DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In response to Applicant’s claims filed on August 11, 2025, claims 21-40 are now pending for examination in the application.
Response to Arguments
The 112 rejection under 35 USC 112 set forth in the 08/11/2025 office action is hereby withdrawn.
This office action is in response to amendment filed 08/05/2025. In this action claim(s) 21, 26-28, 33-35, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Raposa (US Patent No. 10250612) and Perkins et al. (US Pub. No. 20220060479) in further view of Ahuja (US Pub. No. 20210218743). The Ahuja reference has been added to address the amendment of and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users.
Applicant’s arguments:
In regards to claim 1 on Page(s) 9, applicant argues “Moreover, even if it is asserted that the currently amended claims are directed to an abstract idea, Applicant submits that the currently amended claims are integrated in a practical application and recite significantly more than an abstract idea. As additionally described in Applicant’s Specification, such features may improve the speed at which computing environments may be replicated via deferral of replication of user accounts ina manner that reduces the resource impact of such replications of software environments.”
Examiner’s Reply:
Applicant argues that the amended claims comprises statutory subject matter. Examiner respectfully disagrees. If a claim limitation, under its broadest reasonable interpretation, covers a commercial interaction or mental process (eg account materialization in cloud computing)), then it falls within the “Mental process” grouping of abstract ideas set forth in the 2019 PEG. Accordingly, the claim recites an abstract idea.
Authorizing users to have access to resources does not improve the functioning of a computer.
The examiner notes that the computer as recited in the claims are being used for authorizing a user within a generated secondary cloud environment (a computer being used a generic tools). Therefore, the abstract idea recited in the claims is generally linking it to a computer environment, and does not integrate the abstract idea into a practical application.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claim(s) 21, 28, and 35 is/are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. There is no support for “and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users.”.
Claims 22-27, 29-34, and 36-40 are also rejected for incorporating the same indefiniteness
of their respective base claims.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 21-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claim 21-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The judicial exception is not integrated into a practical application. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The eligibility analysis in support of these findings is provided below, in accordance with the 2019 Revised Patent Subject Matter Eligibility Guidance, hereinafter 2019 PEG.
Step 1. In accordance with Step 1 of the eligibility inquiry (as explained in MPEP 2106), it is noted that the system, method, and portable device of claims 21-40 are directed to one of the eligible categories of subject matter and therefore satisfy Step 1.
Step 2A. In accordance with Step 2A, prong one of the 2019 PEG, it is noted that the independent claims recite an abstract idea falling within the Mathematical Concepts & Mental Processes enumerated groupings of abstract ideas set forth in the 2019 PEG. Examiner is of the position that independent claims 21, 28, and 35 are directed towards the Mathematical Concepts & Mental Process Grouping of Abstract Ideas.
Independent claims 21, 28, and 35 recites the following limitations directed towards a Mathematical Concepts & Mental Processes:
an authentication server including a hardware processor configured to access one or more filters to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment (mental step of observing and/or evalutation of a user’s authorization in a software application), wherein the first computing environment is configured to transmit user account information for the user to the second software environment upon (1) determining that the user is potentially authorized to access the second software environment (mental step of observing and/or evalutation of a user’s authorization in a software application) and (2) verifying that the user is actually authorized to access the second software environment based on the first subset of the user accounts, wherein the second computing environment is configured to create a user account for the user as an authorized user in the second subset of the user accounts based on the user account information (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A. In accordance with Step 2A, prong two of the 2019 PEG, the judicial exception is not integrated into a practical application because of the recitation in claim(s) 21, 28, and 35:
a first computing environment containing a first software environment associated with a tenant of the plurality of tenants of a first instance of an on-demand computing services environment, a first subset of the user accounts being authorized to access the first software environment (i.e., as a generic component performing a generic computer function);
a second computing environment containing a second software environment associated with the tenant and instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment, and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users (i.e., as a generic component performing a generic computer function).
Step 2B. Similar to the analysis under 2A Prong Two, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Because the additional elements of the independent claims amount to insignificant extra solution activity and/or mere instructions, the additional elements do not add significantly more to the judicial exception such that the independent claims as a whole would be patent eligible.
Therefore, independent claims 21, 28, and 35 are rejected under 35 U.S.C. 101.
