Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-3, 11-13 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by McAdams (US 10,986,081)


Regarding Claim 1,

McAdams (US 10,986,081) teaches a method for using active directory dynamic group membership engines to grant access, comprising: in an active directory dynamic group membership engine comprising at least one computer processor: 
receiving from a user electronic device, a request for privileged access to access a resource (Col. 8, lines 3-5, teaches a user of the contractor service submits a request to access one or more resources provided by the third-party service); 
decisioning and granting the request for privileged access to the resource (Col. 8, lines 24-28, teaches user is granted permission for access to the resource); 
adding the user to an active directory group for privileged access to the resource, wherein the privileged access is limited to a time period (Figure 2, and associated text teaches adding a user to an active directory group)(Col. 7, lines 30-32, teaches privileged access is limited by an expiration date);  
and removing the user from the active directory group for privileged access upon expiration of the time period (Col. 7, lines 39-47, teaches if the expiration date has elapsed the managed directory service severs the privileged access and users are removed).

Regarding Claim 2,

McAdams teaches the method of claim 1, wherein the request is decisioned automatically (Col. 10, lines 27-34).

Regarding Claim 3,

McAdams teaches the method of claim 1, wherein a user identifier for the user is added to the active directory group for privileged access (Col. 4, lines 65-67, teaches username is in the directory).

Regarding Claim 11,

McAdams (US 10,986,081) teaches an active directory dynamic group membership system comprising: 
an active directory dynamic group membership engine comprising at least one computer processor; 
a mapping database (Figure 3); 
and a resource (Col. 8, lines 3-5, teaches a resource);
wherein: the active directory dynamic group membership engine receives, from a user electronic device, a request for privileged access to access the resource (Col. 8, lines 3-5, teaches a user of the contractor service submits a request to access one or more resources provided by the third-party service); 
the active directory dynamic group membership engine grants the request for privileged access to the resource (Col. 8, lines 24-28, teaches user is granted permission for access to the resource); 
the active directory dynamic group membership engine adds the user to an active directory group for privileged access to the resource by adding a user id to a mapping database, wherein the privileged access is limited to a time period (Figure 2, and associated text teaches adding a user to an active directory group)(Col. 7, lines 30-32, teaches privileged access is limited by an expiration date); 
and the active directory dynamic group membership engine removes the user from the active directory group for privileged access by removing the user id from the mapping database upon expiration of the time period (Col. 7, lines 39-47, teaches if the expiration date has elapsed the managed directory service severs the privileged access and users are removed).

Regarding Claim 12,

 McAdams teaches the system of claim 11, where the active directory dynamic group membership engine decisions the request automatically (Col. 10, lines 27-34).

Regarding Claim 13,

 McAdams teaches the system of claim 11, where the active directory dynamic group membership engine receives authorization for the request (Figure 3, and associated text determines whether the entity is authorized to the request for access)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4-5, 9-10, 14-15, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over McAdams in view of Barboi (US 2019/0190957)

Regarding Claim 4,

McAdams teaches the method of claim 1, but does not explicitly teach further comprising recording user activities associated with the privileged access to the resource.
Barboi (US 2019/0190957) teaches monitoring user activities associated with the privileged access to the resource (Paragraph [0080-0081] teaches monitor the network account’s activity while accessing a privileged resource)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify McAdams with the monitoring user activities as taught by Barboi
The motivation is to identify suspected malicious activity (Paragraph [0081])
Barboi does not explicitly teach recording the monitored user activities
The Examiner takes Official Notice it is common to record monitored user activities
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to record the monitored user activities taught by Barboi
The motivation is to provide an audit or log of the potential malicious activities


Regarding Claim 5,

McAdams and Barboi teaches the method of claim 4. Barboi teaches wherein the user activities are mapped to a user id for the user (Figure 6 and associated text teaches security identifier for the user’s account)

Regarding Claim 9,

McAdams teaches the method of claim 1, but does not explicitly teach wherein the time period is based on a task to be performed.
Barboi teaches wherein the time period is based on a task to be performed (Paragraph [0004] as needed).
It would have been obvious to one of ordinary skill in the art before the effective time of the invention to modify McAdams with the time period of Barboi
The motivation is so there would be no trace of privileged credentials left (Paragraph [0004] of Barboi)


Regarding Claim 10,

McAdams teaches the method of claim 1, but does not explicitly teach wherein the time period is based on a security level of the resource.
Barboi teaches wherein the time period is based on a security level of the resource (Paragraph [0080] teaches a time limit for privileged on-demand membership).
It would have been obvious to one of ordinary skill in the art before the effective time of the invention to modify McAdams with the time period of Barboi
The motivation is so there would be no trace of privileged credentials left (Paragraph [0004] of Barboi)

Regarding Claims 14-15, 19-20,

Claims 14-15, 19-20 are similar in scope to Claims 4-5, 9-10 and are rejected for a similar rationale.

Claim(s) 6, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over McAdams 


Regarding Claim 6,

McAdams teaches the method of claim 1 but does not explicitly teach wherein the resource comprises a block storage appliance or a block storage application.
The Examiner takes Official Notice that block storage appliances or block storage applications are well known in the art 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to substitute the resource of McAdams with a block storage appliance or application and the results would be predictable

Regarding Claims 16

Claims 16 are similar in scope to Claims 6 and are rejected for a similar rationale.

Claim(s) 7-8, 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over McAdams in view of Eliyahu (US 2019/0222577)

Regarding Claims 7-8, 


McAdans teaches the method of claim 1, but does not explicitly teach wherein the access request is in response to a trouble ticket.
Eliyahu (US 2019/0222577) teaches wherein the access request is in response to a trouble ticket (Paragraph [0047] teaches once a ticket has been generated a user request access)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify McAdams with the trouble ticket method of Eliyahu
The motivation is to address the incident related to the ticket (Paragraph [0045])
Eliyahu does not explicitly teach wherein the access request is automatically generated
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to automate a manual activity (i.e. automatically generate the access request) and the results would be predictable (i.e. request would be generated automatically instead of manually)

Regarding Claims 17-18,

Claims 17-18, are similar in scope to Claims 7-8 and are rejected for a similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439