DETAILED ACTION
This Action is in consideration of the Applicant’s response on January 5, 2022.  Claims 23, 42, 43, and 44 are amended by the Applicant.  Claims 1 – 22, 24 and 26 were previously canceled.  Claims 23, 25, and 27 – 44, where Claims 23, 42, 43, and 44 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on December 1, 2021 has been entered.
 Response to Arguments
	Applicant’s arguments filed on December 1, 2022 have been fully considered but they are not persuasive.
Applicant argued:
a)	Regarding Claims 23, 42, and 43, Phuong does not disclose or suggest of “activate, at the router based on entry of a terminal from a command-line interface, a command monitoring mode.”
Claims 23, 42, and 43, Phuong does not disclose or suggest of “detect, at the router based on the command monitoring mode, a command entered via the terminal.”
The Office respectfully disagrees with Applicant' s assertions.
1.	With regards to a), the Applicant cites various portion of Phuong to indicate that the super-user shell, such as a bash shell corresponds to the claimed terminal and not the “command monitoring mode” [See Remarks, Pg. 9; 2nd Para.].  However, the claimed command monitoring mode does not have to be exclusive of the terminal as the Applicant implies.  As indicated by the Applicant’s own specification, the command monitoring mode is accessed through the bash terminal [See PGPub. 2020/0267150; Para. 0028-29].  In other words, the super-user terminal (e.g., super-user shell) is a security level a person uses to access the command monitoring mode.	
	Phuong discloses that through the SID client, the user may be offered a typical login to their standard CLI and then a special and documented CLI command to begin the SID process [Col. 6, lines 52-56].  Phuong further discloses that when users are authorized to access the privileged debug services, they are granted, exposed, or enabled [Col. 3, lines 44-48].  As acknowledged by the Applicant, Phuong discloses that the debugger tells the customer “he is about to invoke a secure login process to obtain the bash shell as a super user or root user and instructs the Customer to type the command invoking process” [See Remarks, Pg. 9, 3rd Para., citing Phuong, Col. 11, Lines 53-63 (emphasis added by Office)].  
As indicated above, the customer invokes a terminal via the CLI that enables the user to access privileged debug services for the router.  Therefore, Phuong discloses of 
2.	With regards to b), the Applicant utilizes the example in Phuong where the debugger initiates commands from the SID server to be executed via the SID client (i.e., the commands are not entered via the terminal) [See Remarks, Pg. 10, citing Phuong Col. 9, line 60 – Col 10, line 18].  The Applicant recites two different variations of the SID system and combines them to generate a scenario where the debugger is inputting the commands via the SID server to the privileged debug services.  However, Phuong also discloses that the Customer is instructed by the debugger to enter the commands [Col. 12, lines 33-44].  Therefore, the commands may be entered by the Customer via the bash terminal established on the router as instructed by the debugger.
3.	With regards to c), the Applicant does not provide specific arguments regarding the prior art used.  The Office reiterates the responses above.  Any additional limitation that were not previously recited will be mapped the references used according below.
Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 23, 25, 27 – 38, and 42 – 44 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over U.S. Patent 10,129,232 (hereinafter “Phuong”).
4.	Regarding Claims 23 and 42 – 43, Phuong discloses of an apparatus [Fig. 1B; Col. 3, line 30; customer product, e.g., router with SID client, etc.], comprising: 

at least one memory (CRM Claim 42) including computer program code [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; memory storing instructions];
wherein the at least one memory and the computer program code are configured to, with the at least one processor [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to], cause the apparatus to (method Claim 43) at least:
activate, at a router based on entry of a terminal from a command-line interface, a command monitoring mode [Col. 3, lines 44-48, Col. 6, lines 52-56, Col. 11, lines 53-63; obtain access to privileged debug services via logging into a bash terminal via CLI of the SID client];
detect, at the router based on the command monitoring mode, a command entered via the terminal [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered using the bash terminal via CLI of the SID client to access privileged debug services are each determined if they are allowed or not]; and
initiate, at the router, a process for authorization of the command [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered by the user are determined by the SID client if they are allowed for execution before they are executed during privileged debug service].
5.	Regarding Claim 25, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command is detected based on a terminal profile created at the router responsive to entry of the terminal from the command-line interface 
6.	Regarding Claim 27, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the terminal is a Linux terminal and the command is a Linux command [Col., 3, lines 41-43; Col. 11, lines 54-63; Linux shell].
7.	Regarding Claim 28, Phuong discloses all the limitations of Claim 27 above.  Phuong further discloses that the Linux terminal is a BASH terminal [Col., 3, lines 41-43; Col. 11, lines 54-63; bash Linux shell].
8.	Regarding Claim 29, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command is a system level command, wherein the command is detected based on a command tracing function [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; customer has the correct privilege level to invoke the debugger/SID client that parses each command entered to determine if they are allowed for execution].
9.	Regarding Claim 30, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command does not require system level execution, wherein the command is detected based on a command tracking function [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; user is authenticated and then determined if the customer has the correct privilege level to access privileged debug service].