With respect to claim(s) 22, 29, and 36:
Step 2A, prong one of the 2019 PEG:
wherein the one or more filters include a global filter storing an indication of a global set of non-materialized users across a plurality of software environments including the first computing environment and the second computing environment (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 23, 30, and 37:
Step 2A, prong one of the 2019 PEG:
wherein the global filter is a Bloom filter that stores a plurality of filter values at a corresponding plurality of filter positions (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 24, 31, and 38:
Step 2A, prong one of the 2019 PEG:
applying a plurality of hash functions to a potential unmaterialized user account corresponding with the user, the plurality of hash functions producing a plurality of hash values (recites a mathematical concept; calculating a hash).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 25, 32, and 39:
Step 2A, prong one of the 2019 PEG:
wherein the one or more filters include a local filter storing an indication of a local set of non-materialized users across the first software environment and the second software environment (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 26 and 33:
Step 2A, prong one of the 2019 PEG:
wherein the user is verified as being actually authorized to access the second software environment based on the first subset of the user accounts upon determining that the user is associated with a potential unmaterialized user account that satisfies both the global filter and the local filter (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 27 and 34:
Step 2A, prong one of the 2019 PEG:
wherein verifying the user as being actually authorized to access the second software environment includes accessing a list of user accounts associated with the first software environment (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 40:
Step 2A, prong one of the 2019 PEG:
wherein the user is verified as being actually authorized to access the second software environment based on the first subset of the user accounts upon determining that the user is associated with a potential unmaterialized user account that satisfies both the global filter and the local filter (mental step of observing and/or evalutation of a user’s authorization in a software application), and wherein verifying the user as being actually authorized to access the second software environment includes accessing a list of user accounts associated with the first software environment (mental step of observing and/or evalutation of a user’s authorization in a software application).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 21, 26-28, 33-35, and 40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Raposa (US Patent No. 10250612) and Perkins et al. (US Pub. No. 20220060479) in further view of Ahuja (US Pub. No. 20210218743).
With respect to claim 21, Balaiah et al. discloses a computing system providing a plurality of user accounts associated with a plurality of tenants with access to computing services via the Internet, the computing system comprising:
a first computing environment containing a first software environment associated with a tenant of the plurality of tenants of a first instance of an on-demand computing services environment, a first subset of the user accounts being authorized to access the first software environment (Column 5 Lines 14-17 teaches a resource provider environment, there can be portions of subsets of the environments separated (physically or logically) into different sub-environments, such as a production environment and a development environment and Column 3 Lines 2-9 teaches all or a portion of a given resource or set of resources might be allocated to a particular user or allocated for a particular task, for at least a determined period of time. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing, Web services, or “cloud computing,” among other such terms and depending upon the specific environment and/or implementation);
a second computing environment containing a second software environment associated with the tenant and instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts (Column 5 Lines 41-52 teaches In some embodiments, a customer of the second environment can delegate access to resources associated with the customer in the second environment. A developer user might want some degree of access to production resources associated with a production account, and to control access a temporary role (i.e., a cross-account role) can be created in the production account and Column 4 Lines teaches The resource manager 110 (or another such system or service) in this example can also function as a virtual layer of hardware and software components that handles control functions in addition to management actions, as may include provisioning, scaling, replication, etc), . Raposa does not disclose an authentication server including a hardware processor configured to access one or more filters to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment.
However, Perkins et al. discloses an authentication server including a hardware processor configured to access one or more filters to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment (Paragraph 44 discloses proxies may also manage the interaction with the authentication server on behalf of the enterprise), wherein the first computing environment is configured to transmit user account information for the user to the second software environment upon (1) determining that the user is potentially authorized to access the second software environment and (2) verifying that the user is actually authorized to access the second software environment based on the first subset of the user accounts, wherein the second computing environment is configured to create a user account for the user as an authorized user in the second subset of the user accounts based on the user account information (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms & Paragraph 97 discloses create a new Enterprise account and assign the initial Manager are replaced by simple authentication as a Management User for the Enterprise).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa with Perkins et al. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. does not explicitly disclose a second computing environment containing a second software environment associated with the tenant and instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts in this example can also function as a virtual layer of hardware and software components that handles control functions in addition to management actions, as may include provisioning, scaling, replication, etc), and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users.
