DETAILED ACTION
The following claims are pending in this office action: 1-8
The following claims are amended: 1-2, and 5-6 are amended
The following claims are new: -
The following claims are cancelled: 3-4, and 7-8
Claims 1-2 and 5-6 are rejected. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on April 12, 2021 has been entered.
Previous Objections Withdrawn
The 35 USC 101 rejections are withdrawn based on the amendments
The 35 USC 102 rejections are withdrawn based on the amendments
RESPONSE TO ARGUMENTS AND REMARKS
Applicant’s arguments filed in the amendment filed 04/12/2021 have been fully considered but are they are not persuasive.  The reasons are set forth below.
Sprenger in view of Tulloch as mapped below describes “an imminent excess user authentication token utilization alert” and “providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token 
Although Sprenger, in view of Tulloch, in view of Faitelson teaches the remediation process in response to the alert as claimed, McGlone teaches the limitation in the context of a token size issue, is a script conductive to automatic execution, and is taught by McGlone to be executed automatically in response to the immediate alert, and so has been used to map the limitation as amended by the applicant.  
To clarify the response to arguments presented in the interview, the limitation that the requested activity being performed by a computer system in response to the specific requested activity is taught by Sprenger, the specific activity being adding organizational/security groups to a user’s token, for instance, in an inadvertent DoS attack.  In regards to the requirement that the limitations being performed by a computer, broadly claiming an automated means to replace a manual function to accomplish the same result does not distinguish over the prior art.  See, for example, MPEP 2114, section IV.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Josh Sprenger, Kerberos and Access Token Limitations, GIAC directory of certified professionals [online], February 15, 2015 [retrieved on 2020-08-20], retrieved from the Internet <URL: https://web.archive.org/web/20150215022855/https://www.giac.org/paper/gsec/5111/kerberos-access-token-limitations/104962> Sprenger”), in view of Active Directory Insights (Part 12) – MaxTokenSize [online], TechGenix, 2016 [retrieved on 2021-05-13], retrieved from the internet: <URL: https://techgenix.com/active-directory-insights-part12/> (hereinafter “Tulloch”)

As per claim 1, Sprenger discloses a system for preventing an excess user authentication token utilization condition in an enterprise computer environment, the system comprising a non-transitory medium that stores operatable instructions, the operations comprising: an excess user authentication token utilization condition predictor operable for calculating a number of additional group memberships of each enterprise user, if created, will result in an excess user authentication token utilization condition; ([Sprenger, Sec. 4.2, Pg. 17, Ln. 29-31] a non-transitory memory attached to a processor in the form of a server provides resources that utilizes the token security system [Sec. 4.2, Pg. 17, Ln. 29-31].  [Sec. 5.2, Pg. 21, Ln. 3-4] the Group Membership evaluation tool [an excess user authentication utilization condition predictor operable for evaluating group memberships] is disclosed.  [Sec. 5.2, Pg. 21, Ln. 4-6] his tool identifies groups that causes access tokens to exceed the group membership limit [this calculates a number of additional group members that will result in an excess user authentication token utilization condition].  [Sec. 5.2, Pg. 21, Ln. 7-9] providing a list of security identifiers that will be present in the access token for an account if a new user is created [calculating a number of additional group memberships of each enterprise user, if created])
a group membership estimator operable, for each said enterprise user, prior to execution of an anticipated activity, for estimating a number of additional group memberships of said enterprise user that will be created by said execution of said anticipated activity; ([Sprenger, Sec. 5.2, Pg. 20, Ln. 17-19] a set of scripts taking into account each enterprise user is disclosed: Group_statistics.vbs [estimating a number of additional group memberships of said enterprise user].  [Sec. 5.2, Pg. 20, Ln. 23-25] the estimation occurs before the issue occurs, as the trends identify actions that needs to be taken immediately to address potential issues [prior to execution of an anticipated activity, such as a DoS attack].  [Sec. 5.2, Pg. 20, Ln. 17-19] the script, “determines how many users belong to” a number of groups and determines “the average token size of users” of an enterprise organization [a number of additional group memberships of said enterprise user].  [Sec.  3.7, Pg. 10, Ln. 13-15] such a determination of the average size is an estimate as different groups take different amounts of space within an access token and is also dependent on the version of the OS.   [Sec. 4.3, Pg. 15, Ln. 11-19] such a determination of the average size is also an estimate as users have different groups depending on their roles in the organization, for example, regional managers requiring access to their own regional file shares will require less groups than corporate managers who have access to all store files shares throughout the company.  [Sec. 4.3, Pg. 16, Ln. 29-30] inadvertent occurrences of a Denial of Service attack, and that the analysis of trends is a preventative measure that can be taken to estimate a number of groups created by that activity: “The average number of SIDs of all users slowly increased within the entire company.  [Sec. 5.2, Pg. 20, Ln. 23-25] the trends shows that the problem is isolated to a few users or shows that the average groups a user is a member of is growing so quickly across the entire organization that action needs to be taken immediately to address potential issues) 
and an anticipated excess user authentication token utilization condition preventer operable, in a case where said execution of said anticipated activity will result in said excess user authentication token utilization condition, ([Sprenger, Sec. 5.3, Pg. 22, Ln. 23-27] discloses upgrading to 64 bit operation systems, and adding additional memory; [Sec. 5.3, Pg. 21, Ln. 22-26] resolving group nesting scenarios; [Sec. 5.1, Pg. 20, Ln. 3-5] and eliminating group membership redundancy, and discloses inadvertent occurrences of a Denial of Service attack which can be prevented using the techniques above by limiting who can create groups and establishing processes [see Sec. 4.3, Pg. 16, Ln. 16-17; Sec. 5.1, Pg. 18, Ln. 22-24]) for modifying said anticipated activity, prior to said execution of said anticipated activity, so as to ensure that said execution of said modified activity will not result in said excess user authentication token ([Sprenger, Sec. 5.3, Pg. 22, Ln. 23-27] upgrading to 64 bit operation systems, and adding additional memory modifies the activity to allow for greater token sizes which will resolve some token size issues; [Sec. 5.3, Pg. 21, Ln. 22-26] resolving group nesting scenarios reduces the size of the access token created for a particular user, modifying the anticipated activity and remedies issues involving token bloat; [Sec. 5.1, Pg. 20, Ln. 3-5] and eliminating group membership redundancy [removing groups which would be assigned to a particular user in the execution of the said anticipated activity] can minimize token size and prevent an excess user authentication token utilization condition)
Sprenger does not teach said anticipated excess user authentication token utilization condition predictor also comprising an alert provider operable for providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition.
However, Tulloch teaches said anticipated excess user authentication token utilization condition predictor ([Tulloch, Pg. 5, Fig. 1, Ln. 14-17] a GPO setting to set the maximum buffer size to an anticipated maximum token size) also comprising an alert provider operable for providing an imminent excess user authentication token utilization alert ([Pg. 5, Ln. 24-26; Pg. 6, Fig. 2, Ln. 1] a GPO setting to write an immediate warning to the event log whenever a Kerberos ticket reaches the predefined size set) with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition ([Pg. 6, Fig. 2, Ln. 2-6] the setting should be configured to a threshold that is lower than the MaxTokenSize to allow pre-emptive detection of token bloat for all enterprise users within the domain)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Sprenger with the teachings of Tulloch to include said anticipated excess user authentication token utilization condition predictor also comprising an alert provider operable for providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition.  One of ordinary skill in the art would have been motivated to make this modification because such a modification will allow a system administrator to be alerted to possible future authentication errors.  (Tulloch, pg. 6, Fig. 2, ln. 4-6)

As per claim 5, Sprenger discloses a method for preventing an excess user authentication token utilization condition in an enterprise computer environment, the method comprising: calculating a number of additional group memberships of each of said enterprise users that, if created, will result in an excess user authentication token utilization condition; ([Sprenger, Sec. 5.2, Pg. 21, Ln. 3-4] a Group Membership evaluation tool [an excess user authentication utilization condition for evaluating group memberships] is disclosed; [Sec. 5.2, Pg. 21, Ln. 4-6] this tool identifies groups that causes access tokens to exceed the group membership limit [this cfalculates a number of additional group members that will result in an excess user authentication token utilization condition; [Sec. 5.2, Pg. 21, Ln. 7-9] providing a list of security identifiers that will be present in the access token for an account if a new user is created [calculating a number of additional group memberships of each enterprise user, if created]) 
