DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
General Remarks
This communication is considered fully responsive to Applicant’s response filed 01/23/2026.
Application filed: 01/05/2024
Applicant’s PgPUB: 2025/0227108
Claims:
Claims 1-4, 6-11, 13-18 and 20-23 are pending.
Claims 1, 8 and 15 are independent.
Claims 1-4, 7-11, 13-18 and 20 are amended.
Claims 5, 12 and 19 are canceled.
Claims 21-23 are new.
IDS:
Previous IDS:
IDS filed 02/21/2024 has been considered.
35 U.S.C. 112(f):
Claims 8-15 will be reviewed under 35 U.S.C. 112(f).
Previous Office Action:
Rejection under 35 U.S.C. 112 have been withdrawn due to Applicant’s amendment.
Response to Arguments
Applicant’s arguments, see Applicant’s arguments, filed 07/10/2025, with respect to the rejection(s) of claim(s) 1-4, 6-11, 13-18 and 20-23 under 35 U.S.C. 103 have been fully considered and are persuasive to overcome the prior rejection. However, upon further consideration, a new ground(s) of rejection is made in view of U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”), U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”), U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”), U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”), U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) and U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”).
Examiner Note: the amendments made to the prior claims have created an entirely new scope.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-7 and 15-18, 20, 21 and 23 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As to claim 1, it claims in part, “A method for providing access, from a resource, to a cloud shifted non-cloud operating system (OS) or associated native application, the method comprising: receiving a request from a user seeking access to the shifted OS or the associated native application or a session interface, or a cloud application programming interface (API) … receiving an assertion from a client browser at the session interface … granting user access to the cloud shifted non-cloud OS or associated native application.”
The preamble and other limitations of the claim discusses a method of accessing a cloud shifted non-cloud OS or associated native application whereas the first limitation discusses requesting access to the cloud shifted non-cloud OS, associated native application or session interface or cloud application programming interface (API). The first limitation adds two (2) entities not mentioned in the preamble. This discrepancy introduces conflicting language about what access entities the claim in directed.
Also, the first limitation claims seeking access to a session interface but then it receives an assertion from a browser at the session interface.
Examiner requires clarification/amendment to avoid future confusion.
As to claim 1, it claims in part, “… sending an authentication response, via to the user from the IdP, the authentication response including an assertion identifying the user including attributes of the user”. The phrase “… via to the user …” is an oddly worded and confusing turn-of-phrase. For the purpose of the this OA, Examiner will ignore the word “via”. Examiner requires clarification/amendment to avoid future confusion.
As to claim 15, it claims in part, “Non-transient A computer readable non-transient programmable product …”. This introduction to the claim and classification is ill-worded. Examiner assumes the first “Non-transient” was intended to be removed given the “A” that follows. Examiner requires amendment to clarity and clean up the claim language.
As to claims 2-7, 16-18, 20, 21 and 23, these claims are rejected by virtue of being dependent upon claims 1 and 15.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1, 15, 21 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”).
As to claim 1, Alexander disclose:
A method for providing access, from a resource, to a cloud shifted non-cloud operating system (OS) or associated native application (¶0003 – Alexander teaches Role-based policies may be used to determine who can access which applications based on the authenticated role of the individual or group. Specific individuals or groups may be allowed to access specific applications or data based on properly authenticating into the role), the method comprising:
receiving a request from a user seeking access to the shifted OS or the associated native application or a session interface, or a cloud application programming interface (API) (¶0016 – Alexander teaches When a user attempts to log in to the application, the user would use the WebAuthn Application Programming Interface (API) to log in to the authentication system, which determines whether the user's account is authorized for access to the account in the application (e.g., the relying party));
verifying the user through an identity provider (IdP) (Fig. 1, ¶0020 – Alexander teaches When a user authenticates to a relying party using an account that is managed by the identity provider, the credential request (e.g., a WebAuthn assertion request) may be passed from the user device to the identity server);
sending an authentication response, via to the user from the IdP, the authentication response including an assertion identifying the user including attributes of the user (¶0023, (¶0024 – Alexander teaches The user device sends a message 210 to the identity server 120 registering a passwordless authentication account (e.g., a WebAuthn account) for the user. In one example, the authenticator 115 is registered as the authenticator for the account, causing the identity server 120 to store a signed assertion from the authenticator 115. Subsequently, any time the user of the user device 110 wants to log in to any of the accounts managed by the identity server 120, the user device 110 and identity server 120 perform a first authentication exchange 220. … In the authentication exchange 220, the identity server 120 acts as a relying party to authenticate the user device 110. The identity server 120 sends a credential request 222 to the user device 110, which responds with a credential response 224 signed by the previously registered authenticator 115);
performing an access determination, for the request for role-based access, based on script or commands received from the user (¶0029 – Alexander teaches initially, the user device 110 sends a login request 260 to the relying party), the access determination being further based on the group consisting of a session configuration endpoint, a plurality of session configuration endpoints, a set of session configuration files, and a set or role capability files (¶0019 – Alexander teaches providing for a WebAuthn-enabled identity provider with Role-Based Access Control capabilities);
granting user access to the cloud shifted non-cloud operating system (OS) or the associated native application in connection with the passwordless authentication process provided through the temporary access security token (¶0002, ¶0003 – Alexander teaches use of passwordless and token authentication); and
Parla discloses what Alexander does not expressly disclose.
