DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 5/18/2021, for application 16/143,781 has been entered.
This Office Action is in response to amendment filed 5/18/2021 for the application 16/143,781.
Claims 3 and 13 have been canceled.  Claims 1 and 11 have been amended.  Claims 1, 2, 4-7, 10-12, 14-17, and 20 have been examined and are pending.  Claims 1 and 11 are independent claims.  
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made Non-FINAL.


Response to Arguments
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 5/18/2021, with respect to the rejections of claims 1, 2, 4-7, 10-12, 14-17, and 20 have been fully considered but are not persuasive.
Applicant remarks as follows:  Claim 1 has been amended to provide clarification as to how a change in access privileges for at least one employee is identified. In particular, amended claim 1 recites “determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and identifying a difference in access privileges for at least one employee based on the comparing”.
Examiner respectfully notes that Szor discloses, in col. 3, lines 60-65 and col. 9, lines 47-58, determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; in col. 9, line 59, through col. 10, 3, comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and , in col. 3, lines 45-59, identifying a difference in access privileges for at least one employee based on the comparing.
Applicant argues as follows:  The cited references do not teach or suggest these features of amended claim 1. The Advisory Action and the Final Office Action cited paragraphs [0047] and [0060] of Prokupets as allegedly disclosing the feature of “identify a change in access privileges for at least one employee.  These cited portions of Prokupets provide generic description of detecting changes in user data and determining updated access privileges based on the detected changes in user data. However, Prokupets does not teach or suggest the specific mechanism provided in the present claims of identifying changes in access privileges. In particular, there is no discussion in Prokupets, or any of the other cited references, of determining a permissions list comprising mapping of 
Examiner respectfully notes that Prokupets, paragraph 0060, is cited for disclosing identify a change in access privileges for at least one employee of the organization based: “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18” at least suggests identifying a change in access privileges for at least one employee and where identifying a change in access privileges encompasses an event transaction.  The test for obviousness is what the combination of references cited by the Examiner teaches or suggests to one of ordinary skill in the art. See In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986).  Examiner respectfully notes that in the discussion in the advisory action filed 5/3/2021, paragraphs 0038 and 0047 were discussed and Dasgupta was discussed as disclosing an employee hierarchical structure.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claim 1, 2, 4-7, 11, 12, and 14-17, and 20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Prokupets (US20030023874), filed July 16, 2001, 
Regarding claim 1, Prokupets discloses a computing system, comprising:
a communications module communicable with an external network; a memory (Prokupets, paragraph 0021, “The security server 12 represents a network capable computer system, and memory storing central database 14 may be a hard disk drive, or a separate memory storage unit coupled to the security server 12.  The security server 12 is connected to facility protection systems 22 and information systems 18, via a network 20, in which systems 18 and 22, and security server 12, each have an interface (hardware and software) enabling network communication.”); and
a processor coupled to the communications module and the memory (Prokupets, paragraph 0034, “The security server 12 receives each of the event data packets at an event transaction processor 13 for determination of actions, if any, the system 10 will take, and, depending on the event received, sending action data packets automatically and in real-time to systems 18 and 22 to take appropriate action.”)  , the processor being configured to:
obtain, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first record of the organization (Prokupets, paragraph 0003, hierarchical rank encompasses administrator and user; paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., change in a first employee structure], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If so, the business rules for the affected data are looked up, such as in a table of the central database 14 (step 88a) and then the security server 12 check if it needs to be applied (step 88b).  Business rules represent when the action taken requires that data stored in the HR system's database [i.e., human resources database of an organization] be changed.  If no business rules are found, or if the business rules found require only that notification be provided, the no branch from step 88b is taken to step 90 to send an update transaction to the HR system to notify personnel in HR, such as in a log.  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”);
identify a change in access privileges for at least one employee of the organization based: (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., permissions data], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.”);
determine that the change in access privileges for the at least one employee requires approval from at least one authorized permissions management entity (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
receive, from the at least one authorized permissions management entity, an indication of approval for the change in access privileges  (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
in response to receiving the indication of approval, update a user permissions database associated with the protected resource to indicate the change in access privileges for the at least one employee (Prokupets, paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”);
(Prokupets, paragraph 0045, “Optionally, an information system 18 may use the information about the user provided by the security server 12 to assign access privileges in terms of which resources such user may access, or time of day or specific terminals or computers access is to be made available.  Such assigned privileges by the information system is stored in each respective information system and can be accessed and modified by the security server 12 via a query command in an action data packet with using SIDs or Login ID.”; paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”)).
