DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-22 are pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Soman et al (PGPUB 2019/0005267), and further in view of Huculak (“How to create an automated task using Task Scheduler on Windows 10”).

Regarding Claims 1, 9, and 17:
Soman teaches a method, non-transitory computer-readable medium comprising instructions, and a computer system, comprising (abstract, dynamic privilege management in a computer system): 
one or more processors (paragraph 23); and 
a memory (paragraph 23), the one or more processors and the memory configured to cause the computer system to (abstract, paragraph 23-24, memory containing software instructions implementing dynamic privilege management): 
receive a task name at a service (paragraph 39, on every application launch (i.e. “task”), OS calls user environment manager (UEM) driver with details of application being launched; paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path) configured to launch a process corresponding to the task name (paragraph 41, UEM driver resumes creation of application process); 
determine the process is associated with an elevated security context based on a policy that maps task names to security contexts, wherein the policy maps the task name to the elevated security context (paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path; UEM driver evaluates policies based on the application identification information; UEM driver generates a privilege elevation result based on evaluation of policies; the privilege elevation result can include a positive or negative indication on whether the application process being created can have elevated privilege); and 
launch, by the service, the process using the elevated security context such that the process runs with elevated privileges (paragraph 41, UEM driver or UEM service determines whether the application should be elevated based on the privilege elevation result; if not, method proceeds to step 518, where UEM driver resumes creation of the application process; if the privilege elevation result indicates that application should be elevated, method proceeds to step 514, wherein UEM service elevates privileges of the application process in login session; method proceeds to step 518 discussed above, i.e. UEM driver resumes creation of the application process).
Soman does not explicitly teach wherein the task name is different than an executable name of the process, wherein the task name is administrator defined.
However, Huculak teaches the concept wherein a task name is different than an executable name of a process (page 1, “How to create an automated task using Task Scheduler on Windows 10”; page 11, “How to create an advanced task using Task Scheduler”; page 12-13, “Select the Create Task option”; “In the ‘Name’ field, type a short descriptive name for the task.  For example, PowerShell First Script.”; page 20, “Under the ‘Settings’ section, in the ‘Program/script’ field, specify the path for the application.  For example: powershell.exe.”; therefore, the task name is different than the executable name), wherein the task name is administrator defined (page 15, “If you’re using an account with administrative privileges, the default user should be fine.”; screenshot shows that the author of the task is the account that will run the task; for accounts with administrative privileges, the task name would therefore be administrator defined; page 15, “If the task requires elevated privileges, check the Run with highest privileges option.”; Huculak therefore teaches mapping a task to an elevated security context).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the custom task name and administrator creation teachings of Huculak with the dynamic privilege management system of Soman.  Task scheduling has been an included application in one of the most popular operating systems in current use for many years.  Providing a means of applying custom names and descriptive elements to executable processes is a well-known concept, providing the advantage of improved readability and the ability for nontechnical users to understand tasks which were created by administrators and other technical users, given that many executable processes are given alphanumeric names which are often abbreviated or difficult to understand.  Furthermore, a person of ordinary skill in the art would have immediately concluded that providing means for administrators to define task names was obvious; administrators typically have access to systems at the highest level of privilege, and it would be counterintuitive to give lower level users (or no one at all) the ability to define the task name without providing that ability to administrators.

Regarding Claims 2, 10, and 18:
Soman in view of Huculak teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches wherein the one or more processors and the memory are configured to cause the computer system to receive and the launch during one of a login or logoff of a session (paragraph 22, during a login session of a desktop, dynamic privilege management detects launch of an application; dynamic privilege management evaluates elevation policies and determines reputation based on identification information for the application (e.g., a hash of the application); an application launches with elevated privileges only if allowed by an elevation policy).

Regarding Claims 3, 11, and 19:
Soman in view of Huculak teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches wherein the elevated security context comprises an elevated security context with child process de-elevation (paragraph 41, privilege elevation of a process; paragraph 50, child process privilege de-elevation), the one or more processors and the memory are configured to cause the computer system to: 
receive a request to launch a child process of the process (paragraph 51, UEM driver monitors OS for child process creation; on every child process created, OS calls UEM driver with details of the child process); and 
launch, by the service, the child process using an unelevated security context (paragraph 52, UEM driver determines identification information for the application for the child process; UEM driver determines child process policy for application; paragraph 53, Fig. 9, UEM driver determines whether child process should be de-elevated based on policies; if so, UEM driver sends request to UEM service which de-elevates privileges of the child process; UEM driver resumes creation of child process at step 916).

Regarding Claims 4, 12, and 20:
Soman in view of Huculak teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches the one or more processors and the memory are configured to cause the computer system to: 
receive a request to launch a child process of the process (paragraph 51, UEM driver monitors OS for child process creation; on every child process created, OS calls UEM driver with details of the child process), wherein one or more processors and the memory are configured to cause the computer system to determine the elevated security context associated with the process are configured to determine the elevated security context is associated with the child process (paragraph 50, by default, when OS creates a child process, the child process inherits the security context of the application; paragraph 52, UEM driver determines identification information for the application for the child process; UEM driver determines child process policy for application; paragraph 53, UEM driver determines whether the child process should be de-elevated based on policies; if not, UEM driver resumes creation of child process, i.e. elevated to security context of parent application); and 
launch the child process using the elevated security context (paragraph 53, UEM driver resumes creation of child process; paragraph 50, by default, child process inherits security context of application).

