DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
2.The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

3. Claim(s) 1,4-6,8,10-13 and 17-20 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Pereira (US Pub.No.2020/0112568)

4. Regarding claims 1,13 Pereira teaches a method, a system comprising: receiving, via a computer network, a technical data file; securely storing the technical data file in a network-accessible technical data repository configured to restrict access to the technical data file (Figs.1-2 and Para:0018-0020 teaches receiving via the network 260 a request from one or more users to access one or more components/asset in an IT infrastructure. Creating rules and processing parameters for granting/denying one or more users 294 access to an IT infrastructure 297 components or assets 299);

computer-analyzing an unstructured policy document corresponding to the technical data file with a previously-trained machine-learning model configured to extract one or more policy attributes from unstructured policy documents; storing the one or more policy attributes extracted from the unstructured policy document in a network-accessible policy library
 (Fig.3a-b and Para:0024-0028 teaches  the access policy machine learning component 235 of the authentication component 231 can query the one or more databases 270 to create one or more machine learning modules for producing access credentials for the one or more users 294. The machine learning models can be based, in whole or in part, on the information contained in the external databases, including based on human resources systems and records, user skill and responsibilities entries, incident and change systems, access history for the user requesting access, and/or access history for similar users and devices database. The access policy machine learning component 235 can examine the policies, as indicated in the HRDB (human resources database) 270A or the CMDB (configuration management database) 270B, that are in effect for authorizing access requests to a component 299 of the IT infrastructure 297. The access policy machine learning component 235 will also receive unstructured information from the client devices 292 used by the users 294 or the SMEs (subject matters expert) 290 otherwise associated with the IT infrastructure 297. The SMEs 290, using the corresponding client devices 292, can annotate unstructured domain literature, and use those annotations can create a custom machine learning model that understands the requirements and technical nature of the IT infrastructure 297.  When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component 237 can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper);

receiving, via the computer network, a request for a user to access the technical data file; recognizing one or more user attributes of the user (Para:0022-0023 and Para:0028-0029 teaches the access and matching component 237 can use one of the machine learning models generated by the access policy machine learning component 235. When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component  can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper. 
The access and matching component  will be configured to employ a threshold and index scheme, e.g., as it verifies that the one or more users  fit the criteria of one or more policies, the access and matching component  increases the authorization level index. If the authorization index exceeds a threshold, then the access and matching component  will issue a request to the credential component 239 to create and provide an access credentials, e.g., an access ID, to the one or more users 294. If the authorization threshold falls below a suitable positive threshold for granting access, but above a threshold that denies access, the access and managing component 237 can inform the IT component resource owner 298 that a failed request was raised by one or more users 294, and then the resource owner 298 can take appropriate action); and

        providing the user, network access to the technical data file stored in the network-accessible technical data repository after verifying that the one or more user attributes do not conflict with the one or more policy attributes stored in the network-accessible policy library or an additional attribute corresponding to the technical data file (Para:0032 and Para:0034 teaches the access policy machine learning component 235 will evaluate the collected data to create one or more machine learning models associated with the granting access to the one or more users 294. The evaluated sources can include one or more human resource policies in HRDB 270A, an access history contained in the CMDB 270B for the one or more users 294 requesting access to the one or more components 299 of the IT infrastructure 297, an urgency level associated with the access request as indicated by the one or more users 294 making the request, and/or an access history of another one or more users 294 requesting access to the one or more components of the IT infrastructure as indicated in database 370C, where the another one or more users 294 have one or more common credentials with the one or more users 294 requesting access as contained in the SRDB 270D. The access policy machine learning component can evaluate data from any other suitable source as described herein. In block 360, based on the evaluation, the access machine policy learning component 235 can create one machine learning models that determine one or more authorization policies for granting access to the IT infrastructure 297 (or a component 299 therein), and store the policies in an authorization policies database 249. In block 370, the credentialing component 239, based on the machine learning models and in coordination with the authentication component 241, can generate and provide the one or more users 294 with access credentials).