for each said enterprise user, estimating, prior to execution of an anticipated activity, a number of additional group memberships of said enterprise user that will be created by said execution of said anticipated activity; and ([Sprenger, Sec. 5.2, Pg. 20, Ln. 17-19] a set of scripts taking into account each enterprise user is disclosed: Group_statistics.vbs [estimating a number of additional group memberships of said enterprise user].  [Sec. 5.2, Pg. 20, Ln. 23-25] the estimation occurs before the issue occurs, as the trends identify actions that needs to be taken immediately to address potential issues [prior to execution of an anticipated activity, such as a DoS attack].  [Sec. 5.2, Pg. 20, Ln. 17-19] the script, “determines how many users belong to” a number of groups and determines “the average token size users” of an enterprise organization [a number of additional group memberships of said enterprise user].  [Sec.  3.7, Pg. 10, Ln. 13-15] the determination of the average size is an estimate as different groups take different amounts of space within an access token and is also dependent on the version of the OS.   [Sec. 4.3, Pg. 15, Ln. 11-19] the determination of the average size is an estimate as users have different groups depending on their roles in the organization: regional managers requiring access to their own regional file shares will require less groups than corporate managers who have access to all store files shares throughout the company.  [Sec. 4.3, Pg. 16, Ln. 29-30] inadvertent occurrences of a Denial of Service attack [the activity] can be prevented by analysis of trends to estimate a number of groups created by that activity, which calculates the average number of SIDs of all users increased within the company.  [Sec. 5.2, Pg. 20, Ln. 23-25] trends show that the problem is isolated to a few users or that the average groups a user is a member of is growing so quickly across the entire organization that action needs to be taken immediately to address potential issues) 
if said execution of said anticipated activity will result in said excess user authentication token utilization condition, ([Sprenger, Sec. 4.3, Pg. 16, Ln. 16-17] inadvertent occurrences of a Denial of Service attack [an anticipated activity resulting in said excess user authentication token utilization condition] is prevented by:  [Sec. 5.3, Pg. 22, Ln. 23-27] upgrading to 64 bit operation systems, adding additional memory; [Sec. 5.3, Pg. 21, Ln. 22-26] resolving group nesting scenarios; and [Sec. 5.1, Pg. 20, Ln. 3-5] eliminating group membership redundancy) [providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition] (providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition is taught by Tulloch below) and modifying said anticipated activity, prior to said execution of said anticipated activity, so as to ensure that said execution of said modified activity will not result in said excess user authentication token utilization condition.  ([Sprenger, Sec. 5.3, Pg. 22, Ln. 23-27] upgrading to 64 bit operation systems, and adding additional memory modifies the activity to allow for greater token sizes which will resolve some token size issues; [Sec. 5.3, Pg. 21, Ln. 22-26] resolving group nesting scenarios reduces the size of the access token created for a particular user, modifying the anticipated activity and remedies issues involving token bloat; [Sec. 5.1, Pg. 20, Ln. 3-5] and eliminating group membership redundancy [removing groups which would be assigned to a particular user in the execution of the said anticipated activity] can minimize token size and prevent an excess user authentication token utilization condition)
Sprenger does not teach providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition.
However, Tulloch teaches providing an imminent excess user authentication token utilization alert ([Tulloch, Pg. 5, Ln. 24-26; Pg. 6, Fig. 2, Ln. 1] a GPO setting to write an immediate warning to the event log whenever a Kerberos ticket reaches the predefined size set) with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition ([Pg. 6, Fig. 2, Ln. 2-6] the setting should be configured to a threshold that is lower than the MaxTokenSize to allow pre-emptive detection of token bloat for all enterprise users within the domain)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Sprenger and Tulloch for the same reasons as disclosed above.

Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Sprenger in view of Tulloch, and in view of How to Remove SID History With PowerShell [online], Microsoft Corporation, 2011 [retrieved on 2021-05-13], retrieved from the Internet: <URL: https://docs.microsoft.com/en-us/archive/blogs/ashleymcglone/how-to-remove-sid-history-with-powershell> (hereinafter “McGlone”).

	As per claim 2, Sprenger discloses an excess user authentication token utilization condition predictor comprising a non-transitory medium that stores operatable instructions, the operations comprising: a user authentication token size calculator operable for calculating a current user authentication token size for each enterprise user in an enterprise computer environment; ([Sprenger, Sec. 4.2, Pg. 17, Ln. 29-31]) non-transitory memory attached to a processor in the form of a server providing resources utilizing the token security system is disclosed.  [Sec. 4.1, Pg. 11-12] Calculations of an enterprise user’s authentication token size are illustrative of token access issues.  For example, the default size of a user’s access token is 4k.  [Sec. 4.1, Pg. 11, Ln. 21-26] Approximately 80 groups will fill up this 4k size)
an available user authentication token size calculator operable for calculating a currently available user authentication token size for each of said enterprise users based on said current user authentication token size; ([Sprenger, Sec. 4.2, Pg. 14, Ln. 10] an operable buffer limit is disclosed.   [Sec. 4.3, Pg. 15, Ln. 25-27] the value between the access token size, and the IIS 6.0 header size threshold both are examples of available user authentication token size for each of said enterprise users based on said current user authentication token size [see Sec. 4.2, Page 14; Sec. 4.3, pg. 15])
an average group identifier size calculator operable for calculating an average group ([Sprenger, Sec. 4.3, Pg. 15, Ln. 20-25] calculating an average group SIDs is disclosed – an average of 140 groups SIDs) identifier size ([Sec. 4.1, Pg. 11, Ln. 12-15] identifier size is the SID amount) for multiple user groups in said enterprise computer environment; and ([Sec. 4.3, Pg. 15, Ln. 20-27] the average group SIDs were calculated for 70 global user groups); 
an excess user authentication token utilization condition calculator operable, based on said available user authentication token size and said average group identifier size ([Sprenger, Sec. 4.3, Pg. 15, Ln. 8-11]) a set of scripts are disclosed that, based on available token size, and average group identifier size as explained in the Denial of Service attack example, determines when the condition occurs or is about to occur for a user) for calculating a number of additional group memberships of each of said enterprise users that, if created, will result in an excess user authentication token utilization condition, ([Sec. 5.2, Pg. 21, Ln. 3-10] the set of scripts used to resolve the Denial of Service attack example is used to calculate/identify a number of additional group memberships/groups that causes access tokens to exceed the group membership limit)
Sprenger does not teach an alert provider operable for providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition;
However, Tulloch teaches an alert provider operable for providing an imminent excess user authentication token utilization alert ([Pg. 5, Ln. 24-26; Pg. 6, Fig. 2, Ln. 1] a GPO setting to write an immediate warning to the event log whenever a Kerberos ticket reaches the predefined size set) with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition ([Pg. 6, Fig. 2, Ln. 2-6] the setting should be configured to a threshold that is lower than the MaxTokenSize to allow pre-emptive detection of token bloat for all enterprise users within the domain)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Sprenger and Tulloch for the same reasons as disclosed above.
Sprenger does not teach a remediation process initiator operable for initiating a remediation process for each of said enterprise users, in response to said alert, before said user reaches said excess user authentication token utilization condition.
