DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the amendments filed on 06/07/2022.
Claims 1, 2, 4-13 and 15-22 are currently pending in this application. Claims 1, 4, 6, 9, 10, 11-13, 15, 16 and 19-22 have been amended.
No information disclosure statement (IDS) has been filed.

Examiner’s Note
Applicant is suggested to include information described in par. 0080 of the specification (e.g., the access relationship object including count indication information) to the claims to provide the application for a better condition for an allowance.

Response to Arguments
The previous 112(b) rejections to the claims have been withdrawn in response to the applicant’s amendments/remarks. However, the applicant’s amendments cause new 112(a) rejections (e.g., a new matter issue) stated below.
The previous 101 rejections to the claims have been withdrawn in response to the applicant’s amendments/remarks.

In regard to the 102 rejections, the applicant has, in pages 15-19 of the remarks, argued that “… collecting earlier and later existing information about authorized authenticators, determining changes that have occurred, and determining the operations that were required to make the determined changes is not part of Ylonen … the present action cites Ylonen’s figure 9 … page 34 line 36 through page 35, line 9 … as recited by claim 1 … figure 9 illustrates … page 3, lines 27-35 recite … page 32, lines 37-page 33, line 7 … the present action also refers to Ylonen, page 34, line 36 – page 35, line 9, which recite: The processing of a request may be optimized by first computing which keys at which accounts would need to be removed when the user is detached from the old role, computing which new keys should be added at which accounts for the user's new role, and only deleting those keys that would not be re-added for the new role, and only adding those keys for the new role that are not already in the system (as indicated by a table containing information about stored keys) … page 187, lines 1-6 recite: … no disclosure related to collecting … processing, by the apparatus … processing … equating the collection and processing of information from … not related to processing requests and deciding what actions to take …”.
Applicant’s argument is not persuasive. 
As the applicant noted, Ylonen, in pages 34 and 35, clearly teaches that when the role change request is received, it is determined which new authorizations are needed, it is determined which authorizations should be revoked, the new authorizations are processed, completion of the request or processing of a role change is signaled and, the processing of the role change request performs which keys at which accounts would need to be removed when the user is detached from the old role and which new keys should be added at which accounts for the user’s new rule. In other words, processing or management of authenticators (e.g., authorization information of the keys or access rights/authorization to connect to the accounts specified for a role) is based on analysis of earlier or historic authorized authenticator information (e.g., an old/first role or access rights/authorization to connect to the accounts specified for the old role) and new/second authenticator information (e.g., a new/second role or access rights/authorization to connect to the accounts specified for the new/second role) collected (or included in the role change request and information of the database/table note: the information or keys of the role to change is/are indicated by a table, which has been already existed to be used- see page 35) for the analysis and processing change and triggering a notification or update (e.g., signaling the completion of the processes). See the 102 rejections section below for detail. 

The applicant’s arguments, for the claims 12, 22 and the dependent claims 2, 4-11, 13 and 15-21, regarding similar limitations of above responded limitations of the claim 1, are not persuasive and the response for these arguments are similar with the response for the claim 1 above.
 
Thus, the applicant’s arguments are not persuasive. Please see amended rejections below for amended claims. This action is final.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1, 2, 4-13 and 15-22 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirements.

Claimed are amended to include “earlier existing authorized authenticator information (from earlier authorized authenticator information)” and “later existing authorized authenticator information (from new authorized authenticator information)” – see the current amendments to the claims 1, 4, 6, 12, 22, etc. for example: “… collecting, by the apparatus for managing authenticators from the computerized system, later existing authorized authenticator information for the user account …”, which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention. 
The specification describes, “stored information may also comprise configuration entities, such as authorized keys from an authorized keys file on a host, identity keys, .rhosts files, or keytab file entries … the credential is some configuration entity that makes authentication of the source entity to the destination entity possible …” – see par. 0042, and “new authorized keys are received 201 for at least one user account. The information may be received, e.g., as a result of the collection stage …” – see par. 0050. However, these information does not describe the claimed/amended limitations, for example: “… collecting, by the apparatus for managing authenticators from the computerized system, later existing authorized authenticator information for the user account …”.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 2, 4-13 and 15-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ylonen (WO 2013/093209 A1).