However, Ahuja teaches a second computing environment containing a second software environment associated with the tenant and instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts in this example can also function as a virtual layer of hardware and software components that handles control functions in addition to management actions, as may include provisioning, scaling, replication, etc), and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users (Paragraph 21 discloses phrase “subscriber account” may refer to a user or resource account that logically is owned by a tenant or customer. The subscriber account allows the tenant to add multiple users to his or her account and also allows the assignment of specific roles, scopes, and/or access rights to users and Paragraph 42 discloses in this setup all of the authentication and authorization checks are done in the landscape singleton application space 430 before being forwarded to the appropriate system 440, 441).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa and Perkins et al. with Ahuja. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. and Ahuja teaches all the limitations of claim 25. With respect to claim 26, Perkins et al. teaches the computing system recited in claim 25, wherein the user is verified as being actually authorized to access the second software environment based on the first subset of the user accounts upon determining that the user is associated with a potential unmaterialized user account that satisfies both the global filter and the local filter (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms). The motivation to combine statement previously provided in the rejection of independent claim 21 provided above, combining the Raposa reference and the Perkins et al. reference is applicable to dependent claim 26.
The Raposa reference as modified by Perkins et al. and Ahuja teaches all the limitations of claim 26. With respect to claim 27, Perkins et al. teaches the computing system recited in claim 26, wherein verifying the user as being actually authorized to access the second software environment includes accessing a list of user accounts associated with the first software environment (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms). The motivation to combine statement previously provided in the rejection of independent claim 21 provided above, combining the Raposa reference and the Perkins et al. reference is applicable to dependent claim 27.
With respect to claim 28, Raposa discloses a method implemented at a computing system providing a plurality of user accounts associated with a plurality of tenants with access to computing services via the Internet, the method comprising:
providing access a first computing environment containing a first software environment associated with a tenant of the plurality of tenants of a first instance of an on-demand computing services environment, a first subset of the user accounts being authorized to access the first software environment (Column 5 Lines 14-17 teaches a resource provider environment, there can be portions of subsets of the environments separated (physically or logically) into different sub-environments, such as a production environment and a development environment and Column 3 Lines 2-9 teaches all or a portion of a given resource or set of resources might be allocated to a particular user or allocated for a particular task, for at least a determined period of time. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing, Web services, or “cloud computing,” among other such terms and depending upon the specific environment and/or implementation);
instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts (Column 5 Lines 41-52 teaches In some embodiments, a customer of the second environment can delegate access to resources associated with the customer in the second environment. A developer user might want some degree of access to production resources associated with a production account, and to control access a temporary role (i.e., a cross-account role) can be created in the production account and Column 4 Lines teaches The resource manager 110 (or another such system or service) in this example can also function as a virtual layer of hardware and software components that handles control functions in addition to management actions, as may include provisioning, scaling, replication, etc) . Raposa does not disclose an authentication server including a hardware processor configured to access one or more filters to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment.
However, Perkins et al. discloses accessing one or more filters at an authentication server including a hardware processor to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment (Paragraph 44 discloses proxies may also manage the interaction with the authentication server on behalf of the enterprise), wherein the first computing environment is configured to transmit user account information for the user to the second software environment upon (1) determining that the user is potentially authorized to access the second software environment and (2) verifying that the user is actually authorized to access the second software environment based on the first subset of the user accounts, wherein the second computing environment is configured to create a user account for the user as an authorized user in the second subset of the user accounts based on the user account information (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms & Paragraph 97 discloses create a new Enterprise account and assign the initial Manager are replaced by simple authentication as a Management User for the Enterprise).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa with Perkins et al. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. does not explicitly disclose instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts
However, Ahuja teaches instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts, and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users (Paragraph 21 discloses phrase “subscriber account” may refer to a user or resource account that logically is owned by a tenant or customer. The subscriber account allows the tenant to add multiple users to his or her account and also allows the assignment of specific roles, scopes, and/or access rights to users and Paragraph 42 discloses in this setup all of the authentication and authorization checks are done in the landscape singleton application space 430 before being forwarded to the appropriate system 440, 441).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa and Perkins et al. with Ahuja. This would have facilitated user authorization while logging into to various software environments.
