Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 04/30/2021; claims 1-6 and 8-20 have been amended; and claims 1, 9, and 15 are independent claims.  Claims 1-20 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 04/30/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: Taneja and Baikalov do not explicitly disclose selecting, using at least one processing device, at least one of the plurality of attributes as a cluster attribute, wherein said selecting comprises filtering the plurality of attributes using one or more predefined information content rules applied on the enterprise entitlement data; clustering the plurality of enterprise users into a plurality of clusters, wherein each cluster corresponds to a different value of the cluster attribute; determining, using the at least one processing device, a probability of a user application entitlement for the one or more user application entitlements based on (i) a number of the plurality of enterprise users in each of the plurality of clusters and (ii) a number of the plurality of enterprise users for a plurality of pairs, each pair corresponding to a given one of the clusters and a value of the one or more user application entitlements; and identifying, using the at least one processing device, one or more anomalies in the enterprise entitlement data based on the probability of the user application entitlement for at least one user application entitlement and at least one predefined anomaly threshold: and triggering, for at least one of the identified one or more anomalies, at least one of: (i) an automated alert and (ii) an automated response describing a context of the at least one identified anomaly”(Applicant Remarks/Arguments, pages 9-11).
         The Examiner disagrees with the Applicants. The Examiner respectfully submits that the combination of Taneja and Baikalov does disclose some portions of the aforementioned limitations as the following:
Taneja discloses collecting enterprise reference data indicating plurality of attributes for a plurality of enterprise users and one or more user application entitlements indicating one or more user application entitlements (See Abstract, pars. 0024-0025).
Baikalov teaches wherein selecting, using at least one processing device, at least one of the plurality of attributes as a cluster attribute, wherein said selecting comprises filtering the plurality of attributes using one or more predefined information content rules applied on the enterprise entitlement data (Baikalov: abstract, A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained; pars. 0088-0089, … select one of the attributes from the set of attributes (block 808) and identify the particular attribute value of the attribute for the selected user (block 810) ... ; par. 0102). Baikalov discloses a set of attributes associates with user which is known as plurality of attribute as a cluster attribute.  Baikalov further discloses select one of the attributes from the set of attributes and identify the particular attribute value of the attribute for the selected user [i.e. selecting based on information content rules].
determining, using the at least one processing device, a probability of a user application entitlement for the one or more user application entitlements based on (i) a number of the plurality of enterprise users in each of the plurality of clusters (Baikalov: abstract, A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained.  The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement.  The entitlement probability value may be used to determine whether to include the entitlement in an access review; fig. 8, step 812, par. 0089,… the particular value for a location attribute associated with a user may be "North America." The entitlement prediction system may then determine the total number of users that also have the particular attribute value for the selected attribute (block 812), e.g., the total number of users where the value of their respective location attributes is "North America."… ). Baikalov discloses that a set of attributes associated with the user may be selected, and an entitlement probability value [i.e. a probability of a user application entitlement] and may be obtained; and the entitlement prediction system may then determine the total number of users that also have the particular attribute value for the selected attribute [i.e. a number of the plurality of enterprise user in each of the plurality of clusters].
(Baikalov: fig. 8,  par. 0089, …the entitlement prediction system may then determine the total number of users having the particular attribute value for the selected attribute and have the selected entitlement (block 814), e.g., the total number of users having the "North America" location attribute value along with the entitlement…).  Baikalov discloses that total number of users [i.e. plurality of enterprise users] having the "North America" [i.e. name of cluster] location attribute value along with the entitlement [i.e. value of user entitlement]). 
identifying, using the at least one processing device, one or more anomalies in the enterprise entitlement data based on the probability of the user application entitlement for at least one user application entitlement and at least one predefined anomaly threshold (Baikalov: fig. 9, par. 0092, compare the entitlement probability value to a probability threshold (block 904). The entitlement prediction system may then determine whether the entitlement probability value is above or below the probability threshold (block 906).  If the entitlement probability value is above the probability threshold (block 906: ABOVE), then the entitlement prediction system may cause the entitlement associated with the entitlement probability value to be excluded from a manual access review of the user (block 908)). Baikalov further discloses that the entitlement prediction system may then determine whether the entitlement probability value is above or below the probability threshold [i.e. anomalies based on the probability] and the probability threshold is known as a predefined anomaly threshold.  

