2019003861 (P.T.A.B. Dec. 30, 2020)

International Business Machines Corporation

Patent Trials and Appeals BoardDec 30, 2020

2019003861 (P.T.A.B. Dec. 30, 2020)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/468,771 03/24/2017 Manjeri R. Dharmarajan IN920110072US2 1191 50170 7590 12/30/2020 IBM CORP. (WIP) c/o WALDER INTELLECTUAL PROPERTY LAW, P.C. 445 CRESTOVER CIRCLE RICHARDSON, TX 75080 EXAMINER PAN, PEILIANG ART UNIT PAPER NUMBER 2492 MAIL DATE DELIVERY MODE 12/30/2020 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte MANJERI R. DHARMARAJAN, KAUSHAL K. KAPADIA, VIGNESHWARNATH MIRIYALA, NATARAJ NAGARATNAM, DARSHINI G. SWAMY, and SUYESH R. TIWARI ________________ Appeal 2019-003861 Application 15/468,771 Technology Center 2400 ________________ Before CAROLYN D. THOMAS, JASON V. MORGAN, and JEREMY J. CURCURI, Administrative Patent Judges. MORGAN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–6, 8–16, and 18–22. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party in interest as International Business Machines Corporation. Appeal Br. 2. Appeal 2019-003861 Application 15/468,771 2 SUMMARY OF THE DISCLOSURE Appellant’s claimed subject matter relates to “facilitating recertification of a user access entitlement” by outputting a “recertification request graphical user interface” that “includes [a] pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.” Abstract. ILLUSTRATIVE CLAIM (disputed limitations emphasized and bracketing added) 1. A method, in a data processing system having a processor implemented in hardware, for recertification of a user access entitlement, comprising: collecting, from a system resource of the data processing system, access information representative of a pattern of access of the system resource by a user access entitlement; determining, by the processor, that recertification of the user access entitlement, with regard to the system resource, is to be performed; determining, by the processor, at least one first access metric associated with the user access entitlement based on the access information for the user access entitlement; and [1] outputting, by the processor, a recertification request graphical user interface to a user based on the pattern of access, wherein the recertification request graphical user interface comprises: [2] a representation of a comparison of the at least one first access metric, associated with the user access entitlement, with one or more second access metrics associated with one or more other user access entitlements, and [3] one or more graphical user interface elements for receiving a user input specifying acceptance or denial of Appeal 2019-003861 Application 15/468,771 3 the recertification of the user access entitlement, wherein the at least one first access metric and the one or more second access metrics comprise values indicative of previous access operations by corresponding user access entitlements. REFERENCES The Examiner relies on the following prior art: Name Reference Date Gill et al. (“Gill”) US 2011/0126111 A1 May 26, 2011 John US 8,166,554 B2 Apr. 24, 2012 rejections The Examiner rejects claims 1–6, 8–16, and 18–22 under 35 U.S.C. § 103(a) as obvious over Gill and John. Final Act. 2–10. ANALYSIS In rejecting claim 1 as obvious, the Examiner finds that Gill’s graphical modeling capabilities, used to automate, monitor, and track re- affirmation projects teaches or suggests recitation [1]: “outputting, by the processor, a recertification request graphical user interface to a user based on the pattern of access, wherein the recertification request graphical user interface comprises.” Final Act. 3 (citing Gill ¶ 105); Ans. 12–13. The Examiner further finds Gill’s use of graphical modeling capabilities in re- affirmation projects teaches or suggests recitation [3]: “one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.” Final Act. 3 (citing Gill ¶¶ 105, 313, 316–23, 351); Ans. 6 (further citing Gill ¶ 314). The Examiner finds Gill’s visual representations among entities such as users combined with John’s pie charts showing what percentage of Appeal 2019-003861 Application 15/468,771 4 accesses were by particular users teaches or suggests recitation [2]: “a representation of a comparison of the at least one first access metric, associated with the user access entitlement, with one or more second access metrics associated with one or more other user access entitlements.” Final Act. 3–4 (citing Gill ¶¶ 313, 316–23, 351, Figs. 11, 13; John 7:30–39; Fig. 7); Ans. 6–8. The Examiner finds Gill “relates to preventing, detecting, mitigating, and responding to blended risks and threats” (Final Act. 5 (quoting Gill ¶ 3)) and that “John’s teaching could enhance the system of Gill, because John teaches ‘This invention relates to providing security for an enterprise, taking into consideration key factors such as people, processes, and policies of the enterprise . . . and group resource uses’” (id. (quoting