DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 4-6, 8-14, and 16-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Saxena et al. (US 2020/0120138 A1, hereinafter refers as Sanders).

Regarding claim 1, Saxena discloses an access control system comprising:
a processor (para. 7);
a log data parser configured to cause the processor to receive log data observations in a
cloud system and extract user-permission data from the log data observations, wherein the log data observations include one or more user actions in the cloud system (para. 178, para. 213, AWS to extract user’s privilege data from the database in the cloud system, and the data includes user’s actions);
a clustering unit configured to cause the processor to use the user-permission data to
generate one or more clusters (Fig. 5A, el. 550, para. 212-213); and
a policy generator configured to cause the processor to generate an access control policy by associating each cluster to one or more users and assigning permissions to each cluster (Fig. 5A-5B, para. 212-215).

Regarding claim 2, Saxena discloses a vectorizer configured to convert the user-permission data to one or more vectors (para. 256).

Regarding claim 4, Saxena discloses wherein: the clustering unit is further configured to generate one or more outliers, each outlier is associated with a user (para. 133, Fig. 5A-5B); and
the policy generator is further configured to assign permissions to each of the outliers by:
determining privileges used by the user associated with the outlier; and assigning the privileges to the outlier (para. 178, para. 213-216).

Regarding claim 5, Saxena discloses configured to: receive, from a user device associated with a user, a request to access a service in the cloud system; and execute the access control policy to determine whether to grant the request based on a permission of the user associated with the user device (para. 178, para. 213-216).

Regarding claim 6, Saxena discloses wherein the policy generator is configured to assign
the permissions to each cluster by: determining permissions exercised by the one or more users associated with the cluster; and assigning a combined permission to the cluster, wherein the combined permission includes all of the permissions exercised by the one or more users associated with the cluster (Fig. 5A-5B, para. 178, para. 213-216).

Regarding claim 8, Saxena discloses a method of controlling access in a cloud system, the method comprising:


clustering the user-permission data to generate one or more clusters (Fig. 5A, el. 550);
generating an access control policy by associating each cluster to one or more users and
assigning permissions to each cluster (Fig. 5A, el. 560-570, para. 177-178, para. 199-202);
receiving, from a user device associated with a user, a request to access a service in the cloud system; and executing the access control policy to determine whether to grant the request based on a
permission of the user associated with the user device (para. 177-178, para. 199-202, el. 580, Fig. 5A).

	Regarding claim 9, the instant claim is met by rejection of claim 4. 
Regarding claim 10, the instant claim is met by rejection of claim 6.

Regarding claim 11, Saxena discloses an access control system comprising:
a processor (para. 7);
a log data parser configured to cause the processor to receive log data observations in a
cloud system and extract user-permission data from the log data observations, wherein the log data observations include one or more user actions in the cloud system by one or more users; a feature extractor configured to cause the processor to extract one or more features from the user-permission data (Fig. 5B, el. 575-577, para. 177-178, para. 234-235);
a classifier configured to cause the processor to generate predictions of permissions for the
one or more users based on the extracted one or more features, wherein each prediction includes one or more permissions associated with each of the one or more users (Fig. 5B, el. 575-577, para. 236-240, para. 242, para. 52);
and a policy generator configured to cause the processor to generate an access control policy


Regarding claim 12, Saxena discloses comprising a training network configured to train the classifier by: receiving a training log data, wherein the training log data includes one or more training user actions in the cloud system by the one or more users; extracting training user-permission data from the training log data; extracting one or more training features from the training user-permission data; and using the extracted training features to train the classifier (Fig. 5b, para. 239-242).

Regarding claim 13, Saxena discloses wherein the classifier includes a decision-tree (DT) classifier (Fig. 5B, e.g., clustering technique).

Regarding claim 14, Saxena discloses wherein the training network is configured to:
determine first permissions associated with the one or more users in a first operation period; determine first predictions of permissions associated with the one or more users in the first operation period; compare the first predictions and the first permissions from the first operation period; and
determine second predictions of permissions in a second operation period based on the comparison between the first predictions and the first permissions (Fig. 5b, para. 239-242).

	Regarding claim 16, the instant claim is met by the rejection of claim 11.
Regarding claim 17, the instant claim is met by the rejection of claim 12. 
Regarding claim 18, the instant claim is met by the rejection of claim 13. 
Regarding claim 19, the instant claim is met by the rejection of claim 14.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena in view of Griesmeyer (US 2017/0124590 A1).

Regarding claim 3, Saxena discloses all limitation of claim 1,
Saxena does not explicitly disclose wherein the vectorizer includes at least a term
frequency-inverse document frequency (TF-IDF) vectorizer;
Griesmeyer teaches wherein the vectorizer includes at least a term
frequency-inverse document frequency (TF-IDF) vectorizer (para. 38, para. 41, TF-IDF algorithm);
	It would be obvious for one of ordinary skill in the art before the invention to modify Saxena to include Griesmeyer to allow a system to generate a better result using TD-IDF method.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Saxena in view of Bhabbur et al. (US 2019/0141041 A1, hereinafter refers as Bhabbur).

Regarding claim 7, Saxena discloses all limitation of claim 1, 
Saxena does not disclose wherein the clustering unit is configured to use a density-based spatial clustering of applications with noise (DBSCAN) algorithm;
Bhabbur teaches wherein the clustering unit is configured to use a density-based spatial clustering of applications with noise (DBSCAN) algorithm;
It would be obvious for one of ordinary skill in the art before the time of invention to modify Saxena to include Bhabbur in order to allow a system 

Claims 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Saxena in view of Guo et al. (US 2019/0091270 A1, hereinafter refers Guo).

Regarding claim 15, Saxena discloses all limitation of claim 14, 
Saxena does not explicitly disclose using the first permissions to test the first predictions to determine a precision and a recall and determining a F measure based on the precision and recall;
Guo teaches using the first permissions to test the first predictions to determine a precision and a recall and determining a F measure based on the precision and recall (para. 125);
It would be obvious for one of ordinary skill in the art before the time of invention to modify Saxena to include Guo in order to allow a system to generate a better result using F measure based on the precision and recall.

Regarding claim 20, the instant claim is met by the rejection of claim 15.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679.  The examiner can normally be reached on 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CAI Y CHEN/               Primary Examiner, Art Unit 2425