Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .7
DETAILED ACTION
This Office Action is in response to the communication and claim amendment
filed on 01/23/2026; Claims 1-2, 12-13, and 17-18 have been amended; Claims 1, 12, and 17 are independent claims. Claims 1-20 have been examined and are pending. This Action is made FINAL.
Response to Arguments
Applicant’s argument of the rejections of claims 1-5, 11, 12-16, and 17-20 under 35 U.S.C. § 101 is persuasive. The rejections of claims 1-5, 11, 12-16, and 17-20 under 35 U.S.C. § 101 are withdrawn.
Applicants’ arguments with respect to amended limitations “excluding, from the first subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles;” and “excluding, from the second subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles; ” have been fully considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 4-5, 12, 15-16, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523)
Regarding claim 1, Shelton teaches a method for data management comprising:
receiving, at a data management system that is operable to provide protection for data sources associated with one or more tenants of the data management system (Shelton: fig. 5, par. 0042, "community tables stored in the tenant database within the NAS", “tenant includes three community structures 510, 520, 530"; par. 0045, System 100... application server unit 125... tenant database)), an indication to create a set of subtenants of a tenant (Shelton: par. 0045, The application server unit 125 may provide the appropriate user interface to the tenant administrator 180 and process the commands/input provided by the tenant administrator 180 to manage (create, edit) the appropriate community structure. Once a tenant administrator 180 may login to the system and utilize a user interface to create the communities), a first set of user profiles being associated with the tenant (Shelton: par. 0046, "Various user types may be defined in the system"; par. 0047: "One or more users may be designated as a community administrator for a specific community") and a second set of user profiles being associated with a parent tenant of the tenant (Shelton: par. 0042, System has "tenant 500" at top level) in accordance with metadata corresponding to the first set of user profiles and the second set of user profiles (Shelton: par. 0042: "community tables stored in the tenant database"; par. 0045: "data may be added to the database and be accessed therefrom"; pars. 0048-0049: "default parameters may be changed...defined, for example, in a field in the community table"; par. 0053: "captured in a network table in the tenant database");
assigning, in response to receiving the indication, a first subset of the first set of user profiles to a first subtenant of the set of subtenants (Shelton:; par. 0047, "community administrator may control access to the community (determine who the members are); par. 0048, Individual users can be members of one or multiple communities"; fig. 8A; par. 0062, The administrator selects a valid form for the community 815 and then manually enters data into the form for an individual 820. The information that is being entered may have been provided to the administrator []. After the information is entered and the form is submitted, the information is stored for the individual in appropriate columns of a people table in the appropriate (tenant/sub-tenant) database 825.),
assigning, in response to receiving the indication, a second subset of the first set of user profiles to a second subtenant of the set of subtenants (Shelton: pars. 0042, 0043, The second community structure 520 is a multilevel community structure having a top level community 522 and a sub-community 524; par. 048, Individual users can be members of one or multiple communities. Individual users may have different privileges for different communities; par. 0062, An administrator (or authorized user) selects manual entry on the user interface 805 and then selects the community that they want to enter information for 810. The administrator selects a valid form for the community 815 and then manually enters data into the form for an individual 820. The information that is being entered may have been provided to the administrator []. After the information is entered and the form is submitted for the individual in appropriate columns of a people table in the appropriate (tenant/sub-tenant) database 825),
updating, in response to assigning the first subset and the second subset, the metadata corresponding to the first set of user profiles and the second set of user profiles (Shelton: Fig. 8A; par. 0062, After the information is entered and the form is submitted, the information is stored for the individual in appropriate columns of a people table in the appropriate (tenant/sub-tenant) database 825"; See also Fig. 8C; par. 0064, If the imported file includes a unique identification for the individual (e.g., email address, phone number) that is already in the people table, but the unique identification is not system generated (e.g., badge identification), the information may be utilized to either update the existing record for the individual or to add a new record therefore."; par. 0066: See also,. par. 0042: "community tables stored in the tenant database"; par. 0045: "data may be added to the database and be accessed therefrom"; pars. 0048-0049: "default parameters may be changed...defined, for example, in a field in the community table"; par. 0053: "captured in a network table in the tenant database") such that the first subset has access to the first subtenant for data management of a first data source associated with the first subtenant and the second subset has access to the second subtenant for data management of a second data source associated with the second subtenant (Shelton: par. 0047, A community administrator may control access to the community (determine who the members are) and may manage all users and registrants who are members of their community; par. 0045, adding /writing/accessing data, amending structures; par. 0062, entering data; par. 64, importing data.; par. 0062, the community's database; par. 0045, data at that community's level, par. 0042, 0066; community-specific tables; par. 0042-0043, and data contained within the community) and the second subset has access to the second subtenant for data management of a second data source associated with the second subtenant (Shelton teaches this through the same structure applied to multiple communities: pars. 0042-0043, Multiple communities exist: "the tenant includes three community structures 510, 520, 530" including "sub-community 524"; par. 0047, Members gain access to their community; pars. 0045, 0062, 0064, Users perform data management activities; pars. 0043, 0045, 0062, 0066; Each community has associated data sources).
