DETAILED ACTION
This Office Action is in response to the application 18/607,311 filed on March 15th, 2024.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
Acknowledgement is made of Applicant’s claim for foreign priority under 35 U.S.C. 119(a)-(d) to Application No. 202341071427, the signed copy having been filed on October 19th, 2023.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sun et al. (Sun), U.S. Patent Number 11,048,809.
Regarding claim 1; Sun discloses a method of issuing one or more commands for a management appliance of a software-defined data center (SDDC) to perform an operation, the method comprising:
retrieving the operation to be performed by the management appliance (col. 6, lines 16-20; replying party 216 may be an application server providing a digital distribution platform for applications that may request access token 218 for accessing user digital resources (such as social or professional online network account access) for use.);
transmitting a request to the management appliance for a first token (col. 6, line 66 – col. 7, line 4; receive a user permission token to access an online service that manages one or more user resources; for instance, receiving module 104 may receive user permission token 122 to access online services 208 that manage user resources 210 on server 206.), wherein the first token is associated with permissions for issuing commands to the management appliance (col. 7, lines 6-11; receiving module 104 may be configured to request, from server 206, a restricted user token (e.g., user permission token 122) that is limited only to querying online services 208 for access token usage data 124 generated by the use of access token 218, by replaying party 216.), and wherein the request for the first token includes a second token that is associated with the initiator of the operation and that has a longer time-to-live period than the first token has (col. 10, lines 2-8; access token use threshold exceeded 502 may be associated with misuse activity by replaying party 216 including using access token 218 more than an expected number of uses over a predetermined period, using access token 218 from a previous hibernation state, and requests to refresh access token 218 just prior to token expiration.); and
upon receiving the first token from the management appliance, transmitting the first token and a command to the management appliance, wherein the command is for the management appliance to execute at least one task of the operation (col. 10, lines 28-50; security module 110 may revoke and disable access token 218 issued to relying party 216; for instance, security module 218 has exceeded a predetermined token use threshold (e.g., relying party 216 is using access token multiple times over a period of time based on a predetermined one-time use); security module 110 may send a request message to a user of computing device 202 to receive authorization to revoke access token 218 from relying party 216 on behalf of the user; security module 110 may automatically revoke access token 218 from relying party 216; security module 110 may revoke or disable access token 218 when relying party 216 has a security breach such that a potential attacker may be able to illicitly obtain access token 218; security module 110 may obtain authorization from a user of computing device 202 to disable or revoke access token 218 such that even if the potential attacker has gained token access, access token 218 will not be utilized for malicious activity.).
Regarding claim 2; Sun discloses the method of claim 1, wherein the steps of retrieving the operation, transmitting the request for the first token, and transmitting the first token and the command, are carried out in an agent platform appliance that is connected to a management network of the SDDC (col. 8, lines 33-50; an online automation cloud platform service may request access token 218 from a user of computing device 202 to access temperature data for an oven for use as a trigger to determine when to automatically turn off the oven; monitoring module 106 may determine the set of use privileges for the online appliance automation cloud platform to include turning off an appliance based on temperature data; based on the aforementioned set of user privileges, monitoring module 105 may determine that any additional actions taken by the online appliance automation cloud platform would be outside of the set of user privileges.).
Regarding claim 3; Sun discloses the method of claim 1, further comprising: upon receiving a third token from a token exchange cloud service of a cloud platform, transmitting the third token to the management appliance along with a request for the second token and then receiving the second token from the management appliance, wherein the third token is associated with permissions for acquiring the second token (col. 6, line 66 – col. 7, line 6; receive a user permission token to access an online service that manages one or more user resources; receiving module 104 may receive user permission token 112 to access online services 208 that manage user resources 210 on server 206.).
Regarding claim 4; Sun discloses the method of claim 1, further comprising: transmitting to a token exchange cloud service of a cloud platform, a request for the second token, and then receiving the second token from the token exchange cloud service (col. 6, lines 21-28; replying party 216 may be one or more applications servers, hosting a cloud-based platform, that may request access token 218 for accessing user physical resources, for providing enterprise and home automation services utilizing various trigger-action logic functions to control the user physical resources over a network.).
Regarding claim 5; Sun discloses the method of claim 1, wherein in an audit log, information is persisted that identifies the first token as being used for issuing the command to the management appliance (col. 16, line 66 – col. 17, line 6; restricted platforms that restrict modifications to system-level configurations and that limit the ability of third-party software to inspect the behavior of other applications, controls to restrict the installation of applications (e.g., to only originate from approved application stores).).
Regarding claim 6; Sun discloses the method of claim 1, further comprising: acquiring the second token from the management appliance, wherein the operation is specified by the initiator of the operation to be performed at a scheduled time, and wherein the amount of time that elapses between acquiring the second token from the management appliance and the scheduled time is greater than the time-to-live period of the first token (col. 8, lines 1-13; monitoring module 106 may determine a token usage pattern (e.g., one time, many times, or an estimated expiration date) based on the nature of relying party 216; for instance, relying party 216 may be an accounting services entity that only needs to access user’s online financial resources (e.g., an online trading account) once a year for tax purposes and the account access would typically expire on or before the April 15th U.S. tax filing deadline; monitoring module 106 may determine if access token 218 was previously in a hibernation state (e.g., the token has been cached by relying party 216 after not having been used for an extended period) but is now being used by the relying party 216.).
Regarding claim 7; Sun discloses the method of claim 1, further comprising: in response to the time-to-live period of the first token expiring, transmitting a request to the management appliance for another instance of the first token, wherein the request for the other instance of the first token includes the second token; and upon receiving the other instance of the first token from the management appliance, transmitting the other instance of the first token and another command to the management appliance, wherein the other command is for the management appliance to execute another at least one task of the operation (col. 10, lines 51-63; detect online token abuse by monitoring, in real-time, online services that manage the digital and physical resources of a user and query online token usage data to detect any suspicious token uses regarding the user; by focusing on various aspects of online token usage (e.g., OAuth token usage) including token lifecycle, token permissions, and token ownership in view of how the tokens are being used by a relying party, the system may be able to quickly detect online token misuse and may be able to protect users against attackers accessing their online resources by isolating and removing any tokens being misused.).
Regarding claim 8; Claim 8 is directed a non-transitory computer-readable medium which has similar scope as claim 1. Therefore, claim 8 remains un-patentable for the same reasons.
Regarding claims 9-14; Claims 9-14 are directed the non-transitory computer-readable medium of claim 8 which have similar scope as claims 2-7. Therefore, claims 9-14 remain un-patentable for the same reasons.
Regarding claim 15; Claim 15 is directed an agent platform appliance which has similar scope as claim 1. Therefore, claim 15 remains un-patentable for the same reasons.
Regarding claims 16-20; Claims 16-20 are directed the agent platform appliance of claim 15 which have similar scope as claims 2-7. Therefore, claims 16-20 remain un-patentable for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHOI V LE/
Primary Examiner, Art Unit 2436