Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
This action is in response to the Amendment filed on 11/18/2022.
Claims 1-22 are under examination.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 10-11, 13 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 9,250,955 B1), Wong et al. (US 2013/0275590 A1) and Agarwal et al. (US 2016/0315926 A1).
Regarding claim 1, Cox et al. discloses A system [fig. 1], comprising: at least one data processor; and at least one memory storing instructions, which when executed by the least one data processor, cause the at least one data processor to at least: receive, from a first client device, a first request for an authorization of one or more actions of a first user at the first client device, the one or more actions affecting access to service provided by a computing system [col. 25, lines 52-63, “a junior administrator may open a GUI to perform various administrative tasks on the storage system as allowed based on their access/permission level, role or other functions that person is allowed to perform... Once the junior administrator completes the GUI parameter selection process they can submit the requested management operation for approval”, col. 14, lines 59-67, “provisioning or configuring storage for a particular database application, monitoring a data storage system, migrating data, diagnosing system problems, adding or expanding data storage capacity such as adding a new device, destroying or removing data storage capacity such as when removing an existing device, providing data storage protection such as through redundancy, servicing the data storage system such as by applying software upgrades, patches, and the like”]; respond to the first request by at least sending, to a second client device, a second request for a second user at the second client device to authorize the one or more actions of the first user [col. 25, line 64-col. 26, line 3, “The senior administrator may receive an alert, such as an e-mail, text, pop-up, or other such alert indicating that one or more request is awaiting approval. The senior administrator may then access the system via, for example, a user interface configured for a senior administrator that will display a queue of pending requests and may further include additional details describing the requested tasks”]; receive, from the second client device, a first indication that the second user authorizes the one or more actions [col. 27, lines 41-52, “an approved request may simply state that the command has been approved or is pending or may include additional details as appropriate (e.g., time, result, system state, etc.)”]; and respond to the first indication by at least executing, at the computing system, the one or more actions to add or remove an access to the service provided by the computing system [col. 25, lines 45-47, “Approved request may be forwarded for execution either immediately or queued for later execution as appropriate”, col. 14, lines 59-67, “provisioning or configuring storage for a particular database application, monitoring a data storage system, migrating data, diagnosing system problems, adding or expanding data storage capacity such as adding a new device, destroying or removing data storage capacity such as when removing an existing device, providing data storage protection such as through redundancy, servicing the data storage system such as by applying software upgrades, patches, and the like”].  
Cox et al. does not explicitly disclose the first indication including an acknowledgement of a threshold quantity of the one or more actions.
However Wong et al. teaches the first indication including an acknowledgement of a threshold quantity of the one or more actions [par. 0028, “user authorization information to determine whether or not to authorize a user's access of the resource 122, such as identification of users authorized to access the resource 122 and/or a number of authorized user accesses in a time period”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Wong et al. into the teaching of Cox et al. with the motivation such that requests to access resources are monitored and controlled in order limit access to approved resources as taught by Wong et al. [Wong et al: par. 0022].
They do not explicitly disclose the service is an application delivered as a service and modify an application delivery controller of the computing system.
However, Agarwal et al. teaches the service is an application delivered as a service and modify an application delivery controller of the computing system [par. 0046, “these services may be offered as web-based or cloud services or under Software as a Service (SaaS) model to the users of client systems 102, 120. For example, security management system 150 may manage security artifacts according to a subscription. The services offered by security management system 150 may include application services... The SaaS platform may manage and control the underlying software and infrastructure for providing the SaaS services”, par. 0050, “Service provider 140 and/or client systems can manage (e.g., create, delete, edit, modify, update, or read) security artifact archives through an interface provided by interface 154. For example, through interface 154, security management system 150 can receive requests for managing security artifacts. Security management system 150 can provide security artifact archives or information from security artifact archives to enable service provider 140 and client systems to determine access for objects”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Agarwal et al. into the teaching of Cox et al. and Wong et al. with the motivation to enable service provider and client systems to determine access for objects as taught by Agarwal et al. [Agarwal et al: par. 0050].

