Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the Appeal Brief filed by Applicant on 10/7/2021. Claims 1-20 are pending. This Office Action is Non-Final.

In view of the Appeal brief filed on 10/7/2021, PROSECUTION IS HEREBY REOPENED. A new ground of rejection is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:

/LUU T PHAM/           Supervisory Patent Examiner, Art Unit 2439                                                                                                                                                                                             


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.








Claims 1-10 and 14-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ardeli et al. (US 2016/0036833) in view of Seigel et al. (US 2017/0163650).

	As per claim 1, Ardeli in combination with Seigel teaches an access capability management system, comprising: a memory; a processor in operable communication with the memory (Ardeli, Paragraph 0027 recites “In some embodiments, the network device 200 includes a network interface 202 capable of communicating to a wired network, a processor 204, a memory 206 and a storage device 210. The components of the network device 200 are communicatively coupled to each other.”), the processor configured to perform access capability management steps which include 
	(a) obtaining an access capability specification which specifies an access capability installed in a guarded computing system (Ardeli, Paragraph 0072 recites “process 700 begins when the policy enforcement module 316 grants 702 a client device access to a network resource based on a first reputation score assigned to the client device.” An access specification is interpreted to be a policy), 
	(b) gathering access attempt data representing detected activity which attempted to exercise the access capability (Ardeli, Paragraph 0072 recites “ The activity monitoring module 306 monitors 704 activity on the client device. For example, in some embodiments, the activity monitored on the client device can be whether the client device has breached sensitive data.” Gathering access attempt data is interpreted to be gathering access).
	But fails to teach (c) computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion and (d) enhancing security of the guarded computing system based on a result of the determining.
	However, in an analogous art Seigel teaches (c) computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion (Seigel, Paragraph 0055 recites “At 308, activity data based on user activity event logs for a particular time period may be determined. At 310, the user-resource access map may be correlated with the activity data to create usage data. At 312, information may be determined, such as whether particular access privileges are being used, how frequently the access privileges are being used, when the access privileges were last used, etc. For example, in FIG. 2, the identity manager 120 may determine the activity data 128 based on event logs 118 generated over a predetermined period of time. The activity data 128 may indicate which user account accessed which resource with which type of access. For example, as illustrated in FIG. 2, the activity data 128 may indicate that the first user accessed the first resource to perform a read at a first point in time (e.g., identified by a first particular timestamp), the first user accessed the second resource at a second point in time, the second user accessed the first resource at a third point in time, the second user accessed the second resource at a fourth point in time, the third user accessed the first resource at a fifth point in time, and the Nth user accessed the Pth resource at another particular point in time. The identity manager 120 may correlate the activity data 128 with the user-resource access map 126 to create the usage data 130 identifying which user accounts are used with which privilege levels to access which resources. The identity manager 120 may determine a Boolean field to the usage data 130 indicating whether an access privilege to a resource was used or may determine a percentage field indicating a percentage of the time that an access privilege was used. For example, if an access privilege to a particular resource is used for less than a threshold percentage (e.g., five percent) of the time, then the access privilege may be considered to be "seldom used" and may be a candidate for removal. To illustrate, the first user account may access the first resource 25 times during a one month period, with twenty-four read accesses and one write access. In this illustration, the write access privilege level is used 4% (=1/25) of the time and may be considered "seldom used" if the threshold is 5%. If an access privilege to a particular resource was unused (or seldom used) during the predetermined period of time for which the activity data 128 was gathered, the identity manager 120 may search the stored event logs 118 to determine when the access privilege to the particular resource was last used and add a "last used" field along with a timestamp indicating when the access privilege to the particular resource was last used. As illustrated in FIG. 2, the usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the first resource, the write access was unused, and the read access was used. The usage data 130 may indicate when an account, such as the first user account, last used a privilege level that is identified as unused. For example, the usage data 130 may include a timestamp identifying when the first user account was last used to write to the first resource, (e.g., the timestamp may be prior to the time period associated with the activity data 128). The usage data 130 may indicate a length of time since the first user account was used to write to the first resource. For example, the timestamp identifying when the first user account was last used to write to the first resource may be subtracted from a current timestamp to determine the length of time since the first user account was last used to write to the first resource. The usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the second resource, the write access was unused, and the read access was used. The usage data 130 may indicate when the write access was last used, how long (e.g., how many days) since the write access was last used, or both.”);
	and (d) enhancing security of the guarded computing system based on a result of the determining (Seigel, Paragraph 0056 recites “At 314, one or more of the user accounts, the group memberships, or the access privileges of the group accounts may be modified, e.g., to remove unused (or seldom used) privileges. Modifying a user account to remove an unused (or seldom used) privilege level may be done in several different ways.”). 
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seigel’s usage-based modification of user privileges with Ardeli’s Client Reputation Driven Role-Based Access Control because the use of removing privileges for lack of use is useful to protect from unauthorized parties to exploit this privileges.

