Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
Foreign priority claimed to US PRO 62/839,842, filed 04/29/2019.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 10/19/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 3, 12 and 15 are objected to because of the following informalities:
For claim 3, “the referential data” lacks antecedent basis as the claim depends from claim 1 and not claim 2 that introduced this term. For this examination and to remedy the issue, claim 3 is assumed to depend from claim 2.
For claim 12, line 2, last phrase “by the user another user” is incorrect. Based on the claim’s dependency on claim 9, the term will be interpreted as “by the user”.
 For claim 15, line 7, “an access request for access a technology asset” is grammatically incorrect. Please replace “for” with “to”.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-8, 15-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Gorlamandala (US 2020/0356676 A1).
For claim 1, Gorlamandala teaches a computer-implemented method for automatically detecting anomalous user behavior within a unified entitlement framework (Abstract; para 0025-0026, 0039-0042), the method comprising the steps of: in an information processing apparatus comprising at least one computer processor (Fig. 1-2; para 0006, 0018): receiving an access request for a technology asset from a user on a computing device, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification (para 0026-0028, 0039 - user login access request as an action that is evaluated, the user attributes include identification attributes of the user and the device IP address); 
applying an entitlement-specific machine learning algorithm to the session data to generate an anomaly score (para 0016-0017, 0026-0028, 0040, 0047-0049 - machine learning algorithm in entitlement-specific environment applied to the access data (user request attributes and other incoming data) to generate an anomaly score or risk score); 
storing the session data and associated anomaly score (para 0028-0029, 0040-0042 - generating and storing of session data and the associated anomaly risk score); 
sending a review request to a manager; receiving review results from the manager; and updating the entitlement-specific machine learning algorithm based on the anomaly score and the review results from the manager (para 0016, 0028-0029, 0062-0065 - initial anomaly/risk score generation and validation, and an alert being sent to manager/supervisor for review as a remediation action, towards which a user/supervisor inputs may be received as review results or response regarding the remediation action, and the machine learning model is trained or updated based on the initial risk score and the user inputs or review results).

For claim 2, Gorlamandala teaches receiving referential data associated with the access request (para 0025-0026, 0028, 0030, 0039 - referential data including application identifier, IP address, failed attempts as incident, change in an entitlement as part of access request).

For claim 3, Gorlamandala teaches the method of claim 2, wherein the referential data comprises at least one of an identification of an application service hosted on the computing device, a change or an incident for the access request, and information about the technology asset (para 0025-0026, 0028, 0030, 0039 - referential data including application identifier, IP address, failed attempts as incident, change in an entitlement as part of access request).

For claim 4, Gorlamandala teaches wherein the entitlement-specific machine learning algorithm is based on historical session information (para 0027-0028, 0038-0039, 0059 - recording of file access or downloading, and application execution, and sessions attributes stored as static and/or dynamic updates).

For claim 5, Gorlamandala teaches wherein the anomaly score is higher in response to a first request to a technology asset (para 0016-0017, 0039-0040 - higher anomaly score based on various factors including un-known request patterns i.e. typically implied with first request with no prior history associated with attributes; also the user removed has a higher score, which when issues a first request, it is associated with that higher score, wherein the access request is for an access to an asset).

For claim 6, Gorlamandala teaches wherein the anomaly score is higher in response to a first request from a computing device (para 0016-0017, 0039-0040 - access request received from a user device, and higher anomaly score based on various factors including un-known request patterns i.e. typically implied with first request with no prior history associated with attributes; also, the user removed has a higher score, which when issues a first request, it is associated with that higher score).

For claim 7, Gorlamandala teaches denying access to the technology asset in response to the review results comprising a rejection (para 0017, 0063 - risk score as a factor in access permission or approval, with remediation leading to user access denial).

For claim 8, Gorlamandala teaches granting access to the technology asset in response to the review results comprising an approval (para 0027, 0063 - risk score as a factor in access permission or approval).

For claim 15, Gorlamandala teaches a computer-implemented system, comprising: a computing device associated with a user; a server comprising at least one computer processor and executing a computer program; and a manager electronic device (Fig. 1-2; para 0006, 0018); wherein: the computing device submits an access request for access a technology asset from a user, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification (para 0026-0028, 0039 - user login access request as an action that is evaluated, the user attributes include identification attributes of the user and the device IP address); 
the computer program applies an entitlement-specific machine learning algorithm to the session data to generate an anomaly score (para 0016-0017, 0026-0028, 0040, 0047-0049 - machine learning algorithm in entitlement-specific environment applied to the access data (user request attributes and other incoming data) to generate an anomaly score or risk score); 
the computer program stores the session data and associated anomaly score (para 0028-0029, 0040-0042 - generating and storing of session data and the associated anomaly risk score); 
the computer program sends a review request to the manager electronic device with the anomaly score; the computer program receives review results from the manager electronic device; and the computer program updates the entitlement-specific machine learning algorithm based on the anomaly score and the review results from the manager electronic device (para 0016, 0028-0029, 0062-0065 - initial anomaly/risk score generation and validation, and an alert being sent to manager/supervisor for review as a remediation action, towards which a user/supervisor inputs may be received as review results or response regarding the remediation action, and the machine learning model is trained or updated based on the initial risk score and the user inputs or review results).

