DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/10/2022 has been entered.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-22 are pending.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-8, 21-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 1 contains the following subject matter: “generating, by the service, a special security context based on the first security context and the elevated security context…”.  The Examiner cannot find this subject matter in the specification and claims as originally filed.  The nearest subject matter from the specification appears to be as follows:
[0045] At the third step 406, DEM service 304 launches DEM engine 302 in response to receiving the user event notification, and passes the user SC 324 to the DEM engine 302. Once running, the DEM engine 302 creates one or more special SCs 326 based on the user SC 324, the one or more special SCs 326 configured to provide the user with one or more elevated privileges as discussed. In certain aspects, an elevated special SC 326 includes the attributes of user SC 324, but also includes administrator privileges (whereas the user SC 324 has user privileges), and allows child processes to be launched with administrator privileges.

However, while the above paragraph recites creating one or more special SCs based on the user SC (i.e. “first security context” or “elevated security context”), the Examiner can find no recitation that the special SC is created based on both contexts.  Therefore, the claim does not meet the written description requirement of 35 U.S.C. 112(a).  None of claims 2-8, 21-22 fix this and are therefore rejected for the same reasons.  For the purposes of art rejection, the above subject matter will be construed as generating the special security context based on the first security context and having an elevated security context.
Claims 9 and 17 contain corresponding subject matter to claim 1 and are therefore rejected for corresponding reasons, as well as the respective dependent claims 10-16 and 18-20.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Soman et al (PGPUB 2019/0005267), and further in view of Goodridge et al (PGPUB 2019/0243985).

Regarding Claims 1, 9, and 17:
Soman teaches a method, non-transitory computer-readable medium comprising instructions, and a computer system, comprising (abstract, dynamic privilege management in a computer system): 
one or more processors (paragraph 23); and 
a memory (paragraph 23), the one or more processors and the memory configured to cause the computer system to (abstract, paragraph 23-24, memory containing software instructions implementing dynamic privilege management): 
receive a task name at a service (paragraph 39, on every application launch (i.e. “task”), OS calls user environment manager (UEM) driver with details of application being launched; paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path) configured to launch a process corresponding to the task name (paragraph 41, UEM driver resumes creation of application process); 
determine, by the service, the process corresponding to the task name (paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path);
determine, by the service, a first security context associated with the process (paragraph 34, UEM endpoint software keeps reference to special SC and user’s original SC for future use; application’s process SC, e.g. “for privilege elevation, if permitted by the policy, the application's process SC is replaced with a duplicate of the special SC, which will provide the application administrator privileges”; paragraph 43, application default SC (e.g. a user SC));
determine, by the service, that the process is associated with an elevated security context based on a policy that maps the task name to the elevated security context, the elevated security context being elevated relative to the first security context (paragraph 40, UEM driver obtains application details from notification sent by OS for creation of application process, e.g. application file name/path; UEM driver evaluates policies based on the application identification information; UEM driver generates a privilege elevation result based on evaluation of policies; the privilege elevation result can include a positive or negative indication on whether the application process being created can have elevated privilege; paragraph 41, if the privilege elevation result indicates that application should be elevated, method 500 proceeds to step 514; at step 514, UEM service 304 elevates privileges of the application process in login session 306; UEM service 304 replaces a process SC 312 in the application process with a special SC 326 that includes administrator privileges);
generate, by the service, a special security context based on the first security context and the elevated security context, the special security context having one or more additional privileges including an elevated privilege (paragraph 34, for privilege elevation, if permitted by the policy, the application's process SC is replaced with a duplicate of the special SC, which will provide the application administrator privileges; paragraph 36, UEM service 304 creates a special SC 326 based on a user SC 324 for the login session 306; special SC 326 includes the attributes of user SC 324, but also includes administrator privileges (whereas the user SC 324 has user privileges)); and 
launch, by the service, the process using the special security context such that the process runs with the elevated privilege (paragraph 41, UEM driver or UEM service determines whether the application should be elevated based on the privilege elevation result; if not, method proceeds to step 518, where UEM driver resumes creation of the application process; if the privilege elevation result indicates that application should be elevated, method proceeds to step 514, wherein UEM service elevates privileges of the application process in login session; method proceeds to step 518 discussed above, i.e. UEM driver resumes creation of the application process).
Soman does not explicitly teach wherein the elevated privilege is an impersonated after-authentication privilege.
However, Goodridge teaches the concept wherein an elevated privilege is an impersonated after-authentication privilege (abstract, computer device for managing privilege delegation; paragraph 80-82, agent 700, for example the agent service 702, the agent driver 720 and/or the agent service 702 via the agent driver 720, is arranged to delegate the second privileges to the process 220 by providing a token (also known as an access token); the token is an impersonation token; the agent 700 is arranged to replace an original token, having the first privileges assigned thereto, associated with the request with a token having the second privileges assigned thereto; access tokens are objects that describe the security contexts of respective processes or threads; the tokens include the identities and privileges of the respective user accounts associated with the processes or threads; by default, the system uses the primary token when a thread of the process interacts with a securable object; a thread can impersonate a client account; impersonation allows the thread to interact with securable objects using the client's security context; a thread that is impersonating a client has both a primary token and an impersonation token; impersonating the user account 210 may be necessary as elevation may dependent on the security of the calling user and their SID; impersonating the user account 210 may be also necessary for supporting applications (i.e. processes such as the process 220) run through runas (RunAs.exe) on the command line).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the account impersonation teachings of Goodridge with the dynamic privilege management system of Soman, in order to provide privileges to a security context which allows the use of certain otherwise unavailable features, such as allowing a thread to interact with securable objects using a client’s security context (Goodridge, paragraph 81), thereby improving the utility of a process in controlled situations where privilege elevation is necessary to accomplish tasks.

