Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

DETAILED ACTION
This action is in response to the Claims filing on 03/17/2021. Claims 1 and 4 are amended per applicant’s request. Claims 1-12 are currently pending and have been considered as follows.

EXAMINER NOTE
In light of applicant’s amendments and arguments the examiner hereby withdraws his previous 35 USC 101 rejection.

Response to Arguments
Applicant's arguments filed 03/17/20201 have been fully considered but they are not persuasive.

	-The applicants’ remarks on page 7 with respect to:
 “Applicants respectfully submit that none of the prior art, either alone or in combination, shows or suggests, employing information about recorded actual 
“Grant is, however, silent concerning employing information about recorded actual access events to data elements of similar users and information relating to a sensitivity of the accessed data elements in order to provide an output indication of perceived appropriateness of grant of said request.”
“However, Faitelson is similarly silent concerning employing information about recorded actual access events to data elements of similar users and information relating to a sensitivity of the accessed data elements in order to provide an output indication of perceived appropriateness of grant of said request.”
Have been carefully considered but are non-persuasive;

The examiner notes after careful reconsideration of the prior art Grant discloses in paragraphs 0081-0082 that security labels (which the examiner has broadly and reasonably interpreted as sensitivity of the accessed object) may be evaluated to determine a context of the media file and used to indicate whether or not a user should be granted access to the media content. “Assuming that the evaluation of the security level to be afforded to the media content M1 indicates some level of access control to be applied, a context of the media content M1 is generated by the content context generator 122. The context may comprise various parameters including, for example, the level of security to be applied, a representation of the types of users that have accessed the media content M1 (this may comprise a variety of different types of users with associated measures, e.g., numbers of users of the particular type that have accessed the media content M1 or other statistical measure of relative amounts of users of each type), an evaluation of other contexts of other types of media content M2, M3, M4 of a similar nature to the media content M1, and the like. The context may be determined in various ways including evaluation and comparison of metadata and information about the media content against existing key term repositories, e.g., terms such as “confidential,” “secret,” recognized code names or the like, using cognitive algorithms to determine word and/or subject matter association, or any other known or later developed algorithms and mechanisms for determining a context of the content, electronic device, or computing resource. The context provides information indicative of the types of users that should be able to access the media content M1 as determined dynamically by the content context generator 122” As such the applicant argument is considered non-persuasive.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/17/2021 has been entered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-10 are rejected 35 U.S.C. 103 as being unpatentable over US 20180007053 to Grant et al. (hereinafter “Grant”) in view of US7606801B2 to Faitelson et al. (hereinafter “Faitelson”)