Prokupets discloses a record but does not explicitly disclose , the first record indicating an employee hierarchical rank associated with each of one or more of the employees; configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
However, in an analogous art, Dasgupta discloses , the first record indicating an employee hierarchical rank associated with each of one or more of the employees (Dasgupta, paragraph 0029, “each organization has a specific hierarchical employee structure, roles and task assignments.  An "employee" is a person (such as, but not limited to, a worker, contractor, officer, agent, independent subcontractor, or other individual) in or connected to the organization who has a role and performs different tasks/activities based on his/her job description.  The "role" is a basis for establishing access control policies or a specific task competency for a user, including, but not limited to, a manager, supervisor, developer, or analyst.  Roles define which individuals are allowed to access specific resources for a specific purpose.”);
configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dasgupta with the system/method of Prokupets to include an employee structure; configure an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change.

One would have been motivated to provide users with the benefits of greater security and control over access to classified files and documents (Dasgupta: paragraph 0008).
determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and identifying a difference in access privileges for at least one employee based on the comparing.
However, in an analogous art, Szor discloses determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource (Szor, col. 3, lines 60-65, “The changes, if any, are evaluated and a determination is made whether the changes in the current privilege list are malicious changes, i.e., indicative of malicious code (operation 240).  If the changes are not determined to be malicious changes, the call to the set token function is released and allowed to complete (operation 242).”; col. 7, lines 45-58, “In one embodiment, the token handle and/or the characteristics of the token identified by the token handle returned in operation 220 is compared against a critical token characteristics list included in or accessible by malicious privilege change detection application 106.  In one embodiment, entries in the critical token characteristics list include characteristics of users, processes, and/or threads that require protection from privilege changes by malicious code.  In one embodiment, the entries in the critical token characteristics list are user-defined.  In other embodiments, the entries are defined by default, such as in accordance with a predetermined list provided by a computer security provider.  In yet other embodiments, the entries are defined by default and are user extensible.”; col. 9, lines 47-58, “Referring again to REFERENCE COPY check operation 236, alternatively, when the token handle identified in the call to the set token function corresponds to a reference copy identifier identifying a reference copy in the reference copy database ("YES"), a determination is made that a reference copy of the associated access token has been generated and saved in the reference copy database.  The current privilege set identified in the call to the set token function can be evaluated for malicious changes, such as those that remove the debug privilege from a computer security application.  From REFERENCE COPY check operation 236, processing transitions to a COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238.”);
comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees (Szor, col. 9, line 59, through col. 10, line 3, “In COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, the current privilege list identified in the call to the set token function is compared to the initial privilege list of the reference copy to determine any changes.  In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.  From COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, processing transitions to a MALICIOUS CHANGE(S) check operation 240.”); 
identifying a difference in access privileges for at least one employee based on the comparing (Szor, col. 3, lines 45-59, “In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Szor with the system/method of Prokupets and Dasgupta to include determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and identifying a difference in access privileges for at least one employee based on the comparing.
One would have been motivated to provide users with the benefits of detecting and preventing malicious changes to tokens (Szor: col. 1, lines 9-12).
Regarding claim 2, Prokupets, Dasgupta, and Szor disclose the computing device of claim 1.  Prokupets discloses wherein the processor is further configured to obtain a second indication of a change in the permissions data, and wherein the user permissions database is updated based on at least one of the first indication and the second indication (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired, causing an event transaction which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”).