Regarding to Applicant’s arguments to the amended limitations clustering the plurality of enterprise users into a plurality of clusters, wherein each cluster corresponds to a different value of the cluster attribute and triggering, for at least one of the identified one or more anomalies, at least one of: (i) an automated alert and (ii) an automated response describing a context of the at least one identified anomaly have been fully considered but are moot in view of the new ground(s) of rejection.
There is argument for claims 15-20 relating to computer program product. The 35 U.S.C. § 101 rejection of claims 15-20 is maintained for the following reasons:
 Regarding claims 15-20; As the claimed computer program product is not stored on any non-transitory computer executable storage media or hardware embodiment, the claims are directed to non-statutory subject matter.  The claims are directed to a computer per se because the claimed “computer program product” is not stored on any non-transitory computer-readable storage medium. See Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. The claim also recites "a tangible machine-readable computer storage medium;" The specification does not explicitly define as to what type of computer readable storage medium is claimed. At most, on page 9, line 29 to page 10, line 3 and on page 13, lines 14-16, lines 18-19 of original the specification provide some examples regarding different kinds of computer readable medium (i.e. ROM, RAM, or other electronic etc.)); the specification does not limit the claimed medium to only hardware embodiments (i.e. the specification does not exclude propagate and transmission signals from the claimed computer readable medium). Broadly interpreted, a “computer storage medium” can be any means that include propagate and transmission signals, which are non-eligible subject matter under 35 U.S.C. 101. Therefore, the claims are directed to non-statutory subject matter. The Examiner respectfully suggest that the claims be amended to either "A computer program product stored on a non-transitory computer readable storage medium" or "A computer program product stored on a computer readable storage device" to make the claim statutory under 35 U.S.C. 101 (emphasis added).


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 15-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claims 15-20; claims 15-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. The claims are directed to a computer per se because the claimed “computer program product” is not stored on any non-transitory computer-readable storage medium. See Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. The claim also recites "a tangible machine-readable computer storage medium;" The specification does not explicitly define as to what type of computer readable storage medium is claimed. At most, on page 9, line 29 to page 10, line 3 and on page 13, lines 14-16, lines 18-19 of original the specification provide some examples regarding different kinds of computer readable medium (i.e. ROM, RAM, or other electronic etc.)); the specification does not limit the claimed medium to only hardware embodiments (i.e. the specification does not exclude propagate and transmission signals from the claimed computer readable medium). Broadly interpreted, a “computer storage medium” can be any means that include propagate and transmission signals, which are non-eligible subject matter under 35 U.S.C. 101 (See MPEP 2106 (II)). Therefore, the claims are directed to non-statutory subject matter. The Examiner respectfully suggest that the claims be amended to either "A computer program product stored on a non-transitory computer readable storage medium" or "A computer program product stored on a computer readable storage device" to make the claim statutory under 35 U.S.C. 101 (emphasis added).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.
Claims 1, 6, 9, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013).