As per claim 1, Ylonen teaches a method for managing authenticators in a computerized system comprising user accounts and hosts, wherein the authenticators comprise one of; private and associated public keys; or certificates, [abstract; figs. 1, 9, 10; page 22, lines 24-25; page 34, lines 25-39; page 35, lines 1-10, 26-32 of Ylonen], the method comprising:
collecting, by an apparatus for managing authenticators from the computerized system, earlier existing authorized authenticator information for a user account and storing the collected earlier existing authorized authenticator information in a database [fig. 9; page 3, lines 27-35; page 32, lines 37-39; page 33, lines 1-7; page 34, lines 36-38; page 35, lines 6-9; page 187, lines 1-6 of Ylonen teaches the apparatus collects earlier existing authorized authenticator information (e.g., an old role or access rights/authorization to connect to the accounts specified for the old role) for a user account and storing the collected earlier existing authorized authenticator information in a database (e.g., the database or the table stored for keys, host, user, authorization/authentication information)];
collecting, by the apparatus for managing authenticators from the computerized system, later existing authorized authenticator information for the user account [fig. 9; page 3, lines 27-35; page 34, lines 25-38; page 35, lines 1-9 of Ylonen teaches collecting, by the apparatus for managing authenticators (e.g., a component of a management system) from the computerized system, later existing authorized authenticator information (e.g., a changed role or access rights/authorization to connect to the accounts specified for the changed role or information of the second role changed from the first role; note: the information or keys of the role to change is/are indicated by a table, which has been already existed to be used) for the user account];
processing, by the apparatus for managing authenticators, the earlier existing authorized authenticator information and the later existing authorized authenticator information to determine changes that have occurred to authorized authenticators by comparing the later existing authorized authenticator information for the user account to the earlier existing authorized authenticator information for the user account stored in the database [figs. 9, 10; page 3, lines 27-35; page 34, lines 25-39; page 35, lines 1-18, 26-35; page 187, lines 1-6 of Ylonen teaches processing, by the apparatus for managing authenticators (e.g., the component of a management system), the earlier existing authorized authenticator information and the later existing authorized authenticator information (e.g., the information of the role to change or the second role) to determine changes that have occurred to authorized authenticators (e.g., determination of the changing to the second role has to be occurred first before processing what to change or determination of requirement for new authorizations and/or removals of authorizations) by comparing the later existing authorized authenticator information (e.g., information of the role to change or the second role or access rights/authorization to connect to the accounts specified for the second role) for the user account to the earlier existing authorized authenticator information (e.g., the old/first role or access rights/authorization to connect to the accounts specified for the old/first role) for the user account stored in the database – note: the keys for the second role are compared with old keys for the old/first role, so that only the difference are determined and updated for the second role], and
processing, by the apparatus for managing authenticators, the determined changes that have occurred to authorized authenticators, the earlier existing authorized authenticator information and the later existing authorized authenticator information to determine operations on the authorized authenticators that were required for the determined changes in the authorized authenticator to have occurred [figs. 9, 10; page 34, lines 25-39; page 35, lines 1-18 of Ylonen teaches the apparatus, for managing authenticators, processes the determined changes that have occurred to authorized authenticators (e.g., determination of the changing from the old/first role or access rights/authorization to the second role or access rights/authorization), the earlier existing authorized authenticator information and the later existing authorized authenticator information to determine operations (e.g., which second authorizations are need/revoked or which keys at which accounts would need to be removed/added) on the authorized authenticators that were required for the determined changes in the authorized authenticator to have occurred (e.g., determination of the changing from the old role or access rights/authorization to the second role or access rights/authorization)], and
triggering, by the apparatus for managing authenticators, one or more of notification and update based on the determined operations required for the determined changes in the authorized authenticators to have occurred [fig. 9; page 34, lines 31-34 of Ylonen teaches triggering, by the apparatus for managing authenticators, one or more of notification and update (e.g., signaling the completion of the role change) based on the determined operations (e.g., which second authorizations are need/revoked or which keys at which accounts would need to be removed/added) required for the determined changes (e.g., determination of the changing from the old/first role or access rights/authorization to the second role or access rights/authorization) in the authorized authenticators to have occurred].