5.  Regarding claim 4 Pereira teaches the method, wherein the previously-trained machine- learning model is updated based on contents of an access monitoring log configured to store logged authorization decisions corresponding to the technical data file (Para:0035 teaches for granting access to an IT infrastructure 297 (or components 299) for one or more users 294. The access matching component 237 utilizes the one or more authorization policies to determine an authorization confidence score (or “authorization score”) for granting access to one or more users 294 requesting access to the IT infrastructure 297 (or components 299 ). The access matching component  determines if the authorization confidence score exceeds a threshold. If the authorization confidence score exceeds a threshold, then the access matching component  coordinates with one or more components of the credentials component 239, resulting in granting access credentials to the one or more users . If the authorization confidence score is below a certain threshold, then the access matching component  can notify a resource owner 298 (or system owner 298 or component owner 298) of the IT infrastructure, and the resource owner 298, per block 450, can indicate that the access credentials should be granted, reverting to block 430, or denied, resulting in the flow proceeding to block 440. In one embodiment, per block 460, whether the access credentials are granted or denied, the access matching component 237 will coordinate with the access policy machine learning component 235 to update the one or more machine learning models based on the result, which in turn results in an update of the access policy and rules stored in authorization policies database).

6.  Regarding claim 5 Pereira teaches the method, wherein providing the user, network access to the technical data file stored in the network-accessible technical data repository comprises providing granular access to the technical data file, and wherein a level of granularity provided to the user is determined based on the one or more policy attributes and the one or more user attributes (Para:0028-0029 teaches the access and matching component 237 is configured to employ a threshold and index scheme, e.g., as it verifies that the one or more users 294 fit the criteria of one or more policies, the access and matching component  increases the authorization level index. If the authorization index exceeds a threshold, then the access and matching component  will issue a request to the credential component 239 to create and provide an access credentials, e.g., an access ID, to the one or more users 294. If the authorization threshold falls below a suitable positive threshold for granting access, but above a threshold that denies access, the access and managing component  can inform the IT component resource owner  that a failed request was raised by one or more users , and then the resource owner  can take appropriate action. The access and matching component 237 can provide feedback to the one or more machine learning models with respect to the result of a particular request, which by extension can result in an updating of the rules and policies in the authorization policies database 249).

7.  Regarding claim 6 Pereira teaches the method, wherein the one or more user attributes comprise at least subject attributes related to credentials of the user (Para:0028-0029 and para:0032 teaches the user attributes comprise the credentials of the user such as access ID).

8.  Regarding claim 8 Pereira teaches the method, wherein the one or more policy attributes comprise at least subject attributes related to credentials of the user (para:0028-0029 and para:0032 policy attributes comprise of attributes related to credentials of the user. such as access ID or identifier) .

9.  Regarding claim 10 Pereira teaches the method, wherein the one or more policy attributes comprise at least action attributes related to the level of granularity (Para:0023 and para:0028-0029 teaches the access and matching component 237 is configured to employ a threshold and index scheme, e.g., as it verifies that the one or more users 294 fit the criteria of one or more policies, the access and matching component 237 increases the authorization level index. If the authorization index exceeds a threshold, then the access and matching component 237 will issue a request to the credential component 239 to create and provide an access credentials, e.g., an access ID, to the one or more users 294. If the authorization threshold falls below a suitable positive threshold for granting access, but above a threshold that denies access, the access and managing component 237 can inform the IT component resource owner 298 that a failed request was raised by one or more users 294, and then the resource owner 298 can take appropriate action). 