Shelton discloses assigning, in response to receiving the indication, a first subset of the first set of user profiles to a first subtenant of the set of subtenants, assigning, in response to receiving the indication, a second subset of the first set of user profiles to a second subtenant of the set of subtenants but does not explicitly disclose
wherein assigning the first subset of the first set of user profiles to the first subtenant comprises: excluding, from the first subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles; and
wherein assigning the second subset of the first set of user profiles to the second subtenant comprises: excluding, from the second subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles, respectively.
However, in an analogous art, Kwong discloses
excluding, from the first subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles (Kwong: par. [0036], “access is granted based on membership in the tenant group with nonmembers being denied access”; par. [0021], “Membership in the tenant group may be used to determine whether a tenant is authorized to access information"; par. [0036], "subtenants for the new multi-tenant cloud computing services can be added to the tenant groups to grant access...removing the subtenant account from the tenant group will not require reprovisioning").
excluding, from the first subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles (Kwong: par. [0036], “access is granted based on membership in the tenant group with nonmembers being denied access”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kwong with the method and system of Shelton to include wherein assigning the first subset of the first set of user profiles to the first subtenant comprises: excluding, from the first subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles; and wherein assigning the second subset of the first set of user profiles to the second subtenant comprises: excluding, from the second subset, user profiles from the second set of user profiles that are non-overlapping with the first set of user profiles. One would have been motivated to combine Shelton's multi-tenant subtenant user assignment system with Kwong's active membership-based nonmember exclusion teaching for the following reasons: First, both Shelton and Kwong address the same technical problem in the same field: preventing unauthorized entities from gaining access to resources within a defined tenant boundary in a multi-tenant cloud computing platform. A person of skill in the Art (POSITA) would naturally look to Kwong's explicit nonmember exclusion solution to supplement Shelton's inherent but passive organizational boundary. Second, Kwong itself identifies the precise motivation: scalable, active enforcement of tenant group membership boundaries eliminates the need for piecemeal trust management and ensures consistent access control across all tenant assignment operations (Kwong: pars. [0020], [0036]). Applying this active exclusion logic to Shelton's subtenant user assignment step at creation time — rather than only at access time — is a straightforward design optimization that a POSITA would implement with a reasonable expectation of success. Third, under KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007), combining known elements using known methods to yield predictable results is obvious. Shelton's subtenant assignment framework combined with Kwong's membership-based exclusion produces exactly the claimed result — active exclusion of non-overlapping parent-set users from subtenant assignments — which is the predictable outcome of applying a known group.
Regarding claim 4, the combination of Shelton and Kwong teaches the method of claim 1. The combination of Shelton and Kwong further teaches wherein the first set of user profiles comprises a subset of the second set of user profiles, the subset of the second set of user profiles being assigned to the tenant by an administrator of the parent tenant (Shelton: pars. 0045, pars. 0047-0048, 0062. Shelton further discloses hierarchical administrative control over tenant configurations, wherein higher-level administrators manage which user profiles are provisioned to lower-level organizational units).
Regarding claim 5, the combination of Shelton and Kwong teaches the method of claim 1. The combination of Shelton and Kwong further teaches, wherein assigning the first subset and the second subset comprises: assigning a first user profile to both the first subtenant and the second subtenant (Shelton: par. 0048 Individual users can be members of one or multiple communities; fig. 8A, par. 0062, pars. 0042, 0053).