With respect to claim 33, it is rejected on grounds corresponding to above rejected claim 26, because claim 33 is substantially equivalent to claim 26.
With respect to claim 34, it is rejected on grounds corresponding to above rejected claim 27, because claim 34 is substantially equivalent to claim 27.
With respect to claim 35, Raposa discloses one or more non-transitory computer readable media having instructions stored thereon for performing a method implemented at a computing system providing a plurality of user accounts associated with a plurality of tenants with access to computing services via the Internet, the method comprising:
providing access a first computing environment containing a first software environment associated with a tenant of the plurality of tenants of a first instance of an on-demand computing services environment, a first subset of the user accounts being authorized to access the first software environment (Column 5 Lines 14-17 teaches a resource provider environment, there can be portions of subsets of the environments separated (physically or logically) into different sub-environments, such as a production environment and a development environment and Column 3 Lines 2-9 teaches all or a portion of a given resource or set of resources might be allocated to a particular user or allocated for a particular task, for at least a determined period of time. The sharing of these multi-tenant resources from a provider environment is often referred to as resource sharing, Web services, or “cloud computing,” among other such terms and depending upon the specific environment and/or implementation);
instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts (Column 5 Lines 41-52 teaches In some embodiments, a customer of the second environment can delegate access to resources associated with the customer in the second environment. A developer user might want some degree of access to production resources associated with a production account, and to control access a temporary role (i.e., a cross-account role) can be created in the production account and Column 4 Lines teaches The resource manager 110 (or another such system or service) in this example can also function as a virtual layer of hardware and software components that handles control functions in addition to management actions, as may include provisioning, scaling, replication, etc) . Raposa does not disclose an authentication server including a hardware processor configured to access one or more filters to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment.
However, Perkins et al. discloses accessing one or more filters at an authentication server including a hardware processor to determine that the user is potentially authorized to access the second software environment after identifying a failed attempt by a user to log in to the second software environment (Paragraph 44 discloses proxies may also manage the interaction with the authentication server on behalf of the enterprise), wherein the first computing environment is configured to transmit user account information for the user to the second software environment upon (1) determining that the user is potentially authorized to access the second software environment and (2) verifying that the user is actually authorized to access the second software environment based on the first subset of the user accounts, wherein the second computing environment is configured to create a user account for the user as an authorized user in the second subset of the user accounts based on the user account information (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms & Paragraph 97 discloses create a new Enterprise account and assign the initial Manager are replaced by simple authentication as a Management User for the Enterprise).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa with Perkins et al. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. does not explicitly disclose instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts
However, Ahuja teaches instantiating a second software environment in a second computing environment, the second software environment being associated with the tenant and being instantiated as at least a partial replication of the first software environment in a second instance of the on-demand computing services environment, the second instance having instances of at least some database tables and metadata of the first software environment, a second subset of the user accounts being materialized to the second software environment as a replication of at least some of the first subset of user accounts, and the second subset of the user accounts being determined based, at least in part, on one or more identified authorized users (Paragraph 21 discloses phrase “subscriber account” may refer to a user or resource account that logically is owned by a tenant or customer. The subscriber account allows the tenant to add multiple users to his or her account and also allows the assignment of specific roles, scopes, and/or access rights to users and Paragraph 42 discloses in this setup all of the authentication and authorization checks are done in the landscape singleton application space 430 before being forwarded to the appropriate system 440, 441).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa and Perkins et al. with Ahuja. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. teaches all the limitations of claim 39. With respect to claim 40, Perkins et al. teaches the one or more non-transitory computer readable media recited in claim 39, wherein the user is verified as being actually authorized to access the second software environment based on the first subset of the user accounts upon determining that the user is associated with a potential unmaterialized user account that satisfies both the global filter and the local filter, and wherein verifying the user as being actually authorized to access the second software environment includes accessing a list of user accounts associated with the first software environment (Paragraph 96 discloses service verifies user is authorized to represent enterprise, e.g., via any of the following: Account for large enterprises that have corporate authorization mechanisms). The motivation to combine statement previously provided in the rejection of independent claim 21 provided above, combining the Balaiah et al. reference and the Cella et al. reference is applicable to dependent claim 27.
