DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the RCE filed on 01/13/2022.
Claims 1, 2, 4-13 and 15-22 are currently pending in this application. Claims 1, 4-6, 10, 12, 15, 16, 20 and 22 have been amended.
No information disclosure statement (IDS) has been filed.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/21/2021 has been entered.

Examiner’s Note
Applicant is suggested to include information described in par. 0080 of the specification (e.g., the access relationship object including count indication information) to the claims to provide the application for a better condition for an allowance.

Response to Arguments
The previous 112(b) rejections to the claims have been withdrawn in response to the applicant’s amendments/remarks. However, the applicant’s amendments cause new rejections stated below.

In regard to the previous 101 rejections, the applicant, in pages 12-13 of the remarks, has argued that “… claim 1 now recites: … collecting … earlier authorized authenticator information  … new authorized authentication information … processing … information to determine changes … processing … the determined changes … triggering … one or more of a notification and an update… it would not be possible to process and make the required computations and determinations in the human mind and/or using a pen and paper … triggering of a notification or update … is a tangible result of a practical application …”.
Examiner respectfully disagrees with these arguments.
As described in the previous office action of 06/29/2021 and 10/22/2021, the claimed functions (e.g., collecting information, determining credentials changes and processing the changes, etc.) can be performed by a human mind and/or using a pen and paper. For example, a user can see the credentials/passwords changes from “1234” to “2345” by comparing between new credential “2345” and earlier credential “1234” written on a paper. Then, the user can also think the processes/activities after the credential changes (e.g., the user will update the new credential “2345” for future use). Moreover, the user also can think to write (e.g., triggering a notification) the new Therefore, the rejections are maintained.

In regard to the 102 rejections, the applicant has, in pages 14 and 15 of the remarks, argued that “… claimed subject matter is directed to determination what changes have occurred to authorized authenticators, and then determining what operations were required in order for these changes to have occurred … no such disclosure or suggestion in Ylonen … claimed subject matter is not processing requests as in Ylonen … claimed subject matter is directed to management of authenticators in a computerizing system based on analysis of earlier or historic authorized authenticator information and new authenticator information … collected for the analysis and processing … a trigger for a notification or update …”.
Applicant’s argument is not persuasive. 
First of all, it is noted that the feature upon which applicants argue (e.g., not processing requests, etc.) is NOT recited in the claims. Although the claims are interpreted in light of the specification, limitations for the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Moreover, as the applicant noted, Ylonen, in pages 34 and 35, clearly teaches that when the role change request is received, it is determined which new authorizations are needed, it is determined which authorizations should be revoked, the new authorizations are processed, completion of the request or processing of a role change is signaled and, the processing of the role change request performs which keys at which accounts would need to be removed when the user is detached from the old role and which new keys should be added at which accounts for the user’s new rule. In other words, processing or management of authenticators (e.g., authorization information or access rights/authorization to connect to the accounts specified for a role) is based on analysis of earlier or historic authorized authenticator information (e.g., an old role or access rights/authorization to connect to the accounts specified for the old role) and new authenticator information (e.g., a new role or access rights/authorization to connect to the accounts specified for the new role) collected (or included in the role change request and information of the database/table) for the analysis and processing change and triggering a notification or update (e.g., signaling the completion of the processes). 
Therefore, it is obvious that Ylonen teaches the claimed limitations, determining what changes have occurred (e.g., the decision to change the role of the user have to be occurred before sending out the role change request) to authorized authenticators (e.g., authorization information or access rights/authorization to connect to the accounts specified for a role), and then determining what operations were required (e.g., which new authorizations are need/revoked or which keys at which accounts would need to be removed/added) in order for these changes to have occurred.  See the 102 rejections section for more detail.

The applicant’s arguments, for the claims 12, 22 and the dependent claims 2, 4-11, 13 and 15-21, regarding similar limitations of above responded limitations of the claim 1, are not persuasive and the response for these arguments are similar with the response for the claim 1 above.

