Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notice of Allowance
This communication is in response to the amendment filed on 04/05/2022. After thorough search, prosecution history, double patenting review, applicant’s remarks and in view of prior arts of the record, claims 1-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
With SPE Umar Cheema’s approval, authorization for this examiner’s amendment was given in a telephone interview with Kirk Wong (Reg. No. 43,284) on 06/14/2022.

The application has been amended as follows:
1.      (Currently Amended) A method comprising:
setting permissions data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system; 
determining user access operations within the computing system;
generating logs of access operations, a log of an access operation identifies a uniform resource indicator (“URI”), a user that performed the access operation, and a timestamp, each of the access operations having a different URI;
maintaining permissions data that maps specific URIs to specific access permissions; and
dynamically updating the permissions data on a periodic basis, the dynamic updating including:
generating feature vectors based on the user access operations, the feature vectors comprising values for a set of features, different individual features in the set of features correspond to a different access operation, a feature vector is assigned to a unique user and includes values that indicate specific access operations that have been logged for the unique user within a recent period of time;
identifying distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a cluster of particular users;
determining a set of access permissions that are associated with access operations that have been logged during the recent period of time for the particular users; and
removing, from one or more of the particular users, an access permission that is not in the set of access permissions.
2.	(Previously Presented) The method of Claim 1, wherein dynamically updating the permissions data over time further comprises reassigning a user from a first user group having first access permissions to a second user group having second access permissions that are different than the first access permissions based on the clustering-based learning algorithm identifying the user as belonging to a cluster associated with the second user group.
3.	(Original) The method of Claim 1, further comprising:
associating user groups with the distinct clusters;
for each user group of the user groups, each user group being associated with a different distinct cluster:
determining a set of permissions that have been utilized by users in the user group over the recent period of time;
assigning the set of permissions to the user group;
assigning a new user of the computing system to a first user group of the user groups.
4.	(Original) The method of Claim 1, wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first feature has been logged for the first user in the recent period of time.
5.	(Original) The method of Claim 1, wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions.
6.	(Currently Amended) The method of Claim 1, 
wherein the access operation logs further identify .[[;]]

7.	(Original) The method of Claim 1, wherein the clustering-based learning algorithm is k-modes clustering.
8.	(Currently Amended) A system, including a processor and a memory coupled to the processor, comprising:
access control logic configured to set permissions data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system; 
logging logic configured to determine user access operations within the computing system;
wherein the logging logic generates logs of access operations, a log of an access operation identifies a uniform resource indicator (“URI”), a user that performed the access operation, and a timestamp, each of the access operations having a different URI;
wherein the logging logic maintains permissions data that maps specific URIs to specific access permissions;
clustering-based learning logic configured to:
generate feature vectors based on the user access operations, the feature vectors comprising values for a set of features, different individual features in the set of features correspond to a different access operation, a feature vector is assigned to a unique user and includes values that indicate specific access operations that have been logged for the unique user within a recent period of time; and
identify distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a cluster of particular users; and
cluster resolving logic configured to dynamically update the permissions data on a periodic basis, the dynamic updating including: 
determining a set of access permissions that are associated with access operations that have been logged during the recent period of time for the particular users; and
removing, from one or more of the particular users, a particular access permission that is not in the set of access permissions.
9.	(Previously Presented) The system of Claim 8, wherein dynamically updating the permissions data over time further comprises reassigning a user from a first user group having first access permissions to a second user group having second access permissions that are different than the first access permissions based on the clustering-based learning algorithm identifying the user as belonging to a cluster associated with the second user group.
10.	(Original) The system of Claim 8, 
wherein the cluster resolving logic is further configured to:
associate user groups with the distinct clusters;
for each user group of the user groups, each user group being associated with a different distinct cluster:
determine a set of permissions that have been utilized by users in the user group over the recent period of time;
assign the set of permissions to the user group;
wherein the access control logic is further configured to assign a new user of the computing system to a first user group of the user groups.
11.	(Original) The system of Claim 8, wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first feature has been logged for the first user in the recent period of time.
12.	(Original) The system of Claim 8, wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions.
13.	(Currently Amended) The system of Claim 8,
wherein the access operation logs further identify .[[;]]