Regarding Claims 2, 10, and 18:
Soman in view of Goodridge teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches wherein the one or more processors and the memory are configured to cause the computer system to receive and the launch during one of a login or logoff of a session (paragraph 22, during a login session of a desktop, dynamic privilege management detects launch of an application; dynamic privilege management evaluates elevation policies and determines reputation based on identification information for the application (e.g., a hash of the application); an application launches with elevated privileges only if allowed by an elevation policy).

Regarding Claims 3, 11, and 19:
Soman in view of Goodridge teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches wherein the special security context comprises child process de-elevation (paragraph 41, privilege elevation of a process; paragraph 50, child process privilege de-elevation), the one or more processors and the memory are configured to cause the computer system to: 
receive, by the service, a request to launch a child process of the process (paragraph 51, UEM driver monitors OS for child process creation; on every child process created, OS calls UEM driver with details of the child process); and 
launch, by the service, the child process using an unelevated security context (paragraph 52, UEM driver determines identification information for the application for the child process; UEM driver determines child process policy for application; paragraph 53, Fig. 9, UEM driver determines whether child process should be de-elevated based on policies; if so, UEM driver sends request to UEM service which de-elevates privileges of the child process; UEM driver resumes creation of child process at step 916).

Regarding Claims 4, 12, and 20:
Soman in view of Goodridge teaches the method of claim 1, the non-transitory computer-readable storage media of claim 9, and the computer system of claim 17.  In addition, Soman teaches the one or more processors and the memory are configured to cause the computer system to: 
receive a request to launch a child process of the process (paragraph 51, UEM driver monitors OS for child process creation; on every child process created, OS calls UEM driver with details of the child process), wherein one or more processors and the memory are configured to cause the computer system to determine the elevated security context associated with the process are configured to determine the elevated security context is associated with the child process (paragraph 50, by default, when OS creates a child process, the child process inherits the security context of the application; paragraph 52, UEM driver determines identification information for the application for the child process; UEM driver determines child process policy for application; paragraph 53, UEM driver determines whether the child process should be de-elevated based on policies; if not, UEM driver resumes creation of child process, i.e. elevated to security context of parent application); and 
launch the child process using the special security context (paragraph 53, UEM driver resumes creation of child process; paragraph 50, by default, child process inherits security context of application).

Regarding Claims 5 and 13:
Soman in view of Goodridge teaches the method of claim 1 and the non-transitory computer-readable medium of claim 9.  In addition, Soman teaches wherein the launching is performed during a session associated with an unelevated security context (paragraph 27-28, desktop provides login session; local security subsystem creates user security context for login session; user member of “users” group, not “administrators”; administrator privileges are elevated with respect to user privileges; paragraph 22, during login session of a desktop, dynamic privilege management detects launch of an application), wherein the service is registered with an operating system of the computer system and configured to receive an indication of the session from the operating system (paragraph 35, UEM service registers with OS for notification of user logins; in response to user log on, OS sends notification to UEM service with details of logged on user).

Regarding Claims 6 and 14:
Soman in view of Goodridge teaches the method of claim 5 and the non-transitory computer-readable medium of claim 13.  In addition, Soman teaches wherein the service uses at least one of a remote procedure call application programming interface or a local inter-process communication to establish a communication path with an engine (paragraph 26, APIs, inter-process communication; local security subsystem 319 includes processes and associated libraries 316 that manage local security of OS 218), the engine being executable by the service within a login session and with a local security context of a local security subsystem of the login session (paragraph 27, upon a successful login, local security subsystem 319 creates a user SC 324 for login session 306; paragraph 36, UEM service 304 creates a process (a special instance of UEM agent 310) within login session 306; this instance of UEM agent 310 is created with privileges sufficient to create security contexts; a normal process does not have permission to create security contexts; typically, only a process in local security subsystem 319 has such permission to create security contexts; in a Microsoft Windows operating system, a process known as the Local Security Authority Subsystem Service (lsass) has SeCreateToken privilege enabled to call native APIs and create access tokens; UEM service 304 uses APIs 320 to obtain the SC of the local security process that can create SCs (e.g., the token of the lsass service)).  