For claim 16, Gorlamandala teaches the computer program may receive referential data associated with the access request, wherein the referential data comprises at least one of an identification of an application service hosted on the computing device, a change or an incident for the access request, and information about the technology asset (para 0025-0026, 0028, 0030, 0039 - referential data including application identifier, IP address, failed attempts as incident, change in an entitlement as part of access request).

For claim 17, Gorlamandala teaches wherein the entitlement-specific machine learning algorithm is based on historical session information (para 0027-0028, 0038-0039, 0059 - recording of file access or downloading, and application execution, and sessions attributes stored as static and/or dynamic updates).

For claim 18, Gorlamandala teaches wherein the anomaly score is higher in response to a first request to a technology asset or in response to a first request from a computing device (para 0016-0017, 0039-0040 - access request received from a user device, and higher anomaly score based on various factors including un-known request patterns i.e. typically implied with first request with no prior history associated with attributes; also the user removed has a higher score, which when issues a first request, it is associated with that higher score, wherein the access request is for an access to an asset, or when a first request is issued, it is associated with that higher score).

For claim 19, Gorlamandala teaches wherein access to the technology asset is denied in response to the review results comprising a rejection (para 0017, 0063 - risk score as a factor in access permission or approval, with remediation leading to user access denial).

For claim 20, Gorlamandala teaches wherein access to the technology asset is granted in response to the review results comprising an approval (para 0027, 0063 - risk score as a factor in access permission or approval).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 9-14 are rejected under 35 U.S.C. 103 as being unpatentable over Gorlamandala (US 2020/0356676 A1), in view of Xu et al. (US 2019/0166141 A1, Xu hereinafter).
For claim 9, Gorlamandala teaches a method for automatically detecting a user behavior within a unified entitlement framework that may be automated (Abstract; para 0025-0026, 0039-0042), comprising: in a technology access management system comprising at least one computer processor (Fig. 1-2; para 0006, 0018): receiving an access request for a technology asset from a user on a computing device, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification (para 0026-0028, 0039 - user login access request as an action that is evaluated, the user attributes include identification attributes of the user and the device IP address);
granting the access request (para 0027, 0063); 
recording session data for an access session to the technology asset by the user (para 0028-0029, 0040-0042 - storing of session data and the associated anomaly risk score); 
applying a machine learning algorithm using a machine learning model based on previously recorded or historical session data for the user to identify a repeatable or an automatable task (para 0027-0029, 0038-0039, 0045-0046, 0048, 0059 - recording of file access or downloading, and application execution, and sessions attributes stored as static and/or dynamic updates, wherein failed login tasks correspond to repeatable tasks which are used for training, and for further detection of failed logins across one or more users);
generating an alert that the identified task may be anomalous (para 0040, 0057-0058, 0062-0063 - reporting and remediation alerts based on the access event task and the associated score).
Gorlamandala does not appear to expressly teach, however Xu teaches detection of automated tasks and generating an alert that the identified task may be automated (para 0052, 0057, 0078, 0080, 0082, 0085 - collection of data and detection of automated tasks, flagging, and also providing additional information and labeling that implies alert or notification).
Therefore, based on Gorlamandala in view of Xu, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Xu in the system of Gorlamandala, in order to incorporate features that can detect human users and automated users utilizing machine learning technique in order to make the system more secure and efficient, and wherein the system would also be enriched to solve most commonly encountered aspect of automated (bot) attacks on any system.

For claim 10, Gorlamandala in view of Xu teaches the claimed subject matter as discussed above, and Gorlamandala further teaches wherein the previously recorded or historical session data comprises at least one of user keystrokes, a file accessed, and an application run (para 0026-0028, 0038-0039, 0059 - recording of file access or downloading, and application execution, and sessions attributes stored as static and/or dynamic updates, wherein user login access request as an action that is evaluated, the user attributes include identification attributes of the user and the device IP address).

For claim 11, Gorlamandala in view of Xu teaches the claimed subject matter as discussed above, and Gorlamandala further teaches wherein the previously recorded or historical session data comprises previously recorded or historical session data for at least one other user (para 0025-0029, 0036 - event and attribute data of multiple users; para 0026, 0038-0039, 0059 - recording of file access or downloading, and application execution, and sessions attributes stored as static and/or dynamic updates, wherein user login access request as an action that is evaluated, the user attributes include identification attributes of plurality of users and the device IP addresses).

For claim 12, Gorlamandala in view of Xu teaches the claimed subject matter as discussed above, and Gorlamandala further teaches wherein the repeatable or an automatable task comprises a task that is performed repeatedly by the user 

For claim 13, Gorlamandala in view of Xu teaches the claimed subject matter as discussed above. Gorlamandala does not appear to explicitly teach, however Xu further teaches wherein the repeatable or an automatable task comprises restarting a service and sending logs (para 0004, 0024 - service request initiation or restart for another page; para 0052, 0057, 0078, 0080, 0082, 0085, 0176 - collection of data and detection of automated tasks, flagging, and also providing additionally logged information).

For claim 14, Gorlamandala in view of Xu teaches the claimed subject matter as discussed above. Gorlamandala does not appear to explicitly teach, however Xu further teaches automating the repeatable or an automatable task (para 0024, 0027, 0159 - automated login attempts, and automating tasks; para 0057-0073 - detectable tasks that are automated, are listed).

    
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433