Claim(s) 22-25, 29-32, and 36-39 is/are rejected under 35 U.S.C. 103 as being unpatentable over Raposa (US Patent No. 10250612) and Perkins et al. (US Pub. No. 20220060479) in further view of Balaiah et al. (US Pub. No. 20200274782).
The Raposa reference as modified by Perkins et al. teaches all the limitations of claim 21. With respect to claim 22, Raposa as modified by Perkins et al. does not disclose a global filter.
However, Balaiah et al. teaches the computing system recited in claim 21, wherein the one or more filters include a global filter storing an indication of a global set of non-materialized users across a plurality of software environments including the first computing environment and the second computing environment (Paragraph 154 discloses a global filter, by application, location, geo location, user(s), device type, operating system, operating system version, and the like).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Raposa and Perkins et al. with Balaiah et al. This would have facilitated user authorization while logging into to various software environments.
The Raposa reference as modified by Perkins et al. and Balaiah et al. teaches all the limitations of claim 22. With respect to claim 23, Balaiah et al. teaches the computing system recited in claim 22, wherein the global filter is a Bloom filter that stores a plurality of filter values at a corresponding plurality of filter positions (Paragraph 53 discloses a bloom filter). The motivation to combine statement previously provided in the rejection of dependent claim 22 provided above, combining the Raposa reference and the Balaiah et al. reference is applicable to dependent claim 23.
The Raposa reference as modified by Perkins et al. and Balaiah et al. teaches all the limitations of claim 22. With respect to claim 24, Balaiah et al. teaches the computing system recited in claim 23, wherein accessing the one or more filters comprises:
applying a plurality of hash functions to a potential unmaterialized user account corresponding with the user, the plurality of hash functions producing a plurality of hash values, (Paragraph 52 discloses processing filter 112 by a hash function). The motivation to combine statement previously provided in the rejection of dependent claim 23 provided above, combining the Raposa reference and the Balaiah et al. reference is applicable to dependent claim 24.
The Raposa reference as modified by Perkins et al. and Balaiah et al. teaches all the limitations of claim 22. With respect to claim 25, Balaiah et al. teaches the computing system recited in claim 22, wherein the one or more filters include a local filter storing an indication of a local set of non-materialized users across the first software environment and the second software environment (Paragraph 256 discloses authentications to web-services for access by a relying device within example computing environments and Paragraph 149 discloses Other filters can also be selected, such as operating systems and operating system versions. This can be accomplished in the filters screen of the GUI). The motivation to combine statement previously provided in the rejection of dependent claim 22 provided above, combining the Raposa reference and the Balaiah et al. reference is applicable to dependent claim 25.
With respect to claim 29, it is rejected on grounds corresponding to above rejected claim 22, because claim 29 is substantially equivalent to claim 22.
With respect to claim 30, it is rejected on grounds corresponding to above rejected claim 23, because claim 30 is substantially equivalent to claim 23.
With respect to claim 31, it is rejected on grounds corresponding to above rejected claim 24, because claim 31 is substantially equivalent to claim 24.
With respect to claim 32, it is rejected on grounds corresponding to above rejected claim 25, because claim 32 is substantially equivalent to claim 25.
With respect to claim 36, it is rejected on grounds corresponding to above rejected claim 22, because claim 36 is substantially equivalent to claim 22.
With respect to claim 37, it is rejected on grounds corresponding to above rejected claim 23, because claim 37 is substantially equivalent to claim 23.
With respect to claim 38, it is rejected on grounds corresponding to above rejected claim 24, because claim 38 is substantially equivalent to claim 24.
With respect to claim 39, it is rejected on grounds corresponding to above rejected claim 25, because claim 39 is substantially equivalent to claim 25.
Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US PG-Pub. No. 20210067502 is directed to Security Tool: [0030] The second authentication server authenticates the first user and determines that the first user is authorized to access the second subsystem, based on the login credentials. Performing the second authentication additionally includes receiving a second response from the second authentication server. The second response indicates that the second authentication server has authenticated the first user based on the login credentials. In response to receiving the second response, the second virtual host provides the first user with access to the second subsystem.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS E ALLEN whose telephone number is (571)270-3562. The examiner can normally be reached Monday through Thursday 830-630.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/N.E.A/Examiner, Art Unit 2154
/BORIS GORNEY/Supervisory Patent Examiner, Art Unit 2154