FRAMEWORK FOR AUTOMATED OPERATOR ACCESS TO INFRASTRUCTURE IN A CLOUD SERVICE

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Applicant’s amendment filed 20 January 2026 amends claims 1-5, 7, 9-13, 15, 17-21, and 23. Applicant’s amendment has been fully considered and entered. Response to Arguments Applicant argues on page 10 of the response, “Dani fails to disclose, teach or suggest ‘the access request corresponds to an access type that requires a customer approval of the cloud provider operator’s access request’…” This argument is not persuasive because Dani discloses that the access control request corresponds with a request that requires approval from one or more internal administrators ([0021 & [0034]-[0035]). Applicant argues on page 10 of the response, “Dani fails to disclose, teach or suggest…’the access policy comprises a keyword that corresponds to one or more conditions for overriding a requirement of the customer approval’ as recited in claim 1.” This argument is not persuasive because Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]). Applicant argues on page 11 of the response, “Cited sections of Dani do not mention a customer approval requirement or overriding a customer approval requirement…” This argument is not persuasive because the automatic approval procedure represents a override of a customer approval requirement. Figure 3 of Dani makes it clear that step 306 allows for an automatic approval procedure where an approval requirement is otherwise necessary (See steps 316-320 of Figure 3). Applicant argues on page 11 of the response, “Cited sections of Dani…further fail to disclose or mention a ‘keyword,’ particularly in the claimed context of an access policy comprising a keyword that corresponds to one or more conditions for overriding a requirement of the customer approval.” This argument is not persuasive because Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030] and the criterion reads on the claimed keyword. Applicant argues on pages 11-12 of the response, “In contrast, cited sections of Dani…generally refer to an access control request that can be automatically approved, but cited sections of Dani do not disclose, teach or suggest an access policy having a customer approval requirement, overriding a customer approval requirement, an access policy having a keyword that corresponds to one or more conditions for overriding the customer approval requirement, and automatically permitting a cloud provider operation to access a cloud infrastructure resource used by the customer according to such an access policy allowing for overriding of the customer approval requirement.” This argument is not persuasive because, as stated above, Dani discloses that the access control request corresponds with a request that requires approval from one or more internal administrators ([0021 & [0034]-[0035]). The permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]) where the criterion reads on the claimed keyword. Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3). Applicant argues on page 13 of the response, “As noted above, cited paras. [0029]-[0030] of Dani do not disclose, teach or suggest overriding a customer approval requirement, do not refer to terms ‘override’ or ‘overriding’ same, and do not disclose an access policy structured to include a keyword indicative of an override condition as recited in claim 2.” In response, the claim as amended requires that the keyword be “indicative” of an override condition. Dani discloses that permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]) where the criterion reads on the claimed keyword because the criterion from the permission policy is “indicative” of the ability to automatically approve requests, which would correspond to the claimed “override”. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-24 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dani, U.S. Publication No. 2016/0277411. Referring to claim 1, Dani discloses access control system for cloud-based services ([0016]-[0017]) that include a set of permission policies that are implemented to determine access to requested services ([0021]) that are hosted by cloud service providers for client organizations ([0016]: client organizations are cloud computing customers), which meets the limitation of configuring a customer access control mechanism for a cloud infrastructure resource used by customer and that is managed by a cloud provider, wherein the customer access control mechanism comprises an access policy for processing an access request from a cloud provider operator to allow the cloud provider operator to access the cloud infrastructure resource used by the customer. The access control request corresponds with a request that requires approval from one or more internal administrators ([0021 & [0034]-[0035]), which meets the limitation of the access request corresponds to an access type that requires a customer approval of the cloud provider operator’s access request. The permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword; automatic approval reads on the claimed overriding a requirement of the customer approval), which meets the limitation of wherein the access policy comprises a keyword that corresponds to one or more conditions for overriding a requirement of the customer approval, automatically permitting cloud provider operator to access the cloud infrastructure resource used by the customer according to the access policy allowing for overriding of the requirement of the customer approval. Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3: these authorization steps represent the claimed check that is not obtained), which meets the limitation of wherein a check to determine the customer approval is not obtained from the customer when permitted the cloud provider operator access to the cloud infrastructure resource used by the customer. Referring to claim 2, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword because the criterion from the permission policy is “indicative” of the ability to automatically approve requests, which would correspond to the claimed “override”), which meets the limitation of wherein the keyword of the access policy is indicative of an override condition that is checked to determine whether the cloud provider operator access is permitted without the requirement of the customer approval. Referring to claim 3, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]), which meets the limitation of wherein the access request comprises information evaluated for determining whether the customer approval override condition of the access policy is satisfied. Referring to claim 4, Dani discloses that the access control request that identify an action that the operator wants to perform ([0019]), which meets the limitation of wherein the information of the access request includes at least one of a scope of access, a category of access, a reason for access. Referring to claims 5, 6, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion corresponding with request data can be considered a security incident that is checked against security ticketing), which meets the limitation of wherein the override condition of the access policy corresponds to a security incident, the security incident is checked against security ticketing. Referring to claim 7, Dani discloses that the requested action can include performing a debugging trace ([0031]), which meets the limitation of wherein the cloud provider operator access that is performed without checking for the customer approval comprises a diagnosis operation. Referring to claim 8, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]). Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3). The user assignment to the particular user group can be temporary ([0025]), therefore, any further access control requests received from the operator after expiration of this temporary time period would require the additional authorization steps 316-330 (Figure 3), which meets the limitation of wherein multiple override requests are subject to an additional approval process. Referring to claim 9, Dani discloses access control system for cloud-based services ([0016]-[0017]) that include a set of permission policies that are implemented to determine access to requested services ([0021]) that are hosted by cloud service providers for client organizations ([0016]: client organizations are cloud computing customers), which meets the limitation of configuring a customer access control mechanism for a cloud infrastructure resource used by customer and that is managed by a cloud provider, wherein the customer access control mechanism comprises an access policy for processing an access request from a cloud provider operator to allow the cloud provider operator to access the cloud infrastructure resource used by the customer. The access control request corresponds with a request that requires approval from one or more internal administrators ([0021 & [0034]-[0035]), which meets the limitation of the access request corresponds to an access type that requires a customer approval of the cloud provider operator’s access request. The permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword; automatic approval reads on the claimed overriding a requirement of the customer approval), which meets the limitation of the access policy comprises a keyword that corresponds to one or more conditions for overriding a requirement of the customer approval, automatically permitting the cloud provider operator to access the cloud infrastructure resource used by the customer according to the access policy allowing for overriding of the requirement of the customer approval. Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3: these authorization steps represent the claimed check that is not obtained), which meets the limitation of wherein a check to determine the customer approval is not obtained from the customer when permitted the cloud provider operator access to the cloud infrastructure resource used by the customer. Referring to claim 10, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword because the criterion from the permission policy is “indicative” of the ability to automatically approve requests, which would correspond to the claimed “override”), which meets the limitation of wherein the keyword of the access policy is indicative of an override condition that is checked to determine whether the cloud provider operator access is permitted without the requirement of the customer approval. Referring to claim 11, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]), which meets the limitation of wherein the access request comprises information evaluated for determining whether the customer approval override condition of the access policy is satisfied. Referring to claim 12, Dani discloses that the access control request that identify an action that the operator wants to perform ([0019]), which meets the limitation of wherein the information of the access request includes at least one of a scope of access, a category of access, a reason for access. Referring to claims 13, 14, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion corresponding with request data can be considered a security incident that is checked against security ticketing), which meets the limitation of wherein the override condition of the access policy corresponds to a security incident, the security incident is checked against security ticketing. Referring to claim 15, Dani discloses that the requested action can include performing a debugging trace ([0031]), which meets the limitation of wherein the cloud provider operator access that is performed without checking for the customer approval comprises a diagnosis operation. Referring to claim 16, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]). Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3). The user assignment to the particular user group can be temporary ([0025]), therefore, any further access control requests received from the operator after expiration of this temporary time period would require the additional authorization steps 316-330 (Figure 3), which meets the limitation of wherein multiple override requests are subject to an additional approval process. Referring to claim 17, Dani discloses access control system that includes a processor (Figure 4, element 402) and a memory storing instructions (Figure 4, element 404) for cloud-based services ([0016]-[0017]) that include a set of permission policies that are implemented to determine access to requested services ([0021]) that are hosted by cloud service providers for client organizations ([0016]: client organizations are cloud computing customers), which meets the limitation of a system comprising a processor, a memory for holding programmable code, and wherein the programmable code includes instructions executable by the processor for configuring a customer access control mechanism for a cloud infrastructure resource used by customer and that is managed by a cloud provider, wherein the customer access control mechanism comprises an access policy for processing an access request from a cloud provider operator to allow the cloud provider operator to access the cloud infrastructure resource used by the customer. The access control request corresponds with a request that requires approval from one or more internal administrators ([0021 & [0034]-[0035]), which meets the limitation of the access request corresponds to an access type that requires a customer approval of the cloud provider operator’s access request. The permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword; automatic approval reads on the claimed overriding a requirement of the customer approval), which meets the limitation of wherein the access policy comprises a keyword that corresponds to one or more conditions for overriding a requirement of the customer approval, and automatically permitting the cloud provider operator to access the cloud infrastructure resource used by the customer according to the access policy allowing for overriding of the requirement of the customer approval. Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3: these authorization steps represent the claimed check that is not obtained), which meets the limitation of wherein a check to determine the customer approval is not obtained from the customer when permitted the cloud provider operator access to the cloud infrastructure resource used by the customer. Referring to claim 18, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion reads on the claimed keyword because the criterion from the permission policy is “indicative” of the ability to automatically approve requests, which would correspond to the claimed “override”), which meets the limitation of wherein the keyword of the access policy is indicative of an override condition that is checked to determine whether the cloud provider operator access is permitted without the requirement of the customer approval. Referring to claim 19, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]), which meets the limitation of wherein the access request comprises information evaluated for determining whether the customer approval override condition of the access policy is satisfied. Referring to claim 20, Dani discloses that the access control request that identify an action that the operator wants to perform ([0019]), which meets the limitation of wherein the information of the access request includes at least one of a scope of access, a category of access, a reason for access. Referring to claims 21, 22, Dani discloses that the permission policy includes criterion that identify the ability to automatically approve access control requests ([0029]-[0030]: criterion corresponding with request data can be considered a security incident that is checked against security ticketing), which meets the limitation of wherein the override condition of the access policy corresponds to a security incident, the security incident is checked against security ticketing. Referring to claim 23, Dani discloses that the requested action can include performing a debugging trace ([0031]), which meets the limitation of wherein the cloud provider operator access that is performed without checking for the customer approval comprises a diagnosis operation. Referring to claim 24, Dani discloses that the request includes the identity of the requesting operator ([0019]) such that the corresponding user group of the requesting operator is checked against the permission policy user group criterion that dictates a user group whose access control requests can be automatically approved ([0029]-[0030]). Automatic approval of the access control requests based on the criterion in the permission policy prevents authorization steps 316-330 from being performed (Figure 3). The user assignment to the particular user group can be temporary ([0025]), therefore, any further access control requests received from the operator after expiration of this temporary time period would require the additional authorization steps 316-330 (Figure 3), which meets the limitation of wherein multiple override requests are subject to an additional approval process. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437