14.	(Original) The system of Claim 8, wherein the clustering-based learning algorithm is k-modes clustering.
15.	(Currently Amended) One or more non-transitory computer-readable media storing instructions that, when executed by one or more computing devices, cause:
setting permissions data specifying access permissions for users, the access permissions indicating access operations that the users are permitted to execute within a computing system; 
determining user access operations within the computing system;
generating logs of access operations, a log of an access operation identifies a uniform resource indicator (“URI”), a user that performed the access operation, and a timestamp, each of the access operations having a different URI;
maintaining permissions data that maps specific URIs to specific access permissions; and
dynamically updating the permissions data on a periodic basis, the dynamic updating including:
generating feature vectors based on the user access operations, the feature vectors comprising values for a set of features, different individual features in the set of features correspond to a different access operation, a feature vector is assigned to a unique user and includes values that indicate specific access operations that have been logged for the unique user within a recent period of time;
identifying distinct clusters of the users by processing the feature vectors with a clustering-based learning algorithm, the distinct clusters including a cluster of particular users;
determining a set of access permissions that are associated with access operations that have been logged during the recent period of time for the particular users; and
removing, from one or more of the particular users, an access permission that is not in the set of access permissions.
16.	(Previously Presented) The one or more non-transitory computer-readable media of Claim 15, wherein dynamically updating the permissions data over time further comprises reassigning a user from a first user group having first access permissions to a second user group having second access permissions that are different than the first access permissions based on the clustering-based learning algorithm identifying the user as belonging to a cluster associated with the second user group.
17.	(Original) The one or more non-transitory computer-readable media of Claim 15, wherein the instructions, when executed by the one or more computing devices, further cause:
associating user groups with the distinct clusters;
for each user group of the user groups, each user group being associated with a different distinct cluster:
determining a set of permissions that have been utilized by users in the user group over the recent period of time;
assigning the set of permissions to the user group;
assigning a new user of the computing system to a first user group of the user groups.
18.	(Original) The one or more non-transitory computer-readable media of Claim 15, wherein generating the feature vectors comprises setting a first value for a first feature in a first feature vector for a first user to a number of times that a first access operation corresponding to the first feature has been logged for the first user in the recent period of time.
19.	(Original) The one or more non-transitory computer-readable media of Claim 15, wherein the access operations include accessing specific tools, each of the specific tools associated with a distinct set of the access permissions.
20.	(Currently Amended) The one or more non-transitory computer-readable media of Claim 15, 
wherein the access operation logs further identify .[[;]]



Reasons for Allowance
Claims 1, 8 and 15 are allowable, since the closest arts, Florentino et al. (hereinafter referred to as Florentino) (U. S. Pub. No. 2018/0341778 A1), Charif et al. (hereinafter referred to as Charif) (U. S. Pub. No. 2015/0142707 A1), and Chebolu et al. (hereinafter referred to as Chebolu) (U. S. Patent No. 8166560 B2) fail to teach the operations performed by the system, the method and the operations performed by the processing device with instructions stored in non-transitory machine-readable media, comprising: setting permissions data for access permissions for users, the access permissions indicating  access operations that users are permitted to execute within computing system; determining user access operations; generating the logs of access operations, including user and timestamp; dynamically updating the permission data, including generating feature vectors, comprising values for features, assigned to users and includes values that indicate the specific access operations that have been logged of unique users, and identifying URI, mapping data to specific URIs to specific access permissions; identifying distinct clusters of the users by processing the feature vectors with a cluster-based learning algorithm; determining a set of access permissions that are associated with the access operations that have been logged during the recent period of time; removing access permission that is not in the set of access permissions; and maintaining permission data that maps specific URIs to specific access permissions.
The novelty of claimed invention is based on the facts that the operations comprise, dynamically updating the permission data, including generating feature vectors, comprising values for features, assigned to users and includes values that indicate the specific access operations that have been logged of unique users, and identifying URI, mapping data to specific URIs to specific access permissions; identifying distinct clusters of the users by processing the feature vectors with a cluster-based learning algorithm; determining a set of access permissions that are associated with the access operations that have been logged during the recent period of time; removing access permission that is not in the set of access permissions; maintaining permission data that maps specific URIs to specific access permissions.
Florentino, Charif and Freund simply teach generating at least policy includes a static permission database containing a plurality of static permission records; method and system for clustering, modeling, and visualizing process models from noisy logs; and remote administration of computer access settings.
Further, by continual thorough searching, some other relevant prior arts have been found and they do not teach the claims above. Thompson et al. (U. S. Patent No. 8484140 B2) teaches feature vector clustering.  LAKHMAN et al. (U. S. Pub. No. 2019/0179796 A1) teaches method of and system for generating a training set for a machine learning algorithm. Tsioutsiouliklis et al.  (U. S. Pub. No. 2010/0287129 A1 ) teaches system and method relating to categorizing or selecting potential search results.
Dependent claims 2-7, 9-14 and 16-20 depend on now allowed independent claims 1, 8 and 15, and are therefore allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Drawings
                         5.   	  The drawings were received on July 15, 2020. These drawings are acceptable.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN FAN whose telephone number is 571-272-3345. The examiner can normally be reached on Monday-Friday, ET 9am-7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






John Fan
/J. F. /
Examiner, Art Unit 2456
06/16/2022


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2456