DETAILED ACTION
1. 	This office action is in response to an amendment filed on 11/27/2020. Claims 1-21 are pending and claims 1, 8 and 15 are independent. Each independent claim is amended. 
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments

3.	Applicant’s arguments with respect to claims 1, 8 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

4.	Applicant in particular argued that the following amended claim limitations recited in independent claim 1 and the similar amended claim limitation recited in independent claims 8 and 15, isn’t disclosed by the reference/prior arts of the record namely by Himberger:
“wherein the first set of credentials are associated with the computing system privilege and the second set of credentials are associated with the user, and wherein the receiving of the first set of credentials occurs simultaneously with or prior to the receiving of the second set of credentials” 

The newly founded prior art US Publication No. 2013/0232541 A1 to Kapadia discloses the amended claim limitation.
simultaneously with or prior to receiving the second set of credentials which is associated with the user, 

“The method begins by determining that an entity (e.g., a user, an application associated with the user, or the like) is attempting to logon to a privileged account associated with a resource. The privileged account has an account credential associated therewith. Typically, the privileged account credential consists of an account name (e.g., root) and a password adapted to be shared among a set of entities. If the entity is attempting to logon to the privileged account, the entity is prompted to provide additional identifying information. Preferably, the prompting operation facilitates a two-factor authentication, wherein the additional identifying information typically is a user identifier and password pair uniquely associated with the entity. If the user identifier and password pair can then be verified, an additional check is then performed, preferably in the form of a policy evaluation. The policy check enforces a policy of a set of policies, where typically the policy is any generic access control policy such as one of: a role-based access control, and a context-based access control, a combination of such access controls, or the like. If the policy check passes, the entity is authorized to login to the privileged account. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met” [See at least paragraph 0009]
5.	Thus, in response to the 35 U.S.C. 103 rejection set forth in the previous office action, applicant amended at least each independent claims 1, 8 and 15, presumably to overcome the 102 rejection set forth in the previous office action. Since the newly amended claims changed the scope and necessitated new grounds of rejection, 

Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Examiner’s note: text in bold corresponds to the claimed limitations; text in italics underlined or not underlined correspond to the cited prior art reference (i.e., verbatim, 

9.	Claims 1-21 are rejected under 35 U.S.C. 102 (a)(1) and/or 102 (a) (2) as being anticipated by Kevin D. Himberger (herein after referred as Himberger) (US Publication No. 2017/0012990 A1) (Published on Jan. 12, 2017) in view of Kaushal Kiran Kapadia (herein after referred as Kapadia) (US Publication No. 2013/0232541 A1)

10. 	As per independent claim 1 Himberger discloses a method, by one or more processors, for managing access to computing system resources [Abstract, …receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier and paragraph 0015, Activity monitor 132 monitors computing systems attached to network 190, such as privileged system 150 and others (not shown), to detect access via a shared user IDs.] comprising: 
receiving a list of privileged users having access to a computing system privilege [See paragraph 0026, As depicted, authorization detection method 300 includes receiving (310) a request to access a shared user ID, determining (320) whether the user is included in an authorized user list, determining (330) whether the user is a member of an authorized user group], wherein the computing system privilege is associated with a set of privilege credentials [See paragraph 0026, determining (330) whether the user is a member of an authorized user group, determining (340) whether the user's user ID contains appropriate privileges and paragraph 0028, Determining (320) whether the user is included in an authorized user list may include retrieving, from persistent storage (e.g., persistent storage 114, or 154), a predetermined list of users that have been approved to be given access to the requested shared user ID on the shared system. In some embodiments, the authorized user list comprises user IDs. In other embodiments, the authorized user list comprises employee serial numbers. If the credentials of the requesting user are contained in the authorized user list corresponding to the shared system]; detecting the receiving of a first set of credentials [See at least paragraph 0004, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. Examiner Note the shared identifier and/or the shared password meets the limitation of first set of credentials] and a second set of credentials from a user attempting to access the computing system privilege [See at least paragraph 0004, a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user. Examiner Note: See where the user’s identifier and/or user’s password meets the limitations of “second set of credentials form a user attempting to access the computer system privilege”]; 

and causing the user to be granted access to the computing system privilege only if the first set of credentials matches the set of privilege credentials [ See at least paragraph 0028, If the credentials of the requesting user are contained in the authorized user list corresponding to the shared system, then authorization detection method 300 proceeds to approving (360) the access request. Otherwise, the method proceeds to determining operation 330 and see also paragraph 0030, If the user ID identified by the credentials of the requesting user contains at least the same level of authorization as the shared user ID being requested, then authorization detection method 300 proceeds to approving (360) the access. Otherwise, the method proceeds to denying (350) the access request and see also paragraphs 0031-0032.]. 
and the second set of credentials is associated with one of the privileged users [See paragraph 0004, As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier and see paragraph 0019, The request may be initiated from a user logged into a client computer (e.g., client 140). In some embodiments, the user initiates the request for shared user ID access by authenticating (e.g., providing a user ID and password) with shared user ID module 116. The authentication operation may verify the identity of the requester. In other embodiments, shared user ID module 116 verifies the identity of the requester by obtaining details of the logged in user from client 140 See also paragraph 0027, the requesting user to identify himself by providing a user ID and password. In other embodiments, the credentials (e.g., a user ID, employee serial number, or the like) that uniquely identify the requesting user are provided as a part of the request.] 


