DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,701,094. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations of the instant patent application are within the limitations of the patent 10,701,094.
Claims 11-20 are similar to 1-10 in below table.





16/914797
1. A computer-implemented method comprising, at a computer system of a 2security management system:  3obtaining activity data from a service provider system, wherein the activity data 4describes actions performed during use of a cloud service, wherein the actions are performed by 5one or more users associated with a tenant, wherein the service provider system provides the 6tenant with a tenant account, and wherein the tenant account enables the one or more users to 7access the cloud service;  8identifying, in the activity data, one or more actions that are privileged with 9respect to the cloud service;  10identifying, using the activity data, a set of users who performed the one or more 11actions, wherein the set of users is determined from the one or more users associated with the 14determining, using the activity data, one or more risk scores for the one or more 15users;  16determining that a risk score for user in the set of users is greater than a threshold;  17determining a security control for the service provider system, wherein the 18security control is used by the service provider system to configure access to the cloud service;  19determining one or more instructions to send to the service provider system; and  20sending the one or more instructions to the service provider system, wherein the 21one or more instructions cause the security control to be changed with respect to the user, 22wherein access to the cloud service by the user is modified due to the change to the security 23control.








5identifying, in the activity data, one or more actions that are privileged with 6respect to the cloud service; 
7identifying, using the activity data, a set of privileged users who performed the 8one or more actions; 



9determining, using the activity data, that one or more risk scores for the set of 10privileged users is greater than a threshold; 


11determining a security control for the service provider system, wherein the 12security control is used by the service provider system to configure access to the cloud service; 13and 

14sending one or more instructions to the service provider system to cause the 15security control to be changed with respect to the user to modify the user's access to the cloud 16service.



3. The computer-implemented method of claim 1, wherein the one or more 2actions is identified using a list of administrative actions.
4. The computer-implemented method of claim 1, further comprising: 2 using the one or more actions and past activity data to generate a model, the model describing a pattern of usage of the cloud service that is privileged with respect to the cloud service; and using the model to identify the set of users.
4. The computer-implemented method of claim 1, further comprising: 2using the one or more actions and past activity data to generate a model, the 3model describing a pattern of usage of the cloud service that is privileged with respect to the 4cloud service; and 5using the model to identify the set of privileged users.
5. The computer-implemented method of claim 1, further comprising: grouping the actions performed during used of the cloud service; and identifying a group of actions that includes an action that is 


6. The computer-implemented method of claim 1, wherein the one or more 2risk scores indicate a degree of a security risk to a tenant from actions performed by the set of 3privileged users in using the cloud service.
7. The computer-implemented method of claim 1, wherein risk scores are computed as a weight sum of risk indicators.
7. The computer-implemented method of claim 1, wherein the one or more 2risk scores are computed as a weight sum of risk indicators.
8. The computer-implemented method of claim 1, wherein risk scores for users categorized as privileged are computed with greater weights than are risk scores for non- privileged users.
8. The computer-implemented method of claim 1, wherein the one or more 2risk scores for users categorized as privileged are computed with greater weights than are risk 3scores for non-privileged users.
9. The computer-implemented method of claim 1, wherein a privileged action is an action that, when executed by a first user, can modify the cloud service in a manner that affects use of the cloud service by other users.
9. The computer-implemented method of claim 1, wherein the one or more 2actions that are privileged comprises an action that, when executed by a first user, can modify the 3cloud service in a manner that 

10. The computer-implemented method of claim 1, wherein the one or more 2actions that are privileged comprises an action that, when executed by a first user, can affect user 3accounts of other users of the cloud service.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kirti et al., (US Publication No. 2015/0319185), hereinafter “Kirti”, and further in view of Scheidler et al., (International Publication No. WO 2016/177437), hereinafter “Scheidler”.