Regarding claim 12, claim 12 directed an apparatus comprising: a processor (Shelton: par. 0032); memory (Shelton: par. 0032) coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus associated with the method claimed in claim 1; claim 12 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 15, claim 15 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is directed to a non-transitory computer-readable medium storing code ((Shelton: par. 0032), the code comprising instructions executable by a processor (Shelton: par. 0032) associated with the method claimed in claim 1; claim 17 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 20, claim 20 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Claims 2, 13, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), further in view of Das et al. (“Das,” US 2015/0319103)
Regarding claim 2, the combination of Shelton and Kwong teaches the method of claim 1. Shelton and Kwong do not explicitly disclose further comprising: receiving, via a user interface of the data management system, the indication to create the set of subtenants of the tenant; displaying, via the user interface user profiles for selection for assignment to the first subtenant, wherein the user profiles comprising at least the first set of user profiles and wherein the second set of user profiles that are non-overlapping are excluded from display at the user interface and from selection for assignment; receiving, via the user interface, user input comprising a first selection of the first subset of the first set of user profiles, wherein the assigning the first subset to the first subtenant is in response to the first selection; and receiving, via the user interface, user input comprising a second selection of the second subset of the first set of user profiles, wherein the assigning the second subset to the second subtenant is in response to the second selection.
However, in an analogous art, Das discloses
receiving, via a user interface of the data management system, the indication to create the set of subtenants of the tenant (Das: [0033] At step 308, the access module 204 provides the user 102 with a list of tenant systems 106a-l 06n to which the user 102 is registered. The list of the tenant systems 106a-l 06n may be displayed at a device associated with the user 102; par. 0033, "at step 310, the access module receives a selection of the one or more of the tenant systems from the user.");
displaying, via the user interface user profiles for selection for assignment to the first subtenant, wherein the user profiles comprising at least the first set of user profiles and wherein the second set of user profiles that are non-overlapping are excluded from display at the user interface and from selection for assignment (Das: par. [0033], the access module 204 receives a selection of the one or more of the tenant systems 106a-l 06n from the user 102; “Claim 5 the access module provides the user with a list of tenant systems to which the user is registered, prior to allowing the user to access the plurality of tenant systems, wherein the user is registered to the plurality of tenant systems."; Das, par. 0033, “at step 312, the access module 204 allows the user 102 to access the multiple tenant systems 106a-106n based on the same identity information.”; claim 9, "the plurality of service providers associated with the plurality of tenant systems assigns the type of membership to the user based on a plurality of tasks which the user intend to perform in each of the plurality of tenant systems.);
receiving, via the user interface, user input comprising a first selection of the first subset of the first set of user profiles, wherein the assigning the first subset to the first subtenant is in response to the first selection (Das: par. 0033, " At step 310, the access module 204 receives a selection of the one or more of the tenant systems 106a-l 06n from the user 102. Thereafter, at step 312, the access module 204 allows the user 102 to access the multiple tenant systems 106a-106n based on the same identity information.”; Claim 7, "the user is allowed to access the one or more tenant system of the plurality of tenant systems based o a selection of the one or more tenant system received from the user."; par. 0033, "at step 312, the access module 204 allows the user 102 to access the multiple tenant systems 106a-106n based on the same identity information. The access module 204 authenticates the user 102 based on the same identity information prior to allowing the access to any of the tenant systems 106a-106n.”); and
receiving, via the user interface, user input comprising a second selection of the second subset of the first set of user profiles, wherein the assigning the second subset to the second subtenant is in response to the second selection (Das: Claim 7, "the user is allowed to access the one or more tenant system of the plurality of tenant systems based on a selection of the one or more tenant system received from the user.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dad with the method and system of Shelton and Kwong to include receiving, via a user interface of the data management system, the indication to create the set of subtenants of the tenant; displaying, via the user interface user profiles for selection for assignment to the first subtenant, wherein the user profiles comprising at least the first set of user profiles and wherein the second set of user profiles that are non-overlapping are excluded from display at the user interface and from selection for assignment; receiving, via the user interface, user input comprising a first selection of the first subset of the first set of user profiles, wherein the assigning the first subset to the first subtenant is in response to the first selection; and receiving, via the user interface, user input comprising a second selection of the second subset of the first set of user profiles, wherein the assigning the second subset to the second subtenant is in response to the second selection. One would have been motivated to do so because Das expressly identifies that requiring separate user accounts for each tenant system is "very cumbersome and unmanageable." (Das: par. 0002). Das solves this by providing a filtered list of registered tenant systems via a user interface, allowing the user to select from that list, and triggering access based on that selection (Das: par. 0023). One of ordinary skill in the art would apply Das's UI-based selection mechanism to Shelton's subtenant user assignment system to reduce administrative burden, with a reasonable expectation of success. See KSR, 550 U.S. at 418.