	As per claim 2, Ardeli in combination with Seigel teaches the system of claim 1, Ardeli further discloses wherein enhancing security of the guarded computing system (Ardeli, Paragraph 0062 recites “In some embodiments, the policy enforcement module 316 modifies the access rights dynamically for the client 170 by downgrading the client 170 to a new role with fewer privileges than before based on the changing reputation score of the client 170.”).

	As per claim 3, Ardeli in combination with Seigel teaches the system of claim 1, Ardeli further discloses wherein the access capability resides in or is controlled by an access control system of the guarded computing system, and wherein the access control system includes at least one of the following: a discretionary access control system; or a mandatory access control system (Ardeli, Fig. 3 Paragraph 0034 recites “The access control application 208 can be software including routines for dynamically modifying access privileges of a client 170 based on a reputation of the client 170. In some embodiments, the access control application 208 can be a set of instructions executable by the processor 204 to provide the functionality described herein. In some other embodiments, the access control application 208 can be stored in the memory 206 and can be accessible and executable by the processor 204.”).

As per claim 4, Ardeli in combination with Seigel teaches the system of claim 1, Ardeli further discloses wherein the access capability specification includes at least one of the following: an actor identification; a group identification; a role identification; a computational resource identification; an assigned permission regarding access to a computational resource; an assigned permission regarding a computational resource access activity; a computational resource classification; a security clearance level; a need-to-know identification; or a privacy constraint (Ardeli, Paragraph 0062 recites “In some embodiments, the policy enforcement module 316 modifies the access rights dynamically for the client 170 by downgrading the client 170 to a new role with fewer privileges than before based on the changing reputation score of the client 170.”).

	As per claim 5, Ardeli in combination with Seigel teaches the system of claim 1, Ardeli further discloses wherein the system comprises a privileges data collector, an access data collector, and an access policy generator, and wherein the processor is configured as part of the privileges data collector, the processor is also configured as part of the access data collector, and the processor is also configured as part of the access policy generator (Ardeli, Paragraph 0062 recites “In some embodiments, the policy enforcement module 316 modifies the access rights dynamically for the client 170 by downgrading the client 170 to a new role with fewer privileges than before based on the changing reputation score of the client 170.” See also Fig. 3 and corresponding Paragraphs for details regarding the different modules.).

As per claim 6, Ardeli in combination with Seigel teaches the system of claim 5, Ardeli further discloses wherein the system further comprises at least one of the following: permission configuration data collected by the privileges data collector; access attempt outcome data collected by the access data collector; or an access policy generated by the access policy generator which defines at least a portion of an access capability X that has not been exercised sufficiently (Ardeli, Paragraph 0072 recites “The activity monitoring module 306 monitors 704 activity on the client device. For example, in some embodiments, the activity monitored on the client device can be whether the client device has breached sensitive data. As another example, in other embodiments, the activity monitored on the client device can be whether any malicious URLs are being requested by the client device. The reputation module 314 modifies 706 the first reputation score to a second reputation score proportionally by a weight based on the activity”).

	As per claim 7, Ardeli in combination with Seigel teaches the system of claim 1, Ardeli further discloses wherein the system further comprises at least one of the following: an access policy hardening recommendation producer; or an access policy violation detector (Ardeli, Paragraph 0066 recites “The warning notification is displayed so that the client 170 is not caught by surprise when the access privileges for the client device get downgraded because of continued administrative policy violations.”).
	
