Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The claims 1-20 are pending and are considered in this Office Action.

Claim Objections
Claim 8 is objected to because of the following informalities:  
In claim 8 , line 1 “A system” should be “A system, including a processor and a memory coupled to the processor,”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 7-12 and 14-19 are rejected under 35 U.S.C. 103 as being unpatenable over Florentino et al. (hereinafter referred to as Florentino) (U. S. Pub. No. 2018/0341778 A1), in view of Charif et al. (hereinafter referred to as Charif)(U. S. Pub. No. 2015/0142707 A1).
As to claim 1, Florentino teaches a method comprising: setting permission data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system (See at least ABSTRACT,  “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”), determining user access operations within the computing system (See at least ABSTRACT “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0006], “rule including an access decision which determines whether a corresponding user satisfying the user properties can or cannot have access to the at least one resource satisfying the resource properties”), automatically updating the permissions data over time (See at least ABSTRACT, “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system)) including: specific access operations that have been logged for the user within a recent period of time (See at least ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”); removing, from one or more of the particular users, a particular access permission that is not associated with any access operations that have been logged during the recent period of time for any of the particular users (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
Although Florentino teaches the substantial features of the claimed invention, Florentino fails to expressly teach wherein generating feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different 
In analogous teaching, Charif exemplifies this wherein Charif teaches wherein generating feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different access operation (See at least ¶ [0009], “the CRF (condition random field) may learn to classify a sequence of activities that comprise a process model by associating an activity entry in a log trace to an activity label at least at according to one or more features and previous activity…my further comprise associating a TF-IDF (term frequency-inverse document frequency) vector for at least one cluster and for the entries in a log trace” ), each user having a separate feature vector whose values indicate specific access operations (See at least ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”); identifying distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a particular cluster of particular users (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art See Charif: ABSTRACT).

As to claim 2, Florentino and Charif teach the method of claim 1. Florentino further teaches wherein automatically updating the permission data over time further comprises reassigning a user from a first user group having first access permissions to a second group having second access permissions that are different than the first access permissions (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”; and ¶ [0037], “policy database and a group including, but not limited to, exception database and violation database”). Charif further teaches wherein based on the cluster-based learning algorithm identifying the user as belonging to a cluster associated with the second user group (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art See Charif: ABSTRACT).

As to claim 3, Florentino and Charif teach the method of claim 1. Florentino further teaches wherein further comprising: associating user groups with the distinct clusters; for each user group of the user groups, each user group being associated with a different distinct cluster; determining a set of permissions that have been utilized by users in the user group over the recent period of time; assigning the set of permissions to the user groups; assigning a new user of the computing system to a first user group of the user groups (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

As to claim 4, Florentino and Charif teach the method of claim 1. Charif further teaches wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first features have been logged for the first user in the recent period of time (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for See Charif: ABSTRACT).

As to claim 5, Florentino and Charif teach the method of claim 1. Florentino further teaches wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

As to claim 7, Florentino and Charif teach the method of claim 1. Charif further teaches wherein the clustering-based learning algorithm is k-modes clustering (See at least ¶¶ [0054], “The CRF 404 labels each activity log entry with an activity name and assigns a particular likelihood 704  to this sequence of activities according to its learned model”; ¶ [0053], “the likehood scores 608 calculated by each CRF are ranked. The highest likelihood reflects the right classification for the trace. This means that this trace has been generated by the process model associated with the CRF that computed this highest likelihood score”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 8, Florentino teaches a system comprising: access control logic configured to set permission data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system (See at least ABSTRACT,  “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”), logging logic configure to determine user access operations within the computing system (See at least ABSTRACT “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0006], “rule including an access decision which determines whether a corresponding user satisfying the user properties can or cannot have access to the at least one resource satisfying the resource properties, specific access operations that have been logged for the user within a recent period of time (See at least ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”); clustering resolving logic configured to automatically update the permissions data over time (See at least ABSTRACT, “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”), the automatic updating including removing, from one or more of the particular users, a particular access permission that is not associated with any access operations that have been logged during the recent period of time for any of the particular users (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
Although Florentino teaches the substantial features of the claimed invention, Florentino fails to expressly teach wherein clustering-based learning configured to: generate feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different access operations, each user having a separate feature vector; identify distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a particular cluster of particular users.
In analogous teaching, Charif exemplifies this wherein Charif teaches wherein clustering-based learning configured to: generate feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different access operation (See at least ¶ [0009], “the CRF (condition random field) may learn to classify a sequence of activities that comprise a process model by associating an activity entry in a log trace to an activity label at least at according to one or more features and previous activity…my further comprise associating a TF-IDF (term frequency-inverse document frequency) vector for at least one cluster and for the entries in a log trace” ), each user having a separate feature vector whose values indicate specific access operations (See at least ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”); identify distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a particular cluster of particular users (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 9, Florentino and Charif teach the system of claim 8. Florentino further teaches wherein automatically updating the permission data over time further comprises reassigning a user from a first user group having first access permissions to a second group having second access permissions that are different than the first access permissions (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”; and ¶ [0037], “policy database and a group including, but not limited to, exception database and violation database”). Charif further teaches wherein based on the cluster-based learning algorithm identifying the user as belonging to a cluster associated with the second user group (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 10, Florentino and Charif teach the system of claim 1. Florentino further teaches wherein the cluster resolving logic is further configured to: associate user groups with the distinct clusters; for each user group of the user groups, each user group being associated with a different distinct cluster; determine a set of permissions that have been utilized by users in the user group over the recent period of time; assign the set of permissions to the user groups; wherein the access control logic is further configured to assign a new user of the computing system to a first user group of the user groups (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

