DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 23 December 2025 has been entered.
Response to Amendment
Applicant’s amendment filed 23 December 2025 amends claims 1, 3, 15, 17, and 20. Claims 2 and 16 have been cancelled. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues on page 11 of the response, “In particular, Gunda does not teach or suggest ‘wherein different applications of the plurality of applications correspond to different authentication flows,’ and ‘wherein redirecting the first user is in accordance with a respective authentication flow for the application that is based at lease in part on the set of capabilities of the application managed by the cloud platform,’ as recited in amended independent claim 1.” This argument has been fully considered and is persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Yang, CN 111711610.
Applicant argues on page 12 of the response, “That is, any request to register a new user, as described by Subramanian, is different from, and does not teach or suggest, ‘authenticate the first user at the application of the plurality of applications to obtain access to the application,’ as claimed…However, performing API calls, as described by Subramanian, cannot be properly construed to teach or suggest, ‘redirecting, by the cloud platform, the first user to authentication the first user at the application of the plurality of applications to obtain access to the application,’ as recited in amended independent claim 1…” This argument is not persuasive because has failed to fully consider the proposed modification of Gunda in view of Subramanian as proposed in the Final rejection dated 23 September 2025. Specifically, the Final explains (Pages 6-7) that Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian discloses microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]) on received user credentials such as tokens ([0058] & [0070]-[0071]). The Final goes on the explain that the proposed modification of Gunda is for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]). Applicant has not addressed this modification to Gunda as proposed in the Final.
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant argues on page 15 of the response, “For example, Subramanian does not teach or suggest ‘redirecting, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application,’…Subramanian merely describes sending a message to authenticate user credentials. However, sending a message indicative of user credentials…cannot be properly construed to teach or suggest ‘redirecting, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications,’ as recited in amended independent claim 1.” This argument is not persuasive because Subramanian does not simply send a message indicative of user credentials as alleged by Applicant. Instead, Subramanian discloses that requests for microservices are received ([0071]) and that the request is authenticated using an API for that microservice ([0050]-[0051]). This would constitute a redirection as claimed.
Applicant argues on page 16 of the response, “Moreover, Subramanian does not teach or suggest ‘obtaining, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application,’…Subramanian does not teach or suggest ‘redirecting, by the cloud platform, the first user to authenticate,’ as claimed. Thus, Subramanian also does not teach or suggest ‘obtaining, at the cloud platform, third information in response to redirecting the first user,’ as recited in amended independent claim 1.” This argument is not persuasive because Subramanian does disclose the claimed redirection step, and Subramanian describes that authentication is performed based on received user credentials such as tokens ([0058] & [0070]-[0071]).
Applicant argues on page 16 of the response, “It therefore follows that Subramanian does not teach or suggest, at least by extension, ‘storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities,’ as recited in amended independent claim 1.” This argument is not persuasive because Subramanian discloses that the cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action).
Applicant argues on page 16 of the response, “Moreover, the Office Action has not shown, nor can Applicant find, any portion of Subramanian relevant to ‘storing the credential at the cloud platform,’ as claimed, much less ‘storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities,’ as recited in amended independent claim 1.” This argument is not persuasive because Subramanian discloses that the tokens are utilized in order to determine which resources are being accessed ([0116]). Additionally, the “for performing at least an action in accordance with at least a capability of the set of capabilities” would be considered to be an intended use limitation. A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim.
Applicant argues on page 16 of the response, “For example, while Subramanian merely describes utilizing APIs as part of microservices to perform various services, no portion of Subramanian describes ‘one or more API calls [that] are authenticated via the stored credential,’ much less where ‘the stored credential’ is obtained ‘in response to redirecting the first user,’ as recited in amended independent claim 1.” This argument is not persuasive because Subramanian discloses that the tokens are authenticated and the tokens convey user rights to make API calls ([0058]). Authenticating usage of API calls is a form of API authentication and this authentication would be considered to be “via the credential” to the extent that the authentication is performed using the token.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1, 3-6, 8-15, and 17-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventors, at the time the application was filed, had possession of the claimed invention. Claims 1, 15, and 20 require a respective authentication flow for the application to be based at least in part on the set of capabilities of the application. The specification does not support the requirement that the application capabilities are utilized to create the respective authentication flow for that application.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-6, 8-15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gunda, U.S. Publication No. 2023/0051206, in view of Sharma, U.S. Publication No. 2013/0074046, in view of Subramanian, EP 3528454, and further in view of Yang, CN 111711610. Referring to claim 1, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation of determining first information for an application of a plurality of managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is determined in accordance with an application specification template that is common to the plurality of application, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtaining second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user, and wherein receiving the second information is based at least in part on the application being published. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtaining second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, configuring the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information].
Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publishing the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specific template.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]).
Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirecting, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows], and wherein redirected the first user is in accordance with a [respective] authentication flow for the application [that is based at least in part on the set of capabilities of the application managed by the cloud platform], obtaining, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configuring the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the stored credential in accordance with the first information.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]).
Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. The different authentication flows can be adopted according to the authentication logic in each application (Page 11, last paragraph), which meets the limitation of wherein redirecting the first user is in accordance with a respective authentication flow for the application that is based at least in part on the set of capabilities of the application managed by the cloud platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph).
Referring to claim 3, Gunda discloses that the cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]). Requests for access trigger API calls to perform the requested action ([0118]), which meets the limitation of obtaining an indication that triggers the cloud platform to perform the action in accordance with the capability, and outputting, in response to the indication, at least an API call via an API that is associated with the capability, wherein the API comprises an endpoint of the one or more endpoints, and wherein the API call is authenticated via the stored credential.