Parla discloses:
receiving an assertion from a client browser at the session interface (¶0020 – Parta teaches a browser application running on the client device 20(1) receives the response sent at 120, this causes the browser of the client device, at 122, to send the assertion to the proxy 50.);
Alexander and Parla are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Parla to the system/method of Alexander in order to demonstrate how a browser can used to pass information within network messaging (Parla, ¶0020).
Manikantan discloses what Alexander and Parla does not expressly disclose.
Manikantan discloses:
creating a temporary security token, the temporary security token being based on context information, and active tracking information including collected access times and location information of access attempts (¶0043 – Manikantan teaches secure authorization token may be generated using one or more of a building identification (ID), an expiration time, an expiration date, a current date, a current time, a current user location, a user type, and user preferences.);
Alexander, Parla and Manikantan are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Manikantan to the system/method of Alexander and Parla in order to demonstrate how a variety of user information can be incorporated into an authentication token (Manikantan, ¶0043).
Lee discloses what Alexander, Parla and Manikantan does not expressly disclose.
Lee discloses:
sending the temporary security token from the IdP to the session interface, the temporary security token containing claims providing assertions about the user; the temporary security token providing access to a session level passwordless authentication process in connection with storage of the temporary security token at the client browser (Fig. 1, Security Token Generation Unit, 121, ¶0025 – Lee teaches that an assertion is used to build a one-time token that is then stored in a browser.);
Alexander, Parla, Manikantan and Lee are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of time-limited tokens as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Lee to the system/method of Alexander, Parla and Manikantan in order to demonstrate how a variety of user information can be incorporated into an authentication token (Manikantan, ¶0025).
Olden discloses what Alexander, Parla, Manikantan and Lee does not expressly disclose.
Olden discloses:
receiving a request for role-based access to the cloud shifted non-cloud operating system (OS) or the associated native application, the request for role-based access having role information in a header of the request for role-based access (col. 24 ll. 56-65 – Olden teaches use of tokens that includes role information within the token);
Alexander, Parla, Manikantan, Lee and Olden are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Olden to the system/method of Alexander, Parla, Manikantan and Lee in order to demonstrate how a variety of user information can be incorporated into an authentication token (Manikantan, ¶0025).
Brindley discloses what Alexander, Parla, Manikantan, Lee and Brindley does not expressly disclose.
Brindley discloses:
tracking and collecting user activity, including identity information and session information (¶0034 – Brindley teaches an identity network 105 may generate a session ID and may provide the session ID to the relying party application 205. The session identifier may be used throughout the process to track the activity associated with the initial request from the relying party application 205 for the specific user.).
Alexander, Parla, Manikantan, Lee, Olden and Brindley are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Brindley to the system/method of Alexander, Parla, Manikantan, Lee and Olden in order to demonstrate how to track activity within a user session (Brindely, ¶0034).
As to claim 15, similar rejection as to claim 1.
As to claim 21, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
method of claim 1, and
Manikantan discloses:
wherein the context information comprises at least an access timestamp, geolocation of an access attempt and access device identification (¶0043 – Manikantan teaches secure authorization token may be generated using one or more of a building identification (ID), an expiration time, an expiration date, a current date, a current time, a current user location, a user type, and user preferences.). The suggestion/motivation and obviousness rejection is the same as in claim 1.
As to claim 23, similar rejection as to claim 21.
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2012/0254957 A1 to Fork et al. (“Fork”).
