DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims
Claims 1-20 have been presented and are pending.  

Information Disclosure Statements
The Information Disclosure Statements (IDS) that were filed on 9/16/2019, 9/24/2019, and 8/20/2021 have been considered.

Rejections under 35 § U.S.C. 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all 
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180165183 A1 (“Kremp”) and US 20170124326 A1 (“Wailly”) and US 9449181 B1 (“Umapathy”).

Per claims 1 and 11, Kremp discloses:
a communications module communicable with an external network (e.g. network) (Section [0020]-[0021]); 
a memory (e.g. storage device) (Section [0020]);
a processor (processor) coupled to the communications module and the memory, the processor being configured to: (Section [0020]);
in an automated test environment (e.g. framework for testing execution): launch a test instance (e.g. test container) of a first application (e.g. container) (Section [0019] and [0039]);
obtain a data access signature (e.g. privilege scheme) of the first application based on identifying at least one application state of the first application and account data retrieved by the first application from a user account at a protected data resource in the at least one application state (e.g. The one or more privilege elements are selected from a set of privilege elements representing the privilege scheme. The set of privilege elements comprise fields representing one or more of credentials (e.g., roles, job titles, identity credentials, or system credentials), permissions (e.g., indications of an access mode), sessions, assignments, attributes (e.g., user attributes, resource or object attributes, action attributes, environmental attributes, or system attributes), geolocations, or any other suitable basis for granting an access control or privilege. Although described using certain privileges or bases for privileges, it should be understood that the one or more privilege elements may comprise any metric on which a privilege or access control may be based) (Section [0040]-[0042]).

Although Kremp discloses an automated test environment to run a test instance of an application and obtain a data access signature based on identifying at least one application state and account data, Kremp does not specifically disclose detect a change in the data access signature of the first application; and in response to detecting the change in the data access signature of the first application, notify the user of the detected change.  However Wailly, in analogous art of application execution environments, teaches:
detect a change in the data access signature of the first application (e.g. analyze events that occur in a virtual machine and to detect any abnormal behavior.  An abnormal behavior is for example access by a  program that is executed in the virtual machine to a memory area that is normally not accessed by the program) (Section [0041]); 
in response to detecting the change in the data access signature of the first application, notify the user of the detected change (e.g. The analyzer is adapted to analyze the events detected as abnormal, where applicable to alert the client to whom the virtual machines belongs and where applicable to implement countermeasures) (Section [0041]).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the application execution in the test environment of Kremp to detect abnormal data access and alert the user when abnormal data access is detected, as taught by Wailly, in order to protect the user data and allow the user to know when their data may be compromised.

Although Kremp/Wailly disclose running an instance of an application in a test environment and notifying the user when a change in the data access signature is detected, Kremp/Wailly do not specifically disclose receive, from a client device associated with the user account, an indication of access permissions for the first application to access the user account for retrieving account data.  However Umapathy, in analogous art of data access control, teaches:
receive, from a client device associated with the user account, an indication of access permissions for the first application to access the user account for retrieving account data (e.g. a user using device 160 may interact with access information manager to create, define, view, modify, and/or delete one or more service profiles.  A user may be provided a mechanism to define one or more service profiles, and each of the service profiles may include one or more categories of data.  The user may decide which applications to associated with the service profiles.  Once an application is associated with a service profile, the application may access the categories of data included in the service profile) (Column 2, Ln 33-55 and Column 7, Ln 34-41).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the application execution system/method of Kremp/Wailly to receive data access permission from the user, as taught by Umapathy, in order to allow the user to have control over what data they share with the application.

Per claims 2 and 12, Kremp/Wailly/Umapathy discloses all of the limitations of claims 1 and 11 above.  Kremp further discloses:
wherein the processor is further configured to store the data access signature in association with the access permissions for the first application to access the user account (e.g. e.g. in some embodiments, the data set used in testing execution is injected into memory for portions of the data set relevant to access control testing) (Section [0036]).

Per claims 2 and 12, Kremp/Wailly/Umapathy discloses all of the limitations of claims 1 and 11 above.  Kremp further discloses:
wherein the processor is further configured to store the data access signature in association with the access permissions for the first application to access the user account (e.g. in some embodiments, the data set used in testing execution is injected into memory for portions of the data set relevant to access control testing) (Section [0036]).

Per claims 3 and 13, Kremp/Wailly/Umapathy discloses all of the limitations of claims 1 and 11 above.  Kremp further discloses:
wherein the at least one application state of the first application comprises an execution state (e.g. operation mode) of the first application (Section [0050] and [0066]-[0068]).