10.  Regarding claims 11 and 17  Pereira teaches the method and the system, further comprising: responsive to a first condition wherein the one or more user attributes do not conflict with the one or more policy attributes stored in the network-accessible policy library for the technical data file, but are insufficient to provide the user network access to the technical data file stored in the network-accessible technical data repository, retrieving the additional attribute stored in a network-accessible policy information point; and providing the user network access to the technical data file stored in the network-accessible technical data repository after verifying that there is no conflict among the additional attribute, the one or more user attributes, and the one or more policy attributes stored in the network- accessible policy library for the technical data file (Para:0022-0023 and Para:0036-0039 teaches the identification component 233 identifies one or more users 294 attempting to access the IT infrastructure 297 using biometric information via a biometric reader, (where the biometric information can be located in one or more external databases 270). The access policy machine learning component 235 collects information from one or more external databases, to generate one or more machine learning models that determine a set of rules or policies for granting access to the IT infrastructure to one or more users 294, where the rules and/or policies can be stored in authorization policies database 249. The access and matching component can analyze the policies and rules in relation to a request from one or more users 294 to access the IT infrastructure, where the analysis is pursuant to an authorization threshold scheme. The access and matching component increases the authorization threshold by determining that the component 299 sought for access by the one or more users 294 is part of the CMDB (Configuration management database) 290B. Thee access and matching component 237 increases the authorization threshold by determining that the one or more users 294 have a job role or position that is relevant to the asset or component 299 sought for access, where the determination is made by querying one or more external databases 270, including HRDB  (human resources databases) 270A and ICDB (an incident and change systems database) 270C. In one embodiment, per block 525C, the access and matching component 237 increases the authorization level by examining one or more external databases 270 to determine that the one or more users 294 are part of a support queue associated with the asset. In one embodiment, per block 525d, the access and matching component 237 increases the authorization level index by determining that the one or more users 294 are active members of the organization that owns the asset by examining one or more databases 270, including HRDB 270A. In one embodiment, per block 525E, the access and matching component 237 increases the authorization level by determining that the one or more users 294 are part of the account owning the component 299 sought for access, including examining the ACCDB (an accounts database) 270F. In any of steps 525A-525F, if the access and matching component 237 makes a negative determination, e.g. that the one or more users 294 are not part of the organization or the queue, that the asset 298 is not part of the CMDB, etc., then the authorization index decreases. In one embodiment, per block 535, in the instance when the authorization index did not meet or exceed the threshold necessary to grant the one or more users 294 access credentials, the access and matching component 237 can determine, by accessing emails from the one or more users 294 (where the emails can be located in one or more external databases 270 or any other suitable source), if there was any email approval from an IT component/resource owner 298 to allow access to the IT infrastructure 297 or component 299 therein. If access and matching component 237 determines that the authorization from the resource owner 298 exists, then authorization index increases, where in one embodiment the authorization is a definitive indicator that access credentials should be provided).

11.   Regarding claims 12 and 18 Pereira teaches the method and the system further comprising: associating the one or more policy attributes extracted from the unstructured policy document with predetermined attribute fields indicated by the previously-trained machine learning model; and outputting one or more structured, field-labeled policy attributes for storage in the network-accessible policy library (Fig.3a-b and Para:0024-0028 teaches  the access policy machine learning component 235 of the authentication component 231 can query the one or more databases 270 to create one or more machine learning modules for producing access credentials for the one or more users 294. The machine learning models can be based, in whole or in part, on the information contained in the external databases, including based on human resources systems and records, user skill and responsibilities entries, incident and change systems, access history for the user requesting access, and/or access history for similar users and devices database. The access policy machine learning component 235 can examine the policies, as indicated in the HRDB (human resources database) 270A or the CMDB (configuration management database) 270B, that are in effect for authorizing access requests to a component 299 of the IT infrastructure 297. The access policy machine learning component 235 will also receive unstructured information from the client devices 292 used by the users 294 or the SMEs (subject matters expert) 290 otherwise associated with the IT infrastructure 297. The SMEs 290, using the corresponding client devices 292, can annotate unstructured domain literature, and use those annotations can create a custom machine learning model that understands the requirements and technical nature of the IT infrastructure 297.  When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component 237 can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper).