Regarding Claims 7 and 15:
Soman in view of Goodridge teaches the method of claim 6 and the non-transitory computer-readable medium of claim 14.  In addition, Soman teaches the operations further comprising creating the special security context from the local security context upon initialization of the login session (paragraph 36, UEM service 304 creates a special security context (SC) 326 based on a user SC 324 for the login session 306; special SC 326 includes the attributes of user SC 324, but also includes administrator privileges (whereas the user SC 324 has user privileges); UEM service 304 uses APIs 320 to obtain the SC of the local security process that can create SCs (e.g., the token of the lsass service)).

Regarding Claims 8 and 16:
Soman in view of Goodridge teaches the method of claim 7 and the non-transitory computer-readable medium of claim 15.  In addition, Soman teaches wherein the creating is performed by a local process in the local security subsystem having privileges to create security contexts and wherein the at least one of the remote procedure call application programming interface or the local inter-process communication is used by the service when executing the engine to cause the local process to create the special security context (paragraph 36, UEM service 304 creates a process (a special instance of UEM agent 310) within login session 306; this instance of UEM agent 310 is created with privileges sufficient to create security contexts; UEM service 304 uses APIs 320 to obtain the SC of the local security process that can create SCs (e.g., the token of the lsass service)).

Claim(s) 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Soman in view of Goodridge, and further in view of Huculak (“How to create an automated task using Task Scheduler on Windows 10”).

Regarding Claim 21:
Soman in view of Goodridge teaches the method of claim 1.  
Neither Soman nor Goodridge explicitly teaches wherein the task name is different than an executable name of the process, the task name is administrator defined, and when the executable name of the process is used to launch the process, the process is launched with a different security context than the special security context
However, Huculak teaches the concept wherein a task name is different than an executable name of a process (page 1, “How to create an automated task using Task Scheduler on Windows 10”; page 11, “How to create an advanced task using Task Scheduler”; page 12-13, “Select the Create Task option”; “In the ‘Name’ field, type a short descriptive name for the task.  For example, PowerShell First Script.”; page 20, “Under the ‘Settings’ section, in the ‘Program/script’ field, specify the path for the application.  For example: powershell.exe.”; therefore, the task name is different than the executable name), the task name is administrator defined (page 15, “If you’re using an account with administrative privileges, the default user should be fine.”; screenshot shows that the author of the task is the account that will run the task; for accounts with administrative privileges, the task name would therefore be administrator defined; page 15, “If the task requires elevated privileges, check the Run with highest privileges option.”; Huculak therefore teaches mapping a task to an elevated security context), and when the executable name of the process is used to launch the process, the process is launched with a different security context than a special security context (page 15, 20, a task, comprising a Program/script name, can be instructed to “Run with highest privileges”; therefore, it follows that launching the program independently and not through the task scheduler launches the program at the default level of privileges, whether that level is higher, lower, or the same as the scheduler).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the custom task name and administrator creation teachings of Huculak with the dynamic privilege management system of Soman in view of Goodridge.  Task scheduling has been an included application in one of the most popular operating systems in current use for many years.  Providing a means of applying custom names and descriptive elements to executable processes is a well-known concept, providing the advantage of improved readability and the ability for nontechnical users to understand tasks which were created by administrators and other technical users, given that many executable processes are given alphanumeric names which are often abbreviated or difficult to understand.  Furthermore, a person of ordinary skill in the art would have immediately concluded that providing means for administrators to define task names was obvious; administrators typically have access to systems at the highest level of privilege, and it would be counterintuitive to give lower level users (or no one at all) the ability to define the task name without providing that ability to administrators.

Regarding Claim 22:
Soman in view of Goodridge and Huculak teaches the method of claim 21.  In addition, Huculak teaches wherein the policy further maps a second task name to an unelevated security context, the second task name corresponding to the process (page 13, 15, a task, comprising a custom name in the “Name” field, and a Program/script name, can be instructed to run with or without highest privileges; as there is no limitation on the number of tasks which can execute the same Program/script, it therefore follows that different task names can execute the same process at different security contexts).
The rationale to combine Soman and Huculak is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 22.

Response to Arguments
Applicant's arguments filed 11/10/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 103:
In response to Applicant’s arguments, page 9 paragraph 6-page 10 paragraph 1:  However, while Soman and Hukulak do not contain the subject matter of the “special security context based on the first security context and the elevated security context”, Soman at least teaches the special security context based on the first security context and having an elevated security context (paragraph 34, 36, as above, see page 5-6 of the current office action).  Further, the exact subject matter of the “special security context based on the first security context and the elevated security context” does not appear to be in the disclosure as originally filed, and is therefore subject to rejection under 35 U.S.C. 112(a) (see above, page 2-4 of the current office action).
Therefore, the only element missing from Soman and Huculak is the element of the special security context having one or more additional privileges including an impersonated after-authentication privilege, as added by amendment.  However, a new ground(s) for rejection is provided above which does teach the additional amended subject matter.

	Applicant’s arguments with regard to independent claims 9 and 17 are similar to those regarding claim 1 and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491