As to claim 2, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
method according to claim 1,
Fork discloses what Alexander, Parla, Manikantan, Lee, Olden and Brindley do not expressly disclose.
Fork discloses:
wherein the temporary security token defining role and role-based access based on a plurality of attributes, the plurality of attributes including subject data, user identity, the subject's roles, group membership, management level status, security clearance, resource data, and action data environment data (¶0072 – Fork teaches how a token may be scoped, where a set of target users is identified and several criteria can be used, such that a set of target users may be an existing group of users in a user data store (e.g., an LDAP Group), a set of user with a specific attribute value (e.g., user state="OH" status=`EMPLOYED` title=`SALES`), those users assigned a specific role in a source application, those users assigned a specific role at the target application, and so forth. ).
Alexander, Parla, Manikantan, Lee, Olden, Brindley and Fork are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of the token construction and using user information as discussed in Fork with tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Fork to the system/method of Alexander, Parla, Manikantan, Lee, Olden and Brindley in order to demonstrate how to build tokens using user information (Fork, ¶0072).
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Shah et al. (“Shah”).
As to claim 3, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
method according to claim 1,
Shah discloses what Alexander, Parla, Manikantan, Lee, Olden and Brindley do not expressly discloses.
Shah discloses:
wherein verifying the user through the identity IdP is accomplished using multifactor identification (¶0043 – Shah teaches use multi-factor authorization via an IdP).
Alexander, Parla, Manikantan, Lee, Olden, Brindley and Shah are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of the multi-factor authorization as discussed in Shah with tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Shah to the system/method of Alexander, Parla, Manikantan, Lee, Olden and Brindley in order to strengthen authentication (Shah, ¶0003).
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”).
As to claim 4, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
method according to claim 1,
Morgan discloses what Alexander, Parla, Manikantan, Lee, Olden and Brindley do not expressly discloses.
Morgan discloses:
further comprising
building an operating system image serving as the cloud shifted noncloudy OS (¶0039, ¶0041, (¶0042 – Morgan teaches building a OS image).
Alexander, Parla, Manikantan, Lee, Olden, Brindley and Morgan are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Morgan to the system/method of Alexander, Parla, Manikantan, Lee, Olden and Brindley in order to demonstrate building an OS image for migration (Morgan, ¶0039).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”).
As to claim 6, Alexander, Parla, Manikantan, Lee, Olden, Brindley and Morgan discloses:
method according to claim 4,
Manson discloses what Alexander, Parla, Manikantan, Lee, Olden, Brindley and Morgan does not expressly disclose.
Manson discloses:
further comprising
providing session configuration files and role capabilities files, and choosing one among the session configuration files and choosing one among the role capabilities files (Fig. 1, Fig. 2, Fig. 5A, Fig. 5B of Manson).
Alexander, Parla, Manikantan, Lee, Olden, Brindley, Morgan and Manson are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Manson with broker functionality as discussed in Ogle with OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Manson to the system/method of Alexander, Parla, Manikantan, Lee, Olden, Brindley and Morgan in order to provide access to systems to different customers (Manson, ¶0012).
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”) in further view of U.S. Patent Application Publication No. 2023/0109755 to Qadri et al. (“Qadri”).
As to claim 7, Alexander, Parla, Manikantan, Lee, Olden, Brindley, Morgan, Manson and Qadri discloses:
method according to claim 6, and
Qadri discloses what Alexander, Parla, Manikantan, Lee, Olden, Brindley, Morgan and Manson does not expressly disclose.
Qadri discloses:
wherein the session configuration files and the role capabilities files comprise just enough administration files (¶0043, ¶0054, ¶0056, ¶0065 – Qadri teaches use of JEA PowerShell sessions to restrict access (i.e., role capabilities) and altering JEA PowerShell configuration (i.e., configuration files)).
Alexander, Parla, Manikantan, Lee, Olden, Brindley, Morgan, Manson and Qadri are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Qadri with access capabilities as discussed in Manson with broker functionality as discussed in Olden with OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Manson to the system/method of Alexander, Parla, Manikantan, Lee, Olden, Brindley and Morgan in order to address access issues in cloud environments (Qadri, ¶0003).
Claims 8 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”).
