Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the U.S. patent application 18397208 filed on December 27, 2023, and Applicant’s recent February 24, 2026, papers.
Original claims 1-20 had previously been cancelled in favor of replacement claims 21-40. Claims 21, 30 and 39 are independent claims. Claims 21, 26, 30-32, 35 and 38. No new claims have been canceled or added. Accordingly, claims 21-40 are pending, and have been examined in this application. This Action is made FINAL.
Response to Arguments
Claim objections to claims 31, 32 and 38 are withdrawn in view of Applicant’s amendments.
It is respectfully noted that while independent claims 21 and 30 have been amended, independent claim 39 has not been amended.
The 101 rejection of claims 21-40 is withdrawn in view of Applicant’s amendments and arguments.
Applicants’ arguments with respect to claims 21 and 30 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention
Claims 39-40 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Khanduia et al. (“Khanduia”; US20180302399A1).
Per claim 39, Khanduia disclosed a non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium stores computer program instructions, and when the computer program instructions are executed on at least one processor (Khanduia Abstract, “Systems, computer program products and methods implementing protocol-level mapping are described.”; Khanduia para. [0062], “The processes and logic flows described in this specification can be performed by one or more programmable computers executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit)”), the at least one processor is enabled to perform:
receiving a service request sent by a host (Khanduia claim 8, “intercepting a user request submitted from a client device”),
wherein the service request comprises a first account (Khanduia claim 8, “the user request being associated with user credentials”; Khanduia para. [0014], “An account name of the user account can be referred to as a user identity”), and wherein the first account complies with a first protocol (Khanduia claim 8, “determining a user protocol in which the client device submitted the user request”);
determining a second account corresponding to the first account (Khanduia claim 8, “determining a service of the services that the user request is authorized to access”),
wherein the second account complies with a target protocol (Khanduia claim 8, “generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request”; Khanduia para. [0042], “The identity mapping system can encode (218) the byte stream in a protocol used by the distributed computing system. …The encoding translates the request into a format that is understood by a protocol of the service of the distributed computing system.”); and
authenticating the second account (Khanduia claim 8, “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Per claim 40, Khanduia disclosed the storage medium according to claim 39. Khanduia further discloses an arrangement wherein to authenticate the second account the at least one processor is enabled to perform:
obtaining authorized account information of an access object of the service request (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”),
wherein the authorized account information indicates an authorized account that has permission to access the access object, and wherein the authorized account complies with the target protocol (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”); and
authenticating the second account based on the authorized account information of the access object (Khanduia claim 8, “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 21-38 are rejected under 35 U.S.C. 103 as being unpatentable over Khanduia et al. (“Khanduia”; US20180302399A1) in view of Bhargava et al. (Bhargava”; US20210409406A1).
Per claim 21, Khanduia discloses a method (Khanduia claim 8, “medium storing instructions executable”), comprising:
receiving a service request sent by a host (Khanduia claim 8, “intercepting a user request submitted from a client device”),
wherein the service request comprises a first account (Khanduia claim 8, “the user request being associated with user credentials”; Khanduia para. [0014], “An account name of the user account can be referred to as a user identity”), and wherein the first account complies with a first protocol (Khanduia claim 8, “determining a user protocol in which the client device submitted the user request”)
determining a second account corresponding to the first account (Khanduia claim 8, “determining a service of the services that the user request is authorized to access”),
wherein the second account complies with a target protocol (Khanduia claim 8, “generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request”; Khanduia para. [0042], “The identity mapping system can encode (218) the byte stream in a protocol used by the distributed computing system. …The encoding translates the request into a format that is understood by a protocol of the service of the distributed computing system.”) different from the first protocol and associated with accessing a second interface of a of a second service model associated with performing second service processing on the one or more storage systems (Khanduia para. [0014], “The client device 104 can submit the request 110 in a first user protocol. The client device 106 can submit the request 112 in a second user protocol. The first user protocol may be the same as, or different from, the second user protocol. Each protocol can specify a set of procedures and data formats for communication.”); and
authenticating the second account (Khanduia claim 8, para. [0025] “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Khanduia did not disclose an arrangement of a first account which complies with a first protocol associated with accessing a first interface of a first service model associated with performing first service processing on one or more storage systems.