Regarding claim 4, Prokupets, Dasgupta, and Szor disclose the computing device of claim 1.  Prokupets discloses wherein the processor is further configured to transmit, to the first client server, a request to receive the employee data (Prokupets, paragraph 0034, “An illustration of the process in system 10 for an event data packet transmitted from the access control system 22a to security server 12 is shown in FIG. 2, in which action data packets may be sent to each of the information systems 18 to cause actions to take place in such systems to protect information property, as shown in FIGS. 5A and 5B.”).
Regarding claim 5, Prokupets, Dasgupta, and Szor disclose the computing device of claim 1.  Dasgupta discloses wherein the permissions data comprises a mapping of employee statuses to corresponding access privileges for accessing the protected resource (Dasgupta, paragraph 0045, “FIG. 5 shows the role-activity mapping for the organization.  Some of the employees in same role can have some common activities.  From the raw data set it can be seen that A3[4] (patch analysis and apply patch) and A3[6] (push OS and DB patch to OS admin) have common employees.  For example, the employee who submits a patch request can also analyze the patch and apply it.  Hence, the intersection of E34 and E36 is non-empty, i.e., (E34.andgate.E36).noteq..PHI..  Detailed information regarding the number of common employees can be seen in FIG. 6.”). The rationale is the same as that of the claim from 
Regarding claim 6, Prokupets, Dasgupta, and Szor disclose the computing device of claim 1.  Dasgupta discloses wherein the processor is further configured to: receive, from a first user device, a request to access the protected resource; and determine that a user associated with the first user device has access privilege for accessing the protected resource (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”). The rationale is the same as that of the claim from which this claim depends.
Regarding claim 7, Prokupets, Dasgupta, and Szor disclose the computing device of claim 6.  Prokupets discloses wherein determining that the user associated with the first user device has access privilege comprises comparing a first employee identifier associated with the user against the user permissions database (Prokupets, paragraph 0038, “For example, user data stored in the central database may include information regarding the type of user (or employee type) as researcher, sales, contractor, or any other type that may characterize particular access privileges to areas of a building and type of information.  An access privileges lookup table in memory of the central database 14 associates user data, such as type of user and/or time periods/shifts, to one of different access privileges in the access control system 22a.”).

Regarding claim 11, Prokupets discloses a method for managing access privileges, comprising:
obtaining, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first record of the organization (Prokupets, paragraph 0003, hierarchical rank encompasses administrator and user; paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., change in a first employee structure], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If so, the business rules for the affected data are looked up, such as in a table of the central database 14 (step 88a) and then the security server 12 check if it needs to be applied (step 88b).  Business rules represent when the action taken requires that data stored in the HR system's database [i.e., human resources database of an organization] be changed.  If no business rules are found, or if the business rules found require only that notification be provided, the no branch from step 88b is taken to step 90 to send an update transaction to the HR system to notify personnel in HR, such as in a log.  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”);
identifying a change in access privileges for at least one employee of the organization based on: (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired [i.e., permissions data], causing an event transaction [i.e., indication identifying a change] which sends action data packets to information systems 18 to block the user's Login ID.”);
determining that the change in access privileges for the at least one employee requires approval from at least one authorized permissions management entity (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
receiving, from the at least one authorized permissions management entity, an indication of approval for the change in access privileges (Prokupets, paragraph 0039, “an administration system 30 in FIG. 1, representing a computer system, is provided in system 10 which can access the central database 14 in security server 12 to review and update information stored therein, such as update user data, security access privileges”);
in response to receiving the indication of approval, updating a user permissions database associated with the protected resource to indicate the change in access privileges for the at least one employee, the user permissions database indicating access privileges for employees of the organization that are authorized to access the protected resource(Prokupets, paragraph 0045, “Optionally, an information system 18 may use the information about the user provided by the security server 12 to assign access privileges in terms of which resources such user may access, or time of day or specific terminals or computers access is to be made available.  Such assigned privileges by the information system is stored in each respective information system and can be accessed and modified by the security server 12 via a query command in an action data packet with using SIDs or Login ID.”; paragraph 0056, “The security server 12 first reads a transaction from the list queued in the transaction table specifying the update (add, modify, or delete) in the user data maintained in the HR database (step 32), and maps the updated user data into records of one or more of the tables of the central database 14 (step 34).”)).