12.   Regarding claim 19 Pereira teaches the method, comprising: training a machine learning model to recognize first policy attributes of a first type from a plurality of unstructured policy documents of the first type; training the machine learning model to recognize second policy attributes of a second type from a plurality of unstructured policy documents of the second type; generating an integrated set of attribute fields based on a set of the policy attributes of the first type and a set of the policy attributes of the second type (Para:0022-0023 and Para:0036-0039 teaches the identification component 233 identifies one or more users 294 attempting to access the IT infrastructure 297 using biometric information via a biometric reader, (where the biometric information can be located in one or more external databases 270). The access policy machine learning component 235 collects information from one or more external databases, to generate one or more machine learning models that determine a set of rules or policies for granting access to the IT infrastructure to one or more users 294, where the rules and/or policies can be stored in authorization policies database 249. The access and matching component can analyze the policies and rules in relation to a request from one or more users 294 to access the IT infrastructure, where the analysis is pursuant to an authorization threshold scheme. The access and matching component increases the authorization threshold by determining that the component 299 sought for access by the one or more users 294 is part of the CMDB (Configuration management database) 290B. Thee access and matching component 237 increases the authorization threshold by determining that the one or more users 294 have a job role or position that is relevant to the asset or component 299 sought for access, where the determination is made by querying one or more external databases 270, including HRDB  (human resources databases) 270A and ICDB (an incident and change systems database) 270C. In one embodiment, per block 525C, the access and matching component 237 increases the authorization level by examining one or more external databases 270 to determine that the one or more users 294 are part of a support queue associated with the asset. In one embodiment, per block 525d, the access and matching component 237 increases the authorization level index by determining that the one or more users 294 are active members of the organization that owns the asset by examining one or more databases 270, including HRDB 270A. In one embodiment, per block 525E, the access and matching component 237 increases the authorization level by determining that the one or more users 294 are part of the account owning the component 299 sought for access, including examining the ACCDB (an accounts database) 270F. In any of steps 525A-525F, if the access and matching component 237 makes a negative determination, e.g. that the one or more users 294 are not part of the organization or the queue, that the asset 298 is not part of the CMDB, etc., then the authorization index decreases. In one embodiment, per block 535, in the instance when the authorization index did not meet or exceed the threshold necessary to grant the one or more users 294 access credentials, the access and matching component 237 can determine, by accessing emails from the one or more users 294 (where the emails can be located in one or more external databases 270 or any other suitable source), if there was any email approval from an IT component/resource owner 298 to allow access to the IT infrastructure 297 or component 299 therein. If access and matching component 237 determines that the authorization from the resource owner 298 exists, then authorization index increases, where in one embodiment the authorization is a definitive indicator that access credentials should be provided);

receiving, via a computer network, a technical data file: securely storing the technical data file in a network-accessible technical data repository configured to restrict access to the technical data file (Figs.1-2 and Para:0018-0020 teaches receiving via the network 260 a request from one or more users to access one or more components/asset in an IT infrastructure. Creating rules and processing parameters for granting/denying one or more users 294 access to an IT infrastructure 297 components or assets 299);

computer-analyzing an unstructured policy document of the first type corresponding to the technical data file by extracting one or more policy attributes from the unstructured policy document using the trained machine-learning model (Fig.3a-b and Para:0024-0028 teaches  the access policy machine learning component 235 of the authentication component 231 can query the one or more databases 270 to create one or more machine learning modules for producing access credentials for the one or more users 294. The machine learning models can be based, in whole or in part, on the information contained in the external databases, including based on human resources systems and records, user skill and responsibilities entries, incident and change systems, access history for the user requesting access, and/or access history for similar users and devices database. The access policy machine learning component 235 can examine the policies, as indicated in the HRDB (human resources database) 270A or the CMDB (configuration management database) 270B, that are in effect for authorizing access requests to a component 299 of the IT infrastructure 297. The access policy machine learning component 235 will also receive unstructured information from the client devices 292 used by the users 294 or the SMEs (subject matters expert) 290 otherwise associated with the IT infrastructure 297. The SMEs 290, using the corresponding client devices 292, can annotate unstructured domain literature, and use those annotations can create a custom machine learning model that understands the requirements and technical nature of the IT infrastructure 297.  When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component 237 can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper);


