DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are canceled.
Claims 21-40 are pending.
Response to Arguments
Applicant’s argument filed 06/08/2021 have been fully considered.
In response to double patenting, the double patenting rejection is still maintained. 
In response to 35 USC 103, Applicant argues that Chari fails to disclose “obtaining user data relating to a plurality of system users having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context”. Examiner respectfully disagree. Chari discloses “teaches providing names and identification numbers of a plurality of users [0029]. Providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029].  The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as secure computer, financial application, or storage area network [0026]. This shows providing user data for each user. That users that have access privilege are automatically have access to the content. Each log contains previous accessed resources for each of the plurality of users.
Applicant argues that Chari-Rykowski fail to disclose “updating, upon the number of system users in the subset exceeding the predetermined threshold, the ruleset to include criteria based on the identified combination of two or more user data properties”. Examiner respectfully disagree. Rykowski 
The same arguments are used for the dependent claims 22-28, 30-36, and 38-40 that depend on claims 21, 29, and 37. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 29, and 37 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 9, 17 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context and claim 21 of instant application is anticipated by patent claim 1.
16/852,557
	Patent 10673857
Claim 21: A computer-implemented method, comprising: obtaining user data relating to a plurality of system users having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context;
Claim 1: A computer-implemented method, comprising: obtaining user data relating to a plurality of system users, who have previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context;
identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users;
identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users;
determining whether a number of system users in the subset exceeds a predetermined threshold;
determining whether a number of system users in the subset exceeds a predetermined threshold;
and updating, upon the number of system users in the subset exceeding the predetermined threshold, the ruleset to include criteria based on the identified combination of two or more user data properties.
and updating, if the number of system users in the subset exceeds the predetermined threshold, the ruleset to include defining criteria based on the identified combination of two or more user data properties comprises defining a criterion for each user data property of the two or more user data properties, the criterion specifying a user data property and the common value in the subset.


Claims 22, 30, and 38 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2 and 10 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 23, 31, and 39 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 3 and 11respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 24, 32, and 40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 4 an d12 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 25 and 33 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 5 and 13 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 26 and 34 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 6 and 14 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 27 and 36 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 7 and 15 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claims 28 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 8 respectively of U.S. Patent No. 10673857. Although the claims at issue are not identical, they are not patentably distinct from each other because management of access rules for access control based on context.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 22, 25, 28, 29, 30, 33, 36, and 37 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari) in view of Rykowski et al. (US 20170032042 hereinafter Rykowski).
Re. claim 21, Chari discloses computer-implemented method, comprising: obtaining user data relating to a plurality of system users (Chari teaches providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (Chari teaches providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content); identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (Chari teaches a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]).
Although Chari disclose threshold and number of users, Chari does not explicitly disclose but Rykowski discloses determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); and updating, upon the number of system users in the subset exceeding the predetermined threshold, the ruleset to include criteria based on the identified combination of two or more user data properties (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Rykowski into the invention of Chari for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Re. claim 22, Chair-Rykowski teaches the method of claim 21, wherein each criterion of the ruleset specifies: the user data property, a value of the user data property, and a condition relating to the specified value that must be met, and the condition is selected from the group consisting of: equal to, 2less than, less than or equal to, greater than, greater than or equal to, and contains (Chari teaches a user -attribute relation is generated by mapping the users to attributes describing each of the users [0007]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]. A determination as to whether the level of complexity of the initial state of the role-based access control policy is greater than a predefined complexity threshold [0102]).  
Re. claim 25, Chair-Rykowski teaches the method of claim 21, wherein the updating starts in response to a determination that a condition for updating the ruleset for a context is met (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Rykowski into the invention of Chari for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Re. claim 28, Chair-Rykowski teaches the method of claim 21, wherein the user data for each system user comprises a user identifier and values of one or more properties relating to a profile of the user (Chari teaches Then, a role-based access control policy is generated that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles [0007]. names and identification numbers of a plurality of users [0029]).  
Re. claim 29, Chari teaches a computer hardware system, comprising: a processing unit configured to perform the following executable operations (Chari teaches Processor unit 204 serves to execute instructions  [0033]): obtaining user data relating to a plurality of system users (Chari teaches providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (Chari teaches providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content); identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (Chari teaches a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]).
Although Chari disclose threshold and number of users, Chari does not explicitly disclose but Rykowski discloses 4determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); and updating, upon the number of system users in the subset exceeding the predetermined threshold, the ruleset to include criteria based on the identified combination of two or more user data properties (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Rykowski into the invention of Chari for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Re. claim 30, rejection of claim 29 is included and claim 30 is rejected with the same rationale as applied in claim 22 above.
Re. claim 33, rejection of claim 29 is included and claim 33 is rejected with the same rationale as applied in claim 25 above.
Re. claim 36, rejection of claim 29 is included and claim 36 is rejected with the same rationale as applied in claim 28 above.
Re. claim 37, Chari teaches a computer program product, comprising: a computer readable storage medium having program instructions embodied therewith, the program instructions are executable by a computer hardware system (Chari teaches or more computer readable medium(s) having computer readable program code [0015]. Computer program code for carrying out operations [0019])to cause the computer hardware system to perform: obtaining user data relating to a plurality of system users (Chari teaches providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (Chari teaches providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content); identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (Chari teaches a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]). 
Although Chari disclose threshold and number of users, Chari does not explicitly disclose but Rykowski discloses  determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); and updating, upon the number of system users in the subset exceeding the predetermined threshold, the ruleset to include criteria based on the identified combination of two or more user data properties(Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Rykowski into the invention of Chari for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Re. claim 38, rejection of claim 37 is included and claim 38 is rejected with the same rationale as applied in claim 22 above.