Prokupets discloses a record but does not explicitly disclose the first record indicating an employee hierarchical rank associated with each of one or more of the employees; configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
However, in an analogous art, Dasgupta discloses a hierarchical employee structure (Dasgupta, paragraph 0029, “each organization has a specific hierarchical employee structure, roles and task assignments.  An "employee" is a person (such as, but not limited to, a worker, contractor, officer, agent, independent subcontractor, or other individual) in or connected to the organization who has a role and performs different tasks/activities based on his/her job description.  The "role" is a basis for establishing access control policies or a specific task competency for a user, including, but not limited to, a manager, supervisor, developer, or analyst.  Roles define which individuals are allowed to access specific resources for a specific purpose.”);
configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dasgupta with the system/method of Prokupets to include an employee structure; configuring an account at the protected resource that is associated with the at least one authorized permissions management entity to present options for approving the change in access privileges.
 (Dasgupta: paragraph 0008).
Prokupets and Dasgupta do not explicitly disclose determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and identifying a difference in access privileges for at least one employee based on the comparing.
However, in an analogous art, Szor discloses determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource (Szor, col. 3, lines 60-65, “The changes, if any, are evaluated and a determination is made whether the changes in the current privilege list are malicious changes, i.e., indicative of malicious code (operation 240).  If the changes are not determined to be malicious changes, the call to the set token function is released and allowed to complete (operation 242).”; col. 7, lines 45-58, “In one embodiment, the token handle and/or the characteristics of the token identified by the token handle returned in operation 220 is compared against a critical token characteristics list included in or accessible by malicious privilege change detection application 106.  In one embodiment, entries in the critical token characteristics list include characteristics of users, processes, and/or threads that require protection from privilege changes by malicious code.  In one embodiment, the entries in the critical token characteristics list are user-defined.  In other embodiments, the entries are defined by default, such as in accordance with a predetermined list provided by a computer security provider.  In yet other embodiments, the entries are defined by default and are user extensible.”; col. 9, lines 47-58, “Referring again to REFERENCE COPY check operation 236, alternatively, when the token handle identified in the call to the set token function corresponds to a reference copy identifier identifying a reference copy in the reference copy database ("YES"), a determination is made that a reference copy of the associated access token has been generated and saved in the reference copy database.  The current privilege set identified in the call to the set token function can be evaluated for malicious changes, such as those that remove the debug privilege from a computer security application.  From REFERENCE COPY check operation 236, processing transitions to a COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238.”);
comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees (Szor, col. 9, line 59, through col. 10, line 3, “In COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, the current privilege list identified in the call to the set token function is compared to the initial privilege list of the reference copy to determine any changes.  In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.  From COMPARE CURRENT PRIVILEGE LIST TO INITIAL PRIVILEGE LIST operation 238, processing transitions to a MALICIOUS CHANGE(S) check operation 240.”); 
identifying a difference in access privileges for at least one employee based on the comparing (Szor, col. 3, lines 45-59, “In particular, in one embodiment, each privilege setting identified in the current privilege list is compared to a corresponding privilege setting identified in the initial privilege list to determine if there are any changes, e.g., different settings.”).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Szor with the system/method of Prokupets and Dasgupta to include determining a first permissions list including a mapping of employee identifiers to access privileges for accessing the protected resource; comparing the first permissions list with a second permissions list that indicates previously approved access privileges for the one or more employees; and identifying a difference in access privileges for at least one employee based on the comparing.
