Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/23/2022 has been entered.
Claims 1-18 are under examination.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-5, 7-11 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Adinolfi et al. (US 20060235714 A1) and Tolani et al. (US 2018/0329964 A1).
Regarding claim 1, Adinolfi et al. discloses A method to automate building and use of a dataset in a governance system having an organization entity-structured data model [par. 0034, “configuring at least one on demand dataset production process to produce at least one on-demand dataset satisfying the at least one on-demand dataset request”, par. 0031, tools and automation to assist the entry of data into a data model for use by a single organization, par. 0139, “An organization or corporate entity that owns a repository and makes the repository data services available to tenants subject to their entitlement agreements with sources and additional entitlements to item instance processes of the repository”], comprising: augmenting the data model to reference additional data that defines an audit campaign [par. 0169, “audit log support”, par. 0177, “providing auditable sourcing information”, par. 0452, “This invention provides audit and logging capability to ensure complete process transparency, non-repudiation, billing and other auditing purposes”]; responsive to a request to generate the audit campaign, dynamically building a dataset of entitlements associated with the audit campaign using the augmented data model [par. 0211, “step 312 examines information from the entitlement repository, element 53, to ensure that the requester is entitled to the additional value gathering service”, par. 0212, “FIG. 3C provides a flowchart showing the steps in processing arriving metadata that characterizes sources of data, tenants, clients of the utility and entitlements of particular clients including, entitlements to data from particular sources and entitlements to value-add services”], wherein the dataset is built at least in part by retrieving the additional data from one or more data sources and associating the retrieved additional data to the governance data object; and executing the audit campaign against the dataset [par. 0044, “configuring at least one workflow to deliver the requested reference data based on entitlements of the requester”, par. 0059, “Data cleansing and quality assurance of the received data with full tracking of the sourcing of each value, storage of resulting entity values in a repository which allows retrievals and enforces source based entitlements, and delivery of retrieved data in the form of on demand datasets supporting a wide range of client application needs, may be utilized”, par. 0225, “This processing is represented by box 336 which shows that both input and output of the data driven computation may be on demand datasets filled either with entitlement managed entity data represented by element 50, or client datasets in the repository 20 of reference data utility 1 represented by element 58. FIG. 4A provides additional detail on the processing of block 336 in a flowchart that shows the steps of a computational added value service flow for a data driven computational service. The preferred embodiment accepts the on demand datasets as an input to a valued added function, an equivalent alternative embodiment allows value added functions to request the creation of an on demand dataset as part of its computation”].
Adinolfi et al. does not explicitly disclose augmenting the data model to support user- or system-defined metadata that extends a governance data object of the data model to reference additional data.
However, Tolani et al. teaches augmenting the data model to support user- or system-defined metadata that extends a governance data object of the data model to reference additional data [par. 0027, “In the Reference Data Stores 240 of the Data Sources layer 230 there is a meta data store of logical data model (LDM) data, e.g., representation of an organization's data, organized in terms of entities and relationships. The metadata store also includes data quality metrics for source/data sets. The data quality (DQ) metrics are one example of the data in the data store that is used to select the most appropriate data source based on a user's query. The Reference Data Stores 240 of the Data Sources layer 230 also includes a client data partition for client supplied datasets hierarchies and alternative identifiers, and a data index of LDM data of frequently used attributes and services. The Reference Data Stores 240 may also include enterprise metadata, entitlement”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Tolani et al. into the teaching of Adinolfi et al. with the motivation to utilize a metadata store to customize and refine the query according to the client's permissions and the characteristics of the requested data as taught by Tolani et al. [Tolani et al.: pars. 0036].
Regarding claim 2, the rejection of claim 1 is incorporated.
Adinolfi et al. further discloses the governance data object is one of: an application properties data object, that has an associated entitlement properties data object [par. 0192, “ Entitlements are maintained and enforced on all of this data as appropriate using access control stored in an entitlement repository shown as data element 53”].
Regarding claim 3, the rejection of claim 2 is incorporated.
Tolani et al. further discloses the additional data is a permission associated with the governance data object [claim 1, “ wherein the step of matching the parameters to the best electronic data source is based on a data quality metric, a date range, and user permissions stored in the metadata store”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Tolani et al. into the teaching of Adinolfi et al. with the motivation to utilize a metadata store to customize and refine the query according to the client's permissions and the characteristics of the requested data as taught by Tolani et al. [Tolani et al.: pars. 0036].
Regarding claim 4, the rejection of claim 2 is incorporated.
Adinolfi et al. further discloses the additional data is maintained externally to the governance data object [par. 0192, “an alternate embodiment maintains equivalent information in an independent entitlement repository”].
Regarding claim 5, the rejection of claim 1 is incorporated.
Adinolfi et al. further discloses updating the data model to include additional data objects [par. 0197, “The path through outcome element 205 handles profile updates and entitlement updates. These requests identify new clients, new sources, new entitlements to data or value-add functions, or changes to previously registered information of these types. Processing of these requests is handled in element 210”, par. 0231, “the computational service can specify its own preferred format and structure of the data to be returned, removing the restriction to understand a pre-defined data model”].
Regarding claim 7, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 8, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 9, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 10, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 11, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 13, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 14, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 15, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 16, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 17, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.