As to claim 11, Florentino and Charif teach the system of claim 8. Charif further teaches wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first features have been logged for the first user in the recent period of time (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 12, Florentino and Charif teach the system of claim 8. Florentino further teaches wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

As to claim 14, Florentino and Charif teach the system of claim 8. Charif further teaches wherein the clustering-based learning algorithm is k-modes clustering (See at least ¶¶ [0054], “The CRF 404 labels each activity log entry with an activity name and assigns a particular likelihood 704  to this sequence of activities according to its learned model”; ¶ [0053], “the likehood scores 608 calculated by each CRF are ranked. The highest likelihood reflects the right classification for the trace. This means that this trace has been generated by the process model associated with the CRF that computed this highest likelihood score”
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).



As to claim 15, Florentino teaches one or more non-transitory computer-readable media storing instructions that, when executed by one or more computing devices (See at least ¶ [0026], “according to one embodiment, a computer program product embodied on a tangible computer readable storage medium, the computer program product including instructions for causing a processor to execute operations), cause: setting permission data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system (See at least ABSTRACT,  “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”), determining user access operations within the computing system (See at least ABSTRACT “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0006], “rule including an access decision which determines whether a corresponding user satisfying the user properties can or cannot have access to the at least one resource satisfying the resource properties”), automatically updating the permissions data over time (See at least ABSTRACT, “a system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource”; and ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system)) including: specific access operations that have been logged for the user within a recent period of time (See at least ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”); removing, from one or more of the particular users, a particular access permission that is not associated with any access operations that have been logged during the recent period of time for any of the particular users (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
Although Florentino teaches the substantial features of the claimed invention, Florentino fails to expressly teach wherein generating feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different access operations, each user having a separate feature vector whose values indicate specific access operations; identifying distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a particular cluster of particular users.
In analogous teaching, Charif exemplifies this wherein Charif teaches wherein generating feature vectors based on the user access operations, each of the feature vectors comprising values for a set of features, each of the features corresponding to a different access operation (See at least ¶ [0009], “the CRF (condition random field) may learn to classify a sequence of activities that comprise a process model by associating an activity entry in a log trace to an activity label at least at according to one or more features and previous activity…my further comprise associating a TF-IDF (term frequency-inverse document frequency) vector for at least one cluster and for the entries in a log trace” ), each user having a separate feature vector whose values indicate specific access operations (See at least ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”); identifying distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a particular cluster of particular users (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 16, Florentino and Charif teach the one or more non-transitory computer-readable media of claim 15. Florentino further teaches wherein automatically updating the permission data over time further comprises reassigning a user from a first user group having first access permissions to a second group having second access permissions that are different than the first access permissions (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”; and ¶ [0037], “policy database and a group including, but not limited to, exception database and violation database”). Charif further teaches wherein based on the cluster-based learning algorithm identifying the user as belonging to a cluster associated with the second user group (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 17, Florentino and Charif teach the one or more non-transitory computer-readable media of claim 15. Florentino further teaches wherein the instructions, when executed by the one or more computing devices, further cause: associating user groups with the distinct clusters; for each user group of the user groups, each user group being associated with a different distinct cluster; determining a set of permissions that have been utilized by users in the user group over the recent period of time; assigning the set of permissions to the user groups; assigning a new user of the computing system to a first user group of the user groups (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

As to claim 18, Florentino and Charif teach the one or more non-transitory computer-readable media of claim 15. Charif further teaches wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first features have been logged for the first user in the recent period of time (See at least ¶¶ [0042], “The output 312 includes K clusters 314, 316, 318 of noisy process traces, which are obtained via NMF. Each cluster contains the traces”; ¶ [0053], “each activity entry 702 of the incoming trace 604 may be transformed into a feature vector”; and  ¶ [0069], “configured to cluster, model, and/or visualize process models from noisy logs using non-negative matric factorization and classification of activity sequences. The system includes a process discovery device, hosted by a computing device, ..and/or a user device”).
Thus, given the teaching of Charif, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Charif, method and system for clustering, modeling process models from logs, into Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to analyze, process and cluster logs traces (See Charif: ABSTRACT).