Regarding claim 1, Taneja teaches a method, comprising:
 obtaining enterprise reference data indicating a plurality of attributes for a plurality of enterprise users (Taneja : par. 0024, collect identity data from all (or some subset of) user repositories in the enterprise);
obtaining enterprise entitlement data indicating one or more user application entitlements for the plurality of enterprise users (Taneja: par. 0025, collect entitlement data for each application.); 
Taneja does not explicitly disclose selecting, using at least one processing device, at least one of the plurality of attributes as a cluster attribute, wherein said selecting 
However, in an analogous art, Baikalov teaches wherein selecting, using at least one processing device, at least one of the plurality of attributes as a cluster attribute, wherein said selecting comprises filtering the plurality of attributes using one or more predefined information content rules applied on the enterprise entitlement data (Baikalov: abstract, A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained; pars. 0088-0089, … select one of the attributes from the set of attributes (block 808) and identify the particular attribute value of the attribute for the selected user (block 810) ... );
(Baikalov: abstract, A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained.  The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement.  The entitlement probability value may be used to determine whether to include the entitlement in an access review; fig. 8, step 812, par. 0089 … the particular value for a location attribute associated with a user may be "North America." The entitlement prediction system may then determine the total number of users that also have the particular attribute value for the selected attribute (block 812), e.g., the total number of users where the value of their respective location attributes is "North America." … ) and (ii) a number of the plurality of enterprise users for a plurality of pairs, each pair corresponding to a given one of the clusters and a value of the one or more user application entitlements (Baikalov: fig. 8, par. 0089, …the entitlement prediction system may then determine the total number of users having the particular attribute value for the selected attribute and have the selected entitlement (block 814), e.g., the total number of users having the "North America" location attribute value along with the entitlement…); 
 identifying, using the at least one processing device, one or more anomalies in the enterprise entitlement data based on the probability of the user application entitlement for at least one user application entitlement and at least one predefined anomaly threshold (Baikalov: fig. 9, par. 0092, compare the entitlement probability value to a probability threshold (block 904). The entitlement prediction system may then determine whether the entitlement probability value is above or below the probability threshold (block 906).  If the entitlement probability value is above the probability threshold (block 906: ABOVE), then the entitlement prediction system may cause the entitlement associated with the entitlement probability value to be excluded from a manual access review of the user (block 908)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Baikalov with the method and system of Taneja, wherein selecting, using at least one processing device, at least one of the plurality of attributes as a cluster attribute using one or more predefined information content rules applied on the enterprise entitlement data; determining, using the at least one processing device, a probability of a user application entitlement for the one or more user application entitlements based on (i) a number of the plurality of enterprise users in each of the plurality of clusters and (ii) a number of the plurality of enterprise users for a plurality of pairs, each pair corresponding to a given one of the clusters and a value of the one or more user application entitlements; identifying, using the at least one processing device, one or more anomalies in the enterprise entitlement data based on the probability of the user application entitlement for at least one user application entitlement and at least one predefined anomaly threshold to provide users with a means for allowing managers of an enterprise to focus the entitlements requiring manual review to reduce a number of entitlements requiring review by a manager, thus reducing access risk to the enterprise and hence improving ability of the manager to accurately conduct the access review and accuracy of manual reviews conducted by the mangers during access reviews (Baikalov: par. 0005, 0007, 0025).

However, in an analogous art, Ganesh teaches social network analysis of file access information, wherein clustering the plurality of enterprise users into a plurality of clusters, wherein each cluster corresponds to a different value of the cluster attribute (Ganesh: Col. 4, lines 53-59; Col. 10, lines 16-49; Examples of user attributes may include, but are not limited to, the name of the user, job title of the user, the organization to which the user belongs (e.g., engineering, marketing, etc.), the office location of the user, etc. As such, if most of the users in a cluster are part of the same organization (e.g., engineering), then the files that the users in the cluster are accessing may also be considered engineering related files…).