Himberger doesn’t explicitly disclose the following amended claim limitation:

wherein the first set of credentials are associated with the computing system privilege and the second set of credentials are associated with the user, and wherein the receiving of the first set of credentials occurs simultaneously with or prior to the receiving of the second set of credentials;
However Kapadia on paragraph 0009 explicitly discloses the fact that the first set of credentials associated with the computing system privilege such as credential associated with privileged account is received simultaneously with or prior to receiving the second set of credentials which is associated with the user, 

“The method begins by determining that an entity (e.g., a user, an application associated with the user, or the like) is attempting to logon to a privileged account associated with a resource. The privileged account has an account credential associated therewith. Typically, the privileged account credential consists of an account name (e.g., root) and a password adapted to be shared among a set of entities. If the entity is attempting to logon to the privileged account, the entity is prompted to provide additional identifying information. Preferably, the prompting operation facilitates a two-factor authentication, wherein the additional identifying information typically is a user identifier and password pair uniquely associated with the entity. If the user identifier and password pair can then be verified, an additional check is then performed, preferably in the form of a policy evaluation. The policy check enforces a policy of a set of policies, where typically the policy is any generic access control policy such as one of: a role-based access control, and a context-based access control, a combination of such access controls, or the like. If the policy check passes, the entity is authorized to login to the privileged account. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met” [See at least paragraph 0009]



It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention, to implement in the system of Himberger a mechanism to use the feature such as “the first set of credentials are associated with the computing system privilege and the second set of credentials are associated with the user, and wherein the receiving of the first set of credentials occurs simultaneously with or prior to the receiving of the second set of credentials” as taught by Kapadia because this would enhance the security of the system and access to a privileged account by requiring authentication of a user logging into the account and performing a policy evaluation to determine whether the user (if authenticated) is allowed to log in using the privileged identity.  [See Kapadia at least paragraphs 0008-0009]

11.	As per independent claim 8, Independent claim 8 is rejected for the same reason as that of the above independent claim 1.

12.	As per independent claim 15, Independent claim 15 is rejected for the same reason as that of the above independent claim 1.

13. 	As per dependent claims 2, the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system wherein generating a record of activity of the user while the user has access to the computing system privilege; and causing the record of the activity of the user to be stored [See at least paragraph 0015, Activity monitor 132 may retain, on persistent storage 134, logs containing details of detected use of shared user IDs. The recorded information may include, but is not limited to, the shared user ID, the name of the individual using the shared user ID, the login and logout times, and all commands issued. When performing monitoring operations, activity monitor 132 my access log information from persistent storage 114 (access manager 112), persistent storage 124 (identity manager 122), and persistent storage 154 (privileged system 150). See also paragraph 0031-0032, The activity log may be retained on persistent storage (e.g., persistent storage 114). See also paragraph 0014-0015 and paragraph 0031-0032 and see also paragraph 0013, All activities corresponding to access manager 112 and shared user ID module 116 may retained in log files and stored on persistent storage 114.]

14.	As per dependent claim 9, dependent claim 9 is rejected for the same reason as that of the above dependent claim 2.

15.	As per dependent claim 16, dependent claim 16 is rejected for the same reason as that of the above dependent claim 2.

16. 	As per dependent claim 3 the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system wherein the list of privileged users comprises a plurality of privileged users [See at least paragraph 0012, A shared user ID may be a user ID that is used by more than one user and may have system level access privileges or greater authority than that of an ordinary user and see at least paragraph 0028, authorized user list may include retrieving, from persistent storage (e.g., persistent storage 114, or 154), a predetermined list of users that have been approved to be given access to the requested shared user ID on the shared system.]

17.	As per dependent claim 10, dependent claim 10 is rejected for the same reason as that of the above dependent claim 3.

18.	As per dependent claim 17, dependent claim 17 is rejected for the same reason as that of the above dependent claim 3.

