DETAILED ACTION                                                                                                   Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to 35 USC 103, filed 06/10/2022, Chari fails to teach “obtaining user data relating to a plurality of system users having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context”.
The examiner respectfully disagrees. Chari discloses “providing names and identification numbers of a plurality of users [0029]”. This shows obtaining user data relating to plurality of system users.
Furthermore, Chari discloses “providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users. Relationship and attributes of each of the plurality of users and their assigned permissions to access secure resources [0029]. A secure resource has restricted access by only authorized users. Each authorized user is assigned a particular risk-averse role that includes a set of one or more permissions [0025]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026]”. Chari shows that when a new user tries to get access to a resource, it cannot have access since it is not authorized. This shows that the user without complying with a ruleset. The user is then granted to be an assigned user, which allows to have access to the resource. The system has an access control logs where each of the plurality of users includes previously accessed secure resources. Where it discloses when the secure resources were last accessed and the relationship between plurality users and their assigned permission to access secure resources. Therefore, Chari does teach users having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context.
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., granting access based upon context (e.g., context-sensitive access control), a user can have access to a resource, despite not having the ability to automatically access the resource based upon a particular context, by employing access overrides) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

In response to 35 USC 103, filed 06/10/2022, Rykowski fails to teach “updating, upon the number of system users in the subset exceeding the predetermined threshold”. 
Rykowski teaches “updating, upon the number of system users in the subset exceeding the predetermined threshold”. Rykowski discloses “the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold. The number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]”. This shows that the ruleset is changed based on the users exceeding a previously specified threshold. The update is not just a list of users but also the security policies.

In response to 35 USC 103, filed 06/10/2022, O’Sullivan fails to teach “updating the ruleset to include criteria based on the identified combination of two or more user data properties”.
O’Sullivan teaches “updating the ruleset to include criteria based on the identified combination of two or more user data properties”. O’Sullivan discloses “modify the security policy of the user based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level [0028]. The security risk may be based on many different variables such as, for example, a rank of the user in the organization, who the user communicates with, patterns of behavior of the user, a number and level of confidential interactions of the user, etc. [0018]”. O’Sullivan shows modifying the security policies based on user exceeding predetermined level. The security risk acts as the identified combination of two or more user data properties. The security policies allows you to have automatically have access to resource.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, One of ordinary skill would modify the combination of Chari-Rykowski with the teachings of O’Sullivan, to incorporate the teaching of modifying the ruleset to include criteria abased on the identified combination of two or more user data properties. One of ordinary skill in the art would be motivate to use the teaching of O’Sullivan for the purpose of improving security. The security risk will indicate a security change for the user. Which would lead to secure information and prevent communication leak.  
Applicant argues that claim 25 are unpatentable under 35 USC 103 as being obvious over the combination of Chari-Rykowski-O’Sullivan.
In response, claim 25 is dependent of independent claim 21. As stated above, The combination of Chari-Rykowski-O’Sullivan teach claim 21 based on the rationale presented above.

Applicant argues that claims 23-24, 31-32, and 39-40 are unpatentable under 35 USC 103 as being obvious over the combination of Chari-Rykowski-O’Sullivan and in further view of Nenov.
In response, claims 23-24, 31-32, and 39-40 are dependent of independent claims 21, 29, and 37. As stated above, The combination of Chari-Rykowski-O’Sullivan teach claims 21, 29, and 37 based on the rationale presented above.

Applicant argues that claims 26 and 34 are unpatentable under 35 USC 103 as being obvious over the combination of Chari-Rykowski-O’Sullivan and in further view of Nenov.
In response, claims 26 and 34 are dependent of independent claims 21 and 29. As stated above, The combination of Chari-Rykowski-O’Sullivan teach claims 21 and 29 based on the rationale presented above.

Applicant argues that claims 27 and 35 are unpatentable under 35 USC 103 as being obvious over the combination of Chari-Rykowski-O’Sullivan and in further view of Nenov.
In response, claims 27 and 35 are dependent of independent claims 21 and 29. As stated above, The combination of Chari-Rykowski-O’Sullivan teach claims 21 and 29 based on the rationale presented above.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 22, 25, 28, 29, 30, 33 and 36-38 are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari) in view of Rykowski et al. (US 20170032042 hereinafter Rykowski) and in further view of O’Sullivan et al. (US 20110061089 hereinafter O’Sullivan).

