DETAILED ACTION

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The following is a non-final office action. Claims [1-20] are currently pending and have been examined on their merits. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception that is an abstract idea without a practical application or significantly more.

Step 1: Claims 1-10 recite a method (i.e. a process such as an act or series of steps), claims 11-20 recite a computing apparatus, and therefore each claim falls within one of the four statutory categories.

Step 2A prong 1 (Is a judicial exception recited?): 
The representative claims 1 and 11 recite: A method for automatically updating an access control; the method comprising: obtaining, employment status data for a first user; comparing the employment status data with a most 
The claims recite a mental process and a certain method of organizing human activity. Before computers one could mentally determine an employment status of a user and disable their access to a company’s network, supplies, buildings, etc. The Examiner find the recited claims to be similar to a claim to "collecting information, analyzing it, and displaying certain results of the collection and analysis," where the data analysis steps are recited at a high level of generality such that they could practically be performed in the human mind, Electric Power Group v. Alstom, S.A., 830 F.3d 1350, 1353-54, 119 USPQ2d 1739, 1741-42 (Fed. Cir. 2016), which the courts have also found to recite a mental process. Additionally, the claims are directed to a certain method of organizing human activity as the disclosure is directed to managing personal behavior or relationships or interactions between people. The Examiner finds the claims to simply recite a method of gathering information pertaining to an individual’s status and depending on their status executing a protocol. Therefore, the Examiner finds the claims to be similar to an example the courts have identified as Bilski v. Kappos, 561 U.S. 593, 595, 95 USPQ2d 1001, 1004 (2010).
Step 2A Prong 2 (Is the exception integrated into a practical application?): The claims additionally recite; 
Claim 1: A network, the method being implemented by at least one processor.
Claim 11: A computing apparatus configured to implement an execution of a method, a memory, a communication interface coupled to each of the processor and the memory, and a network.
The additional element of using social media data to help rate or assess an institution and a user is directed to merely a method of applying the known use of a computer to store and execute the method in the recited claim limitations. Therefore, the limitations merely amount to adding the words “apply it” (or an equivalent) to the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, as discussed in MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, as discussed in MPEP 2106.05(h). Furthermore, a method for transmitting, receiving, and processing information does not amount to improvements to the functioning of a computer, or to any other technology or technical field, as discussed in MPEP 2106.05(a), applying the judicial exception with, or by use of, a particular machine, as discussed in MPEP 2106.05(b), effecting a transformation or reduction of a particular article to a different state or thing, as discussed in MPEP TLI Comms, Ultramercial, and Intellectual Ventures v. Cap One. As the claims invoke a computer merely as a tool to perform an existing process. Moreover, as the claims do not recite an improvement to a computer or technical field but just apply a known technology to an abstract idea they are still directed to an abstract idea and not integrated into a practical application (MPEP 2106.05(b) – an abstract idea applied to a computer does not improve the computer).  


The dependent claims 2-10 and 12-20 further narrow the abstract idea recited in the independent claims 1 and 11 and are therefore directed towards the same abstract idea. 

Step 2B (Does the claim recite additional elements that amount to significantly more that the judicial exception?): As discussed above, the additional imitations amount to adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, as discussed in MPEP 2106.05(f) and generally linking the use of the judicial exception to a particular technological environment or field of use, as discussed in MPEP 2106.05(h). See reasoning for Step 2A prong 2. It is well- understood, routine, and conventional for a computer to be able to monitor a source of information for a target trigger and subsequently perform actions such as sending information or deleting information (see court case A web browser’s back and forward button functionality, Internet Patent Corp. v. Active Network, Inc., 790 F.3d 1343, 1348, 115 USPQ2d 1414, 1418 (Fed. Cir. 2015). See MPEP 2106.05(d) as well as USPTO Memorandum: Revising 101 Eligibility Procedure in view of Berkheimer v. HP, Inc. (April 19, 2018). It is also clear the recited claims would be well understood, routine, and conventional for a company or business to monitor their employees status’s and determine if the employees are still a part of the company and if not terminating that employee’s access to the company’s network (see Specification [0003-0004]). (See MPEP 2106.05(d). Electronic recordkeeping, Alice Corp., 134 S. Ct. at 2359, 110 USPQ2d at 1984 (creating and maintaining "shadow accounts"); Ultramercial, 772 F.3d at 716, 112 USPQ2d at 1755 (updating an activity log); Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 Content Extraction and Transmission, LLC v. Wells Fargo Bank, 776 F.3d 1343, 1348, 113 USPQ2d 1354, 1358 (Fed. Cir. 2014) (optical character recognition); Arranging a hierarchy of groups, sorting information, eliminating less restrictive pricing information and determining the price, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1331, 115 USPQ2d 1681, 1699 (Fed. Cir. 2015) and Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information);