However, in an analogous art, Bhargava disclosed an arrangement of a first account which complies with a first protocol associated with accessing a first interface of a first service model associated with performing first service processing on one or more storage systems (Bhargava para. [0027], “The central server 105 may include a directory server, which may host a directory, and which may support access to the directory using, e.g., a particular protocol. In some examples, the directory server supports access to the directory using Lightweight Directory Access Protocol (LDAP). The central server 105 may also include a console server, which may provide a user interface for web-based access to the directory.”; Bhargava para. [0036], “aspects of the system 100 may be accessible by and managed through a web-based console 155. The console may include or be a user interface that provides access to maintain a directory, or portions of the directory, hosted on central server 105. As depicted in the example of FIG. 1, the console 155 may provide remote access to the central server 105 via an Internet connection and, for instance, a wireless access point 156. Those skilled in the art will recognize, however, that because central server 105 may be a cloud server, remote access to central server 105 may be achieved in a variety of ways. …The console 155 may be or employ a representational state transfer (REST) application programmer interface (API). The REST API may be used to search a directory, query the directory, or provision users for access to the directory via the console 155. Additionally, or alternatively, the REST API may be used for authentication to the directory via the console 155.”).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Khanduia to include, as taught by Bhargava, to include an arrangement of a first account which complies with a first protocol associated with accessing a first interface of a first service model associated with performing first service processing on one or more storage systems. Motivation for modifying would have been to provide the versatile simultaneous use of varying different protocols in order to increase a versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination in ther security field.
Per claim 22, the Khanduia/Bhargava combination disclosed the method according to claim 21. Khanduia further discloses an arrangement wherein authenticating the second account comprises:
obtaining authorized account information of an access object of the service request (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”),
wherein the authorized account information indicates an authorized account that has permission to access the access object (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”), and wherein the authorized account complies with the target protocol (Khanduia claim 8, “generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request”; Khanduia para. [0042], “The identity mapping system can encode (218) the byte stream in a protocol used by the distributed computing system. …The encoding translates the request into a format that is understood by a protocol of the service of the distributed computing system.”); and
authenticating the second account based on the authorized account information of the access object (Khanduia claim 8, “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Per claim 23, the Khanduia/Bhargava combination disclosed the method according to claim 22. Khanduia disclosed an arrangement further comprising
creating or determining the second account having a same access permission as the first account (Khanduia para. [0018], “The identity mapping system 102 swaps authentication headers of authenticated user accounts with the service account credentials and establishes a connection under the service account using the service identity.”); and
recording a mapping relationship between the first account and the second account (Khanduia para. [0002], “mapping the end user accounts to the service account can be achieved in a static manner”).
Khanduia did not disclose an arrangement further comprising creating the first account in response to a creation request sent by the host.
However, in an analogous art, Bhargava disclosed an arrangement further comprising creating the first account in response to a creation request sent by the host creating the first account in response to a creation request sent by the host (Bhargava Claim 14, “receiving a request to create, for the second service, an account for the user; and updating the multitenant directory based at least in part on receiving the request, wherein the second reference is generated based at least in part on updating the multitenant directory.”)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Khanduia to include, as taught by Bhargava, regarding an arrangement further comprising creating the first account in response to a creation request sent by the host creating the first account in response to a creation request sent by the host. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 24, The Khanduia/Bhargava combination disclosed the method according to claim 23. Bhargava further discloses an arrangement wherein the creation request comprises permission information of the first account, and wherein creating the second account comprises:
setting permission information of the second account based on the permission information of the first account (Bhargava para. [0023], “users from one customer may be granted permission to devices, applications, files, and the like, of other customers, providing a simple, seamless way of managing IT resources across organizations. In some examples, user accounts may be created for a customer utilizing user account information and general user information from a different customer.”),
wherein the permission information of the second account indicates access permission for data written by using the second account.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to further modify the Khanduia/Bhargava combination to include, as taught by Bhargava, regarding an arrangement wherein the creation request comprises permission information of the first account, and wherein creating the second account comprises: setting permission information of the second account based on the permission information of the first account; wherein the permission information of the second account indicates access permission for data written by using the second account. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 25, the Khanduia/Bhargava combination disclosed the method according to claim 21. Khanduia further discloses an arrangement wherein before determining the second account corresponding to the first account, the method further comprises:
determining, based on a format of the first account, that the first account complies with the first protocol (Khanduia para. [0038], “The identity mapping system decodes (208) an end user protocol from the intercepted request. Decoding the end user protocol can include identifying a flag in the request that indicates a protocol type, and then performing a lookup in a protocol database using a location of the flag in the request, a value of the flag, or both.”).