Regarding claims 1, 11 and 16, Kirti discloses
Kirti, paragraph 56, connecting to one or more clouds and collecting activity data, paragraph 138]; 
5identifying, in the activity data, one or more actions that are privileged with 6respect to the cloud service [Kirti, paragraph 88, Contextual data may be harvested from various sources and/or collected when an end user or administrator of a cloud application performs activities]; 
7identifying, using the activity data, a set of privileged users who performed the 8one or more actions [Scheidler, page 20, Not all users are equal; More privileged users are more riskier]; 
9determining, using the activity data, that one or more risk scores for the set of 10privileged users is greater than a threshold [Kirti, paragraph 66, Alerts can be constructed based on pre-defined rules that can include specific events and thresholds (based on the analytics of the activity data)]; 
11determining a security control for the service provider system, wherein the 12security control is used by the service provider system to configure access to the cloud service [Kirti, paragraphs 123-126, Identified threats]; 13and 
14sending one or more instructions to the service provider system to cause the 15security control to be changed with respect to the user to modify the user's access to the cloud 16service [Kirti, paragraphs 123-126, Identified threats; any of a variety of security measures may be taken to address an identified threat such as, but not limited to, deactivating an account…].  

Kirti does not specifically disclose, however Scheidler teaches
7identifying, using the activity data, a set of privileged users who performed the 8one or more actions [Scheidler, page 20, Not all users are equal; More privileged users are more riskier].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to identify a set of privileged users and the activity they performed in order to monitor their activity at a higher security level as the set of privileged may have a higher security risk with a higher level of access.

Regarding claims 2, 12 and 17 Kirti-Scheidler further discloses
wherein the one or more 2actions are identified using a list of actions associated with the cloud service [Kirti, paragraphs 58-59, 66], wherein actions in 3the list of actions are categorized as privileged with respect to the cloud service [Scheidler, page 20, focus may be on privileged users].

1Regarding claims 3, 13 and 18 Kirti-Scheidler further discloses
wherein the one or more 2actions is identified using a list of administrative actions [Scheidler, page 20, focus may be on privileged users, the types of access, such as sensitive IT assets, corporate IT assets etc.].  

11Regarding claims 4, 14 and 19 Kirti-Scheidler further discloses
2using the one or more actions and past activity data to generate a model, the 3model describing a pattern of usage of the cloud service that is privileged with respect to the Kirti, paragraphs 58, 66, Statistical data can be generated using a pre-defined set of system queries]; and 5using the model to identify the set of privileged users [Kirti, paragraph 66, login statistics; user statistics; activity statistics; resource statistics, (users can be identified on the access they show up on)].  

11Regarding claims 5, 15 and 20 Kirti-Scheidler further discloses
grouping the actions performed by users during use of a cloud service [Kirti, paragraphs 58, 66, Statistical data can be generated using a pre-defined set of system queries]; and 84identifying a group of actions that includes an action that is privileged, wherein the set of privileged users is identified using the group of actions [Kirti, paragraphs 58, 66, 69, finding cross application correlation].  

111Regarding claim 6 Kirti-Scheidler further discloses
wherein the one or more 2risk scores indicate a degree of a security risk to a tenant from actions performed by the set of 3privileged users in using the cloud service [Kirti, paragraph 12, 66, 120, Risk scores; thresholds].  

1111Regarding claim 7 Kirti-Scheidler further discloses
wherein the one or more 2risk scores are computed as a weight sum of risk indicators [Kirti, paragraph 104].  

11111Regarding claim 8 Kirti-Scheidler further discloses
Scheidler, page 20, focus may be on privileged users, the types of access, such as sensitive IT assets, corporate IT assets etc.; Riskier users are monitored much close (it would be obvious to provide a higher weighting for a riskier user)].  

111111Regarding claim 9 Kirti-Scheidler further discloses
wherein the one or more 2actions that are privileged comprises an action that, when executed by a first user, can modify the 3cloud service in a manner that affects use of the cloud service by other users [Kirti, paragraph 58, server reboots].  

111111Regarding claim 10 Kirti-Scheidler further discloses
wherein the one or more 2actions that are privileged comprises an action that, when executed by a first user, can affect user 3accounts of other users of the cloud service [Kirti, paragraphs 58-59, 74, password policy change].

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433