Dependent claims 2-5 and 12-15 are directed towards further narrowing the abstract idea of verifying a user’s status and sending a message to confirm their access.
Dependent claims 6-7 and 16-17 are directed towards further narrowing the abstract idea of verifying a user’s status and generating a verified report based on the status.
Dependent claims 8-10 and 18-20 are directed towards further narrowing the abstract idea of verifying a user’s status at a predetermined time intervals and disabling their access if the status is changed.

Claims 2-10 and 12-20 do not recite any additional elements that have not been discussed in the above analysis that would direct the claims into a practical application. 


Therefore, claims 1-20 are rejected under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 9-10, 11, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Erhart (US 2010/0153171) in view of Todd (US 2012/0030759).
Claim 1 and 11: Erhart discloses (Claim 1) a method for automatically updating an access control with respect to a network, the method being implemented by at least one processor, the method comprising: (Paragraph [0024]) (Claim 11) a computing apparatus configured to implement an execution of a method for automatically updating an access control with respect to a network, the computing apparatus comprising: a processor; a memory; and a communication interface coupled to each of the processor and the memory, wherein the processor is configured to: (Paragraph [0028]) obtaining, from within the network, employment status data for a first user (Paragraph [0002]; [0038]; [0044]; Fig. 4, the embodiments include a system that allows an enterprise to manage employees based on both geo-location information and other characteristics of the employee or company policy. The system can identify the person and determine the status of the person. A status can be any status of the employee while working with the enterprise or not working with the enterprise. For example, status may include vacation, leave, terminated, shift assignment, legal or contractual obligation, or some other status of the employee or his employer. (The examiner notes that the broadest reasonable interpretation of a system capable of verifying an employees work status would include verifying if the employee is currently under contract or on leave or terminated as is disclosed by Erhart)). Comparing the employment status data with a most recent version of an employee record for the first user (Paragraph [0002]; [0026]; [0038]; [0041-0044]; Figs. 4-5, the embodiments include a system that allows an enterprise to manage employees based on both geo-location information and other characteristics of the employee or company policy. The system can identify the person and determine the status of the person. A status can be any status of the employee while working with the enterprise or not working with the enterprise. For example, status may include vacation, leave, terminated, shift assignment, legal or contractual obligation, or some other status of the employee or his employer. The enterprise data database stores data about persons associated with the enterprise about the relationships between the enterprise and the people (employment status), and other information. The personal data database may receive, store, or send one or more portions of the data structures. The data And when the most recent version of the employee record includes the information indicating that the employment of the first user is active and the employment status data includes information that indicates that the employment of the first user has been terminated, automatically causing a disablement of an access of the first user to the network (Paragraph [0050-0053] the enterprise server can determine the status associated with a person. The enterprise server searches for the person identity in the personal data database. Upon finding the person ID the enterprise server can retrieve the user status. With the user status the enterprise server may search one or more even data structures for an event identity. Depending upon the event response and the outcome to the rule determination by the decision support system the decision support system may determine if an action is required. As an example, the action may be denying a person access to a location associated with an enterprise, disabling a device, denying a person access to a system associated with an enterprise, denying a person the operation of a system, sending a message to at least a second person to respond to the status associated with the first person, etc.).
However Erhart does not disclose when both of the employment status data and the most recent version of the employee record include information indicating that an employment of the first user is active, waiting for a first predetermined amount of time and then obtaining an updated version of the employment status data for the first user.
In the same field of endeavor of determining a user’s status regarding access permissions Todd teaches when both of the employment status data and the most recent version of the employee record include information indicating that an employment of the first user is active, waiting for a first predetermined amount of time and then obtaining an updated version of the employment status data for the first user (Paragraph [0023]; Figs. 3-4, the records from various systems and formats may be loaded into the permissions verification system and the system may process the access levels, user identifier, and/or other resources associated with each record. In arrangements in which records are received in various formats, some or all records may be formatted into a common record format. In some examples, the records may be collected over a period of time in order to obtain a spectrum of users. In one example of verifying user permissions in a mainframe system. The user records are received and may be collected over a predetermined time frame, such as one week, one month, one year, etc. The records may be received from varying systems or types of systems and in varying formats as needed. The records are transmitted to the permissions verification system).
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of when both of the employment status data and the most recent version of the employee record include information indicating that an employment of the first user is active, 
