DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 5/17/2022, with respect to claim objections have been fully considered and are persuasive, see for example page 7 paragraph 2.  The claim objection of claim 13 has been withdrawn. 
 Applicant’s arguments, see remarks, filed 5/17/2022, with respect to claims over prior art have been fully considered and are not persuasive. Applicant argues that the prior art of record does not expressly disclose  receive information related to a user associated with an access permission for the computing resource; the receiving information comprises: sending queries to a plurality of data sources for a user associated with an access permission for the computing resource; and receiving responses from the plurality of data sources. 
Examiner respectfully disagrees. The prior art, Salowey discloses that the network element receives a credential, see for example [0044]. In this example the credential is interpreted as the information related to the user with an access permission as the credential allows the user to access the protected resource. The credential may be stored as a digital certificate for determination if access is allowed. Furthermore, one of the multiple network elements may send and receive revocation pushes that allows for the digital certificate(s) to be validated against the CRL and checked with other devices (server) to verify validity [0043-0047]. Thus, the network element is checking with other sources for access permission. Therefore, the examiner maintains her 35 U.S.C. 102 and 103 rejection(s) accordingly.
Examiner’s note: the applicant has made the necessary amendments to overcome the 35 U.S.C. 101 rejection(s) of claims 1-23. The 35 U.S.C. 101 rejection of claim 24 remains and is still part of the DSMER program. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 24 is rejected under 35 U.S.C. 101 because the claimed invention is directed to a non-statutory subject matter.   
Regarding claim 24,  the claim recites the claim limitation computer readable medium which may be interpreted as a signal or carrier wave.  This does not fall under one of the four statutory categories.  It is recommended that applicant use language such as: non-transitory computer readable medium, computer readable storage device, physical storage device, or computer readable medium not including a signal. See for example applicant’s specification [0138-0143], wherein signal is not excluded. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 3-5,7, 9-13, 15-17 and 20-24  is/are rejected under 35 U.S.C. 102(a)(1)/102(a)(2) as being anticipated by Salowey (US 2006/0156391A1). 
Regarding claim 1, 13, and 24 (all currently amended), Salowey discloses a computer implemented method, a computer readable medium for storing instruction code executed by a processor of a computing device, the computing device configured for revoking access permissions to computing resources, the computing device comprising: a processor; and a communications subsystem, an, wherein the computing device is configured to [0059-0065]:
retrieve certification rules for a computing resource [0037, 0041-0043];
Please note that in this example a revocation rule can be pushed to the network devices.  29
receive information related to a user associated with an access permission for the computing resource [0044-0047];
Please note that in this example, user credential information can be retrieved and/or received from the user. 
the receiving information comprises: sending queries to a plurality of data sources for a user associated with an access permission for the computing resource; and receiving responses from the plurality of data sources [0042-0043, fig 4: 40-422];
Please note that in this example a plurality of network components can be sent the revocation message and in response they may retrieve the stored user credentials. 
compare the information with the certification rules to determine compliance with the certification rules [0047];
Please note that in this example the attribute information associated with the revocation rule and user information is compared for compliance with the revocation rules. 
responsive to determining that compliance with the certification rules fails, revoke the access permission [0048];
Please note that a responsive action can be taken such that a non-compliant credential may be revoked access to the resource or service. 
Regarding claims 3 and 15 (both currently amended), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses wherein each response received from the plurality of data sources is indicative of a state of a particular certification for the user [0003]. 
Please note that in this example state information may be utilized. 
Regarding claims 4 and 16(original), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses wherein the certification rules define a set of user certification required for accessing the computing resource [0015, 0030];
Please note that in this example a revocation rule for different parameters may be set. 
Regarding claims 5 and 17(original), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses wherein the access permission comprises an expiration time and wherein revoking the access permission occurs prior to expiry of the expiration time [0031];
Please note that in this example hardware issued before a certain time period may be revoked. 
Regarding claims 7(original), Salowey disclose all the limitations of claims 1. Salowey further discloses wherein the method is performed periodically [0041]. 
Regarding claims 9 and 20 (both currently amended), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses wherein at least one of the plurality of data sources is external to the computing resource [0035, 0057, 0058];
Please note that in this example external method may be recalled. 
Regarding claims 10 and 21(original), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses wherein the certification rules comprise user certifications comprising one or more of: a role for the user, a department the user belongs to, team or group the user belongs to; a list of training required for the user; certification required for the user; security clearance required by the user; execution of documents or agreements by the user; prohibition or permission based on a city, region, state, province, or country that the user resides in; or prohibition or permission based on a city, region, state, province, or country that the user is current located in [0053];
Please note that in this example the attributes for the rules may include user location or user role. 
Regarding claims 11 and 22(original), Salowey disclose all the limitations of claims 1 and 13. Salowey further discloses  wherein the certification rules further comprise user device certifications comprising one or more of: a computing device or other company resource needed to gain access to the computing resource; a minimum version of software on the computing device of the user needed to gain access; or a time of day [0030]
Please note that in this example version of hardware or software can be utilized to determine if element should revoke access. 
Regarding claims 12 and 23(original),, Salowey disclose all the limitations of claims 1 and 13. Salowey further disclose wherein the computing resource is at least one of: a server, a computing device, a network module, a computing module, a cloud storage, a database, an application, or a repository [0050, 0024, 0027];
Please note that in this example the resource is protected by the network element. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 6, 8, and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Salowey (US 2006/0156391A1) view of Sadovsky et al (US 2015/0180894A1). 
Regarding claims 6 and 18 (original), Salowey  disclose all the limitations of claims 1 and 13. Saolwey does not expressly disclose but Sadovsky et al discloses wherein the receiving information comprises receiving a notification from at least one data source indicating a change has occurred [0050-0053];
Please note that in this example a change in user behavior may constitute analysis of the possible revocation of the user. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Salowey by analyzing user behavior, for the purpose of detection disallowed behavior on the network, based upon the beneficial teachings provided by Sadovsky et al, see for example [0050-0053].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claims 8 and 19(original), Salowey  disclose all the limitations of claims 1 and 13. Saolwey does not expressly disclose but Sadovsky et al discloses detecting an access attempt to the computing resource [0050].
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Salowey by analyzing user behavior, for the purpose of detection disallowed behavior on the network, based upon the beneficial teachings provided by Sadovsky et al, see for example [0050-0053].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Gopalakrishnan (US2018/0102952) discloses that an electronic report is generated based on an electronic report query include a plurality of parameters. The processor also collects access profile data including metadata associated with a user accessing the report, stores the access profile data within the memory, receives an access analytics data request requesting access analytics data associated with the stored report, retrieves the stored access profile data, generates an access analysis table including the access analytics data associated with the stored report based on the retrieved access profile data, and provides an extract including at least a portion of the access analytics data associated with the stored report from the access analysis table to a requestor of the access analytics data request.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/Primary Examiner, Art Unit 2436