associating the one or more policy attributes extracted from the unstructured policy document of the first type with the integrated set of attribute fields; and outputting one or more structured, field-labeled policy attributes for storage in a network-accessible policy library (Para:0023 and Para:0024-0029 teaches  the access policy machine learning component 235 of the authentication component 231 can query the one or more databases 270 to create one or more machine learning modules for producing access credentials for the one or more users 294. The machine learning models can be based, in whole or in part, on the information contained in the external databases, including based on human resources systems and records, user skill and responsibilities entries, incident and change systems, access history for the user requesting access, and/or access history for similar users and devices database. The access policy machine learning component 235 can examine the policies, as indicated in the HRDB (human resources database) 270A or the CMDB (configuration management database) 270B, that are in effect for authorizing access requests to a component 299 of the IT infrastructure 297. The access policy machine learning component 235 will also receive unstructured information from the client devices 292 used by the users 294 or the SMEs (subject matters expert) 290 otherwise associated with the IT infrastructure 297. The SMEs 290, using the corresponding client devices 292, can annotate unstructured domain literature, and use those annotations can create a custom machine learning model that understands the requirements and technical nature of the IT infrastructure 297.  When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component 237 can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper. In one embodiment, the access and matching component 237 is configured to employ a threshold and index scheme, e.g., as it verifies that the one or more users 294 fit the criteria of one or more policies, the access and matching component 237 increases the authorization level index. If the authorization index exceeds a threshold, then the access and matching component 237 will issue a request to the credential component 239 to create and provide an access credentials, e.g., an access ID, to the one or more users 294. If the authorization threshold falls below a suitable positive threshold for granting access, but above a threshold that denies access, the access and managing component 237 can inform the IT component resource owner 298 that a failed request was raised by one or more users 294, and then the resource owner 298 can take appropriate action. In one embodiment, the access and matching component 237 can provide feedback to the one or more machine learning models with respect to the result of a particular request, which by extension can result in an updating of the rules and policies in the authorization policies database 249).
   
13.  Regarding claim 20 Pereira teaches the method, comprising, further comprising: receiving, via the computer network, a request for a user to access the technical data file (Figs.1-2 and Para:0018-0020 teaches receiving via the network 260 a request from one or more users to access one or more components/asset in an IT infrastructure. Creating rules and processing parameters for granting/denying one or more users 294 access to an IT infrastructure 297 components or assets 299);

 recognizing one or more user attributes of the user; and providing the user network access to the technical data file stored in the network-accessible technical data repository after verifying that the one or more user attributes do not conflict with the one or more structured, field- labeled policy attributes stored in the network-accessible policy library or an additional attribute corresponding to the technical data file (Fig.3a-b and Para:0024-0028 teaches  the access policy machine learning component 235 of the authentication component 231 can query the one or more databases 270 to create one or more machine learning modules for producing access credentials for the one or more users 294. The machine learning models can be based, in whole or in part, on the information contained in the external databases, including based on human resources systems and records, user skill and responsibilities entries, incident and change systems, access history for the user requesting access, and/or access history for similar users and devices database. The access policy machine learning component 235 can examine the policies, as indicated in the HRDB (human resources database) 270A or the CMDB (configuration management database) 270B, that are in effect for authorizing access requests to a component 299 of the IT infrastructure 297. The access policy machine learning component 235 will also receive unstructured information from the client devices 292 used by the users 294 or the SMEs (subject matters expert) 290 otherwise associated with the IT infrastructure 297. The SMEs 290, using the corresponding client devices 292, can annotate unstructured domain literature, and use those annotations can create a custom machine learning model that understands the requirements and technical nature of the IT infrastructure 297.  When a request is received from a client 292 for a user credential for at least one IT component 299 of the IT infrastructure 297, the access and matching component 237 can examine the rules recorded in the authorization policies database 249 and will evaluate the request. Utilizing the information in the authorization policies database 249 and other additional information (which can be from external systems and actors, e.g., input from SMEs 290), the access and matching component 237 can determine whether access is proper).

