COMPONENT-AGNOSTIC LICENSING ENTITLEMENT SERVICE IN A VIRTUALIZED COMPUTING SYSTEM

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This action is in response to the communication filed on 07/07/2023. Claims 1-20 are pending and addressed in the Action. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 8-14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lee et al., “Oracle Fusion Middleware - Administrator's Guide for Oracle Entitlements Server”, 2015, Oracle, 398 pages. [To explain for pages cited in the Examiner rationales: “p. x-y” stands for citing a page in the reference, where x is chapter and y is pare number in the x chapter] As per Claim 8: Lee discloses, 8. A method of entitling software in a virtualized computing system (See in p.1-9, Figure 1-7, and in p.16-6, “The fourth item is designing SAAS applications that are deployed on Cloud and provide services to multiple customers”), comprising: receiving, at an entitlement service executing on a cloud platform in the virtualized computing system (Figure 1-7, and SAAS applications as in p. 16-6), an entitlement task that includes a component type and an offering of the component type, the component type being a type of component of the software (Figure 1-7, with PEP and ‘Process obligations’ 7, it is to process an entitlement task requested from user. Figure 1-7 is an example of a request for granting an Access to ‘Protected Resource’ with Policy authorization process in Oracle Entitlement Server: The obligations 7 comprises attribute values: see in p. 2-2, Figure 2-1 , “Obligation type”, and “value”, the obligations are described as consisting of attribute values: An example of an obligation with type of “search policy” given in p.9-51, item i: “New obligation: Name: Search_Obligation New obligation attribute: Name:Attribute1 Value:dStatus <MATCHES> `RELEASED` etc. This type as of item i would be as a task processed in the PEP in Figure 1-7); querying, by the entitlement service, a plug-in of the entitlement service with the component type and the offering to receive a feature set; and (See Figure 1-7, ‘process obligations’ performed at PEP: a plug-in, PEP:‘Policy Enforcement Point’. See in p. 1-6, Figure 1-4 and “Figure 1–4 illustrates the process when the PEP entity is an agent or a plug-in (or similar software component)” , PEP is browsable by users or PDP shown Figure 1-7. Example of obligation is as in p.9-51 item i “ The following is an example of an Obligation to the Search Policy: New obligation: Name: Search_Obligation New obligation attribute: Name:Attribute1 Value:dStatus <MATCHES> `RELEASED …” Component type: Search Feature set name: Search_Obligation: Offering: perform search and if MATCH then Release ) entitling, by the entitlement service, a target component of the software having the component type using an entitlement specification that dictates enablement of the feature set on the target component. (See Figure 1-7, with item 6: “The Security Module PDP evaluates the request and returns a response (and applicable obligations) to the PEP in the form of an authorization decision to grant or deny access” . The service of entitlement is Grant or Release, or Create, Approve, Report, etc., based on the attributes set in Obligation, this reads on “entitling”. The target is based on the type of the obligations: in p.9-51, item i , is requesting for status of an entitlement, the type is search given by the name and Attribute, feature set is such as the value: dStatus. Process Obligation, would be search for “MATCH” and response is “RELEASE” that reads on entitling . In p. 2-10, see various process obligations: A process in second paragraph with to grant access “AccountReports” and for requesting ReportType, and is Grant “if filetype=pdf”. The process in sec. 2.4.2 transfers money if the request amount is less than transfer limit “AND transfer amount is equal to or less than the transfer limit”. In another word, the feature sets in the obligations if meets the policy requirements read on dictating enablement, “dictates enablement of the feature set on the target component”. The Entitlement Server with the plug-in PEP does various entitlement services, and the depictions of obligations are only the examples that read on the limitations) As per Claim 9: Lee further discloses, 9. The method of claim 8, wherein the step of entitling comprises: receiving, at the entitlement service, a connection by the target component; (See in Figure 1-7, the connection at PEP between PDP 6: Response (Authorization decision and obligations) and the Protected Resource or Application) . and pushing, in response to the connection, the entitlement specification from the entitlement service to a licensing endpoint configured to apply the entitlement specification to the target component. (Figure 1-7, the arrow that outwards to Protected Recourse/Application by PEP with Grant of Access or Denial from PEP of step 6. Also see in p. 6-3, Figure 6-1, Policy Distribution Component “Push” to Application. [Note: Licensing endpoint is known as a network link where user would contact to request and license service]. See in p. 3-11, sec. 3.5, Upgrading from Oracle Entitlements Server Basic, “A Basic license allows the use of a limited set of features provided by Oracle