One would have been motivated to provide users with the benefits of detecting and preventing malicious changes to tokens (Szor: col. 1, lines 9-12).
Regarding claim 12, Prokupets, Dasgupta, and Szor disclose the method of claim 11.  Prokupets discloses further comprising obtaining a second indication of a change in the permissions data, and wherein the user permissions database is updated based on at least one of the first indication and the second indication (Prokupets, paragraph 0060, “The actions taken by the information systems 18 to protect networks and data resources sometimes needs to be made aware to HR personnel, such that they are aware of any changes in the status of the users and access privileges in the information system 18, or if needed, take appropriate corrective action.  For example, a badge used by a user to access areas controlled by the access control system may have expired, causing an event transaction which sends action data packets to information systems 18 to block the user's Login ID.  The security server 12 can check a list of such actions requiring HR notification stored in central database 14 to determine if the action affects HR (step 84).  If the business rules need to be applied at step 88b, the business rules are applied for the HR system to send an update transaction that both provides notification and updates the appropriate record in the HR database for the user affected at step 90.  The HR database 26 sends a message to the security server 12 if the HR database was successfully updated.  If so, the transaction is logged in the transaction log of the central database 14 (step 96)”).
Regarding claim 14, Prokupets, Dasgupta, and Szor disclose the method of claim 11. Prokupets discloses further comprising transmitting, to the first client server, a request to receive the employee data (Prokupets, paragraph 0034, “An illustration of the process in system 10 for an event data packet transmitted from the access control system 22a to security server 12 is shown in FIG. 2, in which action data packets may be sent to each of the information systems 18 to cause actions to take place in such systems to protect information property, as shown in FIGS. 5A and 5B.”).
Regarding claim 15, Prokupets, Dasgupta, and Szor disclose the method of claim 11.  Dasgupta discloses wherein the permissions data comprises a mapping of employee statuses to corresponding access privileges for accessing the protected resource (Dasgupta, paragraph 0045, “FIG. 5 shows the role-activity mapping for the organization.  Some of the employees in same role can have some common activities.  From the raw data set it can be seen that A3[4] (patch analysis and apply patch) and A3[6] (push OS and DB patch to OS admin) have common employees.  For example, the employee who submits a patch request can also analyze the patch and apply it.  Hence, the intersection of E34 and E36 is non-empty, i.e., (E34.andgate.E36).noteq..PHI..  Detailed information regarding the number of common employees can be seen in FIG. 6.”).  The rationale is the same as that of the claim from which this claim depends.
Regarding claim 16, Prokupets, Dasgupta, and Szor disclose the method of claim 11.  Dasgupta discloses further comprising: receiving, from a first user device, a request to access the protected resource; and determining that a user associated with the first user device has access privilege for accessing the protected resource (Dasgupta, paragraph 0028, “When a user 10 requests access to a particular classified document 30 (Steps 1, 2), the organization's access control 20 checks the user's access rights according to the organization's access right policy.  Then based on the shared trust policy (Step 3), it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).”).    The rationale is the same as that of the claim from which this claim depends.
Regarding claim 17, Prokupets, Dasgupta, and Szor disclose the method of claim 16.  Prokupets discloses wherein determining that the user associated with the first user device has access privilege comprises comparing a first employee identifier associated with the user against the user permissions database (Prokupets, paragraph 0038, “For example, user data stored in the central database may include information regarding the type of user (or employee type) as researcher, sales, contractor, or any other type that may characterize particular access privileges to areas of a building and type of information.  An access privileges lookup table in memory of the central database 14 associates user data, such as type of user and/or time periods/shifts, to one of different access privileges in the access control system 22a.”).
Claim 10 and 20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Prokupets (US20030023874), filed July 16, 2001, in view of Dasgupta (US20190312881), filed on April 10, 2018, and Szor (US7665139), filed December 16, 2005, and further in view of Tian (US20090177741), filed March 13, 2009.
