DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11128629. Although the claims at issue are not identical, they are not patentably distinct from each other because Claims of patent application contain every element of claims above instant application or vice versa, and as such they anticipate or anticipated by Instant Application. As to Claims 1, 19, 20, of the Pat. *629 anticipates the claims of the instant application. By way of illustration, consider the respective claim 1 from each disclosure:
Claim 1 of the instant application
Claim 1 of the ‘629 Patent
1. A computer-implemented method when executed on data processing hardware causes the data processing hardware to perform operations comprising: receiving, from a user account, a request to temporarily escalate privileges to permit access to a plurality of resources in a distributed computing environment for a specified duration, the temporarily escalated privileges greater than current privileges assigned to the user account; granting the temporarily escalated privileges to the user account, the temporarily escalated privileges comprising a restriction prohibiting the user account from performing an activity using one of the plurality of resources; during the specified duration while the temporarily escalated privileges are granted to the user account, detecting an attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality of resources; and in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, sending an alert to a registered administrator of the plurality of resources.
1. A method comprising: by a computing device, providing a computing environment comprising a plurality of user accounts, wherein each of the user accounts is assigned specified privileges to execute particular commands or programs; by the computing device, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, wherein the request comprises an identifier of the one of the user accounts, requested privileges, and the specified duration; by the computing device, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges; by the computing device, during the specified duration, monitoring for an indication that the one of the user accounts has attempted one of the one or more prohibited activities by performing a periodic job of analyzing event logs on one or more target server nodes; by the computing device, while performing the periodic job of analyzing event logs on the one or more target server nodes during the specified duration, detecting the indication that the one of the user accounts has attempted the one of the one or more prohibited activities when the event logs contain one or more records indicating that the one of the user accounts with the escalated privileges generated a particular event; and in response to detecting the indication that the one of the user accounts has attempted the one of the one or more prohibited activities, by the computing device, initiating an automated remediation corresponding to the indication.





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vasishth et al (Pub. No. US 2006/0143447) in view of Seigel et al (Pub. No. US 2017/0161503).


As per claim 1, Vasishth discloses a computer-implemented method when executed on data processing hardware causes the data processing hardware to perform operations comprising: receiving, from a user account, a request to temporarily escalate privileges to permit access to a plurality of resources in a distributed computing environment for a specified duration, the temporarily escalated privileges greater than current privileges assigned to the user account (…the user requests an elevated right account…see par. 16…the elevated right account may have a lifecycle of one month…see par. 23…an elevated right account provides greater rights to the associated user…see par. 28); granting the temporarily escalated privileges to the user account, the temporarily escalated privileges comprising a restriction prohibiting the user account from performing an activity using the one of the plurality of resources (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary bases that requires access over and above that held for his/her routine job responsibilities… restrictions include limiting who can reset the password on an elevated account and who can modify the membership of these key groups…see par. 38-39); during the specified duration while the temporarily escalated privileges are granted to the user account (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary bases that requires access over and above that held for his/her routine job responsibilities…see par. 38). Vasishth discloses the admin level group monitor, a higher priority is given to changes that were made by an unauthorized user…the admin level group monitor uses the list of authorized users to identity any group changes that were made by a user who is not in the set of authorized users…the admin level group monitor searches for changes by unauthorized users and sends an alert when such a change is found via a higher urgency notification mechanism…see par. 42…but does not explicitly disclose detecting an attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality or resources; and in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, sending an alert to a registered administrator of the plurality of resources. However Seigel discloses detecting an attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality or resources; and in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, sending an alert to a registered administrator of the plurality of resources (…a user account may have administrative privileges to enable a system administrator to provision resources in a computing system…such a user account may not have a legitimate reason to read the contents of high level (e.g. restricted or confidential) documents…determining that a user account with administrative privileges is reading the contents of high level documents may result in the activities performed by the user account to be identified as high risk activities…this determining risk by taking into consideration event logs that indicate access to high level documents may provide a more accurate measure of user risk….e.g. a user account that is determined to be accessing resources that have been classified with a high level during a time window may cause the user account’s risk indicator to increase during the time window…see par. 22…a risk indicator may be permanently or temporarily associated with each user account…an identity manager may use the risk indicator associated with a user account to generate an alert…see par. 23). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further maintain a security system by recognizing legitimate activities from unauthorized access to user accounts…see Seigel, par. 4.