Regarding claim 13, claim 13 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Claims 3, 14, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), further in view of Loiseau et al. (“Loiseau,” US 2020/0274903).
Regarding claim 3, the combination of Shelton and Kwong teaches the method of claim 1. Shelton teaches a multi-tenant system where tenant administrators manage (Shelton: par. 0047, "an entire database for the tenant... including all communities"), users have (Shelton: par. 0046, "login privileges to the system"), and user information is stored in databases (Shelton: pars. 0047-0048, 0062). Shelton teaches the multi-tenant structure, parent tenant administrators, and user management, but does not explicitly describe using an SSO directory service.
Loiseau teaches that "The authentication service 170 may comprise a lightweight directory access protocol (LDAP) service, a single sign-on (SSO) service such as VMware's vCenter SSO, an active directory (AD) service, or any other suitable authentication module." (Loiseau: par. 0038). LDAP and Active Directory are directory services that store user accounts and credentials - this is their fundamental purpose. These directory services provide single sign-on capability where users authenticate once to access multiple systems.
It would have been obvious to one of ordinary skill in the art to implement Shelton's user authentication and management using an SSO directory service such as LDAP, Active Directory, or an SSO service as taught by Loiseau. The motivation includes centralized user management, single sign-on convenience (users log in once to access multiple tenants/communities), improved security, and simplified administration - all well-known benefits of directory-based authentication in enterprise systems.
In such an obvious combination, Shelton's tenant administrators par. 0047 (who operate at the parent tenant level and manage the entire tenant database) would configure the LDAP/Active Directory/SSO service for their specific tenant, as it would be obvious that IT administrators configure directory services for organizational units. LDAP and Active Directory inherently support multi-tenant configurations through organizational units, domains, and other well-known directory features, making it a predictable use of these directory services according to their established functions to configure them for specific tenants. User profiles would be stored in and associated with the directory service, as that is the fundamental purpose of LDAP and Active Directory systems. (Shelton: par. 0045-0048, 0062; Loiseau: par. 0038)).
Regarding claim 14, claim 14 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 19, claim 19 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), and Da Silva Baptista Russo et al. (“Baptista ,” US 12,190,047), further in view of Qu (“Qu,” US 2017/0103243).
Regarding claim 6, the combination of Shelton and Kwong teaches the method of claim 5. Shelton teaches a multi-tenant system with communities (subtenants) (Shelton: pars. 0042-0043) where users login to the system (Shelton: pars. 0045-0046, 0048). Shelton teaches individual users can be members of multiple communities. Shelton does not disclose
receiving, at the first subtenant of the data management system, a login request for the first user profile;
However, in an analogous art, Baptista teaches tenant-specific access where “the tenant variable may be determined in several ways”, including “iii. for the case of web applications, implied by the sub-domain of the entry point URL (e.g. my-corp.my-cloud.com)” (Baptista: Col. 16, lines 16-24). Baptista further teaches that “3. If the end user is successfully authenticated against the determined tenant, he continues to the initial access point.” (Baptista: Col. 16, lines 12-24).
Baptista’s teaching that tenant is “implied by the sub-domain of the entry point URL” teaches that users access tenant-specific subdomains as their entry point. When a user accesses my-corp.my-cloud.com), this subdomain is the “entry point URL” for the my-corp tenant. The login request is received at this tenant-specific entry point, which constitute receiving the login request “at” the tenant (subtenant).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Baptista with the method and system of Shelton to include “receiving, at the first subtenant of the data management system, a login request for the first user profile;” One would have been motivated to provide the systems and methos for efficiently and reliably making a variety of document ele-ments available to a variety of document applications of a system, while further preferably offering a common expe-rience, style and business logic, preferably for specific (Baptista: Col. 2, lines 4046).