As to claim 19, Florentino and Charif teach the one or more non-transitory computer-readable media of claim 15. Florentino further teaches wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions (See at least ¶ [0038], “static permission records provide, allow, or deny determination for a certain user, with corresponding credentials, for a certain resource or group of resources for a certain time of day”; and ¶ [0044], “such policies describe appropriate access permissions as an outcome of logical rules based on the properties of users, resources and environment…rule 2 states that users who are member of Engineering department should have access to areas designated as research labs during weekdays from 7am to 8pm”).

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatenable over Florentino, in view of Charif, and furher in view of Chebolu et al. (hereinafter referred to as Chebolu) (U. S. Patent No. 8166560 B2).
As to claim 6, Florentino and Charif teach the method of claim 1. Florentino further teaches generating logs of the access operations (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
However, Florentino and Charif fail to expressly teach wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions.
In analogous teaching, Chebolu exemplifies this wherein Chebolu teaches wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions (See at least Col.12, lines 36-49, “The hook component is notified when a user requests a document identified by a uniform resource identifier (URI). Accordingly, the access control unit 155 maintains a copy of a configurable list of categories and web sites that are to be blocked or controller…When a current user navigates a web site, the access control unit 155 is notified with eh requested URI and compares the URI against the parameters on the list to determine if access to the requested URI should be blocked”; and Col. 18, lines 46-49, “the locally-stored information containing the user-access times”).
Thus, given the teaching of Chebolu, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Chebolu, remote administration of computer access settings, into Charif, method and system for clustering, modeling process models from logs, and  Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to control computer access (See Chelolu: ABSTRACT).

As to claim 13, Florentino and Charif teach the system of claim 8. Florentino further teaches wherein the logging logic is further configured to generate logs of the access operations (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
However, Florentino and Charif fail to expressly teach wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions.
In analogous teaching, Chebolu exemplifies this wherein Chebolu teaches wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions (See at least Col.12, lines 36-49, “The hook component is notified when a user requests a document identified by a uniform resource identifier (URI). Accordingly, the access control unit 155 maintains a copy of a configurable list of categories and web sites that are to be blocked or controller…When a current user navigates a web site, the access control unit 155 is notified with eh requested URI and compares the URI against the parameters on the list to determine if access to the requested URI should be blocked”; and Col. 18, lines 46-49, “the locally-stored information containing the user-access times”).
Thus, given the teaching of Chebolu, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Chebolu, remote administration of computer access settings, into Charif, method and system for clustering, modeling process models from logs, and  Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to control computer access (See Chelolu: ABSTRACT).

As to claim 20, Florentino and Charif teach the one or more non-transitory computer-readable media of claim 15. Florentino further teaches wherein the instructions, when executed by the one or more computing devices, further cause: generating logs of the access operations (See at least ¶ [0003], “Physical access control systems require administrative tasks to add, remove, and update static permissions to ensure proper static permissions and the effective use of the physical access control system”; and ¶ [0017], “permission database contains an access events database containing at least one of plurality of access event records, and an administrator logs database containing a log of administrator actions and the processor analyzes at least one of the plurality of access event records and the log of administrator actions to generate the at least one policy”).
However, Florentino and Charif fail to expressly teach wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions.
In analogous teaching, Chebolu exemplifies this wherein Chebolu teaches wherein each entry of logs identifying a uniform resource indicator (“URI”), a timestamp, and a user, each of the access operations having a different URI; maintaining permissions data that maps specific URIs to specific access permissions (See at least Col.12, lines 36-49, “The hook component is notified when a user requests a document identified by a uniform resource identifier (URI). Accordingly, the access control unit 155 maintains a copy of a configurable list of categories and web sites that are to be blocked or controller…When a current user navigates a web site, the access control unit 155 is notified with eh requested URI and compares the URI against the parameters on the list to determine if access to the requested URI should be blocked”; and Col. 18, lines 46-49, “the locally-stored information containing the user-access times”).
Thus, given the teaching of Chebolu, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Chebolu, remote administration of computer access settings, into Charif, method and system for clustering, modeling process models from logs, and  Florentino, a system for generating policy includes permission database, for a system or method for generating and updating permission data in a computing system. One of the ordinary skills in the art would have been motivated because the system or method can be used to control computer access (See Chelolu: ABSTRACT).

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant’s disclosure. 
Thompson et al. (U. S. Patent No. 8484140 B2) teaches feature vector clustering.  LAKHMAN et al. (U. S. Pub. No. 2019/0179796 A1) teaches method of and system for generating a training set for a machine learning algorithm. Tsioutsiouliklis et al.  (U. S. Pub. No. 2010/0287129 A1 ) teaches system and method relating to categorizing or selecting potential search results.
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN FAN whose telephone number (571) 272-3345. The examiner can normally be reached on Monday-Thursday, 9am-7pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 5712703037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




John Fan
/J.F/Examiner, Art Unit 2454 09/28/2021


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2454