DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/19/2025 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/24/2025 is being considered by the examiner.
Status of the Application
Claim 7 is canceled.
Claims 1, 8, 13, 17 and 19 are amended.
Claims 1-6 and 8-21 are examined herein.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
1. Claim(s) 1-6 and 8-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Donelan (US 2023/0126456) and further in view of Balaji (US Patent Publication 2014/0289391) and Baker (US Patent Publication 20220255854).
Regarding claims 1 Donelan discloses a system for managing communication (abstract), comprising:
a memory that stores executable components ([035],[076] Processor and memory executing program instructions on a computer readable medium.); and
a processor, operatively coupled to the memory, that executes the executable components ([035],[076] Processor and memory executing program instructions on a computer readable medium.), the executable components comprising:
a service communicator component configured to manage communication of data between an edge gateway device and internal services of a manufacturing cloud system, wherein the manufacturing cloud system is a multi-tenant Software-as-a-Service (SaaS) system that executes an industrial manufacturing execution system (MES) on a cloud platform ([031], [034-035], [092-095] Managing communication of data between computer systems/"edge gateway device" and Saas systems implementing MES systems on a cloud network.); and
the service communicator component is configured to redact a portion of the data prior to routing the deployment artifact based on an egress rule that defines types or sets of the data that are not to be passed to data centers ([08-010], [030-031], [085-088], [092-096] -A tenant is permitted access to a particular application, data structure, and/or dataset only if the tenant and the particular application, data structure, and/or dataset are associated with a same tenant ID. As an example, each database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular database. As another example, each entry in a database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular entry. However, the database may be shared by multiple tenants. A subscription list may indicate which tenants have authorization to access which applications. For each application, a list of tenant IDs of tenants authorized to access the application is stored. A tenant is permitted access to a particular application only if the tenant ID of the tenant is included in the subscription list corresponding to the particular application.).
Donelan fails to explicitly disclose:
a data packaging component configured to, in response to receipt of request data from a customer entity comprising a request for data maintained by the manufacturing cloud system in a first data center residing in a first geographical region, package the data as a deployment artifact comprising metadata, wherein the service communicator is configured to route the deployment artifact to a second data center residing in a second geographical region and accessible to the customer entity, and
an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region in which the first data center resides.
However Balaji, which is in the same field of endeavor, teaches:
a data packaging component configured to, in response to receipt of request data from a customer entity comprising a request for data maintained by the manufacturing cloud system in a first data center, package the data as a deployment artifact comprising metadata, wherein the service communicator is configured to route the deployment artifact to a second data center and accessible to the customer entity (Balaji, [052], [057], [087-088] Deploying/route customized data between servers/"second data center" using a Saas based multi-tenant web application based on the user/customer identification that allows certain access/"scope of data permitted to be shared".).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the above Saas based multi-tenant application, as taught by Donelan, and incorporating the above limitations, as taught by Balaji. One of ordinary skill in the art would have been motivated to do this modification in order to facilitate tenant awareness and isolation of data associated with a plurality of tenants by incorporating the above limitations, as suggested by Balaji ([014]).
The combination of Donelan and Balaji fails to specify
a first and second data center residing in a first and second geographical region;
an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region in which the first data center resides.
However Baker teaches:
a first and second data center residing in a first and second geographical region; an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region in which the first data center resides ([04], [045-050], [055], [088], [091], [0141], [0142], Abstract - Scoping data that indicates a network boundary within which the packet is permitted and/or prohibited to flow based on a region or country that a first or second virtual cloud network (VCN) resides.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the above multi-tenant cloud-based architecture, as taught by Donelan and Balaji, and incorporating the above limitations, as taught by Baker. One of ordinary skill in the art would have been motivated to do this modification in order to provide a boundary within which the data packet is permitted and/or prohibited to flow by incorporating the above limitations, as suggested by Baker ([003]).
Regarding claims 2 and 20, Donelan further disclose
wherein the service communicator is further configured to manage communication of data between the internal services and a user interface delivered by the manufacturing cloud system to a client device associated with a customer registered access the manufacturing cloud system ([033], [094-097] Managing communication of data between computer systems/" edge gateway device" to interface the MES cloud system with a second tenant/"customer entity", including a user interface to facilitate communications between a user and the MES. ).