Regarding claim 3, the rejection of claim 1 is incorporated.
Cox et al. further disclose the at least one data processor is further caused to at least: receive, from the second client device, a second indication of the second user declining to authorize the one or more actions; and respond to the second indication by at least declining to execute, at the computing system, the one or more actions [col. 25, lines 47-49, “The senior administrator may reject the request if it includes, for example, incorrect or invalid parameters, or may result in a detrimental effect on the storage system”, col. 27, lines 25-27, “the senior administrator may outright reject the request thereby preventing the requested management operation from executing”, col. 27, lines 48-52, “Management operation request that are rejected, may also include details as to why the request was rejected, suggestions for submitting a new request, sources for additional information, or other avenues for follow-up”].
Regarding claim 10, the rejection of claim 1 is incorporated.
Cox et al. further disclose wherein executing the one or more actions modifies the computing system including by adding and/or removing one or more of a user and a service of the computing system [col. 14, lines 59-67, “provisioning or configuring storage for a particular database application, monitoring a data storage system, migrating data, diagnosing system problems, adding or expanding data storage capacity such as adding a new device, destroying or removing data storage capacity such as when removing an existing device, providing data storage protection such as through redundancy, servicing the data storage system such as by applying software upgrades, patches, and the like”].
Regarding claim 11, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 13, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 20, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 21, it recites limitations similar to claim 1.
Agarwal et al. further discloses the application delivery controller comprises a network interface or a gateway [par. 0061, “a request may originate from a user (e.g., an administrator) via interface 154 to manage security artifact archives”, fig. 1, security management system].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Agarwal et al. into the teaching of Cox et al. and Wong et al. with the motivation to enable service provider and client systems to determine access for objects as taught by Agarwal et al. [Agarwal et al: par. 0050].
Regarding claim 22, it recites limitations similar to claim 1.
Agarwal et al. further discloses the application delivery controller provides access to applications and data deployed in a datacenter, a cloud, or is delivered as software as a service across a plurality of client devices [par. 0046, “these services may be offered as web-based or cloud services or under Software as a Service (SaaS) model to the users of client systems 102, 120”, fig. 1, security management system].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Agarwal et al. into the teaching of Cox et al. and Wong et al. with the motivation to enable service provider and client systems to determine access for objects as taught by Agarwal et al. [Agarwal et al: par. 0050].

Claims 2, 4, 6-8, 12, 14 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 9,250,955 B1) and Wong et al. (US 2013/0275590 A1) as applied to claims 1, 3, 10-11, 13 and 20-22 above, and further in view of Teranoshita (US 2011/0087869 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose the second user at the second client device acknowledge the threshold quantity of the one or more actions.
They do not explicitly disclose in response to the second user at the second client device failing to acknowledge the threshold quantity of the one or more actions, decline to execute, at the computing system, the one or more actions.
However Teranoshita teaches in response to the second user at the second client device failing to acknowledge the threshold quantity of the one or more actions, decline to execute, at the computing system, the one or more actions [par. 0084, “When a valid period is set to the approval waiting information, the approval management unit 64 processes the approval result for the approval waiting information as not approvable if the approval waiting state has continues for the valid period or longer”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Teranoshita into the teaching of Cox et al. and Wong et al. with the motivation such that the machine configurations applied to the digital multi-function peripherals need to be approved by an administrator having the right to manage the digital multi-function peripherals as taught by Teranoshita [Teranoshita: par. 0040].
Regarding claim 4, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose the second user at the second client device acknowledge the threshold quantity of the one or more actions.
They do not explicitly disclose in response to the second user at the second client device failing to respond to the second request within a threshold quantity of time, decline to execute, at the computing system, the one or more actions.
However Teranoshita teaches in response to the second user at the second client device failing to respond to the second request within a threshold quantity of time, decline to execute, at the computing system, the one or more actions [par. 0084, “When a valid period is set to the approval waiting information, the approval management unit 64 processes the approval result for the approval waiting information as not approvable if the approval waiting state has continues for the valid period or longer”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Teranoshita into the teaching of Cox et al. and Wong et al. with the motivation such that the machine configurations applied to the digital multi-function peripherals need to be approved by an administrator having the right to manage the digital multi-function peripherals as taught by Teranoshita [Teranoshita: par. 0040].
Regarding claim 6, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose the first request for an authorization of one or more actions of a first user at the first client device.
They do not explicitly disclose the first request comprises a request to identify one or more pools of available peer reviewers.
However Teranoshita teaches the first request comprises a request to identify one or more pools of available peer reviewers [par. 0047, “The approval management unit 64 specifies an approval candidate for the machine configuration information for which the approval request was received with reference to the approval candidate list 18a. A plurality of persons may be specified as approval candidates for one machine configuration information”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Teranoshita into the teaching of Cox et al. and Wong et al. with the motivation such that the machine configurations applied to the digital multi-function peripherals need to be approved by an administrator having the right to manage the digital multi-function peripherals as taught by Teranoshita [Teranoshita: par. 0040].
Regarding claim 7, the rejection of claim 6 is incorporated.
Teranoshita further teaches in response to a selection of a pool of available peer reviewers that includes the second user and a third user, send, to the second client device and a third client device of the third user, the second request to authorize the one or more actions of the first user [par. 0085, “it is possible to select all approval candidates for the machine configuration information for which the approval request has been received in accordance with the approval candidate list 18a and notify each of the selected approval candidates of the approval request for the machine configuration information”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Teranoshita into the teaching of Cox et al. and Wong et al. with the motivation such that the machine configurations applied to the digital multi-function peripherals need to be approved by an administrator having the right to manage the digital multi-function peripherals as taught by Teranoshita [Teranoshita: par. 0040].
Regarding claim 8, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose the first request for an authorization of one or more actions of a first user at the first client device.
They do not explicitly disclose the first request comprises a request to identify one or more available peer reviewers, and wherein the second request is sent to the second client device in response to a selection of the second user from the one or more available peer reviewers.
Teranoshita further teaches the first request comprises a request to identify one or more available peer reviewers, and wherein the second request is sent to the second client device in response to a selection of the second user from the one or more available peer reviewers [par. 0047, “The approval management unit 64 specifies an approval candidate for the machine configuration information for which the approval request was received with reference to the approval candidate list 18a. A plurality of persons may be specified as approval candidates for one machine configuration information”, par. 0085, “it is possible to select all approval candidates for the machine configuration information for which the approval request has been received in accordance with the approval candidate list 18a and notify each of the selected approval candidates of the approval request for the machine configuration information”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Teranoshita into the teaching of Cox et al. and Wong et al. with the motivation such that the machine configurations applied to the digital multi-function peripherals need to be approved by an administrator having the right to manage the digital multi-function peripherals as taught by Teranoshita [Teranoshita: par. 0040].
Regarding claim 12, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 14, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 16, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.
Regarding claim 17, it recites limitations similar to claim 7. The reason for the rejection of claim 7 is incorporated herein.
Regarding claim 18, it recites limitations similar to claim 8. The reason for the rejection of claim 8 is incorporated herein.