Claim Rejections - 35 USC § 103
14.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

15. Claim(s) 2, 3 and 14  are rejected under 35 U.S.C. 103 as being unpatentable over Pereira (US Pub.No.2020/0112568) as applied to claims 1, 13 above and in view of Nassar (US Pub.No.2020/0076806).

16. Regarding claim 2 Pereira teaches all the above claimed limitations, but does not expressly teach the method, wherein the result of a request verification is stored in an access monitoring log.

Nassar teaches the method, wherein the result of a request verification is stored in an access monitoring log (para:0072 and Para:0079 teaches whenever a user logs onto (or signs into) the account or access a resource and/or when a failed login occurs, the details thereof are stored in a directory log 718 and details of the activity performed by the user may be tracked and stored in an event log 416 ).


It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Nassar to include the result of a request verification is stored in an access monitoring log such a setup will give a predictable result of  reviewing the record of the activities of the privilege and determine which users performed which actions and/or determine whether or not the privilege has been used in an appropriate and/or the intended manner(para:0084).

17.  Regarding claim 3 Pereira teaches all the above claimed limitations, but does not expressly teach the method, wherein the result of a transaction related to the network-accessible technical data repository is stored in the access monitoring log.

Nassar teaches the method, wherein the result of a transaction related to the network-accessible technical data repository is stored in the access monitoring log (Para:0072 and Para:0079 teaches user  login record and the details of the activity performed by the user may be tracked and stored in an event log. For. e.g. whenever a user logs onto (or signs into) the account or access a resource, and/or when a failed login occurs, the details thereof are stored in a database, based on the stored details determine whether or not the privilege has been used in an appropriate and/or the intended manner).

It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Nassar to include the result of a transaction related to the network-accessible technical data repository is stored in the access monitoring log such a setup will give a predictable result of  reviewing the record of the activities of the privilege and determine which users performed which actions and/or determine whether or not the privilege has been used in an appropriate and/or the intended manner (para:0084).

18.  Regarding claim 14 Pereira teaches all the above claimed limitations, but does not expressly teach the system, further comprising: an access monitoring log configured to store logged authorization decisions corresponding to the technical data file.

Nassar teaches the system, further comprising: an access monitoring log configured to store logged authorization decisions corresponding to the technical data file  (Para:0072 and Para:0079 teaches user  login record and the details of the activity performed by the user may be tracked and stored in an event log. For. e.g. whenever a user logs onto (or signs into) the account or access a resource, and/or when a failed login occurs, the details thereof are stored in a database, based on the stored details determine whether or not the privilege has been used in an appropriate and/or the intended manner).
It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Nassar to include an access monitoring log configured to store logged authorization decisions corresponding to the technical data file such a setup will give a predictable result of  reviewing the record of the activities of the privilege and determine which users performed which actions and/or determine whether or not the privilege has been used in an appropriate and/or the intended manner (para:0084).

