DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 3/27/2026 has been entered.
Response to Amendment / Arguments
Regarding claims rejected under 35 USC 112(b):
Applicant’s amendment is considered to have overcome the applied rejection. As such, the rejection has been withdrawn.
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Falcone (US 9,632,765 B1) and Anantha (US 7,921,299 B1).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness
rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 6-8, 11, 16-18, 21, and 26-28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Acharya (US 2021/0365577 A1) in view of Falcone (US 9,632,765 B1) and Anantha (US 7,921,299 B1).
Regarding claim 1, Acharya discloses: A computer-implemented method of a data platform (e.g., database platform in FIG. 1 and [0024] of Acharya), the method comprising:
receiving, by the data platform, from a provider (developer in Acharya), a definition of an application package (blueprint document in Acharya) of a provider account of the provider (an account of the developer in Acharya; further see at least [0055] of Acharya), the provider account being provided by the data platform;
Refer to at least [0018] of Acharya with respect to the developer of an application uploading the blueprint document.
granting, by the provider [permission to an object that is not normally visible];
Refer to at least [0043] of Acharya with respect to providing access to an object temporarily, where the object is not normally visible to the application.
receiving, by the data platform, from a consumer (client/customer in Acharya), a request for an application installation of an application using the application package, the application installed in a consumer account of the consumer (e.g., customer account in FIG. 2 and [0039] of Acharya), the consumer account provided by the data platform;
Refer to at least [0045] of Acharya with respect to an application provisioning request from the customer for the customer account of the database platform.
creating, by the data platform, the application in the consumer account using a setup script;
Refer to at least [0056] of Acharya with respect to provisioning the application in the customer account.
receiving, by the data platform, from the consumer, a grant of a permission for the application to perform a privileged action in the consumer account;
Refer to at least [0059] of Acharya with respect to presenting one or more grant commands to an authorized user/entity such as an administrator of the customer account, and receiving the response(s) granting privileges, roles, and the like.
authorizing, by the data platform, the privileged action by the application using the grant of the permission; and performing, by the application, the privileged action based on the authorization; the privileged action including accessing the object using the [provided] permission.
Refer to at least [0059], [0065], and [0067]-[0069] of Acharya with respect to authorizing user access to customer data/objects based on the grant(s).
Acharya does not specify: granting permission to an object that is not normally visible further comprising granting permission to the application package, a reference permission on a dependent object outside the application package, the reference permission allowing the application to access data of the dependent object through an intermediary object of the application package while the dependent object is not directly visible to the application; the object further comprising a dependent object. However Acharya in view of Falcone discloses: granting permission to an object that is not normally visible further comprising granting permission to the application package, a reference permission on a dependent object outside the application package, the reference permission allowing the application to access data of the dependent object; the object further comprising a dependent object; the provided permission further comprising the reference permission.
Refer to at least FIG. 3B, Col. 3, Ll. 20-26, and Col. 6, Ll. 43-49 of Falcone with respect to providing an application package with a token for accessing a dependency of the application (e.g., service URL).
The teachings of Acharya and Falcone both concern application provisioning, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Acharya to further implement providing the application package with a token for at least the purpose of integrity and increased application security (e.g., securing service use).
Acharya-Falcone does not specify: allowing the application to access data of the dependent object further through an intermediary object of the application package while the dependent object is not directly visible to the application. However, Acharya-Falcone in view of Anantha discloses: allowing the application to access data of the dependent object further through an intermediary object of the application package while the dependent object is not directly visible to the application.
Refer to at least Col. 2, Ll. 45-64 of Anantha with respect to attempting to perform an operation on a business object which is hidden from a tenant, and where an intermediate proxy can place calls on behalf of another tenant but still gain access to desired objects.
The teachings of Acharya-Falcone and Anantha both concern protecting access to shared data structures, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Acharya-Falcone to further implement support for accessing hidden objects through intermediaries to allow securely accessing objects by applications with lower access rights.
Regarding claim 6, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to Acharya, which concern the application and database objects).
Regarding claim 7, Acharya-Falcone-Anantha discloses: The computer-implemented method of claim 1, wherein the application comprises a database, and the application creates objects in the consumer account using the grant of the permission, the objects created outside of the application.
Refer to at least [0063] of Acharya with respect to provisioning concerning third party resources.
