DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 8, 9, 11, and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 10, 12-15, and 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 2019/0266287), hereafter “Chen,” in view of Milman et al. (US 2018/0365439), hereafter “Milman,” and further in view of Machado et al. (US 2021/0141865), hereafter “Machado.”
Regarding claim 1, a computer implemented method comprising:	receiving a request from a user to access an enterprise system (Chen: 502 of FIG. 5; par 0038);	obtaining, via a chatbot, user inputs by providing at least one of interactive menu-based and natural language-based queries on a graphical user interface in response to receiving the request (Chen: 506 of FIG. 5; par 0040, 0088, 0089), wherein the user inputs comprise at least one natural language input (Chen: par 0028, 0029);	determining a transaction code and/or an authorization code corresponding to the request in the enterprise system by applying natural language processing and a first machine learning model to the obtained user inputs (Chen: par 0021, 0055 […when the received conversation content includes all the required information to make an API call (e.g., an endpoint call) with values of all the required input parameters, the specialist bot agent may execute the API (endpoint) call with the values of input parameters…]).	Chen does not explicitly teach: 	wherein the user inputs comprise at least one menu-based input; 	determining a role corresponding to the transaction code and/or the authorization code by accessing the enterprise system;	performing a risk assessment for the user to access the enterprise system based on the determined role and a user profile; and 	controlling access to the enterprise system based on the risk assessment and the determined role. 	Milman teaches: 	determining a role corresponding to the transaction code and/or the authorization code by accessing the enterprise system (Milman: 204 of FIG. 2A; par 0030, 0068);	performing a risk assessment for the user to access the enterprise system based on the determined role and a user profile (Milman: 206 of FIG. 2A; par 0030, 0069); and 	controlling access to the enterprise system based on the risk assessment and the determined role (Milman: 208 of FIG. 2A; par 0070). 	It would have been obvious to one of ordinary skill to implement the role-based access control aspects of Milman within the Chen system with predictable results. One would be motivated to make the combination to provide the benefit of granting selective access to information towards the users of Chen, thereby allowing the Chen system to effectively protect confidential information in an enterprise environment. A high likelihood of success is anticipated as both Chen and Milman relate to users requesting access to specific types of information. Further, in view of this substantial similarity it would have been readily apparent to one of ordinary skill that various beneficial features of Milman could have been implemented within the Chen system with predictable results and a beneficial effect. 	Chen-Milman does not explicitly teach: 	wherein the user inputs comprise at least one menu-based input. 	Machado teaches a technique of: 	wherein user inputs comprise at least one menu-based input (Machado: FIG. 6B; par 0127).	It would have been obvious to one of ordinary skill in the art to implement the disambiguation menu technique of Machado within the Chen-Milman system with predictable results. One would be motivated to make the combination to provide the predictable benefit of clarifying the intent of a user when there is ambiguity. A high likelihood of success is anticipated given that Machado, like Chen-Milman, relates to handling inquiries for chatbots. Further, in view of this substantial similarity it would have been readily apparent to one of ordinary skill that various beneficial features of Machado could have been implemented within the Chen-Milman system with predictable results and a beneficial effect. 

Regarding claim 2, the computer implemented method of claim 1, wherein determining the transaction code and/or the authorization code comprises:	processing the user inputs using the natural language processing to parse transaction description from the user inputs (Chen: par 0055); and 	determining the transaction code and/or authorization code associated with the transaction description using the first machine learning model (Chen: 712 of FIG. 7 ; par 0065).

Regarding claim 3, the computer implemented method of claim 1, wherein the transaction code comprises a key that enables to access a specific transaction in the enterprise system corresponding to the request (Chen: par 0055).

Regarding claim 4, the computer implemented method of claim 1, wherein determining the role corresponding to the transaction code and/or the authorization code comprises: 	determining the role by making application program interface (API) based calls to the enterprise system (Chen: par 0055; Milman: 204 of FIG. 2A; par 0030, 0068).

Regarding claim 5, the computer implemented method of claim 1, wherein performing the risk assessment for the user to access the enterprise system comprises:	determining a risk score based on the determined role, the user profile, and predefined rules associated with the enterprise system (Milman: 206 of FIG. 2A; par 0030, 0069; Machado: par 0025).

Regarding claim 6, the computer implemented method of claim 5, wherein controlling the access to the enterprise system comprises: 	assigning the role to provide access to the user when the risk score satisfies a predetermined criterion (Chen: par 0032). 

Regarding claim 10, the computer implemented method of claim 1, wherein the menu-based input comprises a selection of one or more options in response to queries that are configured and defined based on a customer environment, and wherein the natural language input comprises a word or text string that is manually entered by the user (Machado: FIG. 6B; par 0127; Chen: par 0038). 

Regarding claim 12, an access management unit comprising:	an input unit (Chen: 604 of FIG. 6) to: 	receive a request from a user to access an enterprise system through a client device (Chen: 502 of FIG. 5; par 0038); and 	obtain, via a chatbot, user inputs by providing at least one of interactive menu-based and natural language-based queries on a graphical user interface of the client device in response to receiving the request (Chen: 506 of FIG. 5; par 0040, 0088, 0089), wherein the user inputs comprise at least one menu-based input and at least one natural language input (Chen: par 0028, 0029; Machado: FIG. 6B; par 0127); 	a first machine learning model to determine a transaction code and/or an authorization code corresponding to the request in the enterprise system by applying natural language processing to the obtained user inputs (Chen: par 0021, 0055 […when the received conversation content includes all the required information to make an API call (e.g., an endpoint call) with values of all the required input parameters, the specialist bot agent may execute the API (endpoint) call with the values of input parameters…]); 	a role determining unit to determine a role corresponding to the transaction code and/or authorization code by accessing the enterprise system (Milman: 204 of FIG. 2A; par 0030, 0068); 	a risk assessment unit to perform a risk assessment for the user to access the enterprise system based on the determined role and a user profile (Milman: 206 of FIG. 2A; par 0030, 0069); and 	a control unit to control the access to the enterprise system based on the risk assessment and the determined role (Milman: 208 of FIG. 2A; par 0070).