	As per claim 8, Ardeli teaches an access capability management method, comprising: obtaining an access capability specification which specifies an access (Ardeli, Paragraph 0072 recites “process 700 begins when the policy enforcement module 316 grants 702 a client device access to a network resource based on a first reputation score assigned to the client device.” An access specification is interpreted to be a policy);
	gathering access attempt data representing detected activity which attempted to exercise the access capability (Ardeli, Paragraph 0072 recites “ The activity monitoring module 306 monitors 704 activity on the client device. For example, in some embodiments, the activity monitored on the client device can be whether the client device has breached sensitive data.” Gathering access attempt data is interpreted to be gathering access).
	But fails to teach computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion  and enhancing security of the guarded computing system based on a result of the determining by automatically performing at least one of the following: producing a recommendation to harden the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently; or hardening the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently
	However, in an analogous art Seigel teaches computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion (Seigel, Paragraph 0055 recites “At 308, activity data based on user activity event logs for a particular time period may be determined. At 310, the user-resource access map may be correlated with the activity data to create usage data. At 312, information may be determined, such as whether particular access privileges are being used, how frequently the access privileges are being used, when the access privileges were last used, etc. For example, in FIG. 2, the identity manager 120 may determine the activity data 128 based on event logs 118 generated over a predetermined period of time. The activity data 128 may indicate which user account accessed which resource with which type of access. For example, as illustrated in FIG. 2, the activity data 128 may indicate that the first user accessed the first resource to perform a read at a first point in time (e.g., identified by a first particular timestamp), the first user accessed the second resource at a second point in time, the second user accessed the first resource at a third point in time, the second user accessed the second resource at a fourth point in time, the third user accessed the first resource at a fifth point in time, and the Nth user accessed the Pth resource at another particular point in time. The identity manager 120 may correlate the activity data 128 with the user-resource access map 126 to create the usage data 130 identifying which user accounts are used with which privilege levels to access which resources. The identity manager 120 may determine a Boolean field to the usage data 130 indicating whether an access privilege to a resource was used or may determine a percentage field indicating a percentage of the time that an access privilege was used. For example, if an access privilege to a particular resource is used for less than a threshold percentage (e.g., five percent) of the time, then the access privilege may be considered to be "seldom used" and may be a candidate for removal. To illustrate, the first user account may access the first resource 25 times during a one month period, with twenty-four read accesses and one write access. In this illustration, the write access privilege level is used 4% (=1/25) of the time and may be considered "seldom used" if the threshold is 5%. If an access privilege to a particular resource was unused (or seldom used) during the predetermined period of time for which the activity data 128 was gathered, the identity manager 120 may search the stored event logs 118 to determine when the access privilege to the particular resource was last used and add a "last used" field along with a timestamp indicating when the access privilege to the particular resource was last used. As illustrated in FIG. 2, the usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the first resource, the write access was unused, and the read access was used. The usage data 130 may indicate when an account, such as the first user account, last used a privilege level that is identified as unused. For example, the usage data 130 may include a timestamp identifying when the first user account was last used to write to the first resource, (e.g., the timestamp may be prior to the time period associated with the activity data 128). The usage data 130 may indicate a length of time since the first user account was used to write to the first resource. For example, the timestamp identifying when the first user account was last used to write to the first resource may be subtracted from a current timestamp to determine the length of time since the first user account was last used to write to the first resource. The usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the second resource, the write access was unused, and the read access was used. The usage data 130 may indicate when the write access was last used, how long (e.g., how many days) since the write access was last used, or both.”);
	and enhancing security of the guarded computing system based on a result of the determining by automatically performing at least one of the following: producing a recommendation to harden the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently; or hardening the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently (Seigel, Paragraph 0056 recites “At 314, one or more of the user accounts, the group memberships, or the access privileges of the group accounts may be modified, e.g., to remove unused (or seldom used) privileges. Modifying a user account to remove an unused (or seldom used) privilege level may be done in several different ways.”). 
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seigel’s usage-based modification of user privileges with Ardeli’s Client Reputation Driven Role-Based Access Control because the use of removing privileges for lack of use is useful to protect from unauthorized parties to exploit this privileges.