Entitlements Server and the Oracle Entitlements Server Security Modules” Therefore, the Protected Resource (or Application) or PDP in Figure 1-7 acts as a licensing endpoint. See further in p. 9-13, sec. 9.3, referred to “Oracle service Bus (OSB) is designed to centrally manage and control many distributed service endpoints. Oracle Entitlements Server enables an enterprise to control access to OSB runtime resources, allowing them to become accessible only after authorization.”) As per Claim 10: Lee further discloses, 10. The method of claim 8, wherein the step of entitling comprising: receiving, at the entitlement service, an entitlement request; and (Figure 1-7, ‘Request Access’ 3) sending, in response to the request, the entitlement specification for application to the target component. (Figure 1-7, Send ‘Request’ 4, and pull the ‘response’ 6 and then send to Protected Resource in connection with Response 6) As per Claim 11: Lee further discloses, 11. The method of claim 10, wherein the entitlement request is received from a proxy executing on behalf of the target component, and wherein the entitlement service sends the entitlement specification to the proxy. (Flows in Figure 1-7, and see in chapter 7, in p. 7-3, sec. 7.2 , “"Using the Security Module Proxy Mode" and Figure 7-3”) As per Claim 12: Lee further discloses, 12. The method of claim 8, further comprising: receiving, at the cloud platform, input to select a subscription for the target component, the subscription including a license for the offering of the component type (See in page 9-28 and page 9-29, for an action/description in table 9-13, as an action incorporated with Figure 1-7 above. In the page, the table 9-13 shows relating to a subscription with outcome is GRANT or DENY: Note, with an action of subscription, a “GRANT” in response to a send request is “offering”. The Table 9-13 in Publish/Subscribe action, the publisher offers a subscription request: “Session.createConsumer(), Session.createDurableSubscriber(), QueueSession.createReceiver(), TopicSession.createSubscriber()” , where with protected resource, it includes all types entitlement services, therefore it including licensing based on the obligation setting at PEP. See in p. 3-11, in sec. 3-5, mentioning about some of Oracle Enable Server basic, including basic license); and generating, by the cloud platform, the entitlement task in response to the subscription. (For example in table 9-13, with send and received related to Subscriber with policy outcome “GRANT” or “DENY” as mentioned in the last text portion in p. 9-28 ) As per Claim 13: Lee further discloses, 13. The method of claim 12, wherein the subscription includes a component identifier (ID) associated with the target component, and wherein the entitlement task further includes the component ID. (As in the operations in p. 1-9 and of Figure 1-7, See Appendix D, p. D-1, in sec. D.1.1, with Identity Store Instance, “<serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> <property name="subscriber.name" value="dc=usmedium,dc=oracle,dc=com" /> <property name="idstore.type" value="OID" />”) As per Claim 14: Lee further discloses, 14. The method of claim 13, wherein the step of entitling comprises: receiving, at the entitlement service, a connection by the target component, the target component providing the component type and the component ID with the connection; (As in the operation of Figure 1-7, and Appendix D, p. D-1) pushing, in response to the target component having the component type and the component ID, the entitlement specification from the entitlement service to a licensing endpoint configured to apply the entitlement specification to the target component. (with Appendix D, p. D-1, in Figure 1-7, ‘push’ is sending the request, the arrow that outwards to PDP and the arrow that outwards to Protected Recourse/Application, by PEP with Grant of Access or Denial from PEP of step 6. Also see in p. 6-3, Figure 6-1, Policy Distribution Component “Push” to Application.) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-7, 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al., “Oracle Fusion Middleware - Administrator's Guide for Oracle Entitlements Server”, 2015, Oracle, 398 pages, and in view of Oracle, “Introduction to Oracle Entitlements Server”, 2008, Oracle, 34 pages. As per Claim 1: Lee discloses the limitations in bold below:, 1. A method of configuring an entitlement service that manages entitlement of software in a virtualized computing system, the method comprising: receiving, at a plug-in of the entitlement service software component data that specifies a component type and offerings of the component type (See in p. 1-4, and “Figure 1–4 illustrates the process when the PEP entity is an agent or a plug-in” [PEP: Policy Enforcement Point] . In p. 1-4, Figure 1-1, ‘Components of Oracle Entitlements Server’, providing entitlement service. PEP reads on ‘a plug-in’. And See in p.1-9, Figure 1-7 and 1-8 steps, referred to 7: “Process obligations” at PEP: it reads limitations of ‘entitlement service software component data’. See in item 1: “process obligation” [See in p.4-4, the text in last bold dot and it is continued to p. 4-5] and step 7: “The PEP entity is responsible for obligation fulfillment based on its settings.”, and see in p. 2-2, Figure 2.1 with Obligation Entry/Obligation type and value. Thus, Obligations contain data to specify setting with access policies, and offering “GRANT” an access to protected resource [in Figure 1-7], as based on the flows of 3 and 8: The Obligation of Process Obligation 7 as in Figure 1-7 also reads on “specifies a component type and offerings of the component type” because the obligation includes attribute values with policies setting and contains type of setting), the offerings associated with feature sets (Figure 1-7, Flows of 6 to PEP, connection of PEP to Protected Resource, Access Granted 8. See in p. 1-6, Figure 1-4, and “Working together, these scenarios can offer a flexible authorization service.”