Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/11/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7, 9-11 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Xing et al (“Xing,” US 20160036860) and further in view of Desai et al (“Desai,” US 8,326,882).
Regarding claim 1, Xing discloses a computer-implemented method, the method comprising:
receiving, by an access policy manager and from an automation tool, a first request to obtain access policy metadata of a first resource, wherein the first resource is provided at a first data storage; (Xing discloses [0059], [0063], [0079], [0091] receiving, by an access policy manager and from an automation tool, a first request to obtain access policy metadata of a first resource, wherein the first resource is provided at a first data storage [attributes such as resource tags, identity, time, location are access policy metadata] see [0100], [0085])
in response to the first request, sending, by the access policy manager, a second request to access an interface at the first data storage to obtain the access policy metadata, (Xing discloses [0091], [0057], [0079] in response to the first request, sending, by the access policy manager, a second request to access an interface at the first data storage to obtain the access policy metadata; [attributes such as resource tags, identity, time, location are access policy metadata] see [0100], [0085])
and obtaining the access policy metadata relevant for the first resource to provide the access policy metadata to the automation tool, (Xing discloses [0063], [0059], [0079], [0052] and obtaining the access policy metadata relevant for the first resource to provide the access policy metadata to the automation tool; [attributes such as resource tags, identity, time, location are access policy metadata] see [0100], [0085])
Xing fails to explicitly disclose wherein the second request is generated according to a type of the first data storage;
However, in an analogous art, Desai discloses wherein the second request is generated according to a type of the first data storage; (Desai discloses in Col. 1, Lines 28-44 & 58-57; Col. 2, Lines 1-2; Col. 4, Lines 1-10 wherein the second request is generated according to a type of the first data storage)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Desai with Xing to include wherein the second request is generated according to a type of the first data storage. One would have been motivated to provide an environment management interface for management of a heterogeneous storage environment (Desai, Col. 1, Lines 59-60)
Regarding claim 2, Xing and Desai disclose the method of claim 1.
Desai further discloses wherein sending the second request comprises: identifying the type of the first data storage; (Desai discloses in Col. 3, Lines 13-44 wherein sending the second request comprises: identifying the type of the first data storage)
and generating the second request according to a metadata schema associated with the type of the first data storage to obtain the access policy metadata, (Desai discloses Col. 3, Lines 13-44; Col. 4, Lines 1-10; and generating the second request according to a metadata schema associated with the type of the first data storage to obtain the access policy metadata)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Desai with Xing and Desai to include wherein sending the second request comprises: identifying the type of the first data storage; and generating the second request according to a metadata schema associated with the type of the first data storage to obtain the access policy metadata. One would have been motivated to provide an environment management interface for management of a heterogeneous storage environment (Desai, Col. 1, Lines 59-60)
Regarding claim 3, Xing and Desai disclose the method of claim 1.
Desai further discloses comprising: instantiating one or more validator components, each validator component being associated with a type of a data storage and being configured to generate requests according to a respective metadata schema associated with the respective type of the data storage; (Desai discloses Col. 3, Lines 13-44; Col. 4, Lines 1-10; comprising: instantiating one or more validator components, each validator component being associated with a type of a data storage and being configured to generate requests according to a respective metadata schema associated with the respective type of the data storage)
wherein sending the second request comprises: identifying a validator component corresponding to an identified type of the first data storage, (Desai discloses Col. 3, Lines 13-44; Col. 4, Lines 1-10 wherein sending the second request comprises: identifying a validator component corresponding to an identified type of the first data storage “discloses selecting the correct adapter”)
and wherein the second request is generated at the validator component (Desai discloses Col. 3, Lines 13-44; Col. 4, Lines 1-10; and wherein the second request is generated at the validator component)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Desai with Xing and Desai to include comprising: instantiating one or more validator components, each validator component being associated with a type of a data storage and being configured to generate requests according to a respective metadata schema associated with the respective type of the data storage; wherein sending the second request comprises: identifying a validator component corresponding to an identified type of the first data storage, and wherein the second request is generated at the validator component. One would have been motivated to provide an environment management interface for management of a heterogeneous storage environment (Desai, Col. 1, Lines 59-60)
Regarding claim 7, Xing and Desai disclose the method of claim 1.
Xing further discloses an access policy manager (Xing discloses [0079] an access policy manager; [attributes such as resource tags, identity, time, location are access policy metadata] see [0100], [0085])
Desai further discloses wherein the access policy manager is communicatively coupled to a plurality of data storages, at least two data storages being of different type and associated with a different metadata schema, (Desai discloses Col. 3, Lines 13-44; Col. 4, Lines 1-10 wherein the access policy manager is communicatively coupled to a plurality of data storages, at least two data storages being of different type and associated with a different metadata schema)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Desai with Xing to include wherein the access policy manager is communicatively coupled to a plurality of data storages, at least two data storages being of different type and associated with a different metadata schema. One would have been motivated to provide an environment management interface for management of a heterogeneous storage environment (Desai, Col. 1, Lines 59-60)
Regarding claim 9, claim 9 is a directed to a non-transitory computer-readable storage medium. Claim 9 is similar in scope to claim 1 and is therefore rejected under the same rationale.