	As per claim 9, Ardeli in combination with Seigel teaches the method of claim 8, Seigel further teaches wherein computationally determining that the access capability has not been exercised sufficiently comprises at least one of the following: deriving a detected time period from at least a portion of the gathered access attempt data, getting (Seigel, Paragraph 0055 recites “At 308, activity data based on user activity event logs for a particular time period may be determined. At 310, the user-resource access map may be correlated with the activity data to create usage data. At 312, information may be determined, such as whether particular access privileges are being used, how frequently the access privileges are being used, when the access privileges were last used, etc. For example, in FIG. 2, the identity manager 120 may determine the activity data 128 based on event logs 118 generated over a predetermined period of time. The activity data 128 may indicate which user account accessed which resource with which type of access. For example, as illustrated in FIG. 2, the activity data 128 may indicate that the first user accessed the first resource to perform a read at a first point in time (e.g., identified by a first particular timestamp), the first user accessed the second resource at a second point in time, the second user accessed the first resource at a third point in time, the second user accessed the second resource at a fourth point in time, the third user accessed the first resource at a fifth point in time, and the Nth user accessed the Pth resource at another particular point in time. The identity manager 120 may correlate the activity data 128 with the user-resource access map 126 to create the usage data 130 identifying which user accounts are used with which privilege levels to access which resources. The identity manager 120 may determine a Boolean field to the usage data 130 indicating whether an access privilege to a resource was used or may determine a percentage field indicating a percentage of the time that an access privilege was used. For example, if an access privilege to a particular resource is used for less than a threshold percentage (e.g., five percent) of the time, then the access privilege may be considered to be "seldom used" and may be a candidate for removal. To illustrate, the first user account may access the first resource 25 times during a one month period, with twenty-four read accesses and one write access. In this illustration, the write access privilege level is used 4% (=1/25) of the time and may be considered "seldom used" if the threshold is 5%. If an access privilege to a particular resource was unused (or seldom used) during the predetermined period of time for which the activity data 128 was gathered, the identity manager 120 may search the stored event logs 118 to determine when the access privilege to the particular resource was last used and add a "last used" field along with a timestamp indicating when the access privilege to the particular resource was last used. As illustrated in FIG. 2, the usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the first resource, the write access was unused, and the read access was used. The usage data 130 may indicate when an account, such as the first user account, last used a privilege level that is identified as unused. For example, the usage data 130 may include a timestamp identifying when the first user account was last used to write to the first resource, (e.g., the timestamp may be prior to the time period associated with the activity data 128). The usage data 130 may indicate a length of time since the first user account was used to write to the first resource. For example, the timestamp identifying when the first user account was last used to write to the first resource may be subtracted from a current timestamp to determine the length of time since the first user account was last used to write to the first resource. The usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the second resource, the write access was unused, and the read access was used. The usage data 130 may indicate when the write access was last used, how long (e.g., how many days) since the write access was last used, or both.”);
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seigel’s usage-based modification of user privileges with Ardeli’s Client Reputation Driven Role-Based Access Control because the use of 

	As per claim 10, Ardeli in combination with Seigel teaches the method of claim 8, Ardeli further discloses wherein enhancing security of the guarded computing system further comprises at least one of the following: automatically blocking an attempted access; requesting different authentication as a condition of not blocking an attempted access; logging an attempted access; alerting on an attempted access; notifying an administrator of an attempted access; or notifying security personnel of an attempted access (Ardeli, Paragraph 0066 recites “In some embodiments, the policy enforcement module 316 sends a warning notification to the client 170 when the reputation score of the client 170 is dropping because of inappropriate client activity.”).

	As per claim 14, Ardeli in combination with Seigel teaches the method of claim 8, Ardeli further discloses wherein the access capability that has not been exercised sufficiently is further characterized by matching at least one of the following scenarios: the access capability granted an access permission to an actor when the actor had different organizational responsibilities than the actor's current organizational responsibilities; the access capability granted an actor permission to access any of a set of computational resources and the actor has only accessed a proper subset of that set; the access capability was installed by default; or the access capability was installed as part of a baseline configuration (Ardeli, Paragraph 0062 recites “In some embodiments, the policy enforcement module 316 modifies the access rights dynamically for the client 170 by downgrading the client 170 to a new role with fewer privileges than before based on the changing reputation score of the client 170.” It would be an obvious variation do perform this for multiple users.).