triggering, for at least one of the identified one or more anomalies, at least one of: (i) an automated alert and (ii) an automated response describing a context of the at least one identified anomaly (Ganesh: Col. 3, lines 8-14; Col. 9, lines 24-29; Col. 10, lines 50-60,   In some embodiments, identifying collaborative activity with multiple users accessing certain files or folders may be identified as anomalous or unauthorized file access activity.  For example, certain folders (e.g., a home directory or home folder) may be intended to only be accessible by a single user.  However, if the collaboration information identifies that two users have accessed the same home folder, then such activity may be identified as anomalous or unauthorized behavior.  An alert may be issued to a network administrator to address the file permissions for the user with the anomalous behavior).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ganesh with the method and system of Taneja and Baikakov, wherein clustering the plurality of enterprise users into a plurality of clusters, wherein each cluster corresponds to a different value of the cluster attribute; and triggering, for at least one of the identified one or more anomalies, at least one of: (i) an automated alert and (ii) an automated response describing a context of the at least one identified anomaly to provide users with a means for determining optimal provisioning of file access permissions to users, thus preventing over-exposure of files or restrictive file access permissions causing operational difficulties to users of the network file system, performing bottom-up role mining =process by using a clustered graph to identify the user roles based on current file access behavior of users of the network file system and to reassign a user attribute based on the clustered graph (Ganesh: abstract; Col. 3, lines 10-14; Col. 10, lines 37-40).
Regarding claim 6, the combination of Taneja, Baikalov, and Ganesh teaches the method of claim 1. The combination of Taneja, Baikalov, and Ganesh further discloses wherein the probability for a given user application entitlement is the number of users for each pair of the clusters (Baikalov: pars. 0090, 0102, calculate an entitlement probability value for the selected entitlement based on weighted partial probabilities for the attributes in the set of attributes (block 822)), and the given user application entitlement divided by the number of unique users for each of the clusters (Baikalov: pars. 0072-0073, 0090; Ganesh: Col. 3, lines 8-14; Col. 9, lines 24-29; Col. 10, lines 50-60)
Regarding claim 9, claim 9 is directed to a system, comprising: a memory (Baikalov: fig. 1, par. 0032); and at least one processing device (Baikalov: fig. 1, par. 0032), coupled to the memory associated with the method claimed in claim 1; claim 9 is similar in scope to claim 1, and is therefore rejected under similar rationale. 
Regarding claim 15, claim 15 is directed to a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs (Baikalov: par. 0008), wherein the one or more software programs when executed by at least one processing device associated with the method claimed in claim 1; claim 15 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Claims 2, 10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Chari et a. (“Chari-377,” US 2015/0082377, published Mar. 19, 2015).
Regarding claim 2, the combination of Taneja, Baikalov, and Ganesh teaches the method of claim 1.  Baikalov further discloses wherein the one or more predefined information content rules but does not explicitly disclose comprising an entropy test that removes a given attribute, from the plurality of attributes, below a predefined entropy value. 
However, in an analogous art, Chari-377 teaches wherein comprising an entropy test that removes a given attribute, from the plurality of attributes, below a predefined (Chari: claim 8, identifying attributes further comprises removing any attributes with entropy reduction below a given value and any operational attributes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Chari-377 with the method and system of Taneja, Baikalov, and Ganesh wherein the one or more predefined information content rules but does not explicitly disclose comprising an entropy test that removes a given attribute, from the plurality of attributes, below a predefined entropy value to provide users with a means for performing noise removal from the identified attributes of the existing authorization system, and generating the ABAC policy from the remaining identified attributes to derive the logical rules that grant or deny access such that the policy is automatically defined by assisting with past and future provisioning, thus ensuring that errors are identified without requiring a migration to the ABAC policy (Chari-377: pars. 0006-0007).
Regarding claim 10, claim 10 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Claims 3, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Valensi et al. (“Valensi.
Regarding claim 3, the combination of Taneja, Baikalov, and Ganesh teaches the method of claim 1. Baikalov further discloses wherein the one or more predefined information content rules but does not explicitly disclose comprising a unique values test that removes a given attribute, from the plurality of attribute, that is one or more of below a predefined cardinality value and having a relative cardinality value above a predefined threshold. 