Thus, the applicant’s arguments are not persuasive. Please see amended rejections below for amended claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
 

Claims 1, 2, 4-13 and 15-22 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claims 1, 12 and 22 recite “… processing … the determined changes that have occurred … to further compute operations on the authorized authenticators … and an update based on the determined operations required for the determined changes …”, however, it is not clear whether “the determined operations” are referring to “the determined changes” or not (note: “determining operations” claimed before has been deleted).
Claims 2, 4-11 and 13, 15-21 depend from the claim 1 or 12, and analyzed and rejected accordingly.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:



Claims 1, 2, 4, 5, 8-13, 15 and 18-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

The claims recite the limitation of determination of the change of authenticator (e.g., credentials), the processes of changes, and triggering a notification, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitation in the mind (and/or with a pen and paper) but for the recitation of an apparatus or a computer system. That is, other than reciting “a/the apparatus (with a processor and a memory” in the claims 12 and 22), nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “a/the apparatus” language, “determining, and processes, triggering, information, entity” in the context of these claims encompasses the user manually accessing requirements (e.g., a user looking to determine a change or a process). If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of a computer system (e.g., generic computer components), then it falls within the “Mental Processes” grouping of abstract ideas. In other words, the claimed functions (e.g., determining credentials changes, processing operations for the changes, and triggering a notification) can be performed by a human mind and/or using a pen and paper. For example, a user can think the credentials/passwords changes from “1234” to “2345” by comparing between new credential “2345” and earlier credential “1234”. Then, the user can also think the 
This judicial exception is not integrated into a practical application because the claim only recites additional element – using a/the computer system for determination of the change or process and processes of algorithm or edit distance algorithm (e.g., mathematical concept, which is also an abstract idea). The computer system in claimed steps (e.g., determining changes and process of algorithm or the mental process and the mathematical concept) is recited at a high-level of generality (e.g., as a generic computer performing a generic computer function of determining information) such that it amounts no more than mere instructions to apply the exception using a generic computer component. According, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because as discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer system to perform determining information and processing mathematical formulas amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. Therefore, the claims are not patent eligible.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 2, 4-13 and 15-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ylonen (WO 2013/093209 A1).

As per claim 1, Ylonen teaches a method for managing authenticators in a computerized system comprising user accounts and hosts [figs. 1, 10; page 22, lines 24-25; page 35, lines 26-32 of Ylonen], the method comprising:
collecting, by an apparatus for managing authenticators from the computerized system, earlier authorized authenticator information for a user account and storing the collected earlier authorized authenticator information in a database [fig. 9; page 3, lines 27-35; page 32, lines 37-39; 
collecting, by the apparatus for managing authenticators from the computerized system, new authorized authenticator information for the user account [fig. 9; page 3, lines 27-35; page 34, lines 25-38; page 35, lines 6-9 of Ylonen teaches collecting, by the apparatus for managing authenticators (e.g., a component of a management system) from the computerized system, new authorized authenticator information (e.g., a new role or access rights/authorization to connect to the accounts specified for the new role) for the user account];
processing, by the apparatus for managing authenticators, the earlier authorized authenticator information and the new authorized authenticator information to determine changes that have occurred to authorized authenticators by comparing the new authorized authenticator information for the user account to the earlier authorized authenticator information for the user account stored in the database [figs. 9, 10; page 3, lines 27-35; page 34, lines 25-39; page 35, lines 1-18, 26-35; page 187, lines 1-6 of Ylonen teaches processing, by the apparatus for managing authenticators (e.g., the component of a management system), the earlier authorized determination of the changing to the new role has to be occurred first before processing what to change or determination of requirement for new authorizations and/or removals of authorizations) by comparing the new authorized authenticator information (e.g., the new role or access rights/authorization to connect to the accounts specified for the new role) for the user account to the earlier authorized authenticator information (e.g., the old role or access rights/authorization to connect to the accounts specified for the old role) for the user account stored in the database – note: new keys for the new role are compared with old keys for the old role, so that only the difference are determined and updated for the new role], and
processing, by the apparatus for managing authenticators, the determined changes that have occurred to authorized authenticators, the earlier authorized authenticator information and the new authorized authenticator information to further compute operations on the authorized authenticators that were required for the determined changes in the authorized authenticator to have occurred [figs. 9, 10; page 34, lines 25-39; page 35, lines 1-18 of Ylonen teaches the apparatus, for managing authenticators, processes the determined changes that have occurred to authorized authenticators (e.g., determination of the changing from the old role or access rights/authorization to the new role or access rights/authorization), the earlier authorized authenticator information and the new authorized authenticator 
triggering, by the apparatus for managing authenticators, one or more of notification and update based on the determined operations required for the determined changes in the authorized authenticators to have occurred [fig. 9; page 34, lines 31-34 of Ylonen teaches triggering, by the apparatus for managing authenticators, one or more of notification and update (e.g., signaling the completion of the role change) based on the determined operations (e.g., which new authorizations are need/revoked or which keys at which accounts would need to be removed/added) required for the determined changes (e.g., determination of the changing from the old role or access rights/authorization to the new role or access rights/authorization) in the authorized authenticators to have occurred].