Claims 9 and 19: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose wherein the first predetermined amount of time is less than 24 hours.
In the same field of endeavor of determining a user’s status regarding access permissions Todd teaches wherein the first predetermined amount of time is less than 24 hours (Paragraph [0026]; Fig. 3, one example method of verifying user permissions in the mainframe system includes the records being collected over a predetermined time frame, such as one week, one month, one year, etc. (The examiner notes that the broadest reasonable interpretation of being able to set the predetermined period of time to various lengths such as a week, month, or year would also include a smaller range such as a day)).
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of wherein the 
Claims 10 and 20: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose wherein the first predetermined amount of time is five hours or less.
In the same field of endeavor of determining a user’s status regarding access permissions Todd teaches wherein the first predetermined amount of time is five hours or less (Paragraph [0026]; Fig. 3, one example method of verifying user permissions in the mainframe system includes the records being collected over a predetermined time frame, such as one week, one month, one year, etc. (The examiner notes that the broadest reasonable interpretation of being able to set the predetermined period of time to various lengths such as a week, month, or year would also include a smaller range such as five hours or less)).
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of wherein the first predetermined amount of time is five hours or less as taught by Todd (Todd .
Claims 2-5 and 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Erhart (US 2010/0153171) in view of Todd (US 2012/0030759) further in view of McQuaide (US 2003/0217001).
Claims 2 and 12: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose wherein when the access of the first user is disabled, the method further comprises generating a notification message that includes information relating to the access disablement and transmitting the notification message to a predetermined destination.
In the same field of endeavor of managing a user’s access to a network McQuaide teaches wherein when the access of the first user is disabled, the method further comprises generating a notification message that includes information relating to the access disablement and transmitting the notification message to a predetermined destination (Paragraph [0024] each server system receives requests from the server computer system requesting that one or more accounts be frozen or canceled due to loss. The servers may employ a security measure to ensure the server computer system has proper authorization to cancel the accounts. Once authorized the accounts are then frozen and 
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of wherein when the access of the first user is disabled, the method further comprises generating a notification message that includes information relating to the access disablement and transmitting the notification message to a predetermined destination as taught by McQuaide (McQuaide [0024]). With the motivation of helping managing an individual’s access to a network to improve system security (McQuaide [0007]).
Claims 3 and 13: Modified Erhart discloses the method as per claim 2 and the computing apparatus as per claim 12. However, Erhart does not disclose further comprising receiving a confirmation that the notification message is successfully received.
In the same field of endeavor of managing a user’s access to a network McQuaide teaches further comprising receiving a confirmation that the notification message is successfully received (Paragraph [0024]; [0051-0052] each server system receives requests from the server computer system requesting that one or more accounts be frozen or canceled due to loss. The servers may employ a security measure to ensure the server computer system has proper authorization to cancel the accounts. Once authorized the accounts 
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of wherein when the access of the first user is disabled, the method further comprises generating a notification message that includes information relating to the access disablement and transmitting the notification message to a predetermined destination as taught by McQuaide (McQuaide [0024]). With the motivation of helping managing an individual’s access to a network to improve system security (McQuaide [0007]).
Claims 4 and 14: Modified Erhart discloses the method as per claim 2 and the computing apparatus as per claim 12. However, Erhart does not disclose wherein when a confirmation that the notification message is successfully received is not received within a second predetermined amount of time, generating a reminder message that includes information relating to prompting a response from a recipient and transmitting the reminder message to the predetermined destination.
In the same field of endeavor of managing a user’s access to a network McQuaide teaches wherein when a confirmation that the notification message is successfully received is not received within a second predetermined amount of time, generating a reminder message that includes information relating to prompting a response from a recipient and transmitting the reminder message to the predetermined destination  (Paragraph [0024]; [0051-0052]; [0058] each server system receives requests from the server computer system requesting that one or more accounts be frozen or canceled due to loss. The servers may employ a security measure to ensure the server computer system has proper authorization to cancel the accounts. Once authorized the accounts are then frozen and canceled. The servers may further provide notifications to the user relating to the status of the accounts either directly or through the server. Following the notification operation the client receives a confirmation. Alternatively, a general confirmation may be displayed indicating follow up capabilities. Once the confirmation is displayed the flow ends at end operation).