Claims 6, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Adinolfi et al. (US 20060235714 A1) and Tolani et al. (US 2018/0329964 A1) as applied to claims 1-5, 7-11 and 13-17 above, and further in view of Dharmarajan et al. (US 2013/0067538 A1).
Regarding claim 6, the rejection of claim 1 is incorporated.
Adinolfi et al. discloses A method to automate building and use of a dataset in a governance system having an organization entity-structured data model.
Adinolfi et al. and Tolani et al. do not disclose the audit campaign is a certification campaign that determines whether particular users continue to have access rights with respect to given resources in the organization.
However, Dharmarajan et al. teaches the audit campaign is a certification campaign that determines whether particular users continue to have access rights with respect to given resources in the organization [abs, “These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitle”, par. 0082, “The corresponding user account database entries are then updated to reflect acceptance/denial of the recertification (step 700). Access to the system resource(s) is then controlled with regard to the user account based on the updated user account database entries (step 710).”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Dharmarajan et al. into the teaching of Adinolfi et al. and Tolani et al. with the motivation for facilitating recertification of a user access entitlement as taught by Dharmarajan et al. [Dharmarajan et al.: abs.].
Regarding claim 12, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.
Regarding claim 18, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.



Response to Arguments
Applicant’s arguments, filed on 05/23/2022, with respect to rejection under 35 USC § 103 have been fully considered but they are not persuasive.
On page 9 of the Remarks, Applicant argues that Tolani does not disclose or suggest “augmenting the data model to support user or system defined metadata the extends a governance data object of the data model to reference additional data. In Tolani, the "logical data model" is just a pre-existing "representation of an organization's data in terms of entities and relationships." Such an entity-relationship data model is not described by Tolani as being modified in any way, let alone by being "augmented to support user- or system-defined metadata that extends a governance data object ..." In Tolani, the data store is simply characterized (described) as a "metadata data store," meaning that Tolani refers to information in the data model there as "metadata." This is not the same thing as actively augmenting the logical data model as is positively recited in the claim element…”
In response, the Examiner respectfully disagrees. Independent claims recite “augmenting the data model to support user- or system-defined metadata that extends a governance data object of the data model to reference additional data”. Applicant’s arguments are not directed toward recited claim limitation. Tolani et al. discloses a Reference Data Stores there is a meta data store of logical data model data with representation of an organization's data, organized in terms of entities and relationships. The metadata store also includes data quality metrics for source/data sets. The Reference Data Stores also includes a client data partition for client supplied datasets hierarchies and alternative identifiers, and a data index of LDM data of frequently used attributes and services. The Reference Data Stores may also include enterprise metadata, entitlement (par. 0027). Therefore, Tolani et al. teaches/suggests claimed limitations.
On page 10 of the Remarks, Applicant then argues that Tolani's logical data model "metadata" does not include any information that "defines an audit campaign". Paragraph [0452] of Adinolfi indicate that the system has "audit and logging capability," but this just refers to a general system capability as opposed to the building of a particular dataset "in response to an audit campaign", ” Adinolfi is not specific to an "audit campaign," it follows that the dataset that is built on-demand there is not "a dataset of entitlements associated with the audit campaign" as now positively recited” and “the references do not provide for building entitlements ... using the augmented data model"”.
In response, the Examiner respectfully submits that Adinolfi et al. discloses a reference data utility assures the data sources, through audit log support, that each client of the utility is receiving values derived only from sources to which they are licensed. This auditable assurance is based on the method providing full transparency of the data for each repository entity value (par. 0169). Adinolfi et al.  then discloses Data element represents logs of data delivered to clients of the utility, recording exactly what values were delivered at what times to each client. The client delivery logs are maintained for audit, transparency, regulation compliance and billing purposes. Data element represents the data driven computational functions in executable form. Data element represents client data sets produced as on demand datasets or as the output of a data driven computational services. (pars. 0193-0194). Adinolfi et al. further discloses method, apparatus and software to provides audit and logging capability to ensure complete process transparency, non-repudiation, billing and other auditing purposes” (par. 0452). Therefore, the combination of Adinolfi et al. and Tolani teaches/suggests all claim limitations of independent claims.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20170093872 A1		AUTOMATICALLY PROVISIONING NEW ACCOUNTS ON MANAGED TARGETS BY PATTERN RECOGNITION OF EXISTING ACCOUNT ATTRIBUTES
US 20200322342 A1		Identity attribute confidence scoring while certifying authorization claims
US 20140075492 A1		Identity context-based access control
US 20200106781 A1		DATA-DRIVEN ATTRIBUTE SELECTION FOR USER APPLICATION ENTITLEMENT ANALYSIS
US 20090328132 A1		DYNAMIC ENTITLEMENT MANAGER
US 20190334912 A1		SYSTEM FOR USING A DISTRIBUTED LEDGER TO MANAGE USER ENTITLEMENTS TO COMPUTING RESOURCES
US 20190260752 A1		SYSTEM FOR CONTROLLING ACCESS TO A PLURALITY OF TARGET SYSTEMS AND APPLICATIONS
US 20190251274 A1		ACCESS CONTROL GOVERNANCE USING MAPPED VECTOR SPACES

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JASON CHIANG/Primary Examiner, Art Unit 2431