DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2.	The information disclosure statements (IDS) submitted on 02/19/2021 and 02/22/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Objections
3.	Claims 2, 15 and 21 are objected to because of the following informalities:  
In Claim 2, a limitation recites “wherein said receiving access usage data comprises receiving account identifications (IDs) and the respective performed actions;” (emphasis added). The semicolon should be replaced with a period.
	Claim 21 suffers similar deficiency and appropriate correction is required.
In Claim 15, the preamble recites “The computer-implemented method of Claim 9, further comprising.” (emphasis added). The period should be replaced with a colon.
Appropriate correction is required.

Claim Interpretation
4.	The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

5.	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

6.	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: [a group generating unit for…, and/or  a role generating unit for… ] in claims [ 20, 22-28 and 34].
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.


Claim Rejections - 35 USC § 112
7.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



8.	Claims 1-9, 15, 20-28 and 34 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

9.	Claim 1 recites in a limitation “receiving a list of entitlements each allowing the execution of at least one respective action” (emphasis added). However, there is no prior recitation of “an execution” of an action.  There is insufficient antecedent basis for this limitation in the claim.
the execution of the group of actions (emphasis added). There is insufficient antecedent basis for this limitation in the claim.
Claim 20 suffer similar deficiencies and rejected using the same rationale.
Dependent Claims 2-9, 15, 21-28 and 34 are rejected based upon their direct or indirect dependence from independent claims 1 and 20.
Note: Applicant may overcome this rejection by changing “the execution” to “an execution”. 

With respect to Claims 20-28 and 34, 
In Claim 20, the units recited in limitations (i.e. a group generating unit for…, and a role generating unit for…) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure for performing the entire claimed functions and to clearly link the structure to the functions. Applicant's Specification describes these units in multiple paragraphs and Fig. 4. However, the specification does not clearly link the functions to any structure (e.g., hardware) capable of performing the functions. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Dependent Claims 22-28 and 34 similarly recite “a group generating unit for and/or a role generating unit” and rejected using the same rationale discussed above.
Dependent Claims 21-28 and 34 are also rejected based on their dependencies.
Note: For the examination purposes, the examiner is interpreting the respective units as “software modules” programmed to perform the recited functions.


Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 102
10.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


11.	Claim 1-9, 15, 20-28 and 34 are rejected under 35 U.S.C. 102 (a) (1) as being Anticipated by Chari et al. (US 2012/0246098 Al, hereinafter Chari).

Regarding Claim 1,
Chari discloses a computer-implemented method for defining roles (Chari: [Abstract] mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements, ¶¶ [0011, 0012, 0040,0047]), comprising: 
receiving access usage data comprising identities and respective performed actions (Chari: ¶ [0012] mining user roles from usage log data, ¶ [0051] logs are maintained as a record of the usage of the permissions by the user (usage logs). This usage log data is then used to weight each permission with the frequency with which each user uses the permission, ¶ [0059] the particular model used (LDA or ATM) will depend on, for a given situation, what user information is available. This information can include user attributes, permissions and/or past actions, ¶ [0071] the permissions assigned to the new user or actions the user
performed (past actions) are used ¶ [0036, 0048, 0070]); 
(Chari: ¶ [0011] mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements, ¶ [0036] technique
that can associate role assignments with the actions, such as which entitlement are used…, tie entitlements to business function, ¶ [0037, 0040, 0049]); 
generating a plurality of groups of actions by regrouping given ones of the identities having associated thereto a same group of the respective performed actions using the access usage data (Chari: ¶ [0013] similar users (i.e., users with similar attributes) are assigned the same roles, ¶ [0015] the usage of the permissions, ¶ [0047] ensure that users with similar past usage or
attributes will be assigned similar roles…past usage is defined as a distance measure over the percentage of the past actions that were the same, ¶ [0036] associate role assignments with the actions, ¶¶ [0016, 0048, 0072]); 
for each one of the plurality of groups of actions, determining a group of entitlements contained in the list of entitlements that allow the execution of the group of actions (Chari:
 ¶ [0036] associate role assignments with the actions, such as which entitlement are used, and attributes, such as the department and job roles of users, ¶ [0037] data mining techniques on existing entitlement data to derive roles, ¶ [0040] users are provisioned with
entitlements and, in particular, how exactly they use these entitlements…, probability distributions of users over roles and then specific discretization procedures are provided which convert these probabilistic assignments to discrete roles, ¶ [0047] ensure that users with similar past usage or attributes will be assigned similar roles…past usage is defined as a distance measure over the percentage of the past actions that were the same, ¶ [0051]); 
for each one of the plurality of groups of actions, associating thereto the respective group of entitlements, thereby obtaining a plurality of roles (Chari: ¶ [0011] mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements, ¶ [0012] mining user roles from usage log data, ¶ [0058] given a set of users and a set of permissions, at least one machine learning technique is used to obtain a collection K of k roles, ¶ [0071] the new user is assigned one or more roles based on the roles assigned to users with similar attributes. To assign new users to roles, a new role distribution from users to roles is required. This distribution is generated from the permissions assigned to the new users, past permission usage, and attributes (if known) for the user, and the learned model from prior users, ¶ [0059] ); and 
outputting the plurality of roles (Chari: ¶ [0058] given a set of users and a set of permissions, at least one machine learning technique is used to obtain a collection K of k roles, ¶¶ [0059, 0071]).