10.	Regarding Claim 31, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that, to initiate the process for authorization of the command, the at least one memory and the computer program code are configured to, with the at 
send, by the router toward a management element, the command for authorization of the command by the management element [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
11.	Regarding Claim 32, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that, to initiate the process for authorization of the command, the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
send, by the router toward the management element in conjunction with the command, at least one of a user identifier of a user which entered the command, a user session identifier of a user session via which the command was entered, a terminal type of the terminal, or one or more arguments of the command [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
12.	Regarding Claim 33, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that, to send the command toward the management element, the at least one memory and the computer program code are configured to, with the at 
provide the command to an authentication, authorization, and accounting (AAA) subsystem of the router that is configured to communicate with the management element for authorization of the command [Col. 7, lines 8-16; Col. 10, lines 61-67; SID client authenticates the user, checks the user authorization, and records various information regarding the privilege debug sessions].
13.	Regarding Claim 34, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
receive, by the router from the management element, an authorization response [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed]; and
determine, by the router based on the authorization response, whether to allow or deny execution of the command on the router [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
14.	Regarding Claim 35, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code 
receive, by the router from the management element, an authorization response including an indication that execution of the command on the router is authorized [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed]; and 
initiate, by the router based on the indication that execution of the command on the router is authorized, execution of the command on the router [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed].
15.	Regarding Claim 36, Phuong discloses all the limitations of Claim 35 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
provide, via the terminal, an indication that execution of the command on the router is complete [Col. 12, lines 33-43; customer enters commands that produce results, such as a general status report of an application XXX].
16.	Regarding Claim 37, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:

provide, via the terminal, an indication that execution of the command on the router is not authorized [Col. 10, lines 30-33, 55-60; customer returned back to a safe and secure state].
17.	Regarding Claim 38, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the management element includes a local element of the router configured to perform authorization and accounting functions [Col. 7, lines 8-13, 45-55; Col. 10, lines 4-23; Col. 10, line 61 – Col. 11, line 10; SID client within router performs authorization and accounting functions].
18.	Regarding Claim 44, Phuong discloses an apparatus [Fig. 1B; Col. 3, line 30; customer product, e.g., router with SID client, etc.], comprising: 
at least one processor [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; processor]; and
at least one memory including computer program code [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; memory storing instructions];
wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
detect, by a command management element of a router based on a command monitoring mode configured to use at least one of a command tracing function or a command tracking function, a command entered from a terminal of the router [Col. 3, lines 44-48, Col. 6, lines 52-56, Col. 11, lines 53-63; obtain access to privileged debug services via logging into a bash terminal via CLI (command management element) of the SID client; Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered using the bash terminal via CLI of the SID client to access privileged debug services are each determined if they are allowed or not via the SID client];
	Phuong 
provide, by the command management element of the router toward an authentication, authorization, and accounting element of the router, the command. [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session via SID client on router during privileged debug service are each determined if they are allowed or not before they are executed by the SID client (authentication, authorization, and accounting element of the router)].
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 39 – 41 are rejected under 35 U.S.C. 103 as being unpatentable over Phuong, in view of PGPub. 2011/0099255 (hereinafter “Srinivasan”).
Claim 39, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the SID server can also determine if a command or action is authorized before execution and can perform accounting functions, but occurs before the command is entered on the router [Col. 10, lines 4-23; Col. 10, line 61 – Col. 11, line 10;].  Phuong, however, does not specifically disclose that the management element includes a remote server configured to perform command authorization and accounting functions.
	Srinivasan discloses a system and method authorizing commands entered in an internetworking device for execution [Abstract].  Srinivasan further discloses that the traditional approach within this field included the transmission from the router to the AAA server an authorization request to execute a particular command (includes a remote server configured to perform command authorization and accounting functions) [Figs. 2 and 3; Para. 0022].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Srinivasan with Phuong since they are both in the field of authorizing the execution of commands on a router.  The combination would have been a designer’s choice as to how authorization of commands are determined (e.g., either by the device or a server).  The motivation to do so is to enable the Phuong system to incorporate an older, known method of sending each command to the AAA server for authorization.  While this method has its own setbacks, this would ensure that commands that are received by the router do not violate established standards or policies before the command or changes are applied [Srinivasan; Para. 0020].
Claim 40, Phuong, in view of Srinivasan, discloses all the limitations of Claim 39 above.  Srinivasan further discloses that the remote server includes an authentication, authorization, and accounting (AAA) server [Figs. 2 and 3; Para. 0022].
21.	Regarding Claim 41, Phuong, in view of Srinivasan, discloses all the limitations of Claim 40 above.  Srinivasan further discloses that the router, for communication with the remote server, is configured to support at least one of a Terminal Access Controller Access Control System (TACACS) protocol or a Remote Authentication Dial-In User Service (RADIUS) protocol [Para. 0042; both RADIUS and TACACS+ may be used].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PGPub. 2020/0162462; PGPub. 2019/0327236 – system and method for authorizing execution of user commands based on user profile via a remote authentication server.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496