Regarding Claims 5 and 13:
Soman in view of Huculak teaches the method of claim 1 and the non-transitory computer-readable medium of claim 9.  In addition, Soman teaches wherein the launching is performed during a session associated with an unelevated security context (paragraph 27-28, desktop provides login session; local security subsystem creates user security context for login session; user member of “users” group, not “administrators”; administrator privileges are elevated with respect to user privileges; paragraph 22, during login session of a desktop, dynamic privilege management detects launch of an application), wherein the service is registered with an operating system of the computer system and configured to receive an indication of the session from the operating system (paragraph 35, UEM service registers with OS for notification of user logins; in response to user log on, OS sends notification to UEM service with details of logged on user).

Regarding Claims 6 and 14:
Soman in view of Huculak teaches the method of claim 1 and the non-transitory computer-readable medium of claim 9.  In addition, Soman teaches wherein the policy further maps the task name to the process (paragraph 30-34, policies specify requirements that applications must satisfy for privilege elevation; administrator defines policies such as path-based policies, hash-based policies, and publisher-based policies; using path-based policies, administrator specifies executable file names (i.e. “task name”); application (i.e. “process”) launched from matching executable file is authorized for privilege elevation), wherein the determining the process is associated with the elevated security context further comprises: 
determining, by the service, the process and the elevated security context associated with the task name (paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path; UEM driver evaluates policies based on the application identification information; UEM driver generates a privilege elevation result based on evaluation of policies; the privilege elevation result can include a positive or negative indication on whether the application process being created can have elevated privilege); and 
wherein the launching the process further comprises launching, by the service, the process using the elevated security context in response to receiving the task name (paragraph 41, UEM driver or UEM service determines whether the application should be elevated based on the privilege elevation result; if not, method proceeds to step 518, where UEM driver resumes creation of the application process; if the privilege elevation result indicates that application should be elevated, method proceeds to step 514, wherein UEM service elevates privileges of the application process in login session; method proceeds to step 518 discussed above, i.e. UEM driver resumes creation of the application process).

Regarding Claims 7 and 15:
Soman in view of Huculak teaches the method of claim 1 and the non-transitory computer-readable medium of claim 9.  In addition, Soman teaches the operations further comprising creating the elevated security context from an unelevated security context upon initialization of a login session (paragraph 36, UEM service 304 creates a special security context (SC) 326 based on a user SC 324 for the login session 306; special SC 326 includes the attributes of user SC 324, but also includes administrator privileges (whereas the user SC 324 has user privileges)).

Regarding Claims 8 and 16:
Soman in view of Huculak teaches the method of claim 7 and the non-transitory computer-readable medium of claim 15.  In addition, Soman teaches wherein the creating is performed by a process in a local security subsystem having privileges to create security contexts (paragraph 36, UEM service 304 creates a process (a special instance of UEM agent 310) within login session 306; this instance of UEM agent 310 is created with privileges sufficient to create security contexts).

Regarding Claim 21:
Soman in view of Huculak teaches the method of claim 1.  In addition, Huculak teaches wherein when the executable name of the process is used to launch the process, the process is launched with a different security context than the elevated security context (page 15, 20, a task, comprising a Program/script name, can be instructed to “Run with highest privileges”; therefore, it follows that launching the program independently and not through the task scheduler launches the program at the default level of privileges, whether that level is higher, lower, or the same as the scheduler).
The rationale to combine Soman and Huculak is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 21.

Regarding Claim 22:
Soman in view of Huculak teaches the method of claim 1.  In addition, Huculak teaches wherein the policy further maps a second task name to an unelevated security context, the second task name corresponding to the process (page 13, 15, a task, comprising a custom name in the “Name” field, and a Program/script name, can be instructed to run with or without highest privileges; as there is no limitation on the number of tasks which can execute the same Program/script, it therefore follows that different task names can execute the same process at different security contexts).
The rationale to combine Soman and Huculak is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 22.

Response to Arguments
Applicant's arguments filed 5/13/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 102:
In response to Applicant’s arguments, page 8 paragraph 3-page 9 paragraph 2:
Soman does not appear to disclose “wherein the task name is different than an executable name of the process”, as recited in amendment claim 1.  However, a new ground(s) for rejection is provided above which does teach this amended limitation.

In response to Applicant’s arguments, page 9 paragraph 4-page 10 paragraph 1:
Soman does not appear to disclose “wherein the task name is administrator defined”, as recited in amendment claim 1.  However, a new ground(s) for rejection is provided above which does teach this amended limitation.

In response to Applicant’s arguments, page 10 paragraph 2-page 11 paragraph 1:
Examiner disagrees.  Applicant argues that Soman separates the dynamic privilege management process into three distinct phases, i.e. user login, application launch, and privilege elevation.  However, it is clear throughout Soman that launching is a process, coinciding or equivalent to process creation, during which privilege elevation occurs.  For instance, with reference to Fig. 5, Soman teaches that the system monitors for application launches in the login session (step 502), determines a privilege elevation result (step 510), elevates privileges if necessary (step 514), and the resumes process creation (step 518); privilege elevation thus happens during process creation and not afterwards.  Further, with reference to Fig. 6 (note that paragraph 42 indicates that step 602 occurs after step 510 in Fig. 5), the system, in step 602, determines the reputation of the application being launched (i.e. launching is a process), and prevents the application launch if the reputation is malicious (step 610).  According to paragraph 43, “UEM service 304 notifies UEM driver 302 to prevent the application from being launched.  UEM driver 302 then stops the application process from being created”.  This indicates that process launch and creation are synonymous, or at the very least, coincident.  Therefore, Soman teaches launching the process using the elevated security context such that the process runs with elevated privileges.  
Furthermore, even if privilege elevation occurred post-launch in Soman, the process would still be running with elevated privileges; this could be construed as “launching, by the service, the process using the elevated security context such that the process runs with elevated privileges”.

Applicant’s arguments regarding claims 9 and 17 are similar to those regarding claim 1 and are responded to in a similar way.
Applicant’s remaining arguments relate to the dependent claims being allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

	Conclusion	
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491