Regarding claim 3, Donelan further discloses
wherein the edge gateway device interfaces the manufacturing cloud system with industrial automation systems at one or more customer facilities and with a user interface delivered by the manufacturing cloud system to a client device associated with a customer registered access the manufacturing cloud system ([033], [094-097] Managing communication of data between computer systems/" edge gateway device" to interface the MES cloud system with a second tenant/"customer entity", including a user interface to facilitate communications between a user and the MES. ).
Regarding claims 4, 14 and 21, Donelan disclose:
wherein a service communicator component is configured to manage the communication of the data based on tenant map data maintained by the manufacturing cloud system, and the tenant map data defines relationships between customer entities that are registered to access the manufacturing cloud system ([08-010], [030-031], [085-088], [092-096] A tenant is permitted access to a particular application, data structure, and/or dataset only if the tenant and the particular application, data structure, and/or dataset are associated with a same tenant ID. As an example, each database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular database. As another example, each entry in a database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular entry. However, the database may be shared by multiple tenants. A subscription list may indicate which tenants have authorization to access which applications. For each application, a list of tenant IDs of tenants authorized to access the application is stored. A tenant is permitted access to a particular application only if the tenant ID of the tenant is included in the subscription list corresponding to the particular application.).
Regarding claims 5 and 15, Donelan disclose:
wherein the customer entities comprise at least one of manufacturing entities, supplier entities, supply chain entities, warehouse entities, or retailers ([094] One or more entities/customers refers to a corporation, organization, person, or other entity.).
Regarding claims 6 and 16, Donelan disclose:
wherein the tenant map data defines at least one of types of data that are permitted to be shared between two of the customer entities or types of data that are prohibited from being shared between two of the customer entities ([023-024], [042], [062] Process programs, or recipes, for operating the MES systems for manufacturing a product.).
Regarding claims 8 and 17, Baker further teaches:
wherein the service communicator component is configured to manage communication of incoming data from the second data center to the first data center based on the egress rule and an ingress rule that defines permitted or prohibited data boundaries between the first geographical region and the geographical second region. ([04],[045], [050],[055], [088], [091], [0141], [0142], Abstract - Scoping data that indicates a network boundary within which the packet is permitted and/or prohibited to flow based on a region or country that a first or second virtual cloud network (VCN) resides.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the above multi-tenant cloud-based architecture, as taught by Donelan and Balaji, and incorporating the above limitations, as taught by Baker. One of ordinary skill in the art would have been motivated to do this modification in order to provide a boundary within which the data packet is permitted and/or prohibited to flow by incorporating the above limitations, as suggested by Baker ([03]).
Regarding claims 9 and 18, Balaji further teaches:
wherein the manufacturing cloud system further executes, on the cloud platform, at least one of an enterprise resource planning (ERP) system, a quality management system, a supply chain management system, or a customer relationship management (CRM) system ([052] The Saas based multi-tenant web application includes a Customer relationship management (CRM) application.)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the above Saas based multi-tenant application, as taught by Donelan and Balaji, and incorporating the above limitations, as taught by Balaji. One of ordinary skill in the art would have been motivated to do this modification in order to provide Saas on most applications irrespective of the size or complexity or distribution of the web application by incorporating the above limitations, as suggested by Balaji ([052]).
Regarding claim 10, Balaji further teaches:
wherein the internal services are divided across multiple data centers ([055-057], [082-083] Packaging data for deployment/route to multiple servers/"second data center" that includes metadata which is accessible by users based on permissions.)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the above Saas based multi-tenant application, incorporating the above limitations, as taught by Balaji. One of ordinary skill in the art would have been motivated to do this modification in order to facilitate tenant awareness and isolation of data associated with a plurality of tenants by incorporating the above limitations, as suggested by Balaji (para 14).
Regarding claim 11, Donelan further disclose:
wherein the data comprises at least one of recipe data defining control process parameters for manufacturing a type of product or material, employee information, production statistics, or device configuration data ([023-024], [042], [062] Process programs, or recipes, for operating the MES systems for manufacturing a product.).
Regarding claim 12, Donelan further disclose:
wherein the service communicator component is configured to manage the communication of the data based on a tenant identifier added to the request data by the edge gateway device, the tenant identifier uniquely identifying the customer entity ([095-096] Managing data communication based on tenant identification data added to the data structures and datasets/"request data" by the computer network/"edge gateway device".)