Regarding claim 13, the access management unit of claim 12, wherein the first machine learning model is to: 	process the user inputs using the natural language processing to parse transaction description from the user inputs (Chen: par 0055); and 	determine the transaction code associated with the transaction description (Chen: 712 of FIG. 7 ; par 0065).

Regarding claim 14, the access management unit of claim 12, wherein the role determining unit is to determine the role by making application program interface (API) based calls to the enterprise system (Chen: par 0055; Milman: 204 of FIG. 2A; par 0030, 0068).

Regarding claim 15, the access management unit of claim 12, wherein the risk assessment unit is to determine a risk score based on the determined role, the user profile, and predefined rules associated with the enterprise system (Milman: 206 of FIG. 2A; par 0030, 0069; Machado: par 0025). 

Regarding claim 17, a non-transitory machine-readable storage medium encoded with instructions that, when executed by a computer (Chen: par 0092), cause the computer to: 	receive a request from a user to access an enterprise system (Chen: 502 of FIG. 5; par 0038); 	obtain, via a chatbot, user inputs by providing at least one of interactive menu-based and natural language-based queries on a graphical user interface in response to receiving the request (Chen: 506 of FIG. 5; par 0040, 0088, 0089), wherein the user inputs comprise at least one menu-based input and at least one natural language input (Chen: par 0028, 0029; Machado: FIG. 6B; par 0127);	determine a transaction code and/or an authorization code corresponding to the request in the enterprise system by applying natural language processing and a machine learning model to the obtained user inputs (Chen: par 0021, 0055 […when the received conversation content includes all the required information to make an API call (e.g., an endpoint call) with values of all the required input parameters, the specialist bot agent may execute the API (endpoint) call with the values of input parameters…]);	determine a role corresponding to the transaction code and/or the authorization code by accessing the enterprise system (Milman: 204 of FIG. 2A; par 0030, 0068); 	perform a risk assessment for the user to access the enterprise system based on the determined role and a user profile (Milman: 206 of FIG. 2A; par 0030, 0069); and 	control the access to the enterprise system based on the risk assessment and the determined role (Milman: 208 of FIG. 2A; par 0070).

Regarding claim 18, the non-transitory machine-readable storage medium of claim 17, wherein instructions to determine the transaction code comprise instructions to: 	process the user inputs using the natural language processing to parse transaction description from the user inputs (Chen: par 0055); and 	determine the transaction code associated with the transaction description using the machine learning model (Chen: 712 of FIG. 7 ; par 0065).

Regarding claim 19, the non-transitory machine-readable storage medium of claim 17, wherein instructions to determine the role corresponding to the transaction code and/or the authorization code by accessing the enterprise system comprise instructions to determine the role by making application program interface (API) based calls to the enterprise system (Chen: par 0055; Milman: 204 of FIG. 2A; par 0030, 0068).

Regarding claim 20, the non-transitory machine-readable storage medium of claim 17, wherein instructions to perform the risk assessment for the user to access the enterprise system comprise instructions to: 	determine a risk score based on the determined role, the user profile, and predefined rules associated with the enterprise system (Milman: 206 of FIG. 2A; par 0030, 0069; Machado: par 0025).

Claim 7 is rejected as being unpatentable over Chen et al. (US 2019/0266287), in view of Milman et al. (US 2018/0365439), further in view of Machado et al. (US 2021/0141865), and further in view of Harding et al. (US 10,482,231), hereafter “Harding.”
Regarding claim 7, Chen-Milman-Harding does not teach the computer implemented method of claim 6, wherein controlling the access to the enterprise system comprises:	requesting an approval from a system administrator to assign the role when the risk score does not satisfy the predefined criterion; and 	assigning the role to the user in response to receiving the approval.	Harding teaches:	 requesting an approval from a system administrator to [approve a request] when the risk score does not satisfy the predefined criterion (Harding: col. 17 lines 4-17); and 	[approving the request for] the user in response to receiving the approval (Harding: col. 17 lines 4-17).	It would have been obvious to one of ordinary skill in the art to perform the role assignment of Chen-Milman-Machado responsive to administrative approval according to the technique of Harding with predictable results. One would be motivated to make the combination to provide the predictable benefit of mitigating the impacts of incorrectly determine risk scores, such that individuals who were denied access to particular functions/data can be granted access. One would further be motivated to make the combination in view of the substantial similarity of the references. Both Harding and Chen-Milman-Machado relate to systems for selectively granting access to data upon user request based on a determined risk. In view of this substantial similarity it would have been readily apparent to one of ordinary skill that various beneficial features of Harding could have been implemented within the Chen-Milman-Machado system with predictable results and a beneficial effect. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES E SPRINGER whose telephone number is (571)270-5640. The examiner can normally be reached 9am - 5:30pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GLENTON BURGESS can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

JAMES E. SPRINGER
Primary Examiner
Art Unit 2454



/JAMES E SPRINGER/           Primary Examiner, Art Unit 2454