Shelton and Baptista do not explicitly discloses determining, in response to the login request and based at least in part on metadata associated with the first user profile, that the first user profile is assigned to both the first subtenant and the second subtenant; and enforcing, based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, a login procedure associated with a higher security setting between a first login procedure associated with the first subtenant and a second login procedure associated with the second subtenant.
However, in an analogous art,
Qu teaches that “a user may be assigned to multiple roles” (Qu: par. 0101; In that situation, the security level of the user is assigned to the highest security level of the all the roles to which user is assigned.). Qu further teaches the system determines multi-role (multi-tenant) assignment (Qu: par. 0119: a single user who have been assigned to multiple roles and an appropriate highest security level among the multiple roles).
Qu teaches the security level of the user is assigned to the highest security level of the all the roles which user is assigned (Qu: par. 0101, “In that situation …highest security level among the multiple roles”; par. 0119).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Qu with the method and system of Shelton, Kwong, and Baptista to include determining, in response to the login request and based at least in part on metadata associated with the first user profile, that the first user profile is assigned to both the first subtenant and the second subtenant; and enforcing, based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, a login procedure associated with a higher security setting between a first login procedure associated with the first subtenant and a second login procedure associated with the second subtenant . One would have been motivated to define roles and security levels relating to a service for users, and thus reduces the costs of building application servers by service providers (Qu: pars. 0026, 0101).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), and Da Silva Baptista Russo et al. (“Baptista ,” US 12.190,047), and Qu (“Qu,” US 2017/0103243), and further in view of Ping et al. (“Ping,” US 2022/0239700).
Regarding claim 7, the combination of Shelton, Kwong, Baptista, and Qu teaches the method of claim 6. The combination of Shelton. Kwong, Baptista, and Qu teaches the higher security setting to roles which user is assigned but does not explicitly “wherein the higher security setting is associated with a password length, a password character requirement, a two-factor authentication requirement, a password change periodicity requirement, or a combination thereof.”
However, in an analogous art, Ping teaches: "the security level can be represented by the length of the password" using "16-bit, 32-bit, and 64-bit passwords" where "64-bit password... has the highest security level." (Ping: par. 0055: the security degree may be represented by the security level of the security requirement. For example, three security requirements indicate using 16-bit, 32-bit, and 64-bit passwords respectively. In this case, the security level can be represented by the length of the password. Then the security requirement indicating 64-bit password used has the highest security level, and thus the security requirement indicating using the 64-bit password is selected as the combined security requirement).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ping with the method and system of Shelton, Kwong, Baptista, and Qu to include “wherein the higher security setting is associated with a password length, a password character requirement, a two-factor authentication requirement, a password change periodicity requirement, or a combination thereof.” One would have been motivated to implement Qu's highest-security-level enforcement using password length as the security parameter (Ping: par. 0055, Qu: pars. 0101, 0119).
Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), further in view of Prasad et al. (“Prasad,” US 2014/0215595).
Regarding claim 8, the combination of Shelton, Kwong teaches the method of claim 5. The combination of Shelton and Kwong further teaches users who can be member of multiple communities (Shelton: par. 0048). Shelton and Kwong do not teach explicitly disclose receiving, at a first user interface associated with the first subtenant and from the first user profile, a request to switch to the second subtenant; determining, in response to receiving the request to switch and based at least in part on metadata associated with the first user profile, that the first user profile is assigned to both the first subtenant and the second subtenant; and activating, based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, a second user interface associated with the second subtenant.
However, in an analogous art, Prasad discloses
switching request: "The user may switch the context from one user account to another user account by using a drop-down menu provided on a graphical user interface." (Prasad: 0050, The user may switch the context from one user account to another user account by using a drop-down menu provided on a graphical user interface of the multi-tenanted application. The drop-down menu lists the plurality of user accounts which is available for the user to access).
determination multi-assignment: “the association module identifies the user accounts associated with the security token... access to all three user accounts" (Prasad: par. 0048, if the association module 114 identifies that there are three user accounts associated with the security token, the association module 114 may provide the user with the access to all three user accounts in the multi-tenanted application; par. 0050, "drop-down menu lists the plurality of user accounts").
activating second interface: "switch to the context from the default user account to any of his other user accounts" (Prasad: 0048, part. 0050, "switch the context from one user account to another").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Prasad with the method and system of Shelton and Kwong to include receiving, at a first user interface associated with the first subtenant and from the first user profile, a request to switch to the second subtenant; determining, in response to receiving the request to switch and based at least in part on metadata associated with the first user profile, that the first user profile is assigned to both the first subtenant and the second subtenant; and activating, based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, a second user interface associated with the second subtenant. One would have been motivated to implement Prasad's switching mechanism in Shelton's multi-community system for seamless navigation without logout/login (Shelton: par. 0048: Prad: pars. 0017, 0048, 0050).