19. 	As per dependent claim 4 the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system wherein the list of privileged users includes only a portion of a list of authorized users having access to the computing system [See at least paragraph 0012, A shared user ID may be a user ID that is used by more than one user and may have system level access privileges or greater authority than that of an ordinary user and see at least paragraph 0028, authorized user list may include retrieving, from persistent storage (e.g., persistent storage 114, or 154), a predetermined list of users that have been approved to be given access to the requested shared user ID on the shared system.]

20.	As per dependent claim 11, dependent claim 11 is rejected for the same reason as that of the above dependent claim 4.

21.	As per dependent claim 18, dependent claim 18 is rejected for the same reason as that of the above dependent claim 4.

As per dependent claim 5 the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system further comprising: determining that the second set of credentials is associated with an authorized user of the computing system that is not a privileged user; and causing the user to be prevented from accessing the computing system privilege [See at least paragraph 0030-0031, If the user ID identified by the credentials of the requesting user contains at least the same level of authorization as the shared user ID being requested, then authorization detection method 300 proceeds to approving (360) the access. Otherwise, the method proceeds to denying (350) the access request. Denying (350) the access request may include terminating authorization detection method 300, and notifying the user the request has been denied. In some embodiments, the requesting user is presented with an error message indicating that the user ID is not authorized to use the requested shared user ID]

23.	As per dependent claim 12, dependent claim 12 is rejected for the same reason as that of the above dependent claim 5.

24.	As per dependent claim 19, dependent claim 19 is rejected for the same reason as that of the above dependent claim 5.

25. 	As per dependent claim 6 the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system further comprising: causing a second user to be prevented from accessing the computing system privilege while the user has access to the computing system privilege. [See at least paragraph 0030-0031, If the user ID identified by the credentials of the requesting user contains at least the same level of authorization as the shared user ID being requested, then authorization detection method 300 proceeds to approving (360) the access. Otherwise, the method proceeds to denying (350) the access request. Denying (350) the access request may include terminating authorization detection method 300, and notifying the user the request has been denied. In some embodiments, the requesting user is presented with an error message indicating that the user ID is not authorized to use the requested shared user ID]


26.	As per dependent claim 13, dependent claim 13 is rejected for the same reason as that of the above dependent claim 6.

27.	As per dependent claim 20, dependent claim 20 is rejected for the same reason as that of the above dependent claim 6.

28. 	As per dependent claim 7 the combination of Himberger and Kapadia discloses a method/system as applied to claims above. Furthermore Himberger discloses the method/system further comprising: if the first set of credentials does not match the privilege set of credentials or the second of set credentials is not associated with one of the privileged users, generating a signal representative thereof. [See at least paragraph 0030-0031, If the user ID identified by the credentials of the requesting user contains at least the same level of authorization as the shared user ID being requested, then authorization detection method 300 proceeds to approving (360) the access. Otherwise, the method proceeds to denying (350) the access request. Denying (350) the access request may include terminating authorization detection method 300, and notifying the user the request has been denied. In some embodiments, the requesting user is presented with an error message indicating that the user ID is not authorized to use the requested shared user ID.. an email, identifying the user and the shared user ID in the failed attempt, is sent to appropriate administrative and security organizations. In another embodiment, the failed attempt is recorded in an activity log. The activity log may be retained on persistent storage (e.g., persistent storage 114).]


29.	As per dependent claim 14, dependent claim 14 is rejected for the same reason as that of the above dependent claim 7.

30.	As per dependent claim 21, dependent claim 21 is rejected for the same reason as that of the above dependent claim 7.

Conclusion


31.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
	A.	US Patent No. 9300671 B1 discloses to Barak discloses a restricted account may be created responsive to a successful login by a user for a shared account. The restricted account may have fewer access privileges to resources of the computer system than the shared account. The user may have access to the operating system through the restricted account rather than the shared account. The user is prompted for higher authentication information responsive to a request by the user to promote the restricted account to a higher authentication account during the session. The restricted 
	B.	US Publication No. 2005/0015628 A1 to Narayanan discloses method that provides access to Privileged Accounts to users with Privileged Account access permission. A message is sent to a Privileged Accounts manager when a user logs into a Privileged Account. The user must enter a reason for access. All keystrokes are logged. At the conclusion of the user session, the log file is closed and another message is sent to the Privileged Accounts manager. The log file may be sent to the manager at this time or saved for a batch transfer periodically.
	C.	US Publication No. 2008/0052777 A1 to Kawano discloses a method for managing shared passwords on a multi-user computer system is disclosed. A set of shared passwords and an administrator internal key are initially generated. After the receipt of an administrator external key, the administrator internal key is encrypted with the administrator external key. For each user level within the computer system, an internal key is generated by hashing the administrator internal key. For each user level within the computer system, each of the shared passwords encrypted with a respective one of the internal keys. The internal keys and the encrypted shared passwords are then stored in a non-volatile storage device.
	D. See the other cited prior arts
32.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498