Re. claim 21, Chari discloses computer-implemented method, comprising: obtaining user data relating to a plurality of system users (Chari discloses providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users. Relationship and attributes of the e=plurality of users and their assigned permissions to access secure resources [0029]. A secure resource has restricted access by only authorized users. Each authorized user is assigned a particular risk-averse role that includes a set of one or more permissions [0025] (A user that wasn’t assign does not have access this is broadly interpreted as without complying with a ruleset). The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026] (Users that have access privilege are automatically have access to the content); 
identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Names and identification numbers of a plurality of users [0029]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]).
Although Chari disclose threshold and number of users, Chari does not explicitly teach but Rykowski teaches determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); 
and updating, upon the number of system users in the subset exceeding the predetermined threshold (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chari to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by Rykowski. One of ordinary skill in the art would have been motivated for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Although the combination of Chari-Rykowski would teach upon the users exceeding the threshold modifying the list, the combination of Chari-Rykowski do not explicitly teach but O’Sullivan teaches updating the ruleset to include criteria based on the identified combination of two or more user data properties (O’Sullivan teaches modify the security policy of the user based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level [0028]. The security risk may be based on many different variables such as, for example, a rank of the user in the organization, who the user communicates with, patterns of behavior of the user, a number and level of confidential interactions of the user, etc. [0018] (the security rank with different variables interpreted as the identified combination of two or more user data properties)).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by O’Sullivan. One of ordinary skill in the art would have been motivated for the purpose of security change and secure information and to prevent information being leaked (O’Sullivan [0019] [0023]).

Re. claim 22, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 21, wherein each criterion of the ruleset specifies: the user data property, a value of the user data property, and a condition relating to the specified value that must be met, and the condition is selected from the group consisting of: equal to, 2less than, less than or equal to, greater than, greater than or equal to, and contains (Chari discloses a user -attribute relation is generated by mapping the users to attributes describing each of the users [0007]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]. A determination as to whether the level of complexity of the initial state of the role-based access control policy is greater than a predefined complexity threshold [0102]).  

Re. claim 25, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 21, Rykowski further teaches wherein the updating starts in response to a determination that a condition for updating the ruleset for a context is met (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chari to include wherein the updating starts in response to a determination that a condition for updating the ruleset for a context is met as disclosed by Rykowski. One of ordinary skill in the art would have been motivated for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).

Re. claim 28, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 21, wherein the user data for each system user comprises a user identifier and values of one or more properties relating to a profile of the user (Chari discloses then, a role-based access control policy is generated that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles [0007]. names and identification numbers of a plurality of users [0029]).  

Re. claim 29, Chari discloses a computer hardware system, comprising: a processing unit configured to perform the following executable operations (Chari discloses Processor unit 204 serves to execute instructions [0033]): obtaining user data relating to a plurality of system users (Chari discloses providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users. Relationship and attributes of the e=plurality of users and their assigned permissions to access secure resources [0029]. A secure resource has restricted access by only authorized users. Each authorized user is assigned a particular risk-averse role that includes a set of one or more permissions [0025] (A user that wasn’t assign does not have access this is broadly interpreted as without complying with a ruleset). The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026] (Users that have access privilege are automatically have access to the content); 
identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Names and identification numbers of a plurality of users [0029]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]).
Although Chari disclose threshold and number of users, Chari does not explicitly teach but Rykowski teaches determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); 
and updating, upon the number of system users in the subset exceeding the predetermined threshold (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chari to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by Rykowski. One of ordinary skill in the art would have been motivated for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Although the combination of Chari-Rykowski would teach upon the users exceeding the threshold modifying the list, the combination of Chari-Rykowski do not explicitly teach but O’Sullivan teaches updating the ruleset to include criteria based on the identified combination of two or more user data properties (O’Sullivan teaches modify the security policy of the user based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level [0028]. The security risk may be based on many different variables such as, for example, a rank of the user in the organization, who the user communicates with, patterns of behavior of the user, a number and level of confidential interactions of the user, etc. [0018] (the security rank with different variables interpreted as the identified combination of two or more user data properties)).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by O’Sullivan. One of ordinary skill in the art would have been motivated for the purpose of security change and secure information and to prevent information being leaked (O’Sullivan [0019] [0023]).

Re. claim 30, rejection of claim 29 is included and claim 30 is rejected with the same rationale as applied in claim 22 above.

Re. claim 33, rejection of claim 29 is included and claim 33 is rejected with the same rationale as applied in claim 25 above.

Re. claim 36, rejection of claim 29 is included and claim 36 is rejected with the same rationale as applied in claim 28 above.