As per claim 2, Ylonen teaches the method of claim 1. 
Ylonen further teaches wherein the operations comprise at least one of insertion of an authorized authenticator, deletion of an authorized authenticator, or modification of an authorized authenticator [page 34, lines 25-39; page 35, lines 1-18 of Ylonen teaches the operations comprise at least one of insertion of an 

As per claim 4, Ylonen teaches the method of claim 1. 
Ylonen further teaches computing the operations using an algorithm configured for computing a number of operations needed for the change from the earlier authorized authenticator information to the new authorized authenticator information [page 34, lines 36-39; page 35, lines 1-4 of Ylonen teaches computing the set of operations using an algorithm (e.g., a set of rules to follow for completing a specific task) configured for computing number of operations needed (e.g., only deleting those keys that would not be re-added for the new role and only adding those keys for the new role that are not already in the system) for the change from the earlier authorized authenticator information (e.g., the old role or access rights/authorization to connect to the accounts specified for the old role) to the new authorized authenticator information (e.g., the new role or access rights/authorization to connect to the accounts specified for the new role)].

As per claim 5, Ylonen teaches the method of claim 4. 
Ylonen further teaches computing the number of operations for the change based on an edit distance algorithm or a Levenshtein distance algorithm comparing strings of authorized keys [page 34, lines 25-39; page 35, lines 1-9 of Ylonen teaches computing the number of operations for the change based on an edit distance algorithm (e.g., a measure of similarity between two key strings for the old role and the new role. In other words, it is defining as the only number of changes required to convert key string for the old role into key string for the new role done by inserting/adding, deleting or replacing a key in string a comparing strings) of authorized keys].

As per claim 6, Ylonen teaches the method of claim 1. 
Ylonen further teaches:
classifying a new authorized key in the new authorized authenticator information into a category of a set of categories, the set of categories including an inserted key category and a deleted key category [figs. 8, 9; page 33, lines 23-26; page 34, lines 36-39; page 35, lines 1-18 of Ylonen teaches classifying a new authorized key (e.g., which key) in the new authorized authenticator information (e.g., the new role or access rights/authorization to connect to the accounts specified for the new role) into a category of a set of categories (e.g., computing different group of keys), the set of categories including an inserted key category (e.g., a group of those keys for the new role that are not already in the system), and a deleted key category (e.g., a group of those keys that would not be re-added or removed for the new role)]; and
in response to the new authorized key being classified in the inserted key category, inserting the new authorized key in a database [figs. 
in response to the new authorized key being classified in the deleted key category, deleting the new authorized key from the database or marking the new authorized key as deleted [figs. 1, 8, 9; page 32, lines 37-39; page 33, lines 1-7, 23-26; page 34, lines 36-39; page 35, lines 1-18; page 36, lines 34-39; page 37, line 1 of Ylonen teaches in response to the new authorized key being classified in the deleted key category (e.g., those keys that would not be re-added for the new role), deleting the new authorized key from the database]. 