	As per claim 15, Ardeli in combination with Seigel teaches the method of claim 8, Ardeli further discloses wherein enhancing security of the guarded computing system comprises disallowing an access action type which the access capability allowed prior to the enhancing (Ardeli, Paragraph 0062 recites “In some embodiments, the policy enforcement module 316 modifies the access rights dynamically for the client 170 by downgrading the client 170 to a new role with fewer privileges than before based on the changing reputation score of the client 170.” See also Fig. 3 and corresponding Paragraphs for details regarding the different modules.).

	As per claim 16, Ardeli teaches a computer-readable storage medium configured with data and instructions which upon execution by at least one processor cause one or more devices to perform an access capability management method, the method comprising: 
	obtaining an access capability specification which specifies an access capability installed in a guarded computing system, the access capability specification including an identification of a computational resource, wherein the identification identifies the computational resource explicitly, or implicitly as part of a set of computational resources (Ardeli, Paragraph 0072 recites “process 700 begins when the policy enforcement module 316 grants 702 a client device access to a network resource based on a first reputation score assigned to the client device.” An access specification is interpreted to be a policy);
	gathering access attempt data representing detected activity which attempted to exercise the access capability (Ardeli, Paragraph 0072 recites “ The activity monitoring module 306 monitors 704 activity on the client device. For example, in some embodiments, the activity monitored on the client device can be whether the client device has breached sensitive data.” Gathering access attempt data is interpreted to be gathering access).
	But fails to teach computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion; and enhancing security of the guarded computing system based on a result of the determining by automatically performing at least one of the following: producing a recommendation to harden the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently; or hardening the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently.
	However, in an analogous art Seigel teaches computationally determining that the access capability has not been exercised sufficiently, based on an access capability exercise sufficiency criterion (Seigel, Paragraph 0055 recites “At 308, activity data based on user activity event logs for a particular time period may be determined. At 310, the user-resource access map may be correlated with the activity data to create usage data. At 312, information may be determined, such as whether particular access privileges are being used, how frequently the access privileges are being used, when the access privileges were last used, etc. For example, in FIG. 2, the identity manager 120 may determine the activity data 128 based on event logs 118 generated over a predetermined period of time. The activity data 128 may indicate which user account accessed which resource with which type of access. For example, as illustrated in FIG. 2, the activity data 128 may indicate that the first user accessed the first resource to perform a read at a first point in time (e.g., identified by a first particular timestamp), the first user accessed the second resource at a second point in time, the second user accessed the first resource at a third point in time, the second user accessed the second resource at a fourth point in time, the third user accessed the first resource at a fifth point in time, and the Nth user accessed the Pth resource at another particular point in time. The identity manager 120 may correlate the activity data 128 with the user-resource access map 126 to create the usage data 130 identifying which user accounts are used with which privilege levels to access which resources. The identity manager 120 may determine a Boolean field to the usage data 130 indicating whether an access privilege to a resource was used or may determine a percentage field indicating a percentage of the time that an access privilege was used. For example, if an access privilege to a particular resource is used for less than a threshold percentage (e.g., five percent) of the time, then the access privilege may be considered to be "seldom used" and may be a candidate for removal. To illustrate, the first user account may access the first resource 25 times during a one month period, with twenty-four read accesses and one write access. In this illustration, the write access privilege level is used 4% (=1/25) of the time and may be considered "seldom used" if the threshold is 5%. If an access privilege to a particular resource was unused (or seldom used) during the predetermined period of time for which the activity data 128 was gathered, the identity manager 120 may search the stored event logs 118 to determine when the access privilege to the particular resource was last used and add a "last used" field along with a timestamp indicating when the access privilege to the particular resource was last used. As illustrated in FIG. 2, the usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the first resource, the write access was unused, and the read access was used. The usage data 130 may indicate when an account, such as the first user account, last used a privilege level that is identified as unused. For example, the usage data 130 may include a timestamp identifying when the first user account was last used to write to the first resource, (e.g., the timestamp may be prior to the time period associated with the activity data 128). The usage data 130 may indicate a length of time since the first user account was used to write to the first resource. For example, the timestamp identifying when the first user account was last used to write to the first resource may be subtracted from a current timestamp to determine the length of time since the first user account was last used to write to the first resource. The usage data 130 may indicate that, during the time period during which the activity data 128 was gathered, the first user account has read-write access to the second resource, the write access was unused, and the read access was used. The usage data 130 may indicate when the write access was last used, how long (e.g., how many days) since the write access was last used, or both.”);
	and enhancing security of the guarded computing system based on a result of the determining by automatically performing at least one of the following: producing a recommendation to harden the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently; or hardening the guarded computing system by reducing, disabling, or deleting the access capability after computationally determining that the access capability has not been exercised sufficiently (Seigel, Paragraph 0056 recites “At 314, one or more of the user accounts, the group memberships, or the access privileges of the group accounts may be modified, e.g., to remove unused (or seldom used) privileges. Modifying a user account to remove an unused (or seldom used) privilege level may be done in several different ways.”). 
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Seigel’s usage-based modification of user privileges with Ardeli’s Client Reputation Driven Role-Based Access Control because the use of removing privileges for lack of use is useful to protect from unauthorized parties to exploit this privileges.

