13228811 (P.T.A.B. Jun. 20, 2016)

Ex Parte Dharmarajan et al

Patent Trial and Appeal BoardJun 20, 2016

13228811 (P.T.A.B. Jun. 20, 2016)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/228,811 09/09/2011 Manjeri R. Dharmarajan IN920110072US1 8276 50170 7590 06/20/2016 IBM CORP. (WIP) c/o WALDER INTELLECTUAL PROPERTY LAW, P.C. 17304 PRESTON ROAD SUITE 200 DALLAS, TX 75252 EXAMINER KIM, TAE K ART UNIT PAPER NUMBER 2492 MAIL DATE DELIVERY MODE 06/20/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte MANJERI R. DHARMARJAN, KAUSHAL K. KAPADIA, VIGNESHWARNATH MIRIYALA, NATARAJ NAGARATNAM, DARSHINI G. SWAMY, and SUYESH R. TIWARI ____________ Appeal 2014-009483 Application 13/228,811 Technology Center 2400 ____________ Before ROBERT E. NAPPI, THU A. DANG, and JOHN P. PINKERTON, Administrative Patent Judges. PINKERTON, Administrative Patent Judge. DECISION ON APPEAL Appellants1 appeal under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1, 2, 4–6, 8–12, 14–16, and 18–25, which constitute all the claims pending in this application. Claims 3, 7, 13, and 17 are canceled. See Ans. 2. We have jurisdiction under 35 U.S.C. § 6(b). We reverse and enter a new ground of rejection within the provisions of 37 C.F.R. § 41.50(b) (2011). 1 Appellants identify International Business Machines Corporation as the real party in interest. App. Br. 2. Appeal 2014-009483 Application 13/228,811 2 STATEMENT OF THE CASE Appellants’ described and claimed invention generally relates to mechanisms for performing context aware recertification. Spec. ¶ 1. Claim 1 is illustrative and provides as follows (with the disputed limitation emphasized): 1. A method, in a data processing system having a processor implemented in hardware, for recertification of a user access entitlement, comprising: collecting, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement of a specific user; determining, by the processor, that recertification of the user access entitlement, with regard to the system resource, is to be performed; determining, by the processor, a pattern of access based on the access information for the user access entitlement; and outputting, by the processor, a recertification request graphical user interface to a user based on the pattern of access, wherein the graphical user interface comprises a representation of the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement, wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users, and wherein the first access metric and the second access metric are statistical values indicative of previous access operations by corresponding user access entitlements. Appeal 2014-009483 Application 13/228,811 3 Rejection on Appeal Claims 1, 2, 4–6, 8–12, 14–16, and 18–25 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Gill (US 2011/0126111 A1; published May 26, 2011) and Shoham (US 2006/0015930 A1; published Jan. 19, 2006). ANALYSIS The dispositive issue raised by Appellants’ Briefs is whether the combination of Gill and Shoham teaches or suggests the limitation “wherein the representation of the pattern of access comprises a comparison of a first access metric associated with the user access entitlement of the specific user to a second access metric associated with one or more other user access entitlements of one or more other specific users,” as recited in claim 1, and as similarly recited in claims 11 and 21. See App. Br. 13–18; Reply Br. 9– 17. The Examiner finds the combination of Gill and Shoham teaches or suggests the disputed limitation of claim 1. The Examiner finds that Gill discloses a system to display to a user statistical information regarding the user under review, such as the number of times a resource has been accessed in a session. Final Act. 3 (citing Gill Fig. 13, ¶ 389); Ans. 5. The Examiner finds that Shoham discloses a system that displays to each manager a list of their subordinates, login accounts, and other user objects, and entitlements associated with each login account or user object, to identify irregularities. Final Act. 4 (citing Shoham ¶ 117); Ans. 6. The Examiner also finds Shoham discloses it is known in the art to track the last login time/date Appeal 2014-009483 Application 13/228,811 4 records for each login account and that login times are used to determine if an account may be obsolete. Final Act. 4 (citing Shoham ¶ 20); Ans. 6. The Examiner further finds the combination of Gill and Shoham “would create a user interface that displays the details of a plurality of users within a single window, which can include the number of times a particular resource was accessed and the last login time for a particular resource.” Final Act. 4; Ans. 6–7. The Examiner finds it “would have been a designer’s choice as to what statistics and/or data is displayed for each user within the GUI to aid in the recertification process, illustrated by Gill in Figure 11, since these statistics and/or data are already obtained by Gill.” Ans. 7 (citing Gill, Figs. 11, 13; ¶¶ 351, 389). Appellants contend it would not have been obvious to combine Gill and Shoham in the manner set forth in the Final Action, that any alleged motivation to attempt to do so would be “based on impermissible hindsight reconstruction,” and that the resulting alleged combination would not result in the claims being taught or rendered obvious. App. Br. 6. Regarding the limitation at issue, Appellants argue Gill teaches “graphical user interfaces for displaying individual users and the risks associated with roles specified in a reaffirmation request.” See App. Br. 13, 17. In regard to Shoham, Appellants argue: All that Shoham teaches is the listing of subordinates, their accounts, and entitlements. There is no comparison of any metrics between such subordinates, let alone metrics that are statistical values indicative of previous access operations by corresponding user access entitlements. This is precisely because the whole purpose of Shoham is to allow human beings, i.e. managers, to decide subjectively whether to certify or delete users, accounts, or privileges simply based on organizational information, e.g., managers