Regarding claim 8, Acharya-Falcone-Anantha discloses: The computer-implemented method of claim 1, wherein the consumer account takes ownership of all objects created by the application when the application is dropped.
Refer to at least [0058] and [0072] of Acharya with respect to deprovisioning and/or disabling the application. Application objects are provisioned in the customer account and may, e.g., change a status when the application is disabled.
Regarding independent claim 11, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations).
Regarding claims 16-18, they are substantially similar to claims 6-8 above, and are therefore likewise rejected.
Regarding independent claim 21, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations).
Regarding claims 26-28, they are substantially similar to claims 6-8 above, and are therefore likewise rejected.
Claim(s) 2-5, 9-10, 12-15, 19-20, 22-25, and 29-30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Acharya-Falcone-Anantha as applied to claims 1, 6-8, 11, 16-18, 21, and 26-28 above, and further in view of Chheda (US 10,860,550 B1).
Regarding claim 2, Acharya-Falcone-Anantha discusses schemas (e.g., [0046]-[0047]) and versioning (e.g., [0058] and [0072]), but does not disclose: wherein the application package comprises an unversioned schema (“unversioned schema comprises objects that are not updated when the executable objects of a versioned schema 446 are updated” according to [0069] of the instant specification) and a versioned schema. However, Acharya-Falcone-Anantha in view of Chheda discloses: wherein the application package comprises an unversioned schema and a versioned schema.
Refer to at least the abstract, FIG. 1, Col. 15, Ll. 45-47, and Col. 18, Ll. 1-18 of Chheda with respect to versioned schema that are updated and schema that are not updated; different schema can exist simultaneously to allow compatibility for different clients to continue operating.
The teachings of Acharya-Falcone-Anantha and Chheda both concern database platforms and schemas, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Acharya-Falcone-Anantha’s schemas to implement access controls and associated schema versioning because Acharya-Falcone-Anantha contemplates “that different versions of an application might run… if, e.g., some customers did not update their application” in [0072], and for the reasons discussed in Col. 3, Ll. 18-23 and Col. 18, Ll. 10-15 of Chheda (i.e., selectively applying the schema that meets the needs of clients, and preventing errors).
Regarding claim 3, Acharya-Falcone-Anantha-Chheda discloses: The computer-implemented method of claim 2, wherein the application accesses objects of the versioned schema of the application package using the grant of permission.
Refer to at least [0005], [0070], and [0059] of Acharya with respect to access control associated with requests associated with database objects such as schemas.
Refer to at least Col. 3, Ll. 10-35, Col. 13, Ll. 46-Col. 14, Ll. 18, and Col. 15, Ll. 8-18 of Chheda with respect to permissions associated with the schemas.
This claim would have been obvious for substantially the same reasons as claim 2 above.
Regarding claim 4, Acharya-Falcone-Anantha-Chheda discloses: The computer-implemented method of claim 2, wherein the unversioned schema comprises objects that are referenced by the objects of the versioned schema of the application package.
Refer to at least Col. 12, Ll. 14-24 of Chheda with respect to schemas referencing each other and different versions / the non-updated versions.
This claim would have been obvious for substantially the same reasons as claim 2 above.
Regarding claim 5, it is rejected for substantially the same reasons as claim 2 above (i.e., the citations to Chheda concerning updated schemas).
Regarding claim 9, Acharya-Falcone-Anantha-Chheda discloses: The computer-implemented method of claim 1, wherein the application comprises an Application Programming Interface (API) integration used by the application to access an external system using the grant of the permission.
Refer to at least Col. 6, Ll. 41-51, Col. 12, Ll. 42-47, Col. 15, Ll. 28-31, and Col. 22, Ll. 2-7 of Chheda with respect to APIs used during requests associated with the database.
The claim would have been obvious because a particular known technique (using APIs for accessing external systems) was recognized as part of the ordinary capabilities of one skilled in the art.
Regarding claim 10, it is rejected for substantially the same reasons as claim 1 above (e.g., [0059] and [0065] of Acharya).
Regarding claims 12-15 and 19-20, they are substantially similar to claims 2-5 and 9-10 above, and are therefore likewise rejected.
Regarding claims 22-25 and 29-30, they are substantially similar to claims 2-5 and 9-10 above, and are therefore likewise rejected.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
/V.S/Examiner, Art Unit 2432