As to claim 8, Alexander discloses:
a system comprising:
an access control system configured to give a user access to certain capabilities associated with a given role (¶0003 – Alexander teaches Role-based policies may be used to determine who can access which applications based on the authenticated role of the individual or group. Specific individuals or groups may be allowed to access specific applications or data based on properly authenticating into the role), upon the user seeking access to a shifted OS or an associated native application, wherein the user is a member of a given domain security group and thereby has the given role(¶0003 – Alexander teaches Role-based policies may be used to determine who can access which applications based on the authenticated role of the individual or group. Specific individuals or groups may be allowed to access specific applications or data based on properly authenticating into the role);
an authentication circuit configured to provide the user with an accessed command level session with certain capabilities (¶0029 – Alexander teaches initially, the user device 110 sends a login request 260 to the relying party; ¶0019 – Alexander teaches providing for a WebAuthn-enabled identity provider with Role-Based Access Control capabilities); and
Manikantan discloses what Alexander do not expressly discloses.
Manikantan discloses:
the temporary security token being based on context information, and active tracking information including collected access times and location information of access attempts (¶0043 – Manikantan teaches secure authorization token may be generated using one or more of a building identification (ID), an expiration time, an expiration date, a current date, a current time, a current user location, a user type, and user preferences.),
Alexander and Manikantan are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Manikantan to the system/method of Alexander in order to demonstrate how a variety of user information can be incorporated into an authentication token (Manikantan, ¶0025).
Brindley discloses what Alexander and Manikantan do not expressly discloses.
Brindley discloses:
a tracking system configured to track actions involving the command level session and associated user identity information, the tracking system being operable to configure temporary security tokens for granting access to the cloud shifted non-cloud operating system (OS) or the associated native application (¶0033 – Brindley teaches a identity provider 120 may provide the token upon first request by the identity network 105 to authenticate the user with the identity provider 120; ¶0034 – Brindley teaches an identity network 105 may generate a session ID and may provide the session ID to the relying party application 205. The session identifier may be used throughout the process to track the activity associated with the initial request from the relying party application 205 for the specific user.),
the access to the cloud shifted non-cloud operating system (OS) and the associated native application being based on attributes including actions tracked by the tracking system (¶0023 - Brindley teaches a user may access a relying party 110 website 150 using the user device 115 to sign up with the relying party 110; ¶0034 – Brindley teaches an identity network 105 may generate a session ID and may provide the session ID to the relying party application 205. The session identifier may be used throughout the process to track the activity associated with the initial request from the relying party application 205 for the specific user.).
Alexander, Manikantan and Brindley are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Brindley to the system/method of Alexander and Manikantan in order to demonstrate how to track activity within a user session (Brindely, ¶0034).
Morgan discloses what Alexander, Manikantan and Brindley does not expressly disclose.
Morgan discloses:
an image builder (¶0039, ¶0041, (¶0042 – Morgan teaches building a OS image);
Alexander, Manikantan, Brindley and Morgan are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Morgan to the system/method of Alexander, Manikantan and Brindley in order to demonstrate building an OS image for migration (Morgan, ¶0039).
As to claim 22, Alexander, Manikantan, Brindley and Morgan discloses:
system of claim 8, and
Manikantan discloses:
wherein the context information comprises at least an access timestamp, geolocation of an access attempt and access device identification (¶0043 – Manikantan teaches secure authorization token may be generated using one or more of a building identification (ID), an expiration time, an expiration date, a current date, a current time, a current user location, a user type, and user preferences.). The suggestion/motivation and obviousness rejection is the same as in claim 8.
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”).
As to claim 9, Alexander, Manikantan, Brindley and Morgan discloses:
system according to claim 8,
Chaganti discloses what Alexander, Manikantan, Brindley and Morgan do not expressly disclose.
Chaganti discloses:
wherein the authentication circuit is configured to
give the given user is given access to the certain capabilities by specifying a remote target cloud platform server and a given access constrained endpoint registered to the remote target cloud platform server (p. 424-426, Creating a JEA Endpoint for DSC (DSC role capability, session configuration) – Chaganti teaches creating a role capability that defines what the user or group of users can perform on the target nodes and then create a remoting session configuration and attach the role capability).
Alexander, Manikantan, Brindley, Morgan and Chaganti are analogous arts because they are from the same field of endeavor with respect to network authentication.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate Windows PowerShell as discussed in Chaganti with use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Chaganti to the system/method of Alexander, Manikantan, Brindley and Morgan in order provide cloud computing, communication and collaboration along with an agile way of delivering both infrastructure and software (Chaganti, p. 3, Introduction to Infrastructure as Code and Powershell DSC).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”) in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”).