Regarding claim 10, claim 10 is directed to the non-transitory computer-readable medium of claim 9. Claim 10 is similar in scope to claim 2 and is therefore rejected under the same rationale.
Regarding claim 11, claim 11 is directed to the non-transitory computer-readable medium of claim 9. Claim 11 is similar in scope to claim 3 and is therefore rejected under the same rationale.
Regarding claim 15, claim 15 is directed to the non-transitory computer-readable medium of claim 9. Claim 15 is similar in scope to claim 7 and is therefore rejected under the same rationale.
Regarding claim 16, claim 16 is a directed to a system. Claim 16 is similar in scope to claim 1 and is therefore rejected under the same rationale.
Regarding claim 17, claim 17 is a directed to the system of 16. Claim 17 is similar in scope to claim 2 and is therefore rejected under the same rationale.
Regarding claim 18, claim 18 is a directed to the system of 16. Claim 18 is similar in scope to claim 3 and is therefore rejected under the same rationale.
Claims 4, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Xing et al (“Xing,” US 2016036860) in view of Desai et al (“Desai,” US 8,326,882). and further in view of Kerametlian et al (“Kerametlian,” US 20170208075).
Regarding claim 4, Xing and Desai disclose the method of claim 1.
Xing further discloses wherein the executed resource management operations are pre-evaluated based on processing obtained access policy metadata from the access policy manager, (Xing discloses [0051]-[0054], [0059] wherein the executed resource management operations are pre-evaluated based on processing obtained access policy metadata from the access policy manager, and wherein the obtained access policy metadata includes a threshold lock policy value for the first resource; [attributes such as resource tags, identity, time, location are metadata] see [0100], [0085])
Xing and Desai fail to explicitly disclose wherein the automation tool is configured to execute resource management operations over resources comprising the first resource.
However, in an analogous art, Kruse discloses wherein the automation tool is configured to execute resource management operations over resources comprising the first resource, (Kruse discloses [0014], [0018]-[0019] wherein the automation tool is configured to execute resource management operations over resources comprising the first resource)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kruse with Xing and Desai to include wherein the automation tool is configured to execute resource management operations over resources comprising the first resource.. One would have been motivated to providing an automated mechanism through which new credentials for a calling application may be created and locally stored, and old credentials may be
Deactivated (Kruse, [0014]).
However, in an analogous art Kerametlian discloses and wherein the obtained access policy metadata includes a threshold lock policy value for the first resource, (Kerametlian discloses [0035], and wherein the obtained access policy metadata includes a threshold lock policy value for the first resource; also see [0008]-[0012])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kerametlian with Xing and Desai to include and wherein the obtained access policy metadata includes a threshold lock policy value for the first resource. One would have been motivated to provide a smart password system that mitigates issues found in prior password systems and provide a better user experience without compromising security (Kerametlian, [0008]).
Regarding claim 12, claim 12 is directed to the non-transitory computer-readable medium of claim 9. Claim 12 is similar in scope to claim 4 and is therefore rejected under the same rationale.
Regarding claim 19, claim 19 is a directed to the system of 16. Claim 19 is similar in scope to claim 4 and is therefore rejected under the same rationale.
Claims 5, 8, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xing et al (“Xing,” US 2016036860), Desai et al (“Desai,” US 8,326,882) in view of Kerametlian et al (“Kerametlian,” US 20170208075) and further in view of Kruse et al (“Kruse,” US 20160357955).
Regarding claim 5, Xing and Desai disclose the method of claim 1.
Xing further discloses comprising: obtaining, by the automation tool, the access policy metadata relevant for the first resource; (Xing discloses [0091], [0051]-[0052], [0054] comprising: obtaining, by the automation tool, the access policy metadata relevant for the first resource; [attributes such as resource tags, identity, time, location are access policy metadata] see [0100], [0085])
Xing and Desai fail to explicitly disclose and determining, by the automation tool, whether to validate new credentials provided for accessing the first resource at the automation tool by using a threshold lock policy value for the first resource as obtained from the access policy metadata for the first resource,
However, in an analogous art, Kerametlian discloses and determining, by the automation tool, whether to validate new credentials provided for accessing the first resource at the automation tool by using a threshold lock policy value for the first resource as obtained from the access policy metadata for the first resource, (Kermetlian discloses [0035], and determining, by the automation tool, whether to validate new credentials provided for accessing the first resource at the automation tool by using a threshold lock policy value for the first resource as obtained from the access policy metadata for the first resource; also see [0008]-[0012])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kermetlian with Xing and Desai to include and determining, by the automation tool, whether to validate new credentials provided for accessing the first resource at the automation tool by using a threshold lock policy value for the first resource as obtained from the access policy metadata for the first resource. One would have been motivated to provide a smart password system that mitigates issues found in prior password systems and provide a better user experience without compromising security (Kerametlian, [0008]).