Per claims 4 and 14, Kremp/Wailly/Umapathy discloses all of the limitations of claims 1 and 11 above.  Umapathy further discloses:
wherein the data access signature indicates, for the at least one application state, one or more first types of account data which are accessed by the first application in the application state (e.g. The user may decide which applications to associated with the service profiles.  Once an application is associated with a service profile, the application may access the categories of data included in the service profile) (Column 2, Ln 33-55 and Column 7, Ln 34-41).

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kremp/Wailly/Umapathy, as applied to claims 4 and 14 above, in further view of US 20180095857 A1 (“Sarir”).

Per claims 5 and 15, although Kremp/Wailly/Umapathy disclose detecting a change in the data access signature, Kremp/Wailly/Umapathy do not specifically disclose wherein detecting a change in the data access signature comprises detecting that, in the at least one application state, the first application retrieves a type of account data that is different from the one or more first types.  However Sarir, in analogous art of detecting anomalies in data access, discloses:
wherein detecting a change in the data access signature comprises detecting that, in the at least one application state, the first application retrieves a type of account data (e.g. request type data) that is different from the one or more first types (e.g. determine whether the data retrieval request comprises at least one request anomaly based on the historical retrieval request data) (Section [0004], [0009], and [0013]).
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself that is in the substitution of the anomaly detection of Staring for the anomaly detection of Wailly.  Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious. 

Claims 6, 7, 16, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kremp/Wailly/Umapathy, as applied to claims 1 and 11 above, in further view of US 20210073097 A1 (“Upadhyay”).

Per claims 6 and 16, although Kremp/Wailly/Umapathy disclose detecting a change in the data access signature, Kremp/Wailly/Umapathy do not specifically disclose wherein the data access signature indicates, for the at least one application state, a first frequency of retrieval of account data from the user account.  However Upadhyay, in analogous art of detecting anomalies in data access, discloses:
wherein the data access signature indicates, for the at least one application state, a first frequency of retrieval of account data from the user account (e.g. analyze a component of the decomposed time-series to determine an acceptable range for a number of occurrences of the first type of event) (Section [0007], [0009], [0011], [0430], [0432], and [0434]).
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself that is in the substitution of the frequency of retrieval data access signature of Upadhyay for the data access signatures of Kremp.  Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious. 

Per claims 7 and 17, Kremp/Wailly/Umapathy/Upadhyay discloses all of the limitations of claims 6 and 16 above.  Upadhyay further discloses:
wherein detecting a change in the data access signature comprises detecting that, in the at least one application state, the first application retrieves account data from the user account more frequently than the first frequency (e.g. determine that an anomaly exists at a first time in response to a determination that a number of occurrences of the first type of event falls outside the acceptable range) (Section [0007], [0009], [0011], [0430], [0432], and [0434]).

Claims 8-10 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kremp/Wailly/Umapathy, as applied to claims 1 and 11 above, in further view of US 20180144138 A1 (“Zhang”).

Per claims 8 and 18, Kremp/Wailly/Umapathy discloses all of the limitations of claims 1 and 11 above.  Umapathy further discloses:
identify an application category for the first application (e.g. the service profiles may include at least one category of data accessible by the third-party application) (Column 5, Ln 62 – Column 6, Ln 3).
Although Kremp/Wailly/Umapathy disclose obtaining data access signatures, Kremp/Wailly/Umapathy do not specifically disclose assign, to the first application, a risk score that is based on the data access signature for the first application.  However Zhang, in analogous art of data security, discloses:
assign, to the first application, a risk score (e.g. risk score) that is based on the data access signature for the first application (Section [0023]-[0025]).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the application anomaly detection of Kremp/Wailly/Umapathy to include the use of risk scores assigned to the applications, as taught by Zhang, in order to provide a more robust risk analysis to protect the users data (See Zhang Section [0002]).

Per claims 9 and 19, Kremp/Wailly/Umapathy/Zhang discloses all of the limitations of claims 8 and 18 above.  Zhang further discloses:
wherein the processor is further configured to determine a ranking (e.g. risk ranking) of the first application relative to one or more other applications of the application category based on the risk score (e.g. risk score) (Section [0023]-[0025]).

Per claims 10 and 20, Kremp/Wailly/Umapathy/Zhang discloses all of the limitations of claims 9 and 19 above.  Zhang further discloses:
wherein notifying the user of the detected change comprises notifying the user of the determined ranking of the first application (e.g. data security and risk ranking tool may determine that the calculated risk score is a high risk and proceed to security alert/action when an alert is sent and/or an action is performed) (Section [0023]-[0025]).

Conclusion
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 	US 20140337436 A1 to Hoagland teaches a system and method to detect anomalies based on the number of times the user accesses the data.  US 20180032736 A1 to Inagaki teaches a system and method that determines an application risk rank.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TIMOTHY P SAX whose telephone number is (571)272-0821.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached at (571) 272-7575.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TS/
Examiner, Art Unit 3685

/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685