As per claim 7, Ylonen teaches the method of claim 6. 
Ylonen further teaches wherein the set of categories further comprises a replaced keys category, the method further comprising, in response to the new authorized key being classified as a replaced key, processing the earlier authorized key as if the earlier authorized key has been deleted and the new authorized key as if the new authorized key had been inserted, and/or wherein the set of categories further comprises a modified keys category, the method further comprising, in response to the new authorized key being classified as a modified key, updating information about the corresponding authorized key entry in the database [figs. 1, 8, 9, 12; page 32, lines 37-39; page 33, lines 1-7, 23-26; page 34, lines 36-39; page 35, lines 1-18; page 36, lines 34-39; page 37, line 1 of Ylonen teaches wherein the set of categories further comprises a replaced keys (e.g., which keys need to be removed and which new keys should be added) category, the method further comprising, in response to the new authorized key being classified as a replaced key, processing the earlier authorized key as if the earlier authorized key has been deleted (e.g., keys which need to be removed) and the new authorized key entry as if the new authorized key had been inserted (e.g., keys which need to be added)].

As per claim 8, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining a change in sequence number of an authorized authenticator of the authorized authenticators, and updating the sequence number in a database entry representing the authorized authenticator [page 37, lines 16-32; page 47, lines 1-9 of Ylonen teaches determining a change in sequence number of an authorized authenticator (e.g., the order in which they were created) of the authorized authenticators, and updating the sequence number (e.g., renewed/updated time) in a database entry representing the authorized authenticator (e.g., the configuration files including authorized keys for the account are updated accordingly)].

As per claim 9, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining whether an authorized authenticator of the authorized authenticators is shadowed by an earlier authenticator in the earlier authorized authenticator information, and treating the authorized authenticator as modified if the determination indicates a difference between the authorized authenticator in the new authorized authenticator information compared to the corresponding authorized authenticator entry in the earlier authorized authenticator information [figs. 8, 9; page 33, lines 23-26; page 34, lines 25-39; page 35, lines 1-24 of Ylonen teaches determining whether an authorized authenticator of the authorized authenticators is shadowed by an earlier authenticator in the earlier authorized authenticator information (e.g., those keys (of the old/earlier role) that would not be re-added for the new role or those keys for the new role that are not already in the system), and treating the authorized authenticator as modified (for the new role) if the determination indicates a difference (e.g., determination of requirement for new authorizations and/or removals of authorizations) between the authorized authenticator in the new authorized authenticator information compared to the corresponding authorized authenticator in the earlier authorized authenticator information – see also rejections to the claim 1].

As per claim 10, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining that an authorized authenticator in the new authorized authenticator information is a modified authorized authenticator, and in response thereto, recording information about a modification corresponding to the modified authorized authenticator in an audit log [fig. 1; page 18, lines 35-42; page 36, lines 18-39 of Ylonen teaches determining that an authorized authenticator in the new authorized authenticator information (e.g., determination of a 

As per claim 11, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining that an authorized authenticator of the authorized authenticators included in the new authorized authenticator information is an inserted or a deleted authorized authenticator, and in response thereto updating information about access relationships based on configured authorized authenticators in a database to reflect a change in the configured authorized authenticators [fig. 1; page 18, lines 35-42; page 36, lines 18-39 of Ylonen teaches determining that an authorized authenticator of the authorized authenticators included in the new authorized authenticator information (e.g., determination of a role change or authorization) is an inserted or a deleted authorized authenticator (e.g., adding the new authorizations or authorized keys or removals of old authorizations or authorized keys), and in response thereto updating information about access relationships based on configured authorized authenticators in a database (e.g., the database) to reflect a change in the configured authorized authenticators – see also rejections to the claim 10].

Claims 12, 13 and 15-21 are an apparatus claims that correspond to the method claims 1, 2, 4 and 6-11, and are analyzed and rejected accordingly – see fig. 1 of Ylonen for the components, such as a processor and memory of the apparatus.
Claim 22 is a media claim that corresponds to the method claim 1, and is analyzed and rejected accordingly.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 






/MAUNG T LWIN/Primary Examiner, Art Unit 2495