Claim 4
Grant teaches a system comprising a processor and a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to process access permission type-specific access permission requests from enterprise users in an enterprise, said system comprising:
access permission type-specific access permission request receiving functionality operable for receiving, after said creating, for each of said enterprise users, an actual access profile based on said recorded actual access events of said enterprise user to said at least one data element, at least one request for at least one access permission type-specific access permission of at least one enterprise user to at least one data element in said enterprise; [e.g. Para 0065, 0102; Grant discloses receiving an access request (i.e. access permission type-specific access permission) of a user for a resource. Grant further discloses that the profiles can be generated a priori.]  and
access permission type-specific access permission request output providing functionality operable for ascertaining whether ones of said enterprise users clustered with said at least one enterprise user have similarities to said at least one enterprise user with respect to at least said access permission type-specific access permission to said data elements  and information relating to a sensitivity of said at least one data element, in order to provide an output indication of perceived appropriateness of grant of said request. [e.g. Para 0073, 0081, 0082, 0102; Grant discloses retrieving information from other users having similar characteristics and security labels (e.g. sensitivity).]
While Grant teaches logging all accesses to various resources by various users Grant as well as creating profiles a priori, Grant fails to disclose the explicit aspect of monitoring and how the profiles are created. More specifically he fails to teach the claimed limitations of: 
“network monitoring functionality operative for continuously monitoring and recording actual access events of said enterprise users to data elements in said enterprise;” 
“user clustering functionality operative for employing said recorded actual access events of said enterprise users to cluster similar ones of said enterprise users having similar recorded actual access events…ascertaining whether ones of said enterprise users clustered with said at least one enter user have similarities …” 
however, Faitelson discloses a system that bi-clusters all accesses to resources and further discloses analyzing the bi-clusters to determine similarities to different users as well as creating access profiles based on recorded monitoring during a learning period, specifically Faitelson teaches:
“actual access events monitoring and recording functionality operable for monitoring and recording actual access events of said enterprise users to at least one data element in said enterprise over a learning period;” [e.g. Faitelson - Col 2 Ln 16-28,Col 4 Ln 59-60, claim 1.]
“actual access profile creating functionality operable for creating, for each of said enterprise users, an actual access profile based on said recorded actual access events of said enterprise user to said at least one data element;” [e.g. Faitelson – Col 2 Ln 16-28, Col 6 Ln 19-28, claim 1.]
 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the applicant’s invention to include, ““actual access events monitoring and recording functionality operable for monitoring and recording actual access events of said enterprise users to at least one data element in said enterprise over a learning period.” And “actual access profile creating functionality operable for creating, for each of said enterprise users, an actual access profile based on said recorded actual access events of said enterprise user to said at least one data element;” in the invention as disclosed by Grant in order to “… improve data security, prevent fraud, and improve company productivity.” as specified by Faitelson Col 1 Ln 57-58.

Claim 5:
Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 4 and also comprising:
access permission type-specific access permission recommendation providing functionality operable for employing said output indication to provide a recommendation to an access permission approver as to whether to at least one of approve, disapprove, approve in part, approve in an expanded form and conditionally approve said at least one request. [e.g. Para 0073, 0102; Grant discloses recommending to an administrator (i.e. approver) to add the requestor to an access control list (i.e. approve) for the specific resource.]

Claim 6Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 5 and wherein said access permission type-specific access permission recommendation providing functionality is operable for employing said output indication to provide a recommendation to an access permission approver as to whether to at least one of approve, disapprove and conditionally approve said at least one request based on at least one of the following conditions:
that the requesting user retains said similarity to said ones of said enterprise users; [e.g. Para 0073.] that at least one additional access permission approver approves said request; and that said approval is limited in time.

Claim 7Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 4 and wherein said system resides on a computer server. [e.g. Fig 1. Item 104, Para. 0073]

Claim 8Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 7 and wherein said computer server is connected to an enterprise network. [e.g. Fig 1. Item 102, Para. 0058]

Claim 9Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 7 and wherein said computer server is connected to the internet. [e.g. Fig 1. Item 102, Para. 0058]

Claim 10Grant teaches a system for processing access permission type-specific access permission requests from enterprise users in an enterprise according to claim 4 and wherein said access permission type-specific access permission request receiving functionality is operable for receiving said at least one request from a user employing a computing device communicating therewith. [e.g. Fig 1. Item 110-112, Para. 0057]

Regarding claims 1-3 they are method claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons.

Claims 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Grant in view of Faitelson and further in view of Official Notice.

While it is noted that Grant discloses in paragraph 0086 an administrator and it could be argued that an administrator and a manager can be the same entity in an effort for compact prosecution it is noted that Grant and Faitelson fails to explicitly disclose the limitation “wherein said access permission approver is a manager of said at least one enterprise user.”

However, the examiner takes official notice that it is well known to one of ordinary skill in the art that the label/role of manager can be applied to any entity including an administrator (for instance See publication US 2017/0180292 Paragraph 0228). Therefore, to one of ordinary skill in the art at the time the invention was filed it would have been obvious that an entity can possess both an administrator and manager role depending on the entities responsibilities. Furthermore, assigning multiple roles can be considered as a choice from a finite number of identified, predictable solutions, with a reasonable expectation of success. (See MPEP 2141 III).

Conclusion



Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841.  The examiner can normally be reached on Monday through Friday between 8:00 AM to 4:00 PM CST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




/CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432