Regarding Claim 2,
Claim 2 is dependent on Claim 1, and Chari discloses all the limitations of Claim 1. Chari further discloses wherein said receiving access usage data comprises receiving account identifications (IDs) and the respective performed actions (Chari: ¶ [0047] find generative models, i.e., tie the role decompositions to usage…, if it is an action that the user performs frequently ( e.g., at least once a month), this action is considered herein to be more important to the user's set of roles…, ensure that users with similar past usage or attributes will be assigned similar roles...., ¶ [0051] how often the permission is actually used by the user…, logs are maintained as a record of the usage of the permissions by the user (usage logs). This usage log data is then used to weight each permission with the frequency with which each user uses the permission, ¶¶ [0013, 0015, 0048, 0049-0050, 0072], see also Fig. 3—Customer 1);

Regarding Claim 3,
Claim 3 is dependent on Claim 2, and Chari discloses all the limitations of Claim 2. Chari further discloses receiving application data comprising respective actual entitlements associated with the account IDs (Chari: ¶ [0011] mining of user roles to specify access control policies from entitlement, logs which contain record of the usage of these entitlements, ¶ [0051] obtain frequency count of a permission is by observation of how often the permission is actually used by the user, ¶ [0048] "user attributes," as used herein refers to a key-value pair mapping a finite set of keys, i.e., attribute names or types, to a value for the user. The key-value pairs will map from an attribute name, such as a string, to a value represented as a string, number, or other type, for example, work location, department, whether he/she is a manager, etc, ¶¶ [0013-0014, 0065]).

Regarding Claim 4,
Claim 4 is dependent on Claim 3, and Chari discloses all the limitations of Claim 3. Chari further discloses wherein said receiving a list of entitlements comprises generating a map of entitlements by mapping the entitlements to the performed actions using the access usage data and the application data (Chari: ¶ [0047] if it is an action that the user performs frequently ( e.g., at least once a month), this action is considered herein to be more important to the user's set of roles. One goal of the present techniques is to ensure that users with similar past usage or
attributes will be assigned similar roles,  ¶ [0051] obtain frequency count of a permission is by observation of how often the permission is actually used by the user, which is a very good indicator of the importance of the word (permission) to the document (user)…, logs are maintained as a record of the usage of the permissions by the user (usage logs). This usage log data is then used to weight each permission with the frequency with which each user uses the permission, [0011] logs which contain record of the usage of these entitlements,  ¶ [0050]).