. See in page 9-28 and page 9-29, for an action/description in table 9-13, as an action incorporated with Figure 1-7 above. In the page, the table 9-13 shows relating to a subscription with outcome is GRANT or DENY: Note, with an action of subscription, a “GRANT” in response to a send request is “offering”. The Table 9-13 in Publish/Subscribe action, the publisher offers a subscription request: “Session.createConsumer(), Session.createDurableSubscriber(), QueueSession.createReceiver(), TopicSession.createSubscriber()” , etc.) the entitlement service executing on a cloud platform in the virtualized computing system; (In Figure 1-7 and referred elements in step 1: PAP [Policy Administration Point, and see in p.1-4, figure 1-2] , step 2: Oracle DB, and referred to the title: “Oracle Fusion Middleware”: These elements are in Oracle cloud platform; and WebLogic Server (In p. 1-7, Figure 1-5); see in p. 16-5, and p.16-6, sec. 16.2.2.2 , especially, in p.16.6, “The fourth item is designing SAAS applications that are deployed on Cloud and provide services to multiple customers” - Read on “executing on a cloud platform in the virtualized computing system”); Regarding, Lee does not explicitly discloses the limitations, [storing, by the plug-in, the software component data in a database]; Lee discloses the limitations, and notifying, by the plug-in, the entitlement service to support entitlement of components of the software having the component type. (Figure 1-7, the arrows that outward to User or Application/Protected recourse with Grant of Access or Denial from PEP are Notification, in accordance to the step 6 , i.e. in the response of PDP: “…authorization decision and obligations, the PEP send the grant or deny access to Protected Resource”) Oracle discloses the limitations in squared brackets above, i.e. the limitations of “storing, by the plug-in, the software component data in a database” (Oracle: See in p. 4-3: figure 4-1 and paragraph starts with “In the top right corner…”, referred to portion “Finally on the bottom right side – the users account limit will be compared to the requested transfer amount. In this example the user’s attribute values are stored in the entitlements system. However, that data could be stored in any external system (e.g. RDBMS, LDAP, or Web Service).”. It’s explained the Figure 4-1 of Oracle to incorporate the process obligations in Figure 1-7 of Lee, for example, it is considered to a request for Funds Transfer containing data as attributes values, given in the Obligation. The PDP/PEP (Plug-in) as shown within the Oracle reference, in p. 4-6 as Figure 4-3, or in p. 4-7, Figure 4-4, will process and store these attribute values in in the database by Oracle reference, and the store would be for keeping and documenting a legal agreement in entitlement process. Therefore, it would be obvious to an ordinary of skill in the art to combine the teaching of stored data into database of entitlement components in Oracle with the data of entitlement components in the process obligations, the combination would yield predictable results because it would be required in entitlement service for storing legal information and database is always the storage for service provider to use to keep legal information. As per Claim 2: Lee and combining Oracle, where Lee further discloses, 2. The method of claim 1, wherein the entitlement service supports entitlement of the components by pushing entitlement specifications to the components (Lee: Figure 1-7, step 2 “Policies in the policy repository are pushed to a policy cache, local to the PDP,”, and step 4: Request), each entitlement specification generated in response to an offering of the software component data (With the scheme of Figure 1-7, referred to Response 6, and p. 2-7 in sec. 2.4 Implementing a Policy Use Case, “This use case considers how the policy model can be used to secure the financial services offered by Acme Investment Bank” , and see in p. 2-10, sec 2.4.2, a request for transfer money with privilege , and a grant is offered accordingly : “GRANT anyone transfer privileges only IF the user is listed as OWNER on specified account AND transfer amount is equal to or less than the transfer limit” i.e., the quest for money transfer is granted for the requester as owner in the list “the user's ability to access the account is verified but the transfer amount is returned to the caller (in a Java object) as an obligation.”), each entitlement specification dictating enablement of a feature set of the software component data associated with