Per claim 26, the Khanduia/Bhargava combination disclosed the method according to claim 21. Khanduia did not further disclose an arrangement wherein before determining the second account corresponding to the first account, the method further comprises: determining, based on a format of the first interface invoked by the service request, that the first account complies with the first protocol
However, in an analogous art, Bhargava discloses an arrangement wherein before determining the second account corresponding to the first account, determining, based on the first format of an interface invoked by the service request, that the first account complies with the first protocol (Bhargava paras. [0103]-[0104], “At block 935, the central server 105 or one or more edge servers 115 may authenticate a first user for access to the first portion of the directory at the first and second edge servers utilizing a first protocol as described with reference to FIGS. 1-4. In certain examples, the operations of block 935 may be performed by the directory server module 205 as described with reference to FIG. 5. [0104] At block 940, the central server 105 may authenticate a second user for access to the second portion of the directory at the first edge and second edge servers utilizing the first protocol”; Also see Bhargava’s FIG.9, blocks 935, 940 and 945).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Khanduia to include, as taught by Bhargava, regarding an arrangement wherein before determining the second account corresponding to the first account, determining, based on a format of an interface invoked by the service request, that the first account complies with the first protocol. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 27, The Khanduia/Bhargava combination disclosed the method according to claim 24. Khanduia further discloses an arrangement wherein the service request comprises a write request, wherein the access object comprises a storage space, and wherein the authenticating the second account based on the authorized account information of the access object comprises:
when first authorized account information of the storage space comprises the second account (Khanduia para. [0038], “The distributed computing system 108 can provide various services, including, for example, database service 114, messaging service 308, and file storage service 310. Various data 312, 314 and 316 are accessed through these services. Each of the database service 114, messaging service 308, and file storage service 310 executes in a respective service account having a respective service identity.”):
successfully authenticating the second account (Khanduia para. [0004], “The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines a service account and service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system.”); and
writing data comprised in the write request into the storage space (Khanduia para. [0004], “The translation includes associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.”; [NOTE: assuming that the access request relates to Khanduia’s “file storage service 310”, a file reading or writing operation would occur]).
Per claim 28, The Khanduia/Bhargava combination disclosed the method according to claim 27. Khanduia further discloses an arrangement further comprising:
setting second authorized account information for the data based on the permission information of the second account (Khanduia para. [0038], “the last byte of the second byte stream, has a value, e.g., 00, that indicates that the distributed computing system 108 uses a trust mode authentication. The trust mode authentication is a mode in which the distributed computing system 108 trusts the request 110”).
Per claim 29, The Khanduia/Bhargava combination disclosed the method according to claim 28. Khanduia further discloses an arrangement wherein the service request comprises a read request, wherein the access object comprises the data, and wherein the authenticating the second account based on the authorized account information of the access object comprises:
when the second authorized account information comprises the second account (Khanduia para. [0038], “The distributed computing system 108 can provide various services, including, for example, database service 114, messaging service 308, and file storage service 310. Various data 312, 314 and 316 are accessed through these services. Each of the database service 114, messaging service 308, and file storage service 310 executes in a respective service account having a respective service identity.”):
successfully authenticating the second account (Khanduia para. [0004], “The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines a service account and service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system.”);
reading the data (Khanduia para. [0004], “The translation includes associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.”; [NOTE: assuming that the access request relates to Khanduia’s “file storage service 310”, a file reading or writing operation would occur]); and
sending the data to the host.