Regarding claims 13 and 19, Donelan disclose:
a method and a non-transitory computer-readable medium having stored thereon instructions that, in response to execution, cause a service mesh device comprising a processor to perform operations ([035],[076] – processor, method and memory executing program instructions on a computer readable medium.), comprising:
managing and coordinating, by a service mesh device comprising a processor, communication of data between an edge gateway device and internal services of a manufacturing cloud system, wherein the manufacturing cloud system is a multi-tenant Software-as-a-Service (SaaS) system that executes an industrial manufacturing execution system (MES) on a cloud platform ([031], [034-035], [092-095] Managing communication of data between computer systems/"edge gateway device" and Saas systems implementing MES systems on a cloud network.);
redacting, by the service mesh device, a portion of the data based on an egress rule that defines types or sets of the data that are not to be passed to data centers ([08-010], [030-031], [085-088], [092-096] A tenant is permitted access to a particular application, data structure, and/or dataset only if the tenant and the particular application, data structure, and/or dataset are associated with a same tenant ID. As an example, each database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular database. As another example, each entry in a database implemented by a multi-tenant computer network may be tagged with a tenant ID. Only a tenant associated with the corresponding tenant ID may access data of a particular entry. However, the database may be shared by multiple tenants. A subscription list may indicate which tenants have authorization to access which applications. For each application, a list of tenant IDs of tenants authorized to access the application is stored. A tenant is permitted access to a particular application only if the tenant ID of the tenant is included in the subscription list corresponding to the particular application.)
Donelan fails to explicitly disclose:
in response to receiving, from a customer entity, request data comprising a request for data maintained in a first data center residing in a first geographical region by the manufacturing cloud system:
determining a second geographical region in which a second data center accessible by the customer entity resides;
in response to determining that the second geographical region is different than the first geographical region, redacting, by the service mesh device, a portion of the data based on an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region to yield redacted data;
packaging, by the service mesh device, the redacted data as a deployment artifact comprising metadata; and
routing, by the service mesh device, the deployment artifact to the second data center.
However Balaji, which is in the same field of endeavor, teaches:
in response to receiving, from a customer entity, request data comprising a request for data maintained in a first data center by the manufacturing cloud system:
redacting, by the service mesh device, a portion of the data based on an egress rule; packaging, by the service mesh device, the redacted data as a deployment artifact comprising metadata ([052], [057], [087-088] Deploying/route customized data between servers/"second data center" using a Saas based multi-tenant web application based on the user/customer identification that allows certain access/"scope of data permitted to be shared".); and
routing, by the service mesh device, the deployment artifact to the second data center ([055-057], [082-083] Packaging data for deployment/route to multiple servers/"second data center" that includes metadata which is accessible by users based on permissions).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the above Saas based multi-tenant application, as taught by Donelan, and incorporating the above limitations, as taught by Balaji. One of ordinary skill in the art would have been motivated to do this modification in order to facilitate tenant awareness and isolation of data associated with a plurality of tenants by incorporating the above limitations, as suggested by Balaji (para 14).
The combination of Donelan and Balaji fails to specify
a first and second data center residing in a first and second geographical region;
determining a second geographical region in which a second data center accessible by the customer entity resides;
in response to determining that the second geographical region is different than the first geographical region,
an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region to yield redacted data.
However Baker teaches:
a first and second data center residing in a first and second geographical region;
determining a second geographical region in which a second data center accessible by the customer entity resides; in response to determining that the second geographical region is different than the first geographical region; an egress rule that defines types or sets of the data that are not to be passed to data centers outside the first geographical region to yield redacted data ([04], [045-050], [055], [088], [091], [0141], [0142], Abstract - Scoping data that indicates a network boundary within which the packet is permitted and/or prohibited to flow based on a region or country that a first or second virtual cloud network (VCN) resides.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the above multi-tenant cloud-based architecture, as taught by Donelan and Balaji, and incorporating the above limitations, as taught by Baker. One of ordinary skill in the art would have been motivated to do this modification in order to provide a boundary within which the data packet is permitted and/or prohibited to flow by incorporating the above limitations, as suggested by Baker ([003]).
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-6 and 8-21 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
1. C. Perducat, D. C. Mazur, W. Mukai, S. N. Sandler, M. J. Anthony and J. A. Mills, "Evolution and Trends of Cloud on Industrial OT Networks," in IEEE Open Journal of Industry Applications, vol. 4, pp. 291-303, 2023, doi: 10.1109/OJIA.2023.3309669.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARIA C SANTOS-DIAZ whose telephone number is (571)272-6532. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah Monfeldt can be reached at 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MARIA C SANTOS-DIAZ/Primary Examiner, Art Unit 3629