and subordinates. There is no Appeal 2014-009483 Application 13/228,811 5 consideration of any statistical metrics regarding access operations anywhere in Shoham. App. Br. 16. Regarding paragraph 20 of Shoham, Appellants argue it teaches a prior art technique that compares a login time of a user to determine if it is older than a threshold, but “this does not teach any comparison of the login time of a user with login times of other users.” App. Br. 16–17. We agree with Appellants’ arguments that the Examiner has erred. First, Appellants argue, and we agree, Figure 11 of Gill merely shows a graphical representation of users and their roles with textual descriptions of risks associated with those users. Reply Br. 10–11. As stated in paragraph 316 of Gill, Figure 11 shows “the powerful role modeling capabilities that include visual simulation of risks and the ability to add or remove transactions related to that role and see the resulting impact.” We also agree with Appellants that “nowhere in the description of Figure 11 is there any teaching or suggestion to include into Figure 11 of Gill . . . a comparison of access metrics of a plurality of users . . . .” Id. at 11. Second, Appellants argue, and we agree, Figure 13 of Gill “merely shows a screen for tracking and logging privileged access by a single individual such that high risk items are automatically identified” and there is no teaching or suggestion in Gill that the usage bar graph or pie graphs in Figure 13 should be compared with other users as part of a recertification of a user access entitlement. See id. at 12. In regard to Figure 13, we note paragraph 389 of Gill states that “[Figure] 13 shows a list of events that took place during an individual’s privileged access session. High risk items are Appeal 2014-009483 Application 13/228,811 6 automatically identified.” Thus, contrary to the Examiner’s findings (see Ans. 5), Figure 13 does not display “statistical values that are metrics,” but lists events occurring during an access session. Third, Appellants argue, and we agree, paragraph 20 of Shoham “merely teaches the evaluation of a single user’s account based on the last logon time of that particular user” and does not teach comparing the last login time of a user with the last login information of other users. Reply Br. at 13. Fourth, regarding the combination of Gill and Shoham, we agree with Appellants’ argument that the combination would not result in a recertification graphical user interface “that comprises the representation of the comparison of access metrics associated with user access entitlements of a plurality of users as recited in the present claims.” Id. at 14–15. Although the Examiner finds that the particular data displayed is a matter of design choice, we agree with Appellants’ argument that the choice of metrics to be displayed is irrelevant because nowhere in Gill, Shoham, or the combination of those references, is there a teaching or suggestion of displaying together the last login times for different users, let alone in a recertification request graphical user interface. Id. 14–15, 17. Thus, we agree with Appellants that the combination of Gill and Shoham does not teach or suggest the disputed limitation. The Examiner’s rationale is deficient and does not establish that the combined teachings of the references would have suggested the disputed limitation to one or ordinary skill in the art without resort to impermissible hindsight. See In re Warner, 379 F.2d 1011, 1017 (CCPA 1967) (“A rejection based on section 103 Appeal 2014-009483 Application 13/228,811 7 clearly must rest on a factual basis, and these facts must be interpreted without hindsight reconstruction of the invention from the prior art”). Accordingly, we do not sustain the rejection of claim 1. For the same reasons, we do not sustain the rejection of independent claims 11 and 21, as well as dependent claims 2, 4–6, 8–10, 12, 14–16, 18–20, and 22–25. NEW GROUND OF REJECTON Pursuant to the provisions of 37 C.F.R. § 41.50(b) (2011), we enter a new ground of rejection of claims 11, 12, 14–16, and 18–20 under 35 U.S.C. § 101 as being directed to non-statutory subject matter. Claim 11 recites, a computer program product comprising a “computer readable storage medium.” Appeal Br. 30 (Claims App.). We first note that the recited “computer readable storage medium” is not claimed as non-transitory. Id. Second, we note the Specification does not define “computer readable storage medium” to exclude signal propagation medium or transitory medium, but broadly defines the term to include a “computer readable signal medium” and “any tangible medium that can contain or store a program. . . .” See Spec. ¶ 21. Accordingly, we find that the broadest reasonable interpretation of the term “computer readable storage medium” includes transitory propagating signals. See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding that where a specification does not limit the term “machine readable storage medium” expressly to exclude signals, carrier waves, and other transitory media, the term encompasses transitory propagating signals). Furthermore, by encompassing transitory propagating signals, claim 11, and its dependent Appeal 2014-009483 Application 13/228,811 8 claims 12, 14–16, and 18–20, encompass non-statutory subject matter and are, therefore, rejected under 35 U.S.C. § 101. DECISION The Examiner’s decision rejecting claims 1, 2, 4–6, 8–12, 14–16, and 18–25 is reversed. A new ground of rejection is entered for claims 11, 12, 14–16, and 18–20. 37 C.F.R. § 41.50(b) This Decision contains a new ground of rejection pursuant to 37 C.F.R. § 41.50(b). Section 41.50(b) provides that “[a] new ground of rejection . . . shall not be considered final for judicial review.” 37 C.F.R. § 41.50(b) also provides that Appellants, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new Evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the proceeding will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same record. . . . No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). REVERSED; 37 C.F.R. § 41.50(b)