As to claim 10, Alexander, Manikantan, Brindley, Morgan and Chaganti discloses:
system according to claim 9,
Manson discloses what Alexander, Manikantan, Brindley, Morgan and Chaganti does not expressly disclose.
Manson discloses:
further comprising
plural different access constrained endpoints each configured for a different range of access capabilities, wherein the given access constrained endpoint is among the plural different access constrained endpoints (Fig. 1, Fig. 2, Fig. 5A, Fig. 5B of Manson).
Alexander, Manikantan, Brindley, Morgan, Chaganti and Manson are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Manson with Windows PowerShell as discussed in Chaganti with use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Manson to the system/method of Alexander, Manikantan, Brindley, Morgan and Chaganti in order to provide access to systems to different customers (Manson, ¶0012).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”) in further view of U.S. Patent Application Publication No. 2023/0109755 to Qadri et al. (“Qadri”).
As to claim 11, Alexander, Manikantan, Brindley, Morgan and Chaganti discloses:
system according to claim 9,
Qadri discloses what Alexander, Manikantan, Brindley, Morgan and Chaganti does not expressly disclose.
Qadri discloses:
further comprising
role capabilities file associated with the endpoint, wherein the certain capabilities are constrained based on the role capabilities file associated with the endpoint (¶0029 – Qadri teaches the set of commands that can be performed on the on-premises device are restricted by the agent that establishes a remote session with the connectivity platform).
Alexander, Manikantan, Brindley, Morgan, Chaganti and Qadri are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Qadi with Windows PowerShell as discussed in Chaganti with use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Qadri to the system/method of Alexander, Manikantan, Brindley, Morgan and Chaganti in order to address access issues in cloud environments (Qadri, ¶0003).
Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2016/0087957 A1 to Morgan (“Morgan”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”) in further view of U.S. Patent Application Publication No. 2023/0109755 to Qadri et al. (“Qadri”)in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”).
As to claim 13, Alexander, Manikantan, Brindley, Morgan, Chaganti and Qadr discloses:
system according to claim 11,
Manson discloses what Alexander, Manikantan, Brindley, Morgan, Chaganti and Qadr does not expressly disclose.
Manson discloses:
further comprising
providing session configuration files and role capabilities files, and choosing one among the session configuration files and choosing one among the role capabilities files (Fig. 1, Fig. 2, Fig. 5A, Fig. 5B of Manson).
Alexander, Manikantan, Brindley, Morgan, Chaganti, Qadri and Manson are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Manson with access capabilities as discussed in Qadi with Windows PowerShell as discussed in Chaganti with use of the OS image building as discussed in Morgan with tracking user activity as discussed in Brindley with token construction as discussed in Manikantan with network resource access system as discussed in Alexander by adding the functionality of Manson to the system/method of Alexander, Manikantan, Brindley, Morgan, Chaganti and Qadri in order to provide access to systems to different customers (Manson, ¶0012).
As to claim 14, Alexander, Manikantan, Brindley, Morgan, Chaganti, Qadri and Manson discloses:
system according to claim 13, and
Qadri discloses:
further comprising
session configuration files and the role capabilities files comprise just enough administration files (¶0043, ¶0054, ¶0056, ¶0065 – Qadri teaches use of JEA PowerShell sessions to restrict access (i.e., role capabilities) and altering JEA PowerShell configuration (i.e., configuration files)). The suggestion/motivation and obviousness rejection is the same as in claim 13.
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”)
As to claim 16, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
computer readable non-transient programmable product (CRNPP) according to claim 15,
Chaganti discloses what Alexander, Parla, Manikantan, Lee, Olden and Brindley do not expressly disclose.
Chaganti discloses:
wherein the given user is given access to the certain capabilities by specifying a remote target cloud platform server and an access constrained endpoint registered to the remote target cloud platform server (p. 424-426, Creating a JEA Endpoint for DSC (DSC role capability, session configuration) – Chaganti teaches creating a role capability that defines what the user or group of users can perform on the target nodes and then create a remoting session configuration and attach the role capability). Alexander, Manikantan, Brindley, Morgan and Chaganti are analogous arts because they are from the same field of endeavor with respect to network authentication.