As per claim 2, Ylonen teaches the method of claim 1. 
Ylonen further teaches wherein the operations comprise at least one of insertion of an authorized authenticator, deletion of an authorized authenticator, or modification of an authorized authenticator [page 34, lines 25-39; page 35, lines 1-18 of Ylonen teaches the operations comprise at least one of insertion of an authorized authenticator (e.g., which new authorizations are need or which keys at which accounts would need to be added), deletion of an authorized authenticator (e.g., which authorizations are revoked or which keys at which accounts would need to be removed), or modification of an authorized authenticator (e.g., which authorizations are need/revoked or which keys at which accounts would need to be removed/added)].

As per claim 4, Ylonen teaches the method of claim 1. 
Ylonen further teaches computing the operations using an algorithm configured for computing a number of operations needed for the change from the earlier existing authorized authenticator information to the later existing authorized authenticator information [page 34, lines 36-39; page 35, lines 1-4 of Ylonen teaches computing the set of operations using an algorithm (e.g., a set of rules to follow for completing a specific task) configured for computing number of operations needed (e.g., only deleting those keys that would not be re-added for the second role and only adding those keys for the second role that are not already in the system) for the change from the earlier existing authorized authenticator information (e.g., the old/first role or access rights/authorization to connect to the accounts specified for the old role) to the later existing authorized authenticator information (e.g., the second role or access rights/authorization to connect to the accounts specified for the second role)].

As per claim 5, Ylonen teaches the method of claim 4. 
Ylonen further teaches computing the number of operations for the change based on an edit distance algorithm or a Levenshtein distance algorithm comparing strings of authorized keys [page 34, lines 25-39; page 35, lines 1-9 of Ylonen teaches computing the number of operations for the change based on an edit distance algorithm (e.g., a measure of similarity between two key strings for the old role and the new role. In other words, it is defining as the only number of changes required to convert key string for the old role into key string for the new role done by inserting/adding, deleting or replacing a key in string a comparing strings) of authorized keys].

As per claim 6, Ylonen teaches the method of claim 1. 
Ylonen further teaches:
classifying a new authorized key in the later existing authorized authenticator information into a category of a set of categories, the set of categories including an inserted key category and a deleted key category [figs. 8, 9; page 33, lines 23-26; page 34, lines 36-39; page 35, lines 1-18 of Ylonen teaches classifying a new authorized key (e.g., which key) in the later existing authorized authenticator information (e.g., the second role or access rights/authorization to connect to the accounts specified for the second role) into a category of a set of categories (e.g., computing different group of keys), the set of categories including an inserted key category (e.g., a group of those keys for the new role that are not already in the system), and a deleted key category (e.g., a group of those keys that would not be re-added or removed for the second role)]; and
in response to the new authorized key being classified in the inserted key category, inserting the new authorized key in a database [figs. 1, 8, 9; page 32, lines 37-39; page 33, lines 1-7, 23-26; page 34, lines 36-39; page 35, lines 1-18; page 36, lines 34-39; page 37, line 1 of Ylonen teaches in response to the new authorized key being classified in the inserted key category (e.g., those keys for the new role that are not already in the system), inserting/adding the new authorized key in a database], and
in response to the new authorized key being classified in the deleted key category, deleting the new authorized key from the database or marking the new authorized key as deleted [figs. 1, 8, 9; page 32, lines 37-39; page 33, lines 1-7, 23-26; page 34, lines 36-39; page 35, lines 1-18; page 36, lines 34-39; page 37, line 1 of Ylonen teaches in response to the new authorized key being classified in the deleted key category (e.g., those keys that would not be re-added for the new role), deleting the new authorized key from the database]. 