Regarding claim 9, the combination of Shelton, Kwong, and Prasad teaches the method of claim 8. The combination of Shelton, Kwong, and Prasad further teaches, wherein the second user interface is activated without requiring a new login procedure for the first user profile (Prasad: par. 0017, the user is provided with access to all his user accounts in the multi-tenanted application without requiring any further login and logout; par. 0048).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897) in view of Kwong et al. (“Kwong,” US 2022/0391523), further in view of Gordon et al. (“Gordon,” US 2021/0136083,).
Regarding claim 10, the combination of Shelton and Kwong discloses the method of claim 5. The combination of Shelton and Kwong teaches that users can be members multiple communities (Shelton: par. 0048). Shelton and Kwong do not explicitly disclose, further comprising:
receiving, at a first user interface associated with the first subtenant and from the first user profile, a request to reset authentication parameters associated with the first user profile;
determining, in response to receiving the request to reset authentication parameters, that the first user profile is assigned to both the first subtenant and the second subtenant;
denying, at the first subtenant and based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, the request to reset the authentication parameters; and
However, in an analogous art, Gordon teaches
submitting requests to access management service involving authorization credentials and user information (Gordon: par. 0045, The application may submit a request to the access management service 135 via the API that includes information that identifies the application and the user requesting access to the application. The information identifying the application may include a unique identifier for the application and may also include an identifier of the tenant with which the application is associated. The user information may include a username, user identifier, authorization credentials, and/or other information related to the user).
determining multi-tenant assignment (Gordon: par. 0045, the access management service 135 may be configured to look up the user account in the tenant associated with the request and determine whether the user account is associated with a software license … user may have multiple user accounts across multiple tenant …checks the access privileges associated with the user account in a particular tenant.).
denying access at tenant level for users with multiple accounts across tenants (Gordon: par. 0045, "if the user account in that tenant does not have a valid software license or other access privilege indicating that the user may access the software, the user will be denied access to the software.. "a user may have multiple user accounts across multiple tenants, and one of those user accounts may have a valid license or other access privilege that indicates that the user is permitted to access the software. However, because the conventional access privilege check only checks the access privileges associated with the user account in a particular tenant, the user will still be denied access to the software application.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gordon with the method and system of Shelton and Kwong to include receiving, at a first user interface associated with the first subtenant and from the first user profile, a request to reset authentication parameters associated with the first user profile; determining, in response to receiving the request to reset authentication parameters, that the first user profile is assigned to both the first subtenant and the second subtenant; denying, at the first subtenant and based at least in part on determining that the first user profile is assigned to both the first subtenant and the second subtenant, the request to reset the authentication parameters; and . One would have been motivated to apply Gordon's teachings of access management and denial of actions at the tenant level for users with presence in multiple tenants to Shelton's multi-community system where users can be members of multiple communities.
Gordon does not explicitly teach transmitting an indication to the user after denying the request. However, it would have been obvious to one of ordinary skill in the art to provide such an indication directing the user to submit the request via the parent tenant interface.
Gordon teaches a hierarchical multi-tenant system where requests are denied at the individual tenant level for users with accounts across multiple tenants (Gordon: par. 0045). Given this teaching, one of ordinary skill in the art would recognize that when a request is denied at the subtenant level, the user must perform the action at a higher organizational level-the parent tenant. It would have been obvious to inform the user of this requirement through a notification, message, or indication displayed via the user interface. This represents the application of common sense and basic user interface design principles: when a system denies a user's requested action, the system should inform the user why the action was denied and provide guidance on how to accomplish the task through an alternative means. The motivation to provide such an indication is multifold:
First, it improves user experience by guiding the user to the correct location for performing the action, rather than leaving the user frustrated with a mere denial and no guidance.
Second, it reduces support burden by enabling users to self-serve and find the correct interface without needing to contact IT support or help desk.