However, McGlone teaches a remediation process initiator operable ([McGlone, pg. 4, ln. 1-4] a script for removing the SID history of all users in the domain) for initiating a remediation process for each of said enterprise users, ([Pg. 4, ln. 9-11] initiated by piping Get-SIDHistory to Remove-SIDHistory so that the appropriate SID groups are removed) in response to said alert, before said user reaches said excess user authentication token utilization condition ([Pg. 1, ln. 15-16] such a script is called in response to concerns that there are token size issues for users, in other words, in response to an alert, before a user reaches a authentication token utilization condition)
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Sprenger with the teachings of McGlone to include a remediation process initiator operable for initiating a remediation process for each of said enterprise users, in response to said alert, before said user reaches said excess user authentication token utilization condition.  One of ordinary skill in the art would have been motivated to make this modification because such a modification will allow swift and painless removal of SID groups to prevent token size issues.  (McGlone, pg. 4, ln. 26 to pg. 5, ln. 2)

As per claim 6, Sprenger discloses a method for ascertaining whether an excess user authentication token utilization condition is imminent in an enterprise computer environment, the method comprising: calculating a current user authentication token size for each enterprise user in an enterprise computer environment; ([Sprenger, Sec. 4.1, Pg. 11-12] discloses calculations of an enterprise user’s authentication token size as examples illustrative of token access issues.  For example, if default size of a user’s access token is 4k, approximately 80 groups will fill up this 4k size [see, Sec. 4.1, Pg. 11, Ln. 21-26])
calculating a currently available user authentication token size for each of said enterprise users based on said current user authentication token size; ([Sprenger, Sec. 4.2, Pg. 14, Ln. 10]) discloses a operable buffer limit and a value between the access token size: the IIS 6.0 header size threshold [see Sec. 4.3, Pg. 15, Ln. 25-27].  Both are examples of available user authentication token size for each of said enterprise users based on said current user authentication token size [see Section 4.2, Page 14; Section 4.3, Third Paragraph, Page 15])
calculating an average group ([Sprenger, Sec. 4.3, Pg. 15, Ln. 20-25] calculating an average group SIDs is disclosed – an average of 140 groups SIDs) identifier size ([Sec. 4.1, Pg. 11, Ln. 12-15] identifier size is a SID amount) for multiple user groups in said enterprise computer environment; ([Sec. 4.3, Pg. 15, Ln. 20-27] the average group SIDs is calculated for 70 global user groups)
based on said available user authentication token size and said average group identifier size, ([Sprenger, Sec. 4.3, Pg. 15, Ln. 8-11] a set of script taking inputs based on available token size, and average group identifier size as explained in the Denial of Service attack example can determine when the condition occurs or is about to occur for a user) calculating a number of additional group memberships of each of said enterprise users that, if created, will result in an excess user authentication token utilization condition, ([Sec. 5.2, Pg. 21, Ln. 3-10] the set of scripts used to resolve the Denial of Service attack example is used to calculate/identify a number of additional group memberships/groups that may cause access tokens to exceed the group membership limit, is used to prevent a future DoS attack)   
Sprenger does not teach providing an imminent excess user authentication token utilization alert with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition.
However, Tulloch teaches providing an imminent excess user authentication token utilization alert ([Pg. 5, Ln. 24-26; Pg. 6, Fig. 2, Ln. 1] a GPO setting to write an immediate warning to the event log whenever a Kerberos ticket reaches the predefined size set) with respect to each of said enterprise users before said user reaches said excess user authentication token utilization condition ([Pg. 6, Fig. 2, Ln. 2-6] the setting should be configured to a threshold that is lower than the MaxTokenSize to allow pre-emptive detection of token bloat for all enterprise users within the domain)

Sprenger does not teach automatically initiating a remediation process for each of said enterprise users before said user reaches said excess user authentication token utilization condition.
However, McGlone teaches automatically initiating a remediation process for each of said enterprise users ([McGlone, pg. 4, ln. 1-11] a script for automatically removing the SID history of all users in the domain is disclosed; the script is initiated by piping Get-SIDHistory to Remove-SIDHistory so that the appropriate SID groups are removed) before said user reaches said excess user authentication token utilization condition ([Pg. 1, ln. 15-16] such a script is called in response to concerns that there are token size issues for users, in other words, before a user reaches a authentication token utilization condition)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Sprenger and McGlone for the same reasons as disclosed above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Callard et al. (US Pub. 2018/0183724) discloses providing an immediate notification/alert, when the max capacity of a token is predicted to be exceeded from a queue graph.  Messer et al. (US Pub. 2018/0213048) discloses transmitting immediate push notification when a total number of users exceeds a predetermined threshold, such as in a predicted excess token utilization condition.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                   

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493