the offering. (with the same cited as in sec. 2.4.2 above, the verification is owner is verified “GRANT” (read on ‘associated with offering’) and the amount of money as requested [Obligation setting/values] is transferred (read on : “entitlement specification dictating enablement of a feature set”) As per Claim 3: Lee and combining Oracle, where Lee further discloses, 3. The method of claim 2, wherein pushing the entitlement specifications to the components comprises sending the entitlement specifications to licensing endpoints configured to apply the entitlement specifications to the components. (Lee: See in Figure 1-7, the PEP sent to Protect Resource with response 6. Note: Licensing endpoint is known as a network link where user would contact to request and license service. Therefore, the Protected Resource in Figure 1-7 act as a licensing endpoint. See further in p. 9-13, sec. 9.3, referred to “… designed to centrally manage and control many distributed service endpoints. Oracle Entitlements Server enables an enterprise to control access to OSB runtime resources, allowing them to become accessible only after authorization.”. In p. 3-11, sec. 3.5: “Oracle Entitlements Server can be licensed separately from other Oracle products with an agreement that defines usage restrictions. Oracle Entitlements Server Basic replaces the embedded authorization engine within Oracle Platform Security Services (OPSS) and is used to define, enforce and audit basic Role Based Access Control and Java/JAAS permission based authorization policies. A Basic license allows the use of a limited set of features provided by Oracle Entitlements Server and the Oracle Entitlements Server Security Modules, and is included and available for use only with Oracle products that list this component in their respective licensing documentation. More information is in the Oracle Fusion Middleware Licensing Information.”) As per Claim 4: Lee and combining Oracle, where Lee further discloses, 4. The method of claim 1, wherein the entitlement service supports entitlement of the components by receiving requests for entitlement specifications for the components, each entitlement specification generated in response to an offering of the software component data, (Lee: Figure 1-7, with, PEP request access 3, based on Process obligation 7) each entitlement specification dictating enablement of a feature set of the software component data associated with the offering. (Figure 1-7, in p. 1-9 with item 6: “The Security Module PDP evaluates the request and returns a response (and applicable obligations) to the PEP in the form of an authorization decision to grant or deny access” . In p.9-51, item i, “The following is an example of an Obligation to the Search Policy: New obligation: Name: Search_Obligation New obligation attribute: Name:Attribute1 Value:dStatus <MATCHES> `RELEASED`” In this manner, Feature set is the name of the obligation, dictating enablement is <MATCH>, with the attribute value, and offering is ‘Release’ ) As per Claim 5: Lee and combining Oracle, where Lee further discloses, 5. The method of claim 4, wherein receiving the requests for the entitlement specifications comprises receiving the requests from proxies executing on behalf of the components, the proxies configured to send the entitlement specifications to licensing endpoints configured to apply the entitlement specifications to the components. (Lee: Figure 1-7, at PEP , and in p. 7-3, sec. 7.2 Using the Security Module Proxy Mode, and Figure 7-2, the proxy integrated in PEP API. And see in p. 3-11, sec. 3.5, Upgrading from Oracle Entitlements Server Basic, “A Basic license allows the use of a limited set of features provided by Oracle Entitlements Server and the Oracle Entitlements Server Security Modules” . See further in p. 9-13, sec. 9.3, referred to “… designed to centrally manage and control many distributed service endpoints. Oracle Entitlements Server enables an enterprise to control access to OSB runtime resources, allowing them to become accessible only after authorization.”) As per Claim 6: Lee and combining Oracle, where Lee further discloses, 6. The method of claim 1, wherein the software component data includes a mode for the component type, the mode configuring the entitlement service to either push entitlement specifications to the components upon connection or send entitlement specifications in response to requests. (Lee: Figure 1-7, the arrow that outwards at PEP, to PDP, “request” . Or see in p. 6-3, Figure 6-1, Policy Distribution Component “Push” to Application. The mode is controlled push mode: See p. 8-3, the last two lines “If installed in controlled push mode, configure the host, distribution port, listener port, username and password for Policy Distribution.”) As per Claim 7: Lee and combining Oracle, where Lee further discloses, 7. The method of claim 1, wherein the entitlement service includes an entitlement specification service configured to support the entitlement of the components of the software, the entitlement specification service being agnostic to component types of the software. (Lee: Referred Figure 1-7, and See p.1-2, top two lines: “management with centralized or distributed access control enforcement for all types of resources including software