DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 20 recites the limitation "the elevated permission level" in lines 3-4.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 9, 11, 12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by MacLennan, U.S. Publication No. 2013/0167198. Referring to claim 1, MacLennan discloses a server that receives a rights transaction request from a client ([0032] & Figure 5, step 500) where the request is a rights modification request ([0033]), which meets the limitation of receiving a modification request from a client device to modify a respective access permission level, designated to the client device for a target server element among the server elements, from a baseline permission level among a permission hierarchy of access permission levels to a different permission level among the permission hierarchy. The server generates a nonce and transmits the nonce to the client ([0034] & Figure 5, step 505 & Figure 6, steps 610, 615), which meets the limitation of sending a nonce associated with the modification request to the client device. The client digitally signs the received nonce using the client private key and returns the digitally signed nonce to the server ([0034] & Figure 6, steps 617, 620), which meets the limitation of and receiving a signed nonce or nonce signature generated by the client device on both the nonce and a client private key of the client device. The server verifies the signed nonce utilizing the client public key from a received public key certificate ([0034] & Figure 6, step 625: public key certificate is trusted by the server since the certificate itself is verifiable), which meets the limitation of making a signature verification determination of an authenticity of the receive signed nonce or nonce signature based on a client public key that is both associated with the client private key and trusted by the server device. The server determines whether the requesting user has the right to modify rights ([0033] & Figure 5, step 530), which meets the limitation of making an authorization determination that the client device is authorized for the requested permission level for the target server element. If the modifying rights can be granted and the nonce signature is verified, the server transmits the modified rights to the client ([0033] & [0038] & Figure 5, step 512), which meets the limitation of in response to making both the signature verification determination and the authorization determination, modifying the respective access permission level designated to the client device for the target server element from the baseline permission level to the requested permission level.
Referring to claim 2, MacLennan discloses that the client can receive media objects from the server ([0026]: media objects can be considered data), which meets the limitation of wherein the client device is a data loader. 
Referring to claim 3, MacLennan discloses that the rights to the media objects can include rights to display, print, copy, and/or modify the media ([0025]), which meets the limitation of wherein the access permission levels among the permission hierarchy comprise one or more of read any data, write any data.
Referring to claim 4, MacLennan discloses that the rights to the media objects can include sell, lend and/or give ([0025]: sell, lend, give can be considered rekeying to the extent that the access to the media is transferred from one entity to another), which meets the limitation of wherein the access permission levels among the permission hierarchy comprise one or more of rekey.
Referring to claim 9, MacLennan discloses that prior to receiving a rights modification request from a client ([0032]-[0033] & Figure 5, step 500), the user is initially provided with rights to the media object ([0026]: rights fulfillment request 120 occurs prior to rights transaction request 135), which meets the limitation of prior to receiving the modification request, designating the baseline permission level as the respective access permission level designated to one or more of a plurality of devices that includes the client device for one or more of the server elements. 
Referring to claim 11, MacLennan discloses that the server determines whether the requesting user has the right to modify rights related to the media object ([0033]: such a determination would be considered a determination that elevated permission is no more than an authorized permission level assigned to the client device because the claims do not define what constitutes an “elevated” permission. As such, a modified permission can be considered to be “elevated”), which meets the limitation of wherein making the authorization determination comprises determining that elevated permission is no more than an authorized permission level assigned to the client device for the target server element.