Regarding claim 10, Prokupets, Dasgupta, and Szor disclose the computing device of claim 8.  Dasgupta discloses wherein the processor is further configured to transmit the generated request as a message to the at least one authorized permissions management entity (Dasgupta, paragraph 0074, “When a user requests such an access, the approver component gets activated, selects a set of users from the organization (based on the organization structure and role of the user) who are eligible and available to give permission to this access request.  The approver component is to prevent data abuse by privileged users and also help in auditing sensitive record-storing systems.”; paragraph 0028, “it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).  When all of the selected approvers 50 grant the request (Step 5), the requesting user 10 obtains access to the classified document (Step 6)”.).  The rationale is the same as that of the claim from which this claim depends.
Prokupets and Dasgupta do not explicitly disclose wherein the processor is further configured to transmit, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.
However, in an analogous art, Tian discloses wherein the processor is further configured to transmit, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges (Tian, paragraph 0052, “Step 601: A user A (i.e., the service user terminal) transmits a registration request message to the authorization management server so as to request to register a user B (i.e., the service subscription authorizer terminal) as an authoring user of the user A, or to modify the authorization permission of the user B with respect to user A.”; paragraph 0059, “Step 701: The user B transmits a message to the authorization management server to request to be the service subscription authorizer terminal of the user A (i.e., the service user terminal).  Alternatively, the user B requests the authorization management server to modify its service subscription management permission over the user A, such as, which services the user A may subscribe to freely, which services the user A may not subscribe to, and which services the user A may subscribe to only with the permission of the user B. The message may include the user ID of at least one of the user A or B, as well as information about the authorized permission.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Tian with the system/method/ computing device of Prokupets and Dasgupta to include wherein the processor is further configured to transmit, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.

One would have been motivated to provide users with the benefits of subscribing to a service (Tian: paragraph 0001).
Regarding claim 20, Prokupets, Dasgupta, and Szor disclose the method of claim (Dasgupta, paragraph 0074, “When a user requests such an access, the approver component gets activated, selects a set of users from the organization (based on the organization structure and role of the user) who are eligible and available to give permission to this access request.  The approver component is to prevent data abuse by privileged users and also help in auditing sensitive record-storing systems.”; paragraph 0028, “it will choose a set of users 40 from the organization (based on the organization structure and the role of the user) who are available at that instance of time to act as approvers (User A and User B, and possibly more), notifying them to approve the request (Step 4).  When all of the selected approvers 50 grant the request (Step 5), the requesting user 10 obtains access to the classified document (Step 6)”.).  The rationale is the same as that of the claim from which this claim depends.
Prokupets and Dasgupta do not explicitly disclose further comprising transmitting, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.
However, in an analogous art, Tian discloses further comprising transmitting, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges (Tian, paragraph 0052, “Step 601: A user A (i.e., the service user terminal) transmits a registration request message to the authorization management server so as to request to register a user B (i.e., the service subscription authorizer terminal) as an authoring user of the user A, or to modify the authorization permission of the user B with respect to user A.”; paragraph 0059, “Step 701: The user B transmits a message to the authorization management server to request to be the service subscription authorizer terminal of the user A (i.e., the service user terminal).  Alternatively, the user B requests the authorization management server to modify its service subscription management permission over the user A, such as, which services the user A may subscribe to freely, which services the user A may not subscribe to, and which services the user A may subscribe to only with the permission of the user B. The message may include the user ID of at least one of the user A or B, as well as information about the authorized permission.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Tian with the system/method/ computing device of Prokupets and Dasgupta to include further comprising transmitting, to the at least one authorized permissions management entity, a message requesting to obtain approval for the change in access privileges.

One would have been motivated to provide users with the benefits of subscribing to a service (Tian: paragraph 0001).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/W.J.M/Examiner, Art Unit 2439        
       

/JAHANGIR KABIR/Primary Examiner, Art Unit 2439