Regarding Claim 5,
Claim 5 is dependent on Claim 4, and Chari discloses all the limitations of Claim 4. Chari further discloses wherein said mapping the entitlements to the performed actions is performed by solving a linear program in binary variables (Chari: ¶ [0060] map users into roles and roles into permissions, respectively. For a user u, the distribution…, will be a probability distribution over the k roles…, For role mining, these probability distributions need to be discretized to obtain binary assignments of roles to users and permissions to roles, ¶¶ [0062-0064]).
Regarding Claim 6,
Claim 6 is dependent on Claim 4, and Chari discloses all the limitations of Claim 4. Chari further discloses receiving attribute data comprising user IDs and respective human resources and business attributes (Chari: ¶ [0015] associate the role assignments to business and other attributes of the user, such as department, location, whether he or she is a manager …, such assignments which are associated strongly with user attributes can be used for predictive modeling of permission assignment, i.e., a new user's attributes can be used to predict the permissions to be assigned to the new user, ¶ [0048] "user attributes," as used herein refers to a key-value pair mapping a finite set of keys, i.e., attribute names or types, to a value for the user. The key-value pairs will map from an attribute name, such as a string, to a value represented as a string, number, or other type, for example, work location, department, whether he/she is a manager, etc, ¶ [0059] the particular model used (LDA or ATM) will depend on, for a given situation, what user information is available. This information can include user attributes, permissions and/or past actions, ¶¶ [0012, 0013, 0016, 0072]).
Regarding Claim 7,
Claim 7 is dependent on Claim 6, and Chari discloses all the limitations of Claim 6. Chari further discloses mapping the account IDs to the user IDs (Chari: ¶ [0013] the roles mined from permissions or usage log data is causally correlated with attributes of the user such as work location, department, whether he/she is a manager…, using a set of user attributes for each user…, an attribute is a key-value pair from a finite set of keys to a finite set of values, for example, strings to strings or strings to integers…, including user-to-role assignments
and role-to-permission assignments,  ¶ [0048] tie the role decompositions causally to users' attributes…, "user attributes," as used herein refers to a key-value pair mapping a finite set of keys, i.e., attribute names or types, to a value for the user. The key-value pairs will map from an attribute name, such as a string, to a value represented as a string, number, or other type, for example, work location, department, whether he/she is a manager, etc. ¶¶ [0012, 0014-0016]).
Regarding Claim 8,
Claim 8 is dependent on Claim 7, and Chari discloses all the limitations of Claim 7. Chari further discloses wherein said generating the plurality of groups of actions is performed using further the attribute data (Chari: ¶ [0047] if it is an action that the user performs frequently (e.g., at least once a month), this action is considered herein to be more important to the user's set of roles…, ensure that users with similar past usage or attributes will be assigned similar roles, ¶ [0036] associate role assignments with the actions, ¶ [0071] the new user is assigned one or more roles based on the roles assigned to users with similar attributes. To assign new users to roles, a new role distribution from users to roles is required. This distribution is generated from the permissions assigned to the new users, past permission usage, and attributes (if known) for the user, and the learned model from prior users).
Regarding Claim 9,
Claim 9 is dependent on Claim 8, and Chari discloses all the limitations of Claim 8. Chari further discloses wherein said generating the plurality of groups of actions is performed using at least one of a clustering method, a matrix decomposition method, a topic modeling method, a coverage maximization method and an association rule mining method to obtain a probabilistic assignment of actions to the groups of actions (Chari: ¶ [0011] mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements…, probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments are used to produce a final set of roles, including user-to-role assignments and role-to-permission assignments, ¶ [0052] the quality of the decomposition as measured by stability (i.e., how much the decomposition changes based on small changes in input), coverage (i.e., how well does the decomposition match the given permissions) and generality (i.e., how well does the decomposition cover new users and permissions), ¶¶ [0041, 0046-0047, 0074]).
Regarding Claim 15,
Claim 15 is dependent on Claim 9, and Chari discloses all the limitations of Claim 9. Chari further discloses using a discretization procedure to convert the probabilistic assignment of actions to the groups of actions to an actual assignment of actions to the groups of actions (Chari: ¶ [0040] users are provisioned with entitlements and, in particular, how exactly they use these entitlements…, probability distributions of users over roles and then specific discretization procedures are provided which convert these probabilistic assignments to discrete roles, ¶ [0059] the particular model used (LDA or ATM) will depend on, for a given situation, what user information is available. This information can include user attributes, permissions and/or past actions, ¶ [0060] map users into roles and roles into permissions, respectively. For a user u, the distribution…, will be a probability distribution over the k roles…, For role mining, these probability distributions need to be discretized to obtain binary assignments of roles to users and permissions to roles, ¶¶ [0014, 0015, 0049, 0065-0067]); and
 assigning at least one of the respective human resources and business attributes to each one of the groups of actions, thereby obtaining an assignment of attributes for each group of actions (Chari: ¶ [0036] associate role assignments with the actions, such as which entitlement are used, and attributes, such as the department and job roles of users, ¶ [0040] users are provisioned with entitlements and, in particular, how exactly they use these entitlements…, probability distributions of users over roles and then specific discretization procedures are provided which convert these probabilistic assignments to discrete roles, ¶ [0014] the roles that are causally derived from these attributes and the corresponding permissions are assigned to the user…a probability distribution of the roles to be assigned to the new user which is then discretized by another process, ¶ [0071] the permissions assigned to the new user or actions the user performed (past actions) are used, ¶¶ [0059-0060]).

Regarding Claim 20,
Chari discloses a system (Chari: ¶ [0089] Apparatus 1300 comprises a computer system 1310 and removable media 1350. Computer system 1310 comprises a processor device 1320, a network interface 1325, a memory 1330) comprising a group generating unit (Chari: ¶ [0090] one or more programs which when executed implement embodiments of the present invention) and a role generating unit (Chari: ¶ [0090] one or more programs which when executed implement embodiments of the present invention) and discloses all the limitations of Claim 20 as discussed in Claim 1. Therefore, Claim 20 is rejected using the same rationales as discussed in Claim 1. 
Regarding Claims 21-28 and 34,
Claims 21-28 and 34 are directly or indirectly dependent on Claim 20, and Chari discloses all the limitations of Claim 20. Chari further discloses all the limitations of Claims 21-28 and 34 as discussed in Claims 2-9 and 15. Therefore, Claims 21-28 and 34 are rejected using the same rationales as discussed in Claims 2-9 and 15.

Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-20080005115-A1
US-20080083025-A1
US-20110321154-A1
US-20130111583-A1
US 2014/0196103 Al
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507.  The examiner can normally be reached on MON-FRI 8AM-4:30PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494

/Jeremy S Duffield/Primary Examiner, Art Unit 2498