However, in an analogous art, Valensi teaches wherein comprising a unique values test that removes a given attribute one or more of below a predefined cardinality value and having a relative cardinality value above a predefined threshold (Valensi: Col. 12, lines 12-19; processor removes columns with cardinality below a predefined cardinal threshold; remove columns that have non-empty values be low a predefined threshold …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Valensi with the method and system of Taneja, Baikalov, and Ganesh, wherein the one or more predefined information content rules comprise a unique values test that removes a given attribute , from the plurality of attribute, that is one or more of below a predefined cardinality value and having a relative cardinality value above a predefined threshold to provide users with means for an efficient and/or optimized attribute analysis system that processes multiple, large disparate data recourses (Valensi: Col. 8, lines 43-45).
Regarding claim 11, claim 11 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 3, and is therefore rejected under similar rationale.

Claims 4, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Manning et al. (“Manning,” US 2019/0149854, published Nov. 13, 2017).
Regarding claim 4, the combination of Taneja, Baikalov, and Ganesh teaches the he method of claim 1.  Baikalov further teaches wherein the one or more predefined information content rules but does not explicitly comprising a distribution test that removes a given attribute, from the plurality of attributes, having one or more of a percent of users in each element of the given attribute above a predefined value and having a number of users in each element of the given attribute below a predefined value. 
However, in an analogous art, Manning teaches wherein comprising a distribution test that removes a given attribute having one or more of a percent of users in each element of the given attribute above a predefined value and having a number of users in each element of the given attribute below a predefined value (Manning: par. 0038, The threshold may be pre-defined for each attribute or sets of attributes, or may be a static percentage of all users that fall within a given set of attributes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Manning with the method and system of Taneja, Baikalov, and Ganesh, a distribution test that removes a given attribute , from the plurality of attributes, having one or more of a percent of users in each element of the given attribute above a predefined value and having a number of users in each element of the given attribute below a predefined value to provide users with a (Manning: abstract, par. 0049).
Regarding claim 12, claim 12 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Claims 5, 13, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Convertino et al. (“Convertino,” US 2017/0185668, published Jun. 29, 2017), and Salkola (“Salkola,” US 10,803,050, filed Jul. 27, 2018), and Wang et al. (“Wang,” US 2016/0112973, published Apr. 21, 2016).
Regarding claim 5, the combination of Taneja, Baikalov, and Ganesh teaches the he method of claim 1. Baikalov further teaches wherein the one or more predefined information content rules but does not explicitly disclose comprising a cross correlation test that determines a cross correlation for a pair of attributes and removes a given attribute, from the plurality of attributes, having a lower cardinality from the pair of attributes when the cross correlation for the pair of attributes is above a predefined correlation threshold. 
(Convertino: par. 0047; Pearson correlation is applied to the data in the pair of columns).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Convertino with the method and system of Taneja, Baikalov, and Ganesh, wherein a cross correlation test that determines a cross correlation for a pair of attributes to provide users with means for the identification of the columns does not need to be performed through a selection by a user and is performed automatically (Convertino: abstract, par. 0039).
Convertino does not explicitly disclose removes a given attribute having a lower cardinality from the pair of attributes when the cross correlation for the pair of attributes is above a predefined correlation threshold.
However, in an analogous art, Salkola teaches wherein removing a given attribute having a lower cardinality from the pair of attribute (Salkola: Col. 12, lines 12-19; remove, if a computed confidence probability for each unique attribute-value pair in the plurality of records is less than a threshold probability, the attribute-value pair from each of the plurality of records…).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Salkola with the method and system of Taneja, Baikalov, Ganesh, and Convertino, wherein removing a given attribute having a lower cardinality from the pair of attribute to provide users with means for accurately resolving the entities associated with the user input in a personalized (Salkola: Col. 4, lines 30-37).
Salkola discloses removing a given attribute having a lower cardinality from the pair of attribute but does not explicitly disclose condition “when the cross correlation for the pair of attributes is above a predefined correlation threshold.”
