DIRECT ACCESS FOR CUSTOMER SERVICE WITH IMPERSONATION CAPABILITY

§102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-6 and 12-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ramamurthi et al (2022/0353266). Regarding claims 1, 13, and 17, Ramamurthi discloses an apparatus and a method, comprising: generating, at a first computing system that is managed by an operator (see cloud provider operator 110 in figure 1) and separate from a second computing system that is managed by a customer of the operator (see cloud customer 120 in figure 1), a first user account for the customer that provides a user of the customer access to an instance of an application running at the first computing system for the customer (see generate/set up customer policies in step 206 of figure 2A and paragraph 0026); enabling, based at least in part on a request from the user of the customer for support with the instance of the application running for the customer (see service request from client device in figure 5 and paragraph 0055), a second user account for the customer that provides a user of the operator access to the instance of the application (see Upon approval for the operator access, at step 220, a temporary user account is created for the operator access on the target resource in paragraph 0034); and providing, based at least in part on enabling the second user account, the user of the operator temporary access to the instance of the application via the second user account (see permit operator access with temporary account in step 224 of figure 2B). Regarding claims 2, 14, and 18, Ramamurthi discloses receiving, from the user of the customer, an indication granting one or more users of the operator access to the instance of the application running for the customer and indicating that the user of the customer is experiencing an issue with the instance of the application, wherein the second user account is enabled based at least in part on the indication being received (see grant access and deny access in figure 2B including permit operator access with temporary account in step 224). Regarding claims 3, 15, and 19, Ramamurthi discloses the indication further indicates at least one of: a time at which the temporary access granted to the user of the operator to the instance of the application expires (see As the user is created as a new temporary account, there is no existing privilege in the system. The user is deleted once the access expires and hence it is a clear removal of privilege in paragraph 0034), and permissions associated with accessing the instance of the application, the permissions being selected from a plurality of permissions comprising view permissions, read-only permissions, and read/write permissions (see read-only access in paragraph 0030). Regarding claims 4, 16, and 20, Ramamurthi discloses configuring, based at least in part on enabling the second user account, permissions of the second user account for accessing the instance of the application based at least in part on the indication (see the new temporary user is created that is seeded using the public key for the operator for which the request is being sought. To generate this user, the CCA system will log into the corresponding layers to create the user, where this login is a performed as root. The temporary user that is created will only have the permissions granted by the specific ACP approved by the customer. After the temporary user is dynamically generated, the username and key are posted to the requesting operator user in paragraph 0035 and figure 2B). Regarding claim 5, Ramamurthi discloses the first user account of the customer has first permissions granting the first user account access to first resources of the second computing system and second permissions granting the first user account access to services of the instance of the application, first configurations of the instance of the application are associated with the first user account (see provide a cloud customer access control mechanism 122 that allows a cloud customer 120 to implement customer control over access to the cloud infrastructure resources 104 by cloud provider operators 110 in paragraph 0020), and the user of the operator is provided temporary access to the instance of the application in accordance with the first permissions of the first user account, the second permissions of the first user account, and the first configurations of the instance of the application (see The temporary user that is created will only have the permissions granted by the specific ACP approved by the customer. After the temporary user is dynamically generated, the username and key are posted to the requesting operator user in paragraph 0035). Regarding claim 6, Ramamurthi discloses wherein the instance of the application implements an interface enabling the user of the customer to access the instance of the application, the interface being configurable by the user of the customer (see a cloud User Interface (UI) in paragraph 0073; provide a cloud customer access control mechanism 122 that allows a cloud customer 120 to implement customer control over access to the cloud infrastructure resources 104 by cloud provider operators 110. In effect, the cloud customer access control mechanism 122 creates a customer permissions perimeter 150 that allows the cloud customer to manage the extent, timing, and approval process for access to the cloud infrastructure resources 