As per claim 11, Vasishth discloses a system comprising: data processing hardware; and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations (see par. 62-64) comprising: receiving, from a user account, a request to temporarily escalate privileges to permit access to a plurality of resources in a distributed computing environment for a specified duration, the temporarily escalated privileges greater than current privileges assigned to the user account (…the user requests an elevated right account…see par. 16…the elevated right account may have a lifecycle of one moth…see par. 23…an elevated right account provides greater rights to the associated user…see par. 28); granting the temporarily escalated privileges to the user account, the temporarily escalated privileges comprising a restriction prohibiting the user account from performing an activity using the one of the plurality of resources  (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary bases that requires access over and above that held for his/her routine job responsibilities… restrictions include limiting who can reset the password on an elevated account and who can modify the membership of these key groups…see par. 38-39); during the specified duration while the temporarily escalated privileges are granted to the user account (…temporary elevated access can be granted when a user is called upon to perform a task on a temporary bases that requires access over and above that held for his/her routine job responsibilities…see par. 38). Vasishth discloses the admin level group monitor, a higher priority is given to changes that were made by an unauthorized user…the admin level group monitor uses the list of authorized users to identity any group changes that were made by a user who is not in the set of authorized users…the admin level group monitor searches for changes by unauthorized users and sends an alert when such a change is found via a higher urgency notification mechanism…see par. 42…but does not explicitly disclose detecting an attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality or resources; and in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, sending an alert to a registered administrator of the plurality of resources. However Seigel discloses detecting an attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality or resources; and in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, sending an alert to a registered administrator of the plurality of resources (…a user account may have administrative privileges to enable a system administrator to provision resources in a computing system…such a user account may not have a legitimate reason to read the contents of high level (e.g. restricted or confidential) documents…determining that a user account with administrative privileges is reading the contents of high level documents may result in the activities performed by the user account to be identified as high risk activities…this determining risk by taking into consideration event logs that indicate access to high level documents may provide a more accurate measure of user risk….e.g. a user account that is determined to be accessing resources that have been classified with a high level during a time window may cause the user account’s risk indicator to increase during the time window…see par. 22…a risk indicator may be permanently or temporarily associated with each user account…an identity manager may use the risk indicator associated with a user account to generate an alert…see par. 23). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Seigel in Vasishth for including the above limitations because one ordinary skill in the art would recognize it would further maintain a security system by recognizing legitimate activities from unauthorized access to user accounts…see Seigel, par. 4.


As per claims 2, 12, the combination of Vasishth and Seigel discloses wherein the operations further comprise, upon granting the temporarily escalated privileges, starting a timer set to expire after an amount of time equal to the specified duration (Seigel: see par. 26). The motivation for claims 2, 12 is the same motivation as in claims 1, 11 above.  


As per claims 3, 13, the combination of Vasishth and Seigel discloses wherein the operations further comprise, prior to expiration of the timer: receiving an extension request to extend the specified duration to an extended duration; determining whether the extension request is allowable; and when the extension request is allowable, setting the expiration of the timer to an amount of time equal to the extended duration (Seigel: see par. 17-18). The motivation for claims 3, 13 is the same motivation as in claims 1, 11 above.  


As per claims 4, 14, the combination of Vasishth and Seigel discloses wherein the operations further comprise, in response to detecting the attempt by the user account to perform the activity prohibited by the restriction, revoking the temporarily escalated privileges for the user account (Vasishth: see par. 48-50).  


As per claims 5, 15, the combination of Vasishth and Seigel discloses wherein detecting the attempt by the user account to perform the activity prohibited by the restriction of the temporarily escalated privileges is based on: monitoring specified objects; and analyzing event logs (Seigel: see par. 28-29). The motivation for claims 5, 15 is the same motivation as in claims 1, 11 above.  


As per claims 6, 16, the combination of Vasishth and Seigel discloses wherein analyzing the event logs comprises: scheduling a periodic job of analyzing the event logs; and when the event logs contain one or more records of the activity prohibited by the restriction, generating an indication that the user account attempted to perform the activity prohibited by the restriction of the temporarily escalated privileges using the one of the plurality of resources (Seigel: see par. 60-61). The motivation for claims 6, 16 is the same motivation as in claims 1, 11 above.  
  

As per claims 7, 17, the combination of Vasishth and Seigel discloses wherein monitoring the specified objects comprises scheduling a periodic job of inspecting the specified objects (Seigel: see par. 28). The motivation for claims 7, 17 is the same motivation as in claims 1, 11 above.  


As per claims 8, 18, the combination of Vasishth and Seigel discloses wherein an interval of the periodic job is determined such that the indication can be detected with a delay less than a threshold (Seigel: see par. 18). The motivation for claims 8, 18 is the same motivation as in claims 1, 11 above.  


As per claims 9, 19, the combination of Vasishth and Seigel discloses wherein the activity prohibited by the restriction comprises creating a new registered administrator (Vasishth: add group member…see par. 39-40).


As per claims 10, 20, the combination of Vasishth and Seigel discloses wherein the activity prohibited by the restriction comprises deleting another registered administrator (Vasishth: removal of group member…see par. 39-40).




Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to user account management in cloud computing environments.

Fleischman et al (Pub. No. US 2012/0254946); “Establishing Privileges Through Claims of Valuable Assets”;
-Teaches verifying privilege level when the entity requests to perform an activity…see par. 37.


Juncker et al (Pub. No. US 2018/0375891); “Systems and Methods for Context-Based Mitigation of Computer Security Risks”;
-Teaches identifying the user-specific security risk by detecting a user privilege level of the user of the computing device and detecting that one or more user account settings associated with the user violate a group policy…see par. 22.




Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499