DETAILED ACTION

Information Disclosure Statement
 
The IDS filed 10/07/2021 has been entered and considered. 

Response to Arguments

The arguments are moot in view of the allowance herein.

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Kevin Piotrowski
 on 10/23/2021.

The application has been amended as follows: 



a memory adapted to store non-transitory operating system configuration data and data for a plurality of custom service accounts; 

a processor; 

and an operating system that executes on the processor according to the configuration data to execute 

(i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data s and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding custom service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privilegesof the correspondingly assigned custom service account[[s]] to prevent the each running service process[[es]] from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of [[a]] the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of a second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources. 

data for a plurality of custom service accounts; a communications port; a local memory storage unit; and an operating system that executes on the processor according to the configuration data to execute 

(i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data  each of the plurality of services  to one of the plurality of custom service accounts and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding customer service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privileges of the correspondingly assigned custom service account to prevent the each running service process  from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

wherein the corresponding set of operating privileges of a second one of the plurality of custom service accounts assigned to a second service process from among the plurality of service processes includes permission for writing to the local memory storage unit, 

and wherein the corresponding set of operating privileges of the first one of the plurality of custom service accounts includes permission for communicating with the communications port and does not permit writing to the local memory storage unit such that the first service process executing under the first one of the plurality of custom service accounts is capable of communicating with the communications port and cannot write to the local memory storage unit, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources. 



18, wherein a message originating at a desktop application includes user identity information that identifies a user of the desktop application, and wherein the user identity information follows the message through the first service process that accesses the communications port to send the message via a communications network.

31. (Currently Amended) A computer device including: a processor; a memory adapted to store non-transitory operating system configuration data and data for a plurality of custom service accounts; an external media port; a local memory storage unit; and an operating system that executes on the processor according to the configuration data to execute 

  (i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data  each of the plurality of services  to one of the plurality of custom service accounts and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding customer service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privileges of the correspondingly assigned custom service account to prevent the each running service process  from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

wherein the corresponding set of operating privileges of a second one of the plurality of custom service accounts assigned to a second service process from among the plurality of service processes includes permission for writing to the local memory storage unit, 

and wherein the corresponding set of operating privileges of the first one of the plurality of custom service accounts includes permission for communicating with a removable device via the external media port and does not permit writing to the local memory storage unit such that the first service process executing under the first one of the plurality of custom service accounts is capable of communicating with the removable device via external media port and cannot write to the local memory storage unit, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources. 


data for a plurality of custom service accounts; an external media port; a communications port; and an operating system that executes on the processor according to the configuration data to execute 

  (i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data  each of the plurality of services  to one of the plurality of custom service accounts and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding customer service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privileges of the correspondingly assigned custom service account to prevent the each running service process  from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

wherein the corresponding set of operating privileges of a second one of the plurality of custom service accounts assigned to a second service process from among the plurality of service processes includes permission accessing the communications port, 

and wherein the corresponding set of operating privileges of the first one of the plurality of custom service accounts includes permission for communicating with a removable memory device and does not permit writing to the communications port such that the first service process executing under the first one of the plurality of custom service accounts is capable of communicating with the removable memory device and cannot write to the communications port, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources. 


data for a plurality of custom service accounts; an operating system that executes on the processor according to the configuration data to execute 

(i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data  each of the plurality of services  to one of the plurality of custom service accounts and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding customer service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privileges of the correspondingly assigned custom service account to prevent the each running service process  from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 


and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources. 





58. (Currently Amended) A computer device including: a processor; and a memory adapted to store non-transitory operating system configuration data and data for a plurality of custom service accounts; an operating system that executes on the processor according to the configuration data to execute


(i) a plurality of desktop applications having respective application privilege sets in a desktop namespace on the computer device, the desktop applications being operable on behalf of a plurality of user accounts having respective user privilege sets , 

(ii) a plurality of services that each have a respective preset set of operating system privileges associated therewith, each of the plurality of services granting access to a respective limited subset of resources defined in a service namespace in which the plurality of service processes execute,

and (iii) to provide respective pluralities of services from the plurality of services to each of the plurality of desktop applications, the service namespace being  partitioned from the desktop namespace on the computer device, 

wherein during startup of the computer device the operating system: 

reads the configuration data the data for the plurality of custom service accounts,

creates each of the plurality of custom service accounts according to the data,

for each of the plurality of custom service accounts, create, according to the operating system configuration data,  a corresponding set of operating system privileges,

creates the plurality of services,

prior to the execution of the plurality of services as a plurality of service processes by the operating system during runtime of the computer device:

assigns, according to the configuration data  each of the plurality of services  to one of the plurality of custom service accounts and the corresponding set of operating system privileges, 

for each of the plurality of services, create a corresponding process and assign the each of the plurality of services and the corresponding customer service account of the each of the plurality of services to the corresponding process to yield a corresponding service process to yield a plurality of service processes running during runtime;

wherein for each of the plurality of running service processes, the operating system enforces the corresponding respective operating system privileges of the correspondingly assigned custom service account to prevent the each running service process  from obtaining any of the respective application privilege sets or any of the respective user privilege sets, such that 


(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources,



wherein the operating system enforces operating system privileges for each of the plurality of desktop applications using a standard set of operating system privileges defined for the desktop applications to be used for the desktop applications regardless of which of plurality of user accounts calls the desktop application, and wherein a sending desktop application sends a message to a recipient process such that the message includes a user identity that identifies the logged-on user of the desktop application, wherein the user identity flows with the message as the message is processed by each of a number of different service processes as the message is relayed from the sending desktop application to the receiving process. 

Claims 1-6, 8-23, 25-34, 36-41 and 43-71 are allowed.

The following is an examiner' s statement of reasons for allowance: 
Laborczfalvi et al  (US 2006/0075381  ) discloses in [0278] – [0291], a prior art system known as distributed common object model (DCOM) .

KRAMER (US 2006/0015740  ) discloses in the Abstract a policy based  privileging system using operating system accounts to implement a privileging system.


The prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
(1) upon a first one of the plurality of desktop applications requesting execution of a first service process from among the plurality of service processes while operating on behalf of a first one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating system privileges of  the correspondingly assigned first one of the plurality of custom service accounts to which the first service process was assigned, rather than under the privilege set of the first desktop application or the privilege set of the first user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources, 

and (2) upon a second one of the plurality of desktop applications requesting execution of the first service process while operating on behalf of the second one of the plurality of user accounts, the operating system requires that the first service process be executed under the operating  system privileges of the correspondingly assigned first one of the plurality of custom service accounts, rather than under the privilege set of the second desktop application or the privilege set of the second user account so that the first service process is limited to access only the corresponding granted respective limited subset of resources,

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431