Per claim 30, Khanduia disclosed a device comprising:
at least one processor; and
at least one non-transitory computer-readable memory connected to the at least one processor and including instructions, wherein the at least one non-transitory computer-readable memory and the instructions are configured, with the at least one processor (Khanduia Abstract, “Systems, computer program products and methods implementing protocol-level mapping are described.”; Khanduia para. [0062], “The processes and logic flows described in this specification can be performed by one or more programmable computers executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit)”), to cause the device to:
receive a service request sent by a host (Khanduia claim 8, “intercepting a user request submitted from a client device”),
wherein the service request comprises a first account (Khanduia claim 8, “the user request being associated with user credentials”; Khanduia para. [0014], “An account name of the user account can be referred to as a user identity”), and wherein the first account complies with a first protocol (Khanduia claim 8, “determining a user protocol in which the client device submitted the user request”) associated with accessing a first interface of a first service model associated with performing first service processing on one or more storage systems;
determine a second account corresponding to the first account (Khanduia claim 8, “determining a service of the services that the user request is authorized to access”),
wherein the second account complies with a target protocol (Khanduia claim 8, “generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request”; Khanduia para. [0042], “The identity mapping system can encode (218) the byte stream in a protocol used by the distributed computing system. …The encoding translates the request into a format that is understood by a protocol of the service of the distributed computing system.”) different from the first protocol and associated with accessing a second interface of a second service model associated with performing second service processing of the one or more storage systems; and
authenticate the second account (Khanduia claim 8, “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Per claim 31, the Khanduia/Bhargava combination disclosed the device according to claim 30. Khanduia further discloses an arrangement wherein to authenticate the second account the device is caused to:
obtain authorized account information of an access object of the service request (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”),
wherein the authorized account information indicates an authorized account that has permission to access the access object (Khanduia claim 8, “upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access”), and wherein the authorized account complies with the target protocol (Khanduia claim 8, “generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request”; Khanduia para. [0042], “The identity mapping system can encode (218) the byte stream in a protocol used by the distributed computing system. …The encoding translates the request into a format that is understood by a protocol of the service of the distributed computing system.”); and
authenticate the second account based on the authorized account information of the access object (Khanduia claim 8, “since the distributed computing system originally indicated in the second byte stream as shown in Listing (2), that the authentication mode is a trust mode, the identity mapping module 120 does not need to include the password, e.g., zkabiegfq or other passwords”).
Per claim 32, the Khanduia/Bhargava combination disclosed the device according to claim 31. Khanduia further discloses the device further caused to:
create or determine the second account having a same access permission as the first account (Khanduia para. [0018], “The identity mapping system 102 swaps authentication headers of authenticated user accounts with the service account credentials and establishes a connection under the service account using the service identity.”); and
record a mapping relationship between the first account and the second account (Khanduia para. [0002], “mapping the end user accounts to the service account can be achieved in a static manner”).
Khanduia did not disclose an arrangement to create the first account in response to a creation request sent by the host.
However, in an analogous art, Bhargava disclosed an arrangement to create the first account in response to a creation request sent by the host (Bhargava Claim 14, “receiving a request to create, for the second service, an account for the user; and updating the multitenant directory based at least in part on receiving the request, wherein the second reference is generated based at least in part on updating the multitenant directory.”).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Khanduia to include, as taught by Bhargava, regarding an arrangement to create the first account in response to a creation request sent by the host. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 33, The Khanduia/Bhargava combination disclosed the device according to claim 32. Bhargava further discloses an arrangement wherein the creation request comprises permission information of the first account, and wherein to create the second account the device is caused to:
set permission information of the second account based on the permission information of the first account (Bhargava para. [0023], “users from one customer may be granted permission to devices, applications, files, and the like, of other customers, providing a simple, seamless way of managing IT resources across organizations. In some examples, user accounts may be created for a customer utilizing user account information and general user information from a different customer.”),
wherein the permission information of the second account indicates access permission for data written by using the second account.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to further modify the Khanduia/Bhargava combination to include, as taught by Bhargava, regarding an arrangement wherein the creation request comprises permission information of the first account, and wherein to create the second account the device is caused to: set permission information of the second account based on the permission information of the first account; wherein the permission information of the second account indicates access permission for data written by using the second account. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 34, the Khanduia/Bhargava combination disclosed the device according to claim 30. Khanduia further discloses an arrangement wherein before the determining the second account corresponding to the first account, the device is caused to:
determine, based on a format of the first account, that the first account complies with the first protocol (Khanduia para. [0038], “The identity mapping system decodes (208) an end user protocol from the intercepted request. Decoding the end user protocol can include identifying a flag in the request that indicates a protocol type, and then performing a lookup in a protocol database using a location of the flag in the request, a value of the flag, or both.”).