Referring to claim 12, MacLennan discloses a server that receives a rights transaction request from a client ([0032] & Figure 5, step 500) where the request is a rights modification request ([0033]), which meets the limitation of receiving a modification request from a client device to modify a respective access permission level, designated to the client device for a target server element among the server elements, from a baseline permission level among a permission hierarchy of access permission levels to a different permission level among the permission hierarchy. The server includes a processor and memory that includes instructions ([0043]-[0045]), which meets the limitation of a server device, a processor, and a non-transitory computer-readable storage medium comprising instructions. The server generates a nonce and transmits the nonce to the client ([0034] & Figure 5, step 505 & Figure 6, steps 610, 615), which meets the limitation of sending a nonce associated with the modification request to the client device. The client digitally signs the received nonce using the client private key and returns the digitally signed nonce to the server ([0034] & Figure 6, steps 617, 620), which meets the limitation of and receiving a signed nonce or nonce signature generated by the client device on both the nonce and a client private key of the client device. The server verifies the signed nonce utilizing the client public key from a received public key certificate ([0034] & Figure 6, step 625: public key certificate is trusted by the server since the certificate itself is verifiable), which meets the limitation of making a signature verification determination of an authenticity of the receive signed nonce or nonce signature based on a client public key that is both associated with the client private key and trusted by the server device. The server determines whether the requesting user has the right to modify rights for the media objects ([0033] & Figure 5, step 530: media objects read on the claimed one or more server elements), which meets the limitation of one or more server elements, making an authorization determination that the client device is authorized for the requested permission level for the target server element. If the modifying rights can be granted and the nonce signature is verified, the server transmits the modified rights to the client ([0033] & [0038] & Figure 5, step 512), which meets the limitation of in response to making both the signature verification determination and the authorization determination, modifying the respective access permission level designated to the client device for the target server element from the baseline permission level to the requested permission level.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 5, 13 are rejected under 35 U.S.C. 103 as being unpatentable over MacLennan, U.S. Publication No. 2013/0167198, in view of Amemura, U.S. Publication No. 2013/0139251. Referring to claims 5, 13, MacLennan does not disclose that the media rights are assigned based upon numeric rights levels. Amemura discloses the assignment of permissions using numeric permission levels ([0016]), which meets the limitation of each access permission level in the permission hierarchy is associated with a respectively different numeric permission level, and each respective access permission level is a higher permission level among the permission hierarchy than access permission levels associated with numeric permission levels that are numerically less that the respective numeric permission level associated with the respective access permission level.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the client rights of MacLennan to have been assigned as a numerical permission level in order to provide an easy mechanism to provide finer restrictions as suggested by Amemura ([0016]).
Claims 6-8, 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over MacLennan, U.S. Publication No. 2013/0167198, in view of Eliyahu, U.S. Publication No. 2019/0222577. Referring to claims 6-8, MacLennan does not specify that the rights are communication session specific access rights. Eliyahu discloses privileged access sessions wherein SSH communication sessions are established between users and network resources ([0032]), which meets the limitation of prior to receiving the modification request, establishing a communication session with the client device, wherein the communication session comprises communication via a secure shell (SSH) session. Tickets can be generated and assigned for sessions that grant users privileges to access resources ([0036] & [0049]), which meets the limitation of wherein the respective access permission level designated to the client device for the target server elements comprise a respective access permission level designated to the communication session for the target server element. User privileges can be assigned based on a privileged access level ([0039]), which meets the limitation of subsequent to establishing the communication session, designating the baseline permission level as the respective access permission level designated to the communication session for the target server element. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access rights have MacLennan to have been provided on a session specific basis in order to provide detection of inconsistent or anomalous network access in a manner that allows for providing responsive remedial actions as suggested by Eliyahu ([0061]).
Referring to claims 15, 16, MacLennan discloses a server that receives a rights transaction request from a client ([0032] & Figure 5, step 500) where the request is a rights modification request ([0033]), which meets the limitation of receiving, [via the communication session], a modification request from a client device to modify a respective access permission level, designated to the client device for a target server element among the server elements, from a baseline permission level among a permission hierarchy of access permission levels to a different permission level among the permission hierarchy. The server generates a nonce and transmits the nonce to the client ([0034] & Figure 5, step 505 & Figure 6, steps 610, 615), which meets the limitation of sending a nonce associated with the modification request to the client device [via the communication session]. The client digitally signs the received nonce using the client private key and returns the digitally signed nonce to the server ([0034] & Figure 6, steps 617, 620), which meets the limitation of and receiving, [via the communication session], a signed nonce or nonce signature generated by the client device on both the nonce and a client private key of the client device. The server verifies the signed nonce utilizing the client public key from a received public key certificate ([0034] & Figure 6, step 625: public key certificate is trusted by the server since the certificate itself is verifiable), which meets the limitation of making a signature verification determination of an authenticity of the receive signed nonce or nonce signature based on a client public key that is both associated with the client private key and trusted by the server device. The server determines whether the requesting user has the right to modify rights ([0033] & Figure 5, step 530), which meets the limitation of making an authorization determination that the client device is authorized for the requested permission level for the target server element. If the modifying rights can be granted and the nonce signature is verified, the server transmits the modified rights to the client ([0033] & [0038] & Figure 5, step 512), which meets the limitation of in response to making both the signature verification determination and the authorization determination, modifying the respective access permission level designated to the client device for the target server element from the baseline permission level to the requested permission level. The server receives a media request from the client based on the rights object such that the server provides the media to the client based on the rights ([0025]-[0026]: access to the media reads on the claimed operation on the target server device), which meets the limitation of receiving, from the client device, an operation request to perform a given operation on the target server device, making a permission determination that the respective access permission level designated to the client device for the target server element is no less than a required permission level for performing the given operation on the target server device, and in response to making the permission determination, allowing performance of the given operating on the target server device, wherein the given operation comprises reading from the server device. 