19.  Regarding claim 15 Pereira teaches the system wherein the previously-trained machine- learning model is updated based on contents of the access monitoring log (Para:0028-0029 and Para:0035 teaches for granting access to an IT infrastructure 297 (or components 299) for one or more users 294. The access matching component 237 utilizes the one or more authorization policies to determine an authorization confidence score (or “authorization score”) for granting access to one or more users 294 requesting access to the IT infrastructure 297 (or components 299 ). The access matching component  determines if the authorization confidence score exceeds a threshold. If the authorization confidence score exceeds a threshold, then the access matching component  coordinates with one or more components of the credentials component 239, resulting in granting access credentials to the one or more users . If the authorization confidence score is below a certain threshold, then the access matching component  can notify a resource owner 298 (or system owner 298 or component owner 298) of the IT infrastructure, and the resource owner 298, per block 450, can indicate that the access credentials should be granted, reverting to block 430, or denied, resulting in the flow proceeding to block 440. In one embodiment, per block 460, whether the access credentials are granted or denied, the access matching component 237 will coordinate with the access policy machine learning component 235 to update the one or more machine learning models based on the result, which in turn results in an update of the access policy and rules stored in authorization policies database).
20.  Claim(s) 7 and  9 are rejected under 35 U.S.C. 103 as being unpatentable over Pereira (US Pub.No.2020/0112568) as applied to claim 5  above and in view of Karlberg (US Pub.No.2021/0288971).

21. Regarding claim 7 Pereira teaches all the above claimed limitations, but does not expressly teach the method, wherein the one or more user attributes comprise at least context attributes related to metadata associated with the request for access.

 Karlberg teaches the method, wherein the one or more user attributes comprise at least context attributes related to metadata associated with the request for access (Para:0057 and Para:00063 teaches the user attribute comprises of contextual attribute related to metadata).

It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Karlberg to include the one or more user attributes comprise at least context attributes related to metadata associated with the request for access such a setup will give a predictable result of indicating by the access control management systems which access control level identifiers are needed to access a particular resource.

22. Regarding claim 9 Pereira teaches all the above claimed limitations, but does not expressly teach the method, wherein the one or more policy attributes comprise at least context attributes related to metadata associated with the request for access.

  Karlberg teaches the method, wherein the one or more policy attributes comprise at least context attributes related to metadata associated with the request for access (Para:0057 and Para:00063 teaches the policy attribute comprises of contextual attribute related to metadata).

It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Karlberg to include the one or more policy attributes comprise at least context attributes related to metadata associated with the request for access such a setup will give a predictable result of indicating by the access control management systems which access control level identifiers are needed to access a particular resource.

23. Claim(s) 16 is rejected under 35 U.S.C. 103 as being unpatentable over Pereira (US Pub.No.2020/0112568) as applied to claim 13 above and in view of von Muhlen (US Pat.No.10,579,443).

24.  Regarding claim 16 Pereira teaches all the above claimed limitations, but does not expressly teach the system, wherein the network-accessible technical data repository is located in a first jurisdiction, wherein the user is located in a second jurisdiction, and wherein the unstructured policy document governs access to the technical data file for users located in the second jurisdiction.

von Muhlen teaches the system, wherein the network-accessible technical data repository is located in a first jurisdiction, wherein the user is located in a second jurisdiction, and wherein the unstructured policy document governs access to the technical data file for users located in the second jurisdiction (Col.6, lines.1-19  teaches content management system 106 can be configured to maintain a content directory identifying the location of each content item in content storage 160. Col.9, lines.54-66; Col.10, lines.1-5 teaches identifying the geo-location of client device 102 (second jurisdiction). The content management system 106 can then compare the credentials with an access control list (406). The access control list can be associated with the content item, a folder containing the content item, the requesting user, and/or a user group. The access control list can specify which users, locations, devices, times, etc. can access the content item. Col.11, lines.15-35 teaches providing access to content item to user’s located in the second jurisdiction).

It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Pereira with that of Karlberg to include the user is located in a second jurisdiction, and wherein the unstructured policy document governs access to the technical data file for users located in the second jurisdiction such a setup will give a predictable result of  determining whether the user is authorized and that the user is using an approved device.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431