	As per claim 18, Ardeli in combination with Seigel teaches the computer-readable storage medium of claim 16, Ardeli further discloses wherein the determining is based on at least one of the following criteria: an amount of attempts to access the computational resource is below a specified threshold, wherein unsuccessful attempts, if any, are not excluded when tallying the amount; or an amount of successful attempts to access the computational resource is below a specified threshold (Ardeli, Paragraph 0055 recites “For example, the client 170 accesses six malicious URLs (w.sub.url=10), attaches two blocked file types and/or MIME type in emails (w.sub.file=5), and breaches sensitive and/or confidential data two times (w.sub.dlp=5) after the client 170 is authenticated successfully. If the base reputation score assigned for the client 170 is "100", then the reputation module 314 calculates the current reputation score for the client 170 based on the above activities of the client 170 to be "20". In another example, the client 170 accesses 5 unpermitted applications (w.sub.app=1) and accesses 2 malicious URLs (w.sub.url=10) after the client 170 is authenticated successfully. Assuming the same base reputation score of "100", the reputation module 314 calculates the current reputation score for the client 170 based on the activities of the client 170 to be "75".”).

	As per claim 19, Ardeli in combination with Seigel teaches the computer-readable storage medium of claim 16, Ardeli further discloses wherein the enhancing comprises monitoring access attempts and responding to an access attempt that invokes a permission that has not been exercised sufficiently, and wherein responding includes at least one of the following: automatically blocking the attempted access; or automatically requesting different authentication as a condition of not blocking the attempted access (Ardeli, Paragraph 0073 recites “Next, the reputation module 314 determines 708 whether the second reputation score is below a blacklist threshold. For example, in some embodiments, the blacklist threshold can be 5. If the second reputation score is below the blacklist threshold, the policy enforcement module 316 denies 710 the access by the client device to the network resource based on the second reputation score.”).

	As per claim 20, Ardeli in combination with Seigel teaches the computer-readable storage medium of claim 16, Ardeli further discloses wherein the enhancing comprises monitoring access attempts and responding to an access attempt that invokes a permission that has not been exercised sufficiently, and wherein responding includes at least one of the following: logging the attempted access; alerting on the attempted access; notifying an administrator of the attempted access; or notifying security personnel of the attempted access (Ardeli, Paragraph 0048 recites “The intrusion detection module 310 analyzes the entire payload of data packets to identify malicious incidents associated with the client 170 in the session, to log information about the malicious incidents and to send a report including the logged information to the reputation module 314.”).		
	
Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ardeli et al. (US 2016/0036833) and Seigel et al. (US 2017/0163650) and in further view of Avrahami et al. (US 2018/0247241).