MacLennan does not specify that the rights are communication session specific access rights. Eliyahu discloses privileged access sessions wherein SSH communication sessions are established between users and network resources ([0032]), which meets the limitation establishing a communication session with a client device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the access rights have MacLennan to have been provided on a session specific basis in order to provide detection of inconsistent or anomalous network access in a manner that allows for providing responsive remedial actions as suggested by Eliyahu ([0061]).
Referring to claim 17, MacLennan discloses that the client can receive media objects from the server ([0026]: media objects can be considered data), which meets the limitation of wherein the client device is a data loader. 
Referring to claim 18, MacLennan discloses that the rights to the media objects can include rights to display, print, copy, and/or modify the media ([0025]), which meets the limitation of wherein the access permission levels among the permission hierarchy comprise one or more of read any data, write any data.
Referring to claim 19, MacLennan discloses that the rights to the media objects can include sell, lend and/or give ([0025]: sell, lend, give can be considered rekeying to the extent that the access to the media is transferred from one entity to another), which meets the limitation of wherein the access permission levels among the permission hierarchy comprise one or more of rekey.
Claims 10, 14 are rejected under 35 U.S.C. 103 as being unpatentable over MacLennan, U.S. Publication No. 2013/0167198, in view of Gustave, U.S. Publication No. 2010/0070761.
Referring to claims 10, 14, MacLennan discloses that the server verifies the signed nonce utilizing the client public key from a received public key certificate ([0034] & Figure 6, step 625), which meets the limitation of the client public key [and a client-certificate signature] collectively form a client certificate, making the signature verification determination comprises determining the authenticity of the received signed nonce or nonce signature [based on a CA public key that is both associated with the CA private key and trusted by the server device.]
MacLennan does not specify that the client public key certificate is verified specifically using the public key of the certificate authority. Gustave discloses the generation of a public key certificate by a certificate authority such that the certificate includes a client public key and a signature created by encrypting the certificate with the private key of the certificate authority (Abstract), which meets the limitation of the client public key and a client-certificate signature collectively form a client certificate, the client-certificate signature of the client certificate is generated by a certificate authority based on both the client public key and a certificate authority (CA) private key of a certificate authority. Issued public key certificates can be verified by recipients by utilizing the public key of the certificate authority that issued the certificate ([0041]), which meets the limitation of making the signature verification determination comprises determining the authenticity of the received signed nonce or nonce signature based on a CA public key that is both associated with the CA private key and trusted by the server device, the instructions to make the signature verification determination comprise instructions that cause the server device to determine the authenticity of the received signed nonce or nonce signature based on a CA public key that is both associated with the CA private key and trusted by the server device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the public key certificates of MacLennan to have been digitally signed by the issuing certificate authority in order to ensure that the public key certificates are authentic and were approved by a trusted certificate authority as disclosed by Gustave ([0041]).
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over MacLennan, U.S. Publication No. 2013/0167198, in view of Eliyahu, U.S. Publication No. 2019/0222577, and further in view of Parimi, U.S. Publication No. 2017/0295181. Referring to claim 20, MacLennan does not disclose that modified rights are revoked after predetermined time passes without usage of the modified rights. Parimi discloses an access privilege adjustment procedure that revokes user access privileges to specific services when the monitored activity of the user indicates that the user has not accessed the specific service within a period of time ([0059]), which meets the limitation of subsequent to receiving the operation request, and while the respective access permission level designated to the client device for the target server element is the elevated permission level, making a timeout determination that no operation requests to perform operations on the target server device were received during a preceding timeout period, and in response to making the timeout determination, modifying the respective access permission level designated to the client device for the target server element from the elevated permission level to the baseline permission level. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the modified rights of MacLennan to be revoked when the user does not utilize the modified rights for a period of time in order to reduce the risk of unauthorized access as suggested by Parimi ([0025] & [0037] & [0059]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Duffy, U.S. Publication No. 2019/0205555, discloses an insider threat protection scheme that performs adjustments to assigned user permissions. 
Ezell, U.S. Patent No. 8,312,518, discloses an island of trust environment that utilizes privilege modifications. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437