Claims 5, 9, 15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Cox et al. (US 9,250,955 B1) and Wong et al. (US 2013/0275590 A1) as applied to claims 1, 3, 10-11, 13 and 20-22 above, and further in view of Esibov et al. (US 2021/0103461 A1).
Regarding claim 5, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose receive, from the second client device, a first indication that the second user authorizes the one or more actions.
They do not explicitly disclose receive, from the second client device, a second indication of the second user terminating the authorization of the one or more actions; and respond to the second indication by at least declining to execute, at the computing system, the one or more actions.
However Esibov et al. teaches receive, from the second client device, a second indication of the second user terminating the authorization of the one or more actions; and respond to the second indication by at least declining to execute, at the computing system, the one or more actions [par. 0040, “the tenant session manager(s) 140 will track the permissions and other state associated with the user session to grant/deny access to resources within the session that are requested by the user based on associated policies and based on the profiles of the users/tenants and/or ML model(s) 166. The tenant session manager(s) 140 may also terminate or suspend a previously authorized session until a user provides new credentials that may be required by the tenant session manager(s) 140”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Esibov et al. into the teaching of Cox et al. and Wong et al. with the motivation for managing dynamic controls over access to computer resources as taught by Esibov et al. [Esibov et al.: abs.].
Regarding claim 9, the rejection of claim 1 is incorporated.
Cox et al. and Wong et al. disclose receive, from the second client device, a first indication that the second user authorizes the one or more actions.
They do not explicitly disclose receive, from the first client device, a third request to access the computing system; respond to the third request by at least sending, to the second client device or a third client device of a third user, a fourth request to verify an identity of the first user; and authenticate, based at least on the second user or the third user verifying the identity of the first user, the first user.
However Esibov et al. teaches receive, from the first client device, a third request to access the computing system; respond to the third request by at least sending, to the second client device or a third client device of a third user, a fourth request to verify an identity of the first user; and authenticate, based at least on the second user or the third user verifying the identity of the first user, the first user [par. 0020, “for evaluating/re-evaluating dynamic conditions associated with user sessions for selectively determining whether to require or to refrain from requiring additional authentication credentials for the users engaged in user sessions for which they have already been authenticated and in order to continue granting (or alternatively to restrict/limit/terminate) access to computer resources in the user sessions based on the new/changed dynamic conditions”, par. 0062, “can trigger a new consideration of whether new credentials are required to authorize/grant requested computer resources”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Esibov et al. into the teaching of Cox et al. and Wong et al. with the motivation for managing dynamic controls over access to computer resources as taught by Esibov et al. [Esibov et al.: abs.].
Regarding claim 15, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 19, it recites limitations similar to claim 9. The reason for the rejection of claim 9 is incorporated herein.


Response to Arguments
Applicant’s arguments, filed on 11/18/2022, with respect to rejection under 35 USC § 103 have been considered but are moot in view of the new ground(s) of rejection.


Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 8510265 B1		Configuration Utility For A Data Storage System Using A File Mapping Protocol For Access To Distributed File Systems
US 20070192349 A1		Data Provisoning Method And System
US 20130130642 A1		USER-INITIATED QUALITY OF SERVICE MODIFICATION IN A MOBILE DEVICE
US 20050086531 A1		Method And System For Proxy Approval Of Security Changes For A File Security System
US 7103871 B1		Method For Rapid Application Life Cycle Change Requests
US 8650374 B2		Storage System
US 20170262260 A1		SVN Interface System For Heterogeneous Development Environments
US 20200344253 A1		SYSTEMS AND METHODS FOR DATA-DRIVEN INFRASTRUCTURE CONTROLS
US 20210067406 A1		SELF-OPTIMIZATION OF COMPUTING ENVIRONMENTS
US 10523716 B1		Immutable Accounts
US 20080148248 A1		Automatic Software Maintenance With Change Requests
US 11032287 B1		Delegated Administrator With Defined Permission Boundaries In A Permission Boundary Policy Attachment For Web Services And Resources

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM TO 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JASON CHIANG/Primary Examiner, Art Unit 2431