Xing, Desai and Kermetlian fail to explicitly disclose wherein the automation tool is configured to send the first request to the access policy manager responsive to a received request from an entity to change account credentials to be used when authenticating the entity for accessing the first resource at the first data storage.
However, in analogous art, Kruse discloses wherein the automation tool is configured to send the first request to the access policy manager responsive to a received request from an entity to change account credentials to be used when authenticating the entity for accessing the first resource at the first data storage (Kruse discloses [0014]-[0017], [0020], wherein the automation tool is configured to send the first request to the access policy manager responsive to a received request from an entity to change account credentials to be used when authenticating the entity for accessing the first resource at the first data storage)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kruse with Xing, Desai and Kermetlian to include wherein the automation tool is configured to send the first request to the access policy manager responsive to a received request from an entity to change account credentials to be used when authenticating the entity for accessing the first resource at the first data storage. One would have been motivated to providing an automated mechanism through which new credentials for a calling application may be created and locally stored, and old credentials may be deactivated (Kruse, [0014]).
Regarding claim 8, Xing and Desai disclose the method of claim 1.
Xing and Desai fail to explicitly disclose comprising: obtaining, at the automation tool and based on provided access policy metadata for resource from the access policy manager, one or more threshold lock policy value for one or more respective resource by extracting a respective threshold lock policy value from a respective access policy metadata; determining, at the automation tool, whether to validate the new log-in credential by determining whether a tracked number of attempts to access the resource by the account has reached a threshold lock policy value for the resource, wherein the threshold lock policy value is identified as relevant for the resource that is associated with the third request to change the old log-in credential to a new log-in credential for the account; and in response to invalidating the new log-in credential by determining that the tracked number of attempts to access the resource exceeds the threshold lock policy value, denying, by the automation tool, changing the old log-in credential to the new log-in credential.
However, in an analogous art, Kermetlian discloses comprising: obtaining, at the automation tool and based on provided access policy metadata for resource from the access policy manager, one or more threshold lock policy value for one or more respective resource by extracting a respective threshold lock policy value from a respective access policy metadata, (Kermetlian discloses [0035] comprising: obtaining, at the automation tool and based on provided access policy metadata for resource from the access policy manager, one or more threshold lock policy value for one or more respective resource by extracting a respective threshold lock policy value from a respective access policy metadata)
determining, at the automation tool, whether to validate the new log-in credential by determining whether a tracked number of attempts to access the resource by the account has reached a threshold lock policy value for the resource, wherein the threshold lock policy value is identified as relevant for the resource that is associated with the third request to change the old log-in credential to a new log-in credential for the account; and in response to invalidating the new log-in credential by determining that the tracked number of attempts to access the resource exceeds the threshold lock policy value, denying, by the automation tool, changing the old log-in credential to the new log-in credential (Kermetlian discloses in [0035], [0056], [0046], FIG 2 determining, at the automation tool, whether to validate the new log-in credential by determining whether a tracked number of attempts to access the resource by the account has reached a threshold lock policy value for the resource, wherein the threshold lock policy value is identified as relevant for the resource that is associated with the third request to change the old log-in credential to a new log-in credential for the account; and in response to invalidating the new log-in credential by determining that the tracked number of attempts to access the resource exceeds the threshold lock policy value, denying, by the automation tool, changing the old log-in credential to the new log-in credential).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kermetlian with Xing and Desai to include comprising: obtaining, at the automation tool and based on provided access policy metadata for resource from the access policy manager, one or more threshold lock policy value for one or more respective resource by extracting a respective threshold lock policy value from a respective access policy metadata; determining, at the automation tool, whether to validate the new log-in credential by determining whether a tracked number of attempts to access the resource by the account has reached a threshold lock policy value for the resource, wherein the threshold lock policy value is identified as relevant for the resource that is associated with the third request to change the old log-in credential to a new log-in credential for the account; and in response to invalidating the new log-in credential by determining that the tracked number of attempts to access the resource exceeds the threshold lock policy value, denying, by the automation tool, changing the old log-in credential to the new log-in credential. One would have been motivated to provide a smart password system that mitigates issues found in prior password systems and provide a better user experience without compromising security (Kerametlian, [0008]).
Xing, Desai and Kerametlian fail to explicitly disclose receiving, at the automation tool, a third request to change an old log-in credential of an account for authenticating to access a resource to a new log-in credential, wherein the third request is received from an entity authenticated at the automation tool, and wherein the automation tool is configured to execute resource management operations over resources comprising the resource.