DYNAMIC CONTROL PLANE FOR CONFIGURING CAPABILITIES ACROSS APPLICATIONS VIA A CLOUD PLATFORM

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Applicant’s amendment filed 20 April 2026 amends claims 1, 10, 15, 17, and 20. Claim 11 has been cancelled. Applicant’s amendment has been fully considered and entered. Response to Arguments The §112(a) rejection of claims 1, 3-6, 8-15, and 17-20 have been withdrawn because the amendment filed 20 April 2026 removed the unsupported claim limitation. Therefore, Applicant’s arguments specific to the §112(a) rejections are moot. Applicant argues on page 11 of the response, “Moreover, an administrator of a management platform, as described by Gunda, cannot be properly construed to teach or suggest ‘automated crawlers of the cloud platform’ as claimed.” This argument has been fully considered and is persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground of rejection is made in view of Maduranthakam, U.S. Publication No. 2022/0083692. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 3-6, 8-10, 12-15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gunda, U.S. Publication No. 2023/0051206, in view of Sharma, U.S. Publication No. 2013/0074046, in view of Subramanian, EP 3528454, in view of Yang, CN 111711610, and further in view of Maduranthakam, U.S. Publication No. 2022/0083692. Referring to claim 1, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]) and the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of determining first information for an application of a plurality of managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is autonomously obtained at the cloud platform [using one or more automated crawlers of the cloud platform] in accordance with an application specification template that is common to the plurality of application, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtaining second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user, and wherein receiving the second information is based at least in part on the application being published. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtaining second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, configuring the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information]. Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publishing the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specification template. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]). Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirecting, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows], and wherein redirected the first user is in accordance with a [respective] authentication flow for the application, obtaining, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configuring the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the stored credential in accordance with the first information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]). Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph). Gunda does not disclose that the policy information is obtained using an automated crawler. Maduranthakam discloses the retrieval of policy information using spiders ([0026]), which meets the limitation of wherein the first information is autonomously obtained at the cloud platform using one or more automated crawlers of the cloud platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the policy information of Gunda to have been obtained using a spider in order to retrieve relevant information as suggested by Maduranthakam ([0016]). Referring to claim 3, Gunda discloses that the cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]). Requests for access trigger API calls to perform the requested action ([0118]), which meets the limitation of obtaining an indication that triggers the cloud platform to perform the action in accordance with the capability, and outputting, in response to the indication, at least an API call via an API that is associated with the capability, wherein the API comprises an endpoint of the one or more endpoints, and wherein the API call is authenticated via the stored credential. Referring to claim 4, Gunda discloses that the users have accounts with assigned roles that correspond with permitted activities that the user is permitted to perform ([0139]: roles would correspond with the claimed indication), which meets the limitation of wherein the second information further comprises an indication of the account. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]), which meets the limitation of obtaining the credential that is associated with the one or more permissions is based at least in part on the account being granted the one or more permissions. Referring to claims 5, 6, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation wherein the first information is indicative of the plurality of capabilities, a plurality of endpoints from a plurality of APIs, a plurality of credentials, and content associated with the user application, and the first information is usable by the first user to identify the application in the cloud platform, wherein each endpoint of the plurality of endpoints and each credential of the plurality of credentials are associated with a respective capability of the plurality of capabilities. Examiner notes that what the first information “indicates” do not define structure nor do such indications require functional steps to be performed (See MPEP 2111.04-2111.05). Additionally, the first information being “usable” to identify would represent an intended use limitation, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim. The policies include rules that determine how the applications can be accessed, modified, and/or controlled ([0079]), which meets the limitation of the first information is usable to determine the plurality of capabilities of the application. Referring to claim 8, Gunda discloses that the application can include functionality for single sign-on integration, user data control, user privileges, user account creation, user management, and template management ([0086]), which meets the limitation of wherein the plurality of capabilities includes a single sign-on capability, one or more secure session management capabilities, a provisioning capability, an identity governance and access capability, a lifecycle management capability, and a risk signaling capability. Referring to claim 9, Gunda discloses that the application can include functionality for user privileges ([0086]) such that appropriate user permissions are determined ([0100]-[0101]), which meets the limitation of wherein the one or more secure session management capabilities include a confidence score level based permission management capability. Referring to claim 10, Gunda discloses that the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of wherein the first information is obtained from an identity platform used by the application. Referring to claim 12, Gunda discloses that the system can receive attempts to access applications from a user ([0045]), which meets the limitation of wherein determining the first information comprises obtaining a message indicative of the first information. Referring to claim 13, Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication ([0050]-[0051]) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of wherein the message is obtained via a first API of the cloud platform that is associated with the provider. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]). Referring to claim 14, Gunda discloses that the system can receive attempts to access applications from a user ([0045]), which meets the limitation of wherein the message comprises a form submitted to the cloud platform. Referring to claim 15, Gunda discloses a multi-platform application system that includes memory devices and processors ([0047]), which meets the limitation of one or more memories storing processor executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code. Third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]) and the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of determine first information for an application of a plurality of applications managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is autonomously obtained at the cloud platform [using one or more automated crawlers of the cloud platform] in accordance with an application specification template that is common to the plurality of applications, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, and wherein receiving the second information is based at least in part on the application being published, configure the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information]. Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publish the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specification template. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]). Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirect, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows], and wherein redirecting the first user is in accordance with a [respective] authentication flow for the application, obtain, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configure the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the stored credential in accordance with the first information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]). Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph). Gunda does not disclose that the policy information is obtained using an automated crawler. Maduranthakam discloses the retrieval of policy information using spiders ([0026]), which meets the limitation of wherein the first information is autonomously obtained at the cloud platform using one or more automated crawlers of the cloud platform. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the policy information of Gunda to have been obtained using a spider in order to retrieve relevant information as suggested by Maduranthakam ([0016]). Referring to claim 17, Gunda discloses that the cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]). Requests for access trigger API calls to perform the requested action ([0118]), which meets the limitation of obtain an indication that triggers the cloud platform to perform the action in accordance with the capability, and output, in response to the indication, at least an API call via an API that is associated with the capability, wherein the API comprises an endpoint of the one or more endpoints, and wherein the API call is authenticated via the stored credential. Referring to claim 18, Gunda discloses that the users have accounts with assigned roles that correspond with permitted activities that the user is permitted to perform ([0139]: roles would correspond with the claimed indication), which meets the limitation of wherein the second information further comprises an indication of the account. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]), which meets the limitation of obtaining the credential that is associated with the one or more permissions is based at least in part on the account being granted the one or more permissions. Referring to claim 19, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]) wherein the application policies include information utilized to implement the applications ([0057]), which meets the limitation wherein the first information is indicative of the plurality of capabilities, a plurality of endpoints from a plurality of APIs, a plurality of credentials, and content associated with the user application, and the first information is usable by the first user to identify the application in the cloud platform. Examiner notes that what the first information “indicates” do not define structure nor do such indications require functional steps to be performed (See MPEP 2111.04-2111.05). Additionally, the first information being “usable” to identify would represent an intended use limitation, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim. The policies include rules that determine how the applications can be accessed, modified, and/or controlled ([0079]), which meets the limitation of the first information is usable to determine the plurality of capabilities of the application. Referring to claim 20, Gunda discloses a multi-platform application system wherein third-party application policies are evaluated ([0036]: application policies read on the claimed templates) wherein the application policies include information utilized to implement the applications ([0057]) and the policy information can be defined by an administrator of the organizational management platform ([0036]), which meets the limitation of determine first information for an application of a plurality of applications managed by the cloud platform, each application associated with a plurality of capabilities, wherein the first information is autonomously obtained at the cloud platform [using one or more automated crawlers of the cloud platform] in accordance with an application specification template that is common to the plurality of application, and wherein the first information is usable by the cloud platform for configuring and managing the plurality of capabilities via the cloud platform. The system can receive attempts to access applications from a user ([0045]: access attempt reads on the claimed request), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a first request to configure the application for an account of the application that is associated with the first user. Once authenticated, the user can configure applications within the organizational data management system ([0109]), which meets the limitation of obtain second information from a first user of the cloud platform, wherein the second information comprises a second request to configure a set of capabilities of the application, the set of capabilities selected from among the plurality of capabilities, configure the set of capabilities in the application, [via one or more API calls] from the cloud platform to one or more endpoints of the provider, [wherein the one or more API calls are authenticated via the credential in accordance with the first information]. Gunda discloses that the applications are purchasable or otherwise available ([0098]: being purchasable or “available” demonstrate that the applications have been published). Gunda does not disclose that the applications are published based upon satisfying one or more constraints. Sharma discloses testing applications using relevant certification requirements prior to publishing the applications to one or more application stores ([0037]-[0039]), which meets the limitation of publish the application at the cloud platform in accordance with the first information satisfying one or more constraints of the application specification template. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for applications of Gunda to have been testing using the relevant certification requirements prior to being published to an application store in order to ensure that the application operability on the platform as suggested by Sharma ([0037]). Gunda discloses authenticating the user to attempting access the application ([0045]), but Gunda does not disclose redirecting the authentication to an API. Subramanian microservices that rely on APIs to perform user authentication to applications ([0050]-[0051]: API performing authentication shows that the authentication request was redirected to the API from the microservice) on received user credentials such as tokens ([0058] & [0070]-[0071]), which meets the limitation of redirect, by the cloud platform, the first user to authenticate the first user at the application of the plurality of applications to obtain access to the application [wherein different applications of the plurality of applications correspond to different authentication flows] and wherein redirecting the first user is in accordance with a [respective] authentication flow for the application, obtain, at the cloud platform, third information in response to redirecting the first user, wherein the third information comprises a credential to authenticate with one or more application programming interfaces (APIs) related to the application, wherein the credential is associated with one or more permissions that enable the cloud platform to configure and manage the set of capabilities of the application for the account via a provider of the application. The cloud service stores access tokens and uses the tokens in order to determine which resources are being accessed ([0116]: resource access reads on the claimed action), which meets the limitation of storing the credential at the cloud platform for performing at least an action in accordance with at least a capability of the set of capabilities. Authentication and access validation includes the validation of user rights to make API calls ([0058]), which meets the limitation of configure the set of capabilities in the application via one or more API calls from the cloud platform to one or more endpoints of the provider, wherein the one or more API calls are authenticated via the credential in accordance with the first information. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the authentication of Gunda to have been performed by a microservice API in order to prevent infiltrators from circumventing security by limiting API exposure as suggested by Subramanian ([0049]-[0050]). Gunda discloses that the system can perform one or more operations associated with authenticating the users to access the one or more applications ([0045]). However, Gunda does not disclose that the one or more applications correspond to different authentication flows. Yang discloses that different authentication flows can be adopted for each application (Page 11, last paragraph), which meets the limitation of wherein different applications of the plurality of applications corresponds to different authentication flows. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one or more applications of Gunda to have adopted different authentication flows in the manner discussed in Yang in order to provide expanding authenticated functionality in a manner that reduces the application development costs as suggested by Yang (Page 7, last paragraph). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 5:30-4:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BENJAMIN E LANIER/ Primary Examiner, Art Unit 2437