As per claim 7, Ylonen teaches the method of claim 6. 
Ylonen further teaches wherein the set of categories further comprises a replaced keys category, the method further comprising, in response to the new authorized key being classified as a replaced key, processing the earlier authorized key as if the earlier authorized key has been deleted and the new authorized key as if the new authorized key had been inserted, and/or wherein the set of categories further comprises a modified keys category, the method further comprising, in response to the new authorized key being classified as a modified key, updating information about the corresponding authorized key entry in the database [figs. 1, 8, 9, 12; page 32, lines 37-39; page 33, lines 1-7, 23-26; page 34, lines 36-39; page 35, lines 1-18; page 36, lines 34-39; page 37, line 1 of Ylonen teaches wherein the set of categories further comprises a replaced keys (e.g., which keys need to be removed and which new keys should be added) category, the method further comprising, in response to the new authorized key being classified as a replaced key, processing the earlier authorized key as if the earlier authorized key has been deleted (e.g., keys which need to be removed) and the new authorized key entry as if the new authorized key had been inserted (e.g., keys which need to be added)].

As per claim 8, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining a change in sequence number of an authorized authenticator of the authorized authenticators, and updating the sequence number in a database entry representing the authorized authenticator [page 37, lines 16-32; page 47, lines 1-9 of Ylonen teaches determining a change in sequence number of an authorized authenticator (e.g., the order in which they were created) of the authorized authenticators, and updating the sequence number (e.g., renewed/updated time) in a database entry representing the authorized authenticator (e.g., the configuration files including authorized keys for the account are updated accordingly)].

As per claim 9, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining whether an authorized authenticator of the authorized authenticators is shadowed by an earlier existing authenticator in the earlier authorized authenticator information, and treating the authorized authenticator as modified if the determination indicates a difference between the authorized authenticator in the later existing authorized authenticator information compared to the corresponding authorized authenticator entry in the earlier existing authorized authenticator information [figs. 8, 9; page 33, lines 23-26; page 34, lines 25-39; page 35, lines 1-24 of Ylonen teaches determining whether an authorized authenticator of the authorized authenticators is shadowed by an earlier authenticator in the earlier existing authorized authenticator information (e.g., those keys (of the old/earlier role) that would not be re-added for the second role or those keys for the second role that are not already in the system), and treating the authorized authenticator as modified (for the second role) if the determination indicates a difference (e.g., determination of requirement for new authorizations and/or removals of authorizations) between the authorized authenticator in the later existing authorized authenticator information compared to the corresponding authorized authenticator in the earlier existing authorized authenticator information – see also rejections to the claim 1].

As per claim 10, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining that an authorized authenticator in the later existing authorized authenticator information is a modified authorized authenticator, and in response thereto, recording information about a modification corresponding to the modified authorized authenticator in an audit log [fig. 1; page 18, lines 35-42; page 36, lines 18-39 of Ylonen teaches determining that an authorized authenticator in the later existing authorized authenticator information (e.g., determination of a role change or authorization) is a modified authorized authenticator (e.g., the second role key or authorization), and in response thereto, recording information about a modification corresponding to the modified authorized authenticator in an audit log (e.g., the database) – see also rejections to the claim 8].

As per claim 11, Ylonen teaches the method of claim 1. 
Ylonen further teaches determining that an authorized authenticator of the authorized authenticators included in the later existing authorized authenticator information is an inserted or a deleted authorized authenticator, and in response thereto updating information about access relationships based on configured authorized authenticators in a database to reflect a change in the configured authorized authenticators [fig. 1; page 18, lines 35-42; page 36, lines 18-39 of Ylonen teaches determining that an authorized authenticator of the authorized authenticators included in the later existing authorized authenticator information (e.g., determination of a role change or authorization) is an inserted or a deleted authorized authenticator (e.g., adding the second authorizations or authorized keys or removals of old/first authorizations or authorized keys), and in response thereto updating information about access relationships based on configured authorized authenticators in a database (e.g., the database) to reflect a change in the configured authorized authenticators – see also rejections to the claim 10].

Claims 12, 13 and 15-21 are an apparatus claims that correspond to the method claims 1, 2, 4 and 6-11, and are analyzed and rejected accordingly – see fig. 1 of Ylonen for the components, such as a processor and memory of the apparatus.
Claim 22 is a media claim that corresponds to the method claim 1, and is analyzed and rejected accordingly.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495