	As per claim 11, Ardeli in combination with Seigel teaches the method of claim 8, but fails to teach comprising at least one of the following: transitioning between using a fixed inactivity time period threshold in the access capability exercise sufficiency criterion and using a statistical inactivity time period threshold in the access capability 
	However, in an analogous art Avrahami teaches comprising at least one of the following: transitioning between using a fixed inactivity time period threshold in the access capability exercise sufficiency criterion and using a statistical inactivity time period threshold in the access capability exercise sufficiency criterion, said transitioning based at least partially on a confidence threshold that is associated with the statistical inactivity time period threshold; transitioning between using a fixed inactivity time period threshold in the access capability exercise sufficiency criterion and using a learned inactivity time period threshold in the access capability exercise sufficiency criterion, (Avrahami, Paragraph 0099 recites “To verify whether the user has transitioned to the first pattern (e.g., engaged with work activities 370), the activity engine 210 can calculate a threshold transition confidence factor using the machine -learning. In an example implementation, the activity engine 210 weights the user's rate of interaction and engagement with digital resources for work activities as factors to determine access policies to implement to restrict access to digital resources used for non-work related activities (e.g., activities associated with the second pattern) while transitioning back to work (e.g., the first pattern). Accordingly, the transition back to work 310 can be determined in view of rate of user interaction with work activity 370 satisfying the threshold transition confidence factor. In response to verifying the detected user activity in view of the context factors indicate a transition to the first pattern and user activity of the second activity 360, the activity engine can present a productivity plan (e.g., an access policy for digital resources) to direct the user to engage in work related activities (e.g., activities associated with the first pattern). ”)
.

Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ardeli et al. (US 2016/0036833) and Seigel et al. (US 2017/0163650) and in further view of Pitre (US 2015/0200943).

	As per claim 12, Ardeli in combination with Seigel teaches the method of claim 8, but fails to teach wherein the method manages access by an actor to a computational resource using an assigned permission, the computational resource belongs to a computational resource group; and the method further comprises the following prior to enhancing security of the guarded computing system with regard to the access capability: confirming that each computational resource R of the computational resource group has the same assigned permission regarding access by the actor; and verifying that access by the actor to each computational resource R has not been exercised sufficiently.
	However, in an analogous art Pitre teaches wherein the method manages access by an actor to a computational resource using an assigned permission, the computational resource belongs to a computational resource group; and the method further comprises the following prior to enhancing security of the guarded computing (Pitre, Paragraph 0073 recites “By associating an account to at least one access policy, an organization may effectively manage a large volume of accounts under central management of IDM system 112. IDM system 112 can automatically perform access policy harvesting for accounts that are not associated with at least one access policy. By doing so, an organization can reduce its expenses and the burden or manually and periodically updating access provided by accounts based on new access policies and updates to existing access policies. An account that is provisioned using an access policy may reduce risks related to compliance for access to a resource and may demand less attention for internal audits because the access to the resource is based on a rule indicated by the access policy. Access to resource types provided by an account may be added, modified, or revoked based on changes to an applicable access policy, which may be identified from the association between the access policy and the account indicated in a policy profile.” And Paragraph 0154 recites “At 738, the order information may be forwarded to an order management module 720 that may be configured to perform billing and accounting functions related to the order, such as verifying the order, and upon verification, booking the order.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Pitre’s Access policy harvesting with Ardeli’s Client .

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ardeli et al. (US 2016/0036833) and Seigel et al. (US 2017/0163650) and in further view of Haze et al. (US 2020/0389375).
	
	As per claim 13, Ardeli in combination with Seigel teaches the method of claim 8, Ardeli further discloses wherein the method further comprises restricting at least one of the obtaining, gathering, determining, or enhancing to a proper subset of actors of the computing system, based on a privacy constraint.
	However, in an analogous art Haze teaches wherein the method further comprises restricting at least one of the obtaining, gathering, determining, or enhancing to a proper subset of actors of the computing system, based on a privacy constraint (Haze, Paragraph 0018 recites “ The recommendation system can provide other advantages. For example, recommendations can be generated automatically, without the need for manual input or intervention by human experts. The cloud provider can also support recommendations for resource exchange transactions of various types and sizes, which can improve the quality of resource-related recommendations. In some instances, the recommendation system can provide support for General Data Protection Regulation ( GDPR) (for example, using only transactional data and not personal user/customer data) for recommendation determination. Resource exchange services can be added to various types of cloud applications or systems, including cloud platform entitlements and infrastructure services, real-time offer management, predictive analytics, machine learning services, and others.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Haze’s real-time cloud-based resource reallocation recommendation generation  with Ardeli’s Client Reputation Driven Role-Based Access Control because the use of GDPR helps with quality of resource-related recommendations


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 


RODERICK TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439        



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439