components and application business objects.”) As per claims 15: Lee discloses the limitation in bold as below: 15. A computer system, comprising: a cloud platform executing in a public cloud; software executing on hardware of the computer system; an entitlement service executing on the cloud platform, the entitlement service configured to: receive, at a plug-in thereof, software component data that specifies a component type and offerings of the component type, the offerings associated with feature sets; [store, by the plug-in, the software component data in a database]; and notify, by the plug-in, an entitlement specification service to support entitlement of components of the software having the component type. The limitations in bold are responding to the limitations recited in Claim 1: See the rationales addressed in claim 1. Lee does not explicitly address the limitations put in squared brackets above, [store, by the plug-in, the software component data in a database]; Oracle discloses the limitation in squared brackets above, i.e. the limitations of “store, by the plug-in, the software component data in a database” (Oracle: See in p. 4-3: figure 4-1 and paragraph starts with “In the top right corner…”, referred to portion “Finally on the bottom right side – the users account limit will be compared to the requested transfer amount. In this example the user’s attribute values are stored in the entitlements system. However, that data could be stored in any external system (e.g. RDBMS, LDAP, or Web Service).” Therefore, it would be obvious to an ordinary of skill in the art to combine the teaching of stored data into database of entitlement components in Oracle with the data of entitlement components in the process obligations, the combination would yield predictable results because it would be required in entitlement service for storing legal information and database is always the storage for service provider to use to keep legal information. As per Claim 16: Lee and combining Oracle, where Lee further discloses, 16. The computer system of claim 15, wherein the entitlement service is configured to: receive an entitlement task that includes the component type and an offering of the software component data; query the plug-in with the component type and the offering to receive a feature set of the software component data; and entitle a target component of the software having the component type using an entitlement specification that dictates enablement of the feature set on the target component. (Claim 16 recites the limitations corresponding to the limitations in claim 8, where the limitations in claim 8 are addressed with Lee alone. Lee discloses the limitations in claim 16 according to the same rationales in claim 8) As per Claim 17: Lee and combining Oracle, where Lee further discloses, 17. The computer system of claim 16, wherein the entitlement service is configured to entitle the target component by: receiving, at the entitlement service, a connection by the target component; and pushing, in response to the connection, the entitlement specification from the entitlement service to a licensing endpoint configured to apply the entitlement specification to the target component. (Claim 17 recites the limitation corresponding to the limitations in claim 9, where the limitations in claim 9 are addressed with Lee alone. Lee discloses the limitations in claim 17 according to the same rationales in claim 9) As per Claim 18: Lee and combining Oracle, where Lee further discloses, 18. The computer system of claim 16, wherein the entitlement service is configured to entitle the target component by: receiving, at the entitlement service, an entitlement request; and sending, in response to the request, the entitlement specification for application to the target component. (Claim 18 recites the limitations corresponding to the limitations in claim 10, where the limitations in claim 10 are addressed with Lee alone. Lee discloses the limitations in claim 18 according to the same rationales in claim 10) As per Claim 19: Lee and combining Oracle, where Lee further discloses, 19. The computer system of claim 18, wherein the entitlement request is received from a proxy executing on behalf of the target component, and wherein the entitlement service sends the entitlement specification to the proxy. (Claim 19 recites the limitations corresponding to the limitations in claim 11, where the limitations in claim 11 are addressed with Lee alone. Lee discloses the limitations in claim 19 by the same rationales in claim 8) As per Claim 20: Lee and combining Oracle, where Lee further discloses, 20. The computer system of claim 15, wherein the entitlement specification service is agnostic to component types of the software. (Claim 20 recites the limitations corresponding to the limitations in claim 7. Lee discloses the limitations in claim 20 according to the same rationales in claim 7) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ted T Vo whose telephone number is (571)272-3706. The examiner can normally be reached 8am-4:30pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wei Y Mui can be reached at (571) 272-3708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. TTV March 19, 2026 /Ted T. Vo/ Primary Examiner, Art Unit 2191