Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1, 9, and 13 have been amended
Claims 2, 5, 10, 14, and 17 have been cancelled
Claims 1, 3, 4, 6-9, 11-13, 15, 16, and 18-20 are allowed

Response to Arguments
Applicant’s remarks and amendments submitted on June 28, 2022 for application 16/814,733
have been considered and are persuasive. Therefore, the previous claim rejections have been
withdrawn.
Allowable Subject Matter
Claims 1, 3, 4, 6-9, 11-13, 15, 16, and 18-20 are allowed. The following is an examiner’s statement of reason for allowance: the following prior arts were yielded during examination of the claims filed on June 28, 2022 in response to office action mailed on April 29, 2022. They do not explicitly teach the applicant’s claimed invention, but they are in general realm of applicant’s field of endeavor:
CHANDOLU (US20110113474A1): This prior art teaches of a network security management system. A network system loads operating system (OS) software that includes a switch role tool (SRT). The SRT provides the network system with security management capability that employs a hostname attribute within a user role definition. The user role definition provides for user restrictions to database information and other user actions within the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action. If that login does not meet the criteria that the network system stores as a user role attribute for that user, the network system denies the login request. The network system grants the user an access privilege level that varies with the determined location or hostname from which the user attempts to login.
CHANDOLU does disclose of a method for granting access to secure information. The method includes storing, by a first information handing system (IHS), security information that associates a role with a particular user, the role designating a privilege level for the particular user. The network system includes multiple information handling systems (IHSs) that employ a security management system. The security management system controls the authorization of user or client actions across the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action.
However, CHANDOLU does not teach a first user account associated with the management controller wherein the first user account is an Intelligent Platform Management Interface (IPMI) account. A second user account corresponding to the first user account, wherein the second user account is associated with a security policy, and wherein the second user account is a Security-Enhanced Linux (SELinux) user account. wherein a privilege level of the provided access is based on a set of privileges associated with the second account.

GOEL (US20100325717A1): This prior art teaches of a system and method for managing access to a plurality of servers in an organization. By using an operating system independent Secure Shell (SSH) protocol running in each server and using a central policy database that centrally stores access rules which specify access to the servers for a plurality of users/accounts. Each time a target server receives a user request to establish an SSH session, it retrieves associated access rules from the central policy database to obtain the latest access rules. Based on the retrieved rules and the identity of the user and the identity of the client computer, the target server determines whether the user has permission to establish the SSH session with the target server. Using a centralized database and requiring the servers to always retrieve the latest access rules from a central database provides consistent application of the access rules across all servers and all client computers.
GOEL does teach of a flow diagram of an account authorization process on a server-centric level according to the prior art. The process starts after the SSH session key has been established between the transport layers of the client computer and the server. This protects account information transmitted over the connection, including account names and passwords. The first decision queries the server as to whether the account is authenticated according to the existing authentication protocol of the SSH standards. If the account is not authenticated, then the establishment of the requested SSH tunnel is rejected. The process flow proceeds to a primary group identification step, in which the primary group membership for the user is obtained. The primary group membership is used to determine at a decision whether the identified group is allowed based on group permission retained in the user registry stored in the target server. If the decision is affirmative, then the SSH session is established without restriction based on the source identity. If the decision is negative, establishment of the SSH session is rejected. Group members can be a plurality of various types of accounts, including users, applications, or a combination of users and applications. 
However, GOEL does not teach receiving via a management bus of the management controller, a user login request for access to a first user account associated with the management controller a first user account associated with the management controller wherein the first user account is an Intelligent Platform Management Interface (IPMI) account. A second user account corresponding to the first user account, wherein the second user account is associated with a security policy, and wherein the second user account is a Security-Enhanced Linux (SELinux) user account.

MAITY (US8904507B2): This prior art teaches of a system and method for controlling user access to a service processor. The system includes a computer-executable management access module for performing functions to authenticate a user. A management computer that is communicatively coupled to the service processor is operative to perform management functions for at least one target computer. User authentication functions include receiving a first set of login data from a user of the management computer and verifying whether the received login data corresponds to an approved user. If the first set of login data corresponds to an approved user, a code is generated and then displayed on the management computer. When recognized by the personal computing device, data from the code is used for providing a second set of login information to the user, for permitting the user to access the service processor via the management computer.
MAITY does teach of an Intelligent Platform Management Interface (IPMI). Stating According to one embodiment, firmware of the BMC adheres to the Intelligent Platform Management Interface {IPMI) industry standard for system monitoring and event recovery.
However, MAITY does not teach of wherein the first user account is an Intelligent Platform Management Interface (IPMI) account. MAITY also does not disclose determining a second user account of the particular user, the second user account corresponding to the first user account, wherein the second user account is associated with a security policy, and wherein the second user account is a Security-Enhanced Linux (SELinux) user account.

LIU (CN106982428A): This prior art teaches of a security configuration method. When the application is provided with a secure ID, the safety of the application is protected using local default forced symmetric centralization security system SeLinux security strategies.
LIU does disclose of a security policy based on a Security-Enhanced Linux (SELinux) module. By stating in order to ensure the security of the Android system, kernel of Android system integrates the mandatory access control safety system {Security-Enhanced Linux, Selinux), the Se Linux using the security policy to ensure the safety of the file, namely the security policy is set for each file, without being allowed by the security policy of the file under the condition that all of the file access is illegal.
However, LIU does not teach wherein the second user account is a Security-Enhanced Linux (SELinux) user account. LIU does not mention of any account associated with a Selinux policy. Furthermore, LIU does not disclose wherein a first user account is an Intelligent Platform Management Interface (IPMI) account, determining a second user account of a particular user, the second user account corresponding to the first user account.

Furthermore, none of the prior arts of record independently or in-combination discloses all the
limitation of the independent claims 1, 9 and 13 as recited in the amended set of claims being examined.
Therefore, the independent claims are allowable over the prior arts of record. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferable accompany the issue fee. Such submissions should be labeled “Comments on Statement of Reasons for Allowance”
In most cases, the examiner's actions and the applicant's replies make evident the reasons for allowance, satisfying the "record as a whole" proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner's actions clearly point out the reasons for rejection and the applicant's reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary. Conversely, where the record is not explicit as to reasons, but allowance is in order, then a logical extension of 37 CFR 1.111 and 1.133 would dictate that the examiner should make reasons of record and such reasons should be specific.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                         /KAMBIZ ZAND/ Supervisory Patent Examiner, Art Unit 2434