Third, it provides a complete and logical user workflow consistent with Gordon's hierarchical tenant structure. Gordon's teaching that actions are restricted at the individual tenant level for multi-tenant users inherently implies that such actions must be performed at a higher level. One of ordinary skill would recognize that the logical higher level in a hierarchical multi-tenant system is the parent tenant and would find it obvious to direct users there through an interface notification.
This represents a predictable use of prior art elements (Gordon's tenant-level denial mechanism) combined with known user interface practices (providing user guidance after denial) to yield a predictable result (users successfully directed to the appropriate parent tenant interface).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (“Shelton,” US 20200089897), in view of Kwong et al. (“Kwong,” US 2022/0391523), further in view of Gandhi (“Gandhi,” US 2023/0396620).
Regarding claim 11, the combination of Shelton and Kwong teaches the method of claim 1. The combination of Shelton and Kwong further teaches, further comprising:
receiving, at a user interface associated with the first subtenant (Shelton: Fig. 8A, par. 0062, An administrator "selects manual entry on the user interface 805 and then selects the community that they want to enter information for 810" and "selects a valid form for the community 815."; par. 0066, The application server "may provide the information needed to generate the appropriate user interfaces.").
Shelton does not explicitly disclose “an indication of a first set of internet protocol (IP) addresses that are to be whitelisted for accessing the first subtenant, wherein the first set of IP addresses are different from a second set of IP addresses that are whitelisted for accessing the second subtenant.”
However, in an analogous art, Gandhi discloses an indication of a first set of internet protocol (IP) addresses that are to be whitelisted for accessing the first subtenant (Gandi: par. 0027, receiving an indication of a set of IP addresses which describe "three ACL allow rules for IP addresses" including "Rule 1 'allow 10.0.0.0,' Rule 2 'allow 10.0.0.1,' and Rule 3 'allow 10.0.0.3.'"; par. 0034, The ACL rules 10 include one or more allow rules 12. The allow rules 12 specify the allowed IP addresses that have permission to access applications, services, and/or machines provided by a service provider." The allow rules can "specify one or more IP addresses allowed access within one or more organizations; Shelton: pars. 0047, 0052).
Regarding to "wherein the first set of IP addresses are different from a second set of IP addresses that are whitelisted for accessing the second subtenant."
Shelton teaches multiple subtenants (communities) with independent configurations. Shelton describes "the tenant includes three community structures 510, 520, 530" (Shelton: par. 0042), explicitly teaching a first community and a second community. Each community can have different parameters, as "a community administrator may be able to amend the community structure, or the parameters associated therewith" (Shelton: par. 0045) on a per-community basis.
Gandhi teaches that different organizations have different sets of IP addresses. Gandhi states: "Each organization is assigned a range of IP addresses." (Gandhi: par. 0034). This teaching that "each organization" has its own "range of IP addresses" inherently means different organizations have different IP address ranges - otherwise there would be no reason to state "each organization" separately.
Gandhi also distinguishes between "IP addresses within a same organization" (Gandhi: par. 0027) versus different organizations and describes ensuring "the additional IP addresses are assigned to the same organization assigned to the IP addressed in the allow rules" versus "a different organization" (Gandhi: par. 0042). This explicit distinction between "same organization" and "different organization" with respect to IP addresses teaches that different organizations have different sets of IP addresses.
In combination, it would have been obvious to configure different IP whitelists for Shelton's different communities (subtenants) following Gandhi's teaching that each organization has its own assigned IP address range. The first community (first subtenant) would have a first set of allowed IP addresses, and the second community (second subtenant) would have a different second set of allowed IP addresses, applying Gandhi's per-organization IP ranges par. 0023 to Shelton's multi-community structure pars. 0042-0043.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gandhi with the method and system of Shelton and Kwong to include “wherein the first set of IP addresses are different from a second set of IP addresses that are whitelisted for accessing the second subtenant.” One would have been motivated to enable receiving multiple ACL rules with multiple rules with allowed IP addresses to calculate minimum number of bit changes to transform the IP address of the allowed IP addresses to another IP address, thus reducing the number of ACL rules in an efficient manner (Gandhi: par. 0003).
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham, can be reached at telephone number 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/Canh Le/
Examiner, Art Unit 2439
April 4th, 2026
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439