104 that are associated with the cloud customer 120 in paragraph 0020). Regarding claim 12, Ramamurthi discloses wherein the customer supports a plurality of organizations, the method further comprising: determining, based at least in part on enabling the second user account, an organization of the plurality of organizations associated with the user of the customer, wherein the temporary access of the user of the operator to the instance of the application is limited to a portion of data managed by the instance of the application that is owned by the organization (see The cloud services may also be provided under a community cloud model in which cloud infrastructure system 1502 and the services provided by cloud infrastructure system 1502 are shared by several organizations in a related community in paragraph 0062; This essentially limits their access to a directory tree and thus they get the name “chroot jail”. This means that the cloud operator will only be able to perform its activities within the scope of the directory tree for the chroot environment that is created for the temporary user account in paragraph 0036). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 7-8, 10, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Ramamurthi in view of Pitre et al (2019/0102162). Regarding claim 7, Ramamurthi discloses receiving, based at least in part on enabling the second user account, a request from the user of the operator to access the second user account (see At 214, the operator request is checked against the polic(ies) that are pertinent to the request in paragraph 0030 and figure 2B); and sending, to the user of the operator, in response to the request from the user of the customer, a message token associated with accessing the second user account (see permit operator access with temporary account in step 224 of figure 2B). Ramamurthi doesn't specifically disclose using a token. However, Pitre discloses using a token for network access (see access tokens in paragraph 0089). The claim would have been obvious because a person of ordinary skill has good reason to pursue the known options within his or her technical grasp. If this leads to the anticipated success, it is likely the product not of innovation but of ordinary skill and common sense. Regarding claim 8, Ramamurthi doesn't specifically disclose redirecting, in response to the request from the user of the operator, a browser of the user of the operator to a landing page of a user portal for the second user account, a configuration of the landing page of the user portal for the second user account corresponding to a configuration of a landing page of a user portal for the first user account. However, redirecting a browser is well known in the art. Pitre further discloses this feature (see provision SaaS user accounts for selective devices (e.g., mobile and personal computer (“PC”)) with access to user portal containing many private and public cloud resources in paragraph 0059; “the URI of a landing page within the App” and ““redirectURIs” indicates redirect URIs of the application” in paragraph 0232) Regarding claim 10, Ramamurthi discloses determining, after providing the user of the operator temporary access to the instance of the application, that the user of the operator has logged out of the second user account; and invalidating, based at least in part on the user of the operator logging out of the second user account, a token used by the user of the operator to access the instance of the application (see The access privileges of the operator user 312 may later be revoked. This may occur, at (13a), by command of the customer user 302 to the controller 322 to evict the operator user 312. Alternatively an access monitor 324 may note the expiration of the designated time period of the access grant, and at (13b) issue a notification to the controller 322 of the timeout that has occurred for the access rights of the operator user 312. At this point, the controller 322 will operate the controlled access point 326 to revoke access to the operator user 312 in paragraph 0046. Note that a token is disclosed by Pitre). Regarding claim 11, Ramamurthi discloses determining, after providing the user of the operator temporary access to the instance of the application, that temporary access of the user of the operator has expired; and invalidating, based at least in part on the temporary access expiring, a token used by the user of the operator to access the instance of the application (see The access privileges of the operator user 312 may later be revoked. This may occur, at (13a), by command of the customer user 302 to the controller 322 to evict the operator user 312. Alternatively an access monitor 324 may note the expiration of the designated time period of the access grant, and at (13b) issue a notification to the controller 322 of the timeout that has occurred for the access rights of the operator user 312. At this point, the controller 322 will operate the controlled access point 326 to revoke access to the operator user 312 in paragraph 0046). Allowable Subject Matter Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN D NGUYEN whose telephone number is (571)272-3084. The examiner can normally be reached Monday-Friday 8:00 - 4:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Khaled Kassim can be reached at 571-270-3770. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRIAN D NGUYEN/Primary Examiner, Art Unit 2475