas teaches the secured data comprises electronic mail and that certain safeguards should be taken even from administrators having access to users’ email (0005 and 0042).  Thus using the quorum as taught by Viavant could also secure email in the same manner as other sensitive data.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  


Claims 7-12 are rejected under 35 U.S.C. 103 as being unpatentable over Viavant in view of USP 10,291,622 to Rossman et al hereinafter Rossman.
As per claim 7, Viavant teaches wherein the secure access processor issues the first authorization in response to the first concert of action, the first concert of action including a secure access control method comprising: 
 
authenticating a plurality of system administrators to the secure access control system (0029); 
verifying a data access rule for each system administrator of the plurality of system administrators, in an administrative privileges database, by an access gating engine of the secure access control processor (0124).  Viavant is silent in explicitly teaching  setting an Administrator Integrity Count of an administrator counter of a privilege coordinator of the secure access control processor, the Administrator Integrity Count comprising a preset minimum number of system administrators; and counting, by the administrator counter of a coordination engine of the secure access control processor, the plurality of system administrators, and determining a count being at least the Administrator Integrity Count, wherein the count indicates satisfaction of the first concert of action, the first concert of action comprising a number of system administrators being connected to the secure access control system being at least the Administrator Integrity Count.  Viavant teaches that the quorum require a size of two (0076).  However Rossman teaches a quorum whereby a rule specifies the minimum number of members needed to pass a command (col. 7, lines 37-40 and col. 10, lines 40-42).  Thus Rossman teaches the above limitations that Viavant does not teach by counting up to the preset minimum number of quorum members because passing the actions.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  
As per claim 8, Viavant teaches the first authorization further comprises permitting the first system administrator to change the secured data (0138) and further in response to the determining notifying the second system administrator of the permitting (0143).
As per claim 9, Viavant teaches the first authorization further comprises permitting the first system administrator to access a user credential in the secured data via a credential change controller (0095).
As per claim 10, Viavant teaches the first authorization further comprises permitting the first system administrator to access a limited access electronic resource via a limited access electronic resource supervisor [time limited access; 0032, and 0050].
As per claim 11, Viavant teaches the first authorization further comprises permitting the first system administrator to revert a user credential in the secured data to a previous value via a credential reversion engine (0095).

As per claim 12, Viavant teaches the first authorization further comprises logging, via a logging module, a change to a user credential (0051 and 0143).



Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431