Referring to claim 4, Gunda discloses that the users have accounts with assigned roles that correspond with permitted activities that the user is permitted to perform ([0139]: roles would correspond with the claimed indication), which meets the limitation of wherein the second information further comprises an indication of the account. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]), which meets the limitation of obtaining the credential that is associated with the one or more permissions is based at least in part on the account being granted the one or more permissions.
Referring to claims 5, 6, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation wherein the first information is indicative of the plurality of capabilities, a plurality of endpoints from a plurality of APIs, a plurality of credentials, and content associated with the user application, and the first information is usable by the first user to identify the application in the cloud platform, wherein each endpoint of the plurality of endpoints and each credential of the plurality of credentials are associated with a respective capability of the plurality of capabilities. Examiner notes that what the first information “indicates” do not define structure nor do such indications require functional steps to be performed (See MPEP 2111.04-2111.05). Additionally, the first information being “usable” to identify would represent an intended use limitation, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim. The policies include rules that determine how the applications can be accessed, modified, and/or controlled ([0079]), which meets the limitation of the first information is usable to determine the plurality of capabilities of the application.
Referring to claim 8, Gunda discloses that the application can include functionality for single sign-on integration, user data control, user privileges, user account creation, user management, and template management ([0086]), which meets the limitation of wherein the plurality of capabilities includes a single sign-on capability, one or more secure session management capabilities, a provisioning capability, an identity governance and access capability, a lifecycle management capability, and a risk signaling capability.
Referring to claim 9, Gunda discloses that the application can include functionality for user privileges ([0086]) such that appropriate user permissions are determined ([0100]-[0101]), which meets the limitation of wherein the one or more secure session management capabilities include a confidence score level based permission management capability.
Referring to claim 10, Gunda discloses that the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of wherein the first information is obtained from an identity platform used by the application.
Referring to claim 11, Gunda discloses that the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of wherein the first information is autonomously obtained at the cloud platform.
Referring to claim 12, Gunda discloses that the system can receive attempts to access applications from a user ([0045]), which meets the limitation of wherein determining the first information comprises obtaining a message indicative of the first information.
Referring to claim 13, Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication ([0050]-[0051]) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of wherein the message is obtained via a first API of the cloud platform that is associated with the provider.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]).
Referring to claim 14, Gunda discloses that the system can receive attempts to access applications from a user ([0045]), which meets the limitation of wherein the message comprises a form submitted to the cloud platform.
Referring to claim 15, Gunda discloses a multi-platform application system that includes memory devices and processors ([0047]), which meets the limitation of one or more memories storing processor executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code. Third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation of determine first information for an application of a plurality of applications managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is determined in accordance with an application specification template that is common to the plurality of applications, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, and wherein receiving the second information is based at least in part on the application being published, configure the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information].
Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publish the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specific template.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]).
Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirect, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows], and wherein redirecting the first user is in accordance with a [respective] authentication flow for the application [that is based at least in part on the set of capabilities of the application managed by the cloud platform], obtain, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configure the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the stored credential in accordance with the first information.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]).
Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. The different authentication flows can be adopted according to the authentication logic in each application (Page 11, last paragraph), which meets the limitation of wherein redirecting the first user is in accordance with a respective authentication flow for the application that is based at least in part on the set of capabilities of the application managed by the cloud platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph).
Referring to claim 17, Gunda discloses that the cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]). Requests for access trigger API calls to perform the requested action ([0118]), which meets the limitation of obtain an indication that triggers the cloud platform to perform the action in accordance with the capability, and output, in response to the indication, at least an API call via an API that is associated with the capability, wherein the API comprises an endpoint of the one or more endpoints, and wherein the API call is authenticated via the stored credential.
Referring to claim 18, Gunda discloses that the users have accounts with assigned roles that correspond with permitted activities that the user is permitted to perform ([0139]: roles would correspond with the claimed indication), which meets the limitation of wherein the second information further comprises an indication of the account. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]), which meets the limitation of obtaining the credential that is associated with the one or more permissions is based at least in part on the account being granted the one or more permissions.
Referring to claim 19, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation wherein the first information is indicative of the plurality of capabilities, a plurality of endpoints from a plurality of APIs, a plurality of credentials, and content associated with the user application, and the first information is usable by the first user to identify the application in the cloud platform. Examiner notes that what the first information “indicates” do not define structure nor do such indications require functional steps to be performed (See MPEP 2111.04-2111.05). Additionally, the first information being “usable” to identify would represent an intended use limitation, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim. The policies include rules that determine how the applications can be accessed, modified, and/or controlled ([0079]), which meets the limitation of the first information is usable to determine the plurality of capabilities of the application.
Referring to claim 20, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation of determine first information for an application of a plurality of applications managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is determined in accordance with an application specification template that is common to the plurality of application, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, configure the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information].
Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publish the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specific template.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]).
Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirect, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows] and wherein redirecting the first user is in accordance with a [respective] authentication flow for the application [that is based at least in part on the set of capabilities of the application managed by the cloud platform], obtain, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configure the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the credential in accordance with the first information.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]).
Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. The different authentication flows can be adopted according to the authentication logic in each application (Page 11, last paragraph), which meets the limitation of wherein redirecting the first user is in accordance with a respective authentication flow for the application that is based at least in part on the set of capabilities of the application managed by the cloud platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437