Re. claim 37, Chari discloses a computer program product, comprising: a computer readable storage medium having program instructions embodied therewith, the program instructions are executable by a computer hardware system (Chari discloses or more computer readable medium(s) having computer readable program code [0015]. Computer program code for carrying out operations [0019])to cause the computer hardware system to perform: obtaining user data relating to a plurality of system users (Chari discloses providing names and identification numbers of a plurality of users [0029]) having previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context (providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users. Relationship and attributes of the e=plurality of users and their assigned permissions to access secure resources [0029]. A secure resource has restricted access by only authorized users. Each authorized user is assigned a particular risk-averse role that includes a set of one or more permissions [0025] (A user that wasn’t assign does not have access this is broadly interpreted as without complying with a ruleset). The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026] (Users that have access privilege are automatically have access to the content); 
identifying a combination of two or more user data properties having common values in the user data of a subset of two or more of the plurality of system users (a user -attribute relation is generated by mapping the users to attributes describing each of the users (mapping is interpreted as determine if they are common) [0007]. Names and identification numbers of a plurality of users [0029]. Role and policy modeling component 308 may assign a sensitivity value to each permission and a security clearance value to each user and define aggregation functions that will calculate the sensitivity level of a set of permissions and the security clearance level of a set of users. for each sensitivity value and each security clearance value, risk analysis component 304 assigns a risk value. Assess the risk value [0083]).
Although Chari disclose threshold and number of users, Chari does not explicitly teach but Rykowski teaches determining whether a number of system users in the subset exceeds a predetermined threshold (Rykowski teaches the management service 119 can determine whether the number of users to be added to or removed from the list of managed users 129 exceeds a previously specified threshold [0043]); 
and updating, upon the number of system users in the subset exceeding the predetermined threshold (Rykowski teaches the number of changes does exceed the threshold [0043].  Apply the change to the list of manages users 129 [0044]. The steps of adding or removing users from the list of managed users can trigger application of updated security policies for mobile devices associated with the users. To provide enterprise mobility management, the management service 119 can install agent software on the mobile device of a managed user, along with other enterprise applications such as a secure intern& browser, calendar, e-mail application, and file repository access application for accessing and editing corporate files. The mobile devices can use differing security policies depending on the groups to which a device or a user associated with a device is a member [0045]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by Chari to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by Rykowski. One of ordinary skill in the art would have been motivated for the purpose of limiting access and using different policies for different users (Rykowski [0024] [0045]).
Although the combination of Chari-Rykowski would teach upon the users exceeding the threshold modifying the list, the combination of Chari-Rykowski do not explicitly teach but O’Sullivan teaches updating the ruleset to include criteria based on the identified combination of two or more user data properties (O’Sullivan teaches modify the security policy of the user based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level [0028]. The security risk may be based on many different variables such as, for example, a rank of the user in the organization, who the user communicates with, patterns of behavior of the user, a number and level of confidential interactions of the user, etc. [0018] (the security rank with different variables interpreted as the identified combination of two or more user data properties)).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski to include determining whether a number of system users in the subset exceeds a predetermined threshold; updating, upon the number of system users in the subset exceeding the predetermined threshold as disclosed by O’Sullivan. One of ordinary skill in the art would have been motivated for the purpose of security change and secure information and to prevent information being leaked (O’Sullivan [0019] [0023]).

Re. claim 38, rejection of claim 37 is included and claim 38 is rejected with the same rationale as applied in claim 22 above.

Claims 23-24, 31-32, and 39-40 are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari) in view of Rykowski et al. (US 20170032042 hereinafter Rykowski), in view O’Sullivan et al. (US 20110061089 hereinafter O’Sullivan), and in further view of Nenov (US 9692784).

Re. claim 23, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 21, a system user granted access to the resource (Chari discloses providing names and identification numbers of a plurality of users [0029]) in the context without complying with the ruleset is identified based on the monitoring (Chari discloses providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026]. Detect role-based access control policy by identifying anomalies [0060])(Users that have access privilege are automatically have access to the content)); wherein access by system users and to the resource in the context is monitored (Chari discloses analyzes the risk of a role based access control policy [0071]. Access control data input 312 includes access control policies/access control logs data 314. Access control is used to secure resources [0072]) .
The combination of Chari-Rykowski-O’Sullivan do not explicitly teach but Nenov teaches an identifier of the system user in a data record associated with user access overrides of the ruleset is stored in memory (Nenov teaches quick retrieval and modification of rules, as well as compact identification of rule sets provided to a security device. a set of rule identifiers 120 may be associated with a device identifier for a security device, indicating the rule set distributed to said security device. In another example, upon detection of an attempted attack that matches a rule, a security device may store a rule identifier 120 to a log and/or transmit an identification of the rule identifier [Col 6 lines 51-64] Rule sets may be cached or stored in memory [Col 12 lines 1-12]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski-O’Sullivan to include identifier of the system user in a data record associated with user access overrides of the ruleset is stored in memory as disclosed by Nenov. One of ordinary skill in the art would have been motivated for the purpose of indicate that an attempted attack has been detected and potentially stopped (Nenov [Col 6 lines 51-64).