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of wherein when the access of the first user is disabled, the method further comprises generating a notification message that includes information relating to the access disablement and transmitting the notification message to a predetermined destination as taught by McQuaide (McQuaide [0024]). With the motivation of helping managing an individual’s access to a network to improve system security (McQuaide [0007]).
Claims 5 and 15: Modified Erhart discloses the method as per claim 2 and the computing apparatus as per claim 12. Erhart further discloses further comprising logging a first parameter that indicates an identification of the employment termination (Paragraph [0002] the embodiments of the system is able to identify a person and determine a status of the person. A status can include any status of the employee while working or not working with the enterprise such as terminated or some other status). A second parameter that indicates a success/failure status of the access disablement (Paragraph [0031] The action identifier module is operable to determine an action that must be conducted in response to an event. For example, the action may include denying a person access to a system with an enterprise, disabling a device, etc.).
However Erhart does not disclose and a third parameter that indicates whether the notification message has been transmitted.
In the same field of endeavor of managing a user’s access to a network McQuaide teaches a third parameter that indicates whether the notification message has been transmitted  
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of a third parameter that indicates whether the notification message has been transmitted as taught by McQuaide (McQuaide [0024]). With the motivation of helping managing an individual’s access to a network to improve system security (McQuaide [0007]).
Claims 6 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Erhart (US 2010/0153171) in view of Todd (US 2012/0030759) further in view of Newman (US 2012/0311706).
Claims 6 and 16: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose further comprising verifying a compliance with at least one rule that relates to a Payment Card Industry Data Security Standard (PCI DSS).
In the same field of endeavor of managing a systems security and controlling user access Newman teaches further comprising verifying a compliance with at least one rule that relates to a Payment Card Industry Data Security Standard (PCI DSS) 
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of further comprising verifying a compliance with at least one rule that relates to a Payment Card Industry Data Security Standard as taught by Newman (Newman [0047]). With the motivation of helping to maintain a more secure system environment for a company (Newman [0002]).
Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Erhart (US 2010/0153171) in view of Todd (US 2012/0030759) further in view of Villars (US 2009/0313258).
Claims 7 and 17: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose further comprising generating a Service Organization Control 1 (SOC 1) report that relates to a result of executing the method. 
In the same field of endeavor of managing a series of rules pertaining to user verification Villars teaches further comprising generating a Service Organization Control 1 (SOC 1) report that relates to a result of executing the method (Paragraph [0003]; [0018-0020]; Figs. 2-3, a user of the computing system logs into a network in order to access the SOCS reporting application. Once the user initiates the application to start a processing job, the user may be presented with a GUI that allows the user to input information to configure the output data that will be contained within a SOCS status report. The generated SOCS status 
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system of further comprising generating a Service Organization Control 1 (SOC 1) report that relates to a result of executing the method as taught by Villars (Villars [0018]). With the motivation of helping to provide specifically needed information pertaining to a work order or an employee for an organization to provide an ease of access (Villars [0002]).
Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Erhart (US 2010/0153171) in view of Todd (US 2012/0030759) further in view of Greff (US 2007/0174903).
Claims 8 and 18: Modified Erhart discloses the method as per claim 1 and the computing apparatus as per claim 11. However, Erhart does not disclose wherein the causing the disablement of the access of the first user to the network comprises resetting a password that relates to the access of the first user to the network.
In the same field of endeavor of managing employees access to a network Greff teaches wherein the causing the disablement of the access of the first user to the network comprises resetting a password that relates to the access of the first user to the network (Paragraph [0013]; [0031-0033]; [0039]; Fig. 5, the present invention is for an improved method and system for managing user identities in a 
At the time the invention was effectively filed it would have been obvious to one of ordinary skill in the art to modify the system of managing a company’s employees and their respective access to the system by determining various statuses as disclosed by Erhart (Erhart [0002]) with the system wherein the causing the disablement of the access of the first user to the network comprises resetting a password that relates to the access of the first user to the network as taught by Greff (Greff [0033]). With the motivation of helping to track a large amount of information within a company’s network to help better manage a series of employees (Greff [0002-0003]).
Therefore, claims 1-20 are rejected under 35 U.S.C. 103.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Jordan (US 2011/0022531) Electronic verification software.
Hoesl (US 2014/0020056) Integrated physical access control and information technology security.
Beck (US 2008/0162707) Time based permissioning.
Engler (US 2005/0254652) Automated network security system and method.
Shaikh (US 2010/0031334) Secure access.
Wilson (US 2017/0154312) System and method for securely verifying employee data.
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COREY RUSS whose telephone number is (571)270-5902.  The examiner can normally be reached on M-F 7:30-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on 5712726782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/COREY RUSS/Examiner, Art Unit 3629        

/RICHARD W. CRANDALL/Examiner, Art Unit 3689