Claims 23, 24, 31, 32, 39, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari), Rykowski et al. (US 20170032042 hereinafter Rykowski), Smith et al. (US 20150135258 hereinafter Smith) and in further view of Gosukonda (US 20180024972 hereinafter Gosukonda).
Re. claim 23, Chair-Rykowski teaches the method of claim 21, a system user granted access to the resource (Chari teaches providing names and identification numbers of a plurality of users [0029]) in the context without complying with the ruleset is identified based (Chari teaches providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content).
Chair-Rykowski do not explicitly disclose but Smith discloses wherein access by system users and to the resource in the context is monitored (Smith teaches request for accessing the resource may be communicated from resource requestor. Resource requestor collects and are monitors context data form the user, and/or more other users [0018]. Monitoring (Smith teaches User presence monitoring is collected prior to facilitating access to one or more access [0012]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Smith into the invention of Chari-Rykowski for the purpose of improving performance and security for lacking customization features and intelligence (Smith [0003]).
Chari-Rykowski-Smith do not explicitly disclose but Gosukonda discloses an identifier of the system user in a data record associated with user access overrides of the ruleset is stored in memory (Gosukonda the apparatus includes a processor and a memory storing code that is executable by the processor. The apparatus ascertains whether a text selection override policy is satisfied. The apparatus replaces application text selection rules with one-touch user-defined context-aware text selection rules for the determined text selection context in response to ascertaining that the text selection override policy is satisfied [0056]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gosukonda into the invention of Chari-Rykowski-Smith for the purpose of allowing users to decide whether to apply context-aware rules (Gosukonda [0049]).
Re. claim 24, Chari-Rykowski-Smith-Gosukonda teaches the method of claim 23, obtain the user data from at least one data source using the identifiers (Chari teaches another source of risk in an access control policy is that of mistakenly assigning users certain privileges [0080]).  
Although Chari-Rykowski-Smith discloses identifiers of a plurality of system users in data records, Chari-Rykowski-Smith do not explicitly disclose but Gosukonda discloses wherein the obtaining the user data includes: retrieving, from the memory, identifiers of a plurality of system users in data records associated with user access overrides of the ruleset (Gosukonda the apparatus includes a processor and a memory storing code that is executable by the processor. The apparatus ascertains whether a text selection override policy is satisfied. The apparatus replaces application text selection rules with one-touch user-defined context-aware text selection rules for the determined text selection context in response to ascertaining that the text selection override policy is satisfied [0056]. The one-touch user-defined context-aware text selection rules are selected from the group [0087]). 
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gosukonda into the invention of Chari-Rykowski-Smith for the purpose of allowing users to decide whether to apply context-aware rules (Gosukonda [0049]).
Re. claim 31, rejection of claim 29 is included and claim 21 is rejected with the same rationale as applied in claim 22 above.
Re. claim 32, rejection of claim 31 is included and claim 32 is rejected with the same rationale as applied in claim 23 above.
Re. claim 39, rejection of claim 37 is included and claim 39 is rejected with the same rationale as applied in claim 22 above.
Re. claim 40, rejection of claim 37 is included and claim 39 is rejected with the same rationale as applied in claim 23 above.
Claims 26 and 34 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari), Rykowski et al. (US 20170032042 hereinafter Rykowski), and in further view of Jacobs (US 20080109871).
Re. claim 26, Chair-Rykowski teaches the method of claim 25, wherein the condition is selected from the group consisting of: a predetermined number of system users have been granted access in the context without complying with the ruleset in a predetermined time interval (Chari teaches providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content). Measure of the system administrator's time required to maintain the role-based access control policy [0053]).
Chari-Rykowski do not explicitly disclose but Jacobs discloses a predetermined time interval has passed since a previous update (Jacobs teaches the updating may be performed on a set time period [0040]. To check for analysis databases at certain time periods. As part of the client updating process, the client may report to the enterprise network that a new update has been installed; the report information may include the install date, version number, version date, client identification, and the like. This may provide a method for the system administrator to verify that the client 414 are updated to the most recent versions of the analysis databases [0106]), and a user request to update the ruleset (Jacobs teaches the client 414 may receive or request analysis database updates from the policy update module 404 [0105]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Jacobsinto the invention of Chari-Rykowski for the purpose of keeping the policy facility updated, the computer may be prevented from accessing certain computer applications, but it should be able to access those application that the user needs (Jacobs [0065]).
Re. claim 34, rejection of claim 33 is included and claim 34 is rejected with the same rationale as applied in claim 26 above.

Claims 27 and 35 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari), Rykowski et al. (US 20170032042 hereinafter Rykowski), and in further view of Smith et al. (US 20150135258 hereinafter Smith) .
Re. claim 27, Chair-Rykowski teaches the method of claim 21, Chair-Rykowski do not explicitly disclose but Smith discloses wherein the user data for each system user is obtained from a plurality of data sources (Smith teaches resources, policies context-aware data, etc., may be physical distributed over network 230 using one or more data sources [0032]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Smith into the invention of Chari-Rykowski for the purpose of improving performance and security for lacking customization features and intelligence (Smith [0003]).
Re. claim 35, rejection of claim 29 is included and claim 35 is rejected with the same rationale as applied in claim 27 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Mankovskii (US 20160112397) discloses An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        
/TRONG H NGUYEN/Primary Examiner, Art Unit 2436