Re. claim 24, the combination of Chari-Rykowski-O’Sullivan-Nenov teach the method of claim 23, obtain the user data from at least one data source using the identifiers (Chari discloses another source of risk in an access control policy is that of mistakenly assigning users certain privileges [0080]).  
Although the combination of Chari-Rykowski-O’Sullivan-Nenov would teach identifiers of a plurality of system users in data records, the combination of Chari-Rykowski-O’Sullivan-Nenov do not explicitly teach but Nenov teaches wherein the obtaining the user data includes: retrieving, from the memory, identifiers of a plurality of system users in data records associated with user access overrides of the ruleset (Nenov teaches quick retrieval and modification of rules, as well as compact identification of rule sets provided to a security device. a set of rule identifiers 120 may be associated with a device identifier for a security device, indicating the rule set distributed to said security device. In another example, upon detection of an attempted attack that matches a rule, a security device may store a rule identifier 120 to a log and/or transmit an identification of the rule identifier [Col 6 lines 51-64] Rule sets may be cached or stored in memory [Col 12 lines 1-12]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski-O’Sullivan to include identifier of the system user in a data record associated with user access overrides of the ruleset is stored in memory as disclosed by Nenov. One of ordinary skill in the art would have been motivated for the purpose of indicate that an attempted attack has been detected and potentially stopped (Nenov [Col 6 lines 51-64).

Re. claim 31, rejection of claim 29 is included and claim 21 is rejected with the same rationale as applied in claim 22 above.

Re. claim 32, rejection of claim 31 is included and claim 32 is rejected with the same rationale as applied in claim 23 above.
Re. claim 39, rejection of claim 37 is included and claim 39 is rejected with the same rationale as applied in claim 22 above.

Re. claim 40, rejection of claim 37 is included and claim 39 is rejected with the same rationale as applied in claim 23 above.

Claims 26 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari), Rykowski et al. (US 20170032042 hereinafter Rykowski), in view of O’Sullivan et al. (US 20110061089 hereinafter O’Sullivan)and in further view of Jacobs (US 20080109871).

Re. claim 26, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 25, wherein the condition is selected from the group consisting of: a predetermined number of system users have been granted access in the context without complying with the ruleset in a predetermined time interval (Chari discloses providing access control logs for each of the plurality of users that may include listings of previously accessed secure resources, when the secure resources were accessed, and what actions were performed on the secure resources by the users [0029]. The access privilege or access right may grant an assigned user the ability to access and use a secure hardware device, software application, or network, such as a secure computer, financial application, or storage area network [0026](Users that have access privilege are automatically have access to the content). Measure of the system administrator's time required to maintain the role-based access control policy [0053]).
The combination of Chari-Rykowski-O’Sullivan do not explicitly teach but Jacobs teaches a predetermined time interval has passed since a previous update (Jacobs teaches the updating may be performed on a set time period [0040]. To check for analysis databases at certain time periods. As part of the client updating process, the client may report to the enterprise network that a new update has been installed; the report information may include the install date, version number, version date, client identification, and the like. This may provide a method for the system administrator to verify that the client 414 are updated to the most recent versions of the analysis databases [0106]), and a user request to update the ruleset (Jacobs teaches the client 414 may receive or request analysis database updates from the policy update module 404 [0105]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski-O’Sullivan to include a predetermined time interval has passed since a previous update as disclosed by Jacobs. One of ordinary skill in the art would have been motivated for the purpose of keeping the policy facility updated, the computer may be prevented from accessing certain computer applications, but it should be able to access those application that the user needs (Jacobs [0065]).

Re. claim 34, rejection of claim 33 is included and claim 34 is rejected with the same rationale as applied in claim 26 above.

Claims 27 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al. (US 20140196104 hereinafter Chari), Rykowski et al. (US 20170032042 hereinafter Rykowski), and in further view of Smith et al. (US 20150135258 hereinafter Smith).

Re. claim 27, the combination of Chari-Rykowski-O’Sullivan teach the method of claim 21, Although the combination of Chari-Rykowski-O’Sullivan would teach user data for each system, the combination of Chari-Rykowski-O’Sullivan do not explicitly teach but Smith teaches wherein the user data for each system user is obtained from a plurality of data sources (Smith teaches resources, policies context-aware data, etc., may be physical distributed over network 230 using one or more data sources [0032]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the method and system disclosed by the combination of Chari-Rykowski-O’Sullivan to include wherein the user data for each system user is obtained from a plurality of data sources as disclosed by Smith. One of ordinary skill in the art would have been motivated for the purpose of improving performance and security for lacking customization features and intelligence (Smith [0003]).

Re. claim 35, rejection of claim 29 is included and claim 35 is rejected with the same rationale as applied in claim 27 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Mankovskii (US 20160112397) discloses An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday:Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496