John 1:9–12)). Thus, the Examiner concludes it would have been obvious to an artisan of ordinary skill to combine Gill and John in the manner of claim 1. Id. Appellant contends the Examiner erred because “Gill is not concerned with handling recertification of a user’s user access entitlement by comparing the user’s access metrics with other user’s access metrics in a graphical user interface along with elements for allowing a user to accept or deny recertification.” Appeal Br. 6–7; Reply Br. 6. The Specification provides support for disputed recitations [1]–[3] in Figure 5, which is reproduced below. Appeal 2019-003861 Application 15/468,771 5 The Specification’s Figure 5 illustrates “an example diagram of a recertification request review and approval graphical user interface.” Spec. ¶ 15. The graphical user interface “includes a user account information section 510 which includes information about the user account that is subject to the recertification operation.” Id. ¶ 71. This section includes “an identity and access management system’s recommendation 512 as to whether to accept or deny the recertification request,” but “[t]his recommendation is only a recommendation and the actual acceptance or rejection of the recertification is made by the recertifier by selecting a corresponding one of the graphical user interface elements 516.” Id. ¶ 72. To teach or suggest recitation [3], the Examiner cites to Gill’s Figures 11 and 13. Gill’s Figure 11 is reproduced below. Appeal 2019-003861 Application 15/468,771 6 Gill’s Figure 11 shows “a sample screen shot showing the visual simulation of risks and the ability to add or remove transactions related to that role and see the resulting impact.” Gill ¶ 27. One of the disclosed features of this interface is the ability to “[q]uickly and visually reaffirm access, roles, risks, assets certifications and training.” Id. ¶ 317. But Gill’s Figure 11 does not depict any “graphical user interface elements for receiving a user input specifying acceptance or denial of [a] recertification of [a] user access entitlement,” as recited in recitation [3] of claim 1. Gill’s Figure 13 is reproduced below. Appeal 2019-003861 Application 15/468,771 7 Gill’s Figure 13 depicts “a sample screen showing how a user may track and log privileged access for IT applications as well as physical access to facilities and critical assets.” Gill ¶ 29. In particular, it “shows a list of events that took place during an individual’s privileged access session.” Id. ¶ 389. Like Gill’s Figure 11, Figure 13 does not depict any “graphical user interface elements for receiving a user input specifying acceptance or denial of [a] recertification of [a] user access entitlement,” as recited in recitation [3] of claim 1. With respect to recitation [3], the Examiner also cites to Gill’s AlertCertify teaching, “which provides a highly visual computer- implemented system solution with powerful graphical modeling capabilit[ies] to completely automate, monitor and track the numerous re- affirmation projects that risk and compliance analysts, IT security and business managers must complete.” Gill ¶ 105 (cited in Final Act. 3). And the Examiner cites to Gill’s disclosure that a “[r]equest creation processor sends data to a risk analysis processor, which processes the data and then Appeal 2019-003861 Application 15/468,771 8 makes the processed data available to a manager.” Id. ¶ 314 (cited in Ans. 6). This can be used when providing “roles-based dashboards to reviewers, administrators, auditors and risk managers with [the] added capability of remediating risk, such as with a single click.” Id. ¶ 313 (cited in Final Act. 3). Although these additional disclosures in Gill relate to re-affirmation projects and to risk remediation with a single click, Gill is not specific as to the graphical user interface elements used to provide these features. In particular, like the cited figures discussed above, these disclosures in Gill do not disclose the use of “graphical user interface elements for receiving a user input specifying acceptance or denial of [a] recertification of [a] user access entitlement,” as recited in recitation [3] of claim 1. The Examiner provides limited analysis that fails to show that the graphical user interface elements of recitation [3] would have been obvious in light of the cited teachings of Gill. Final Act. 3; Ans. 6.The Examiner also does not show that John cures the noted deficiency of Gill. Therefore, we agree with Appellant that the Examiner’s findings do not show that the combination of Gill and John teaches or suggests recitation [3]. Accordingly, we do not sustain the Examiner’s 35 U.S.C. § 103(a) rejection of claim 1, or the rejection of claims 2–6, 8–16, 18–22, which contain similar recitations. Appeal 2019-003861 Application 15/468,771 9 CONCLUSION Claims Rejected 35 U.S.C. § References Affirmed Reversed 1–6, 8–16, 18–22 103(a) Gill, John 1–6, 8–16, 18–22 REVERSED