Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  Claims 1, 11 and 20 are amended.  Claims 1-20 are pending. 
Response to Arguments
Applicant's arguments filed 7/13/2022 have been fully considered but they are not persuasive. 
 	Response to Applicant’s remarks in part:
 	Srinivasan teaches managing command compliance in internetworking devices by determining actively, by the device, whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device.  The device issues a request to a server to determine whether a command confirms to one or more compliance policies, based on compliance response from a respective compliance policies, based on a compliance response from a respective compliance server and executing the command only when the compliance response indicates server and executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies.  Cheol, on the other hand, teaches a security kernel extension method in a role base access control system for separating a login user and a process user, that determines an access control system for separating a login user and a process user, that determines an access permission by comparison between an object security property and an object profile.  The Office Action contends that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the CLI-replacement component based on user role and policies allegedly taught by Srinivasan and Cheol to unsure updated replacement of the CLI components.  
 	

 Examiner respectfully disagrees.  

Definition of Policy:

 	“Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organization. Policies can assist in both subjective and objective decision making. Policies used in subjective decision-making usually assist senior management with decisions that must be based on the relative merits of a number of factors, and as a result, are often hard to test objectively, e.g. work life balance policy... Moreover, Governments and other institutions have policies in the form of laws, regulations, procedures, administrative actions, incentives and voluntary practices. Frequently, resource allocations mirror policy decisions…” (Wikipedia).

	
 	Definition of Role:
 	 Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions needed to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.	

Srinivasan discloses to verify whether a command confirms to one or more compliance polices. For example:
Srinivasan discloses:
[0020] In an embodiment, an internetworking device is configured with compliance proxy logic that is configured for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command; receiving a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device.
Cleo is merely provided to support the well-known feature of role based access control system (see further support provided  in PTO 892).
The combination of verifying command request for compliance policies and the user based access would have been obvious to be part of the policies since controlling user access to resource based on user’s role or position would have been obvious.  Therefore, limiting allowed operations of the user account via CLI would have been an obvious to ensure request is compliance to particular policy according to what resource the user is permitted to access.  
	
Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Srinivasan et al. (U.S. Patent Application Publication No. 20110099255, hereinafter Srinivasan) in view of Cheol et al. (KR20100001524, hereinafter Cheol).
	With respect to claim 1, Srinivasan discloses a method comprising: 
obtaining a user account having an access to an Operating System (OS), wherein the OS comprises a Command Line Interface (CLI) configured to receive commands from the user and execute a predetermined functionality in the OS (e.g. Srinivasan, paragraph 0020-0021, “…a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command…executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device”; paragraph 0035, “Compliance proxy logic 110 may be integrated into or implemented as part of a CLI module or CLI parser coupled to or within the operating system 106…the functions of operating system 106, command parser 108 and compliance proxy logic 110 may be implemented as a single functional module or logical block”; paragraph 0063, “…responsive actions include generating and sending a user notification in a command-line response to a user terminal); and
Srinivasan discloses determine whether user’s command violate policies (e.g. Srinivasan, paragraphs 0020-0021) but does not explicitly mention but Cheol discloses creating an operation profile for the user account, wherein the operation profile comprises a list of authorized commands in the CLI for the user account, wherein the operation profile excludes at least one command of the CLI or at least one parameter of a command of the CLI  whereby limiting allowed operation (e.g. Cheol, pages 2-3, lines 20-45, “A basic role-based access control…The role…is a meaning related to responsibilities and authority, and refers to functions performed by organizations such as security administrations…and assigning user to specific roles…); page 5, lines 139-152; “…When an event occurs in the system and an operating system call is called, it is determined whether the system call is related to access control…”).
 	Srinivasan discloses controlling user access through CLI  in the OS with policies compliance and Cheol discloses control access based on user roles but does not explicitly discloses deploying a CLI-Replacement Component (CRC) in the user account, wherein the operation profile excludes at least one command of the CLI or at least one parameter of a command of the CLI, thereby the CRC only sends commands adhering with the operation profile for execution by the OS.  However, Cleo discloses the similar feature (e.g. Cleo, 2-3 and 20-45) but Cleo does not explicitly mention deploying a CLI-replacement Component (CRC).  However, performing software replacement or update is old and well-known (OAWK) in the art (e.g. Chiu, US Patent Application No.  2017/0171023, paragraph, 0007, “replace a default CLI generated by the storage system…take command for a Window operating system”; Elkins et al., US Patent Application Publication No.  2013/0338995, paragraph 0005, “…graphical user adj interfaces (“GUIs”) have largely replaces the so-called “command line interface of previous generations of computing systems”). 
 	 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the CLI- replacement component based on user role and policies taught by Srinivasan and Cheol to ensure updated replacement of the CLI components is based on user’s role. 
 	With respect to claim 2, Srinivasan and Cheol disclose the method of claim 1, further comprises: generating the CRC based on the predetermined functionality and the operation profile of the user account (e.g. Cheol, pages 2-3, lines 20-45; OAWK).  	With respect to claim 3, Srinivasan and Cheol disclose the method of claim 1, wherein said creating the operation profile is performed based on assignments with which the user is tasked (e.g. Cheol, pages 2-3, lines 20-45, role-based). 	With respect to claim 4, Srinivasan and Cheol disclose the method of claim 1, wherein limiting the executed commands by the CRC is indifferent to file permissions in a file system of the OS, whereby the CRC prevents execution of a command for which the user account has execution permissions in the file system (e.g. Cheol, pages 2-3, lines 20-45; OAWK).  .  	With respect to claim 5, Srinivasan and Cheol disclose the method of claim 1, further comprising: obtaining a second user account having an access to the OS, wherein the second user account is associated with a second user of the OS; creating a second operation profile for the second user account, wherein the second operation profile comprises a second list of authorized commands in the CLI for the second user account, wherein the second operation profile excludes at least one command of the CLI or at least one parameter of a command of the CLI; and deploying a second CLI-Replacement Component (CRC) in the OS, wherein the second CRC is associated with the second user account, wherein the second CRC is a CLI layer that is configured to limit executed commands in the OS based on the second operation profile, whereby the CRC only sends commands adhering with the second operation profile for execution by the OS; wherein the CRC and the second CRC are different  (e.g. Srinivasan, paragraphs 0020-0021; Cheol, pages 2-3, lines 20-45; page 5, lines 139-152; OAWK).  	With respect to claim 6, Srinivasan and Cheol disclose the method of claim 1, wherein said creating the operation profile comprises: displaying a list of commands of the OS to an administrator of the OS; and generating the list of authorized commands based on a selection of the administrator of enabled commands from the list of commands (e.g. Cheol, pages 2-3, lines 20-45). 	With respect to claim 7, Srinivasan and Cheol disclose the method of claim 6, wherein said creating the operation profile further comprises: obtaining a permission template indicating a set of enabled commands in the OS; wherein said displaying comprises displaying the list of commands and indicating the set of enabled commands as initially enabled; whereby providing the administrator with an initial list of authorized commands (e.g. Cheol, page 5 , lines 305-232, “OBS profile 111 is configured with object attribute information...”).  	With respect to claim 8, Srinivasan and Cheol disclose the method of claim 1, wherein the CRC is configured to enable execution of a first command, wherein the first command is configured to be executed in the OS with a at least one parameter; wherein based on the operation profile, the CRC is configured to prevent executing the first command with at least one value of the at least parameter of the first command  (e.g. Srinivasan, paragraphs 0020-0021; Cheol, pages 2-3, lines 20-45; page 5, lines 139-152; OAWK).  	With respect to claim 9, Srinivasan and Cheol do not disclose the method of claim 1, wherein the operation profile limits a number of commands allowed to be executed by the OS to less than 10% of a number of commands of the OS. 
However, setting access commands to a threshold would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention as a matter of design choice.  	With respect to claim 10, Srinivasan and Cheol disclose the method of claim 1, wherein said deploying the CRC in the OS comprises replacing the CLI of the OS with the CRC, wherein said replacing comprises deleting the CLI of the OS to prevent execution of the CLI (e.g. Cheol, pages 2-3, lines 20-45; OAWK).	
With respect to claims 11-20, the claims are apparatus and computer program product claims that are similar to method claims 1-10.  Therefore, claims 11-20 are rejected based on the similar rationale.
Conclusion
4.        THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843. The examiner can normally be reached 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TONGOC TRAN/Primary Examiner, Art Unit 2434