 However, in an analogous art, Wang teaches wherein removing the sequence pairs when cross-correlation characteristic Pu1u2 greater than the threshold (Wang: par. 0028, removing the sequence pairs with computed time domain cross-correlation characteristic Pu1u2 greater than the threshold).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Wang with the method and system of Taneja, Baikalov, Ganesh, Convertino, and Salkola wherein when the cross correlation for the pair of attributes is above a predefined correlation threshold to provide users with means for expanding a standard Zadoff-Chu sequence.  Multiple candidate sequences of an initial candidate primary synchronization sequence set are obtained.  Performance and complexity of a main synchronization sequence are determined from the initial candidate primary synchronization sequence set (Wang: abstract). 
Regarding claim 13, claim 13 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Regarding claim 19.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Ezen Can et al. (“Ezen Can,” US 2019/0370696, filed Jun. 3, 2018).
Regarding claim 7, the combination of Taneja, Baikalov, and Ganesh teaches the method of claim 1.  The combination of the combination of Taneja, Baikalov, and Ganesh discloses the one or more of the predefined information content rules and the at least one predefined anomaly threshold as recited above but does not explicitly disclose updating the at least one predefined anomaly threshold based on user feedback. 
However, in an analogous art, Ezen Can teaches wherein updating about the real-world findings or evidence to propagate machine learning and based on user feedback (Ezen Can; par. 00298, The active learning phase may include receiving dynamic feedback from a user (e.g., SME or doctor) about the real-world findings or evidence to propagate machine learning with ground truth as each user provides feedback).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ezen Can with the method and system of Taneja, Baikalov, and Ganesh, wherein updating one or more of the predefined information content rules and the at least one predefined anomaly threshold based on user feedback to provide users with a means for creating an active learning framework that may be used to generate ground truth for disambiguating concepts.  The active learning phase may include receiving dynamic feedback from a user (e.g., SME or (Ezan Can: par. 0027).
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Taneja et al. (“Taneja,” US 20080052102, published Feb. 28, 2008) in view of Baikalov et al. (“Baikalov” US 20150067889, published Mar. 5, 2015), further in view of Ganesh et al. (“Ganesh,” US 10,296,520, filed, Dec. 16, 2013), and Chari et al (“Chari-695,” US 2014/0359695, published Dec. 4, 2014).
Regarding claim 8, the combination of the combination of Taneja, Baikalov, and Ganesh teaches the method of claim 1. The combination of Taneja, Baikalov, and Ganesh discloses wherein the one or more anomalies in the enterprise entitlement data but does not explicitly disclose comprising one or more of an abnormal user application entitlement as recited above disclose that is  improperly present for at least one within a same one of the plurality of the cluster that is  absent for other peers in the same one of the plurality clusters and a missing user application entitlement that is present for other peers in the same one of the plurality clusters and should be granted to another user of the same one of the plurality clusters.
However, in an analogous art, Chari-695 teaches wherein one or more of an abnormal user application entitlement as recited above disclose that is  improperly present for at least one within a same one of the plurality of the cluster (Chari-695: par. 0084, These processes take a set of users and their attributes, where some users are granted the entitlement, and some users are not, and produce a model of the users who are assigned the entitlement) that is  absent for other peers in the same one of the plurality clusters and a  (Chari-695: par. 0084, These processes take a set of users and their attributes, where some users are granted the entitlement, and some users are not, and produce a model of the users who are assigned the entitlement).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Chari-695 with the method and system of Taneja, Baikalov, and Ganesh wherein one or more of an abnormal user application entitlement as recited above disclose that is  improperly present for at least one within a same one of the plurality of the cluster that is  absent for other peers in the same one of the plurality clusters and a missing user application entitlement that is present for other peers in the same one of the plurality clusters and should be granted to another user of the same one of the plurality clusters to provide users with a means for correlating logs detailing resource access with access control security policies to ensure continued compliance of policy with high level security objectives, optimizations of security policy based on permission usage and the reduction of risk (Chari-695: par. 0007).
Regarding claim 14, claim 14 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 20, claim 20 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information 

/Canh Le/
Examiner, Art Unit 2439



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439