Per claim 35, the Khanduia/Bhargava combination disclosed the device according to claim 30. Khanduia did not further disclose an arrangement wherein before the determining the second account corresponding to the first account, the device is caused to: determine, based on a format of the first interface invoked by the service request, that the first account complies with the first protocol.
However, in an analogous art, Bhargava discloses an arrangement wherein before the determining the second account corresponding to the first account, the device is caused to: determine, based on a format of the first interface invoked by the service request, that the first account complies with the first protocol (Bhargava paras. [0103]-[0104], “At block 935, the central server 105 or one or more edge servers 115 may authenticate a first user for access to the first portion of the directory at the first and second edge servers utilizing a first protocol as described with reference to FIGS. 1-4. In certain examples, the operations of block 935 may be performed by the directory server module 205 as described with reference to FIG. 5. [0104] At block 940, the central server 105 may authenticate a second user for access to the second portion of the directory at the first edge and second edge servers utilizing the first protocol”; Also see Bhargava’s FIG.9, blocks 935, 940 and 945).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Khanduia to include, as taught by Bhargava, regarding an arrangement wherein before the determining the second account corresponding to the first account, the device is caused to: determine, based on a format of the first interface invoked by the service request, that the first account complies with the first protocol. Motivation for modifying would have been to increase available options in order to increase a user-friendliness, intuitiveness, versatility, attractiveness and broadened adoption of the Khanduia/Bhargava combination within the art.
Per claim 36, The Khanduia/Bhargava combination disclosed the device according to claim 33. Khanduia further discloses an arrangement wherein the service request comprises a write request, wherein the access object is storage space, and wherein to authenticate the second account based on the authorized account information of the access object the device is caused to:
when first authorized account information of the storage space comprises the second account (Khanduia para. [0038], “The distributed computing system 108 can provide various services, including, for example, database service 114, messaging service 308, and file storage service 310. Various data 312, 314 and 316 are accessed through these services. Each of the database service 114, messaging service 308, and file storage service 310 executes in a respective service account having a respective service identity.”):
successfully authenticate the second account (Khanduia para. [0004], “The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines a service account and service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system.”); and
write data comprised in the write request into the storage space (Khanduia para. [0004], “The translation includes associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.”; [NOTE: assuming that the access request relates to Khanduia’s “file storage service 310”, a file reading or writing operation would occur]).
Per claim 37, The Khanduia/Bhargava combination disclosed the device according to claim 36. Khanduia further discloses the device further caused to:
set second authorized account information for the data based on the permission information of the second account (Khanduia para. [0038], “the last byte of the second byte stream, has a value, e.g., 00, that indicates that the distributed computing system 108 uses a trust mode authentication. The trust mode authentication is a mode in which the distributed computing system 108 trusts the request 110”).
Per claim 38, The Khanduia/Bhargava combination disclosed the device according to claim 37. Khanduia further discloses an arrangement wherein the service request comprises a read request, wherein the access object comprises the data, and wherein to authenticate the second account based on the authorized account information of the access object the device is caused to, in response to the second authorized account information comprising the second account (Khanduia para. [0038], “The distributed computing system 108 can provide various services, including, for example, database service 114, messaging service 308, and file storage service 310. Various data 312, 314 and 316 are accessed through these services. Each of the database service 114, messaging service 308, and file storage service 310 executes in a respective service account having a respective service identity.”):
successfully authenticate the second account (Khanduia para. [0004], “The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines a service account and service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system.”);
read the data and send the data to the host (Khanduia para. [0004], “The translation includes associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.”; [NOTE: assuming that the access request relates to Khanduia’s “file storage service 310”, a file reading or writing operation would occur]);
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul J Skwierawski whose telephone number is (571)272-2642. The examiner can normally be reached 6:00am-3:30pm weekdays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisory primary examiner (SPE) Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Paul Skwierawski/
Patent Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439