Alexander, Parla, Manikantan, Lee, Olden, Brindley and Chaganti are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate Windows PowerShell as discussed in Chaganti with incorporate use of tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Chaganti to the system/method of Alexander, Parla, Manikantan, Lee, Olden and Brindley in order to provide cloud computing, communication and collaboration along with an agile way of delivering both infrastructure and software (Chaganti, p. 3, Introduction to Infrastructure as Code and Powershell DSC).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of Printed Publication, “Pro Powershell Desired State Configuration”, to Chaganti (“Chaganti”) in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”).
As to claim 17, Alexander, Parla, Manikantan, Lee, Olden, Brindley and Chaganti discloses:
computer readable non-transient programmable product (CRNPP) according to claim 16,
Manson discloses what Alexander, Parla, Manikantan, Lee, Olden, Brindley and Chaganti do not expressly disclose.
Manson discloses:
wherein the given access constrained endpoint is among plural different access constrained endpoints each configured for a different range of access capabilities (Fig. 1, Fig. 2, Fig. 5A, Fig. 5B of Manson).
Alexander, Parla, Manikantan, Lee, Olden, Brindley, Chaganti and Manson are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Manson with Windows PowerShell as discussed in Chaganti with incorporate use of tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Manson to the system/method of Alexander, Parla, Manikantan, Lee, Olden, Brindley and Chaganti in order to provide access to systems to different customers (Manson, ¶0012).
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2023/0109755 to Qadri et al. (“Qadri”)
As to claim 18, Alexander, Parla, Manikantan, Lee, Olden and Brindley discloses:
computer readable non-transient programmable product (CRNPP) according to claim 15,
Qadri discloses what Alexander, Parla, Manikantan, Lee, Olden and Brindley do not expressly disclose.
Qadri discloses:
wherein the certain capabilities are constrained based on a role capabilities file associated with the endpoint (¶0029 – Qadri teaches the set of commands that can be performed on the on-premises device are restricted by the agent that establishes a remote session with the connectivity platform).
Alexander, Parla, Manikantan, Lee, Olden, Brindley and Qadri are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Qadri with incorporate use of tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Qadri to the system/method of Alexander, Parla, Manikantan, Lee, Olden and Brindley in order to address access issues in cloud environments (Qadri, ¶0003).
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 2020/0403993 to Alexander et al. (“Alexander”) in view of U.S. Patent Application Publication No. 2015/0200924 to Parla et al. (“Parla”) in further view of U.S. Patent Application Publication No. 2017/0243417 A1 to Manikantan Shila et al. (“Manikantan”) in further view of U.S. Patent Application Publication No. 2005/0097060 A1 to Lee et al. (“Lee”) in further view of U.S. Patent No. 11,855,871 B1 to Olden et al. (“Olden”) in further view of U.S. Patent Application Publication No. 2023/0131814 A1 to Brindely et al. (“Brindely”) in further view of U.S. Patent Application Publication No. 2023/0109755 to Qadri et al. (“Qadri”) in further view of U.S. Patent Application Publication No. 2007/0226031 to Manson et al. (“Manson”).
As to claim 20, Alexander, Parla, Manikantan, Lee, Olden, Brindley and Qadri discloses:
computer readable non-transient programmable product (CRNPP) according to claim 18,
Manson discloses what Alexander, Parla, Manikantan, Lee, Olden, Brindley and Qadri do not expressly disclose.
Manson discloses:
further comprising
providing session configuration files and role capabilities files, and choosing one among the session configuration files and choosing one among the role capabilities files (Fig. 1, Fig. 2, Fig. 5A, Fig. 5B of Manson).
Alexander, Parla, Manikantan, Lee, Olden, Brindley, Qadri and Manson are analogous arts because they are from the same field of endeavor with respect to cloud environments.
Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to incorporate access capabilities as discussed in Manson with access capabilities as discussed in Qadri with incorporate use of tracking user activity as discussed in Brindley with role information within tokens as discussed in Olden with time-limited token as discussed in Lee with token construction as discussed in Manikantan with browser usage as discussed in Parla with network resource access system as discussed in Alexander by adding the functionality of Mason to the system/method of Alexander, Parla, Manikantan, Lee, Olden, Brindley and Qadri in order to provide access to systems to different customers (Manson, ¶0012).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR A ELFERVIG whose telephone number is (571)270-5687. The examiner can normally be reached Monday (10:00 AM CST) - Friday (4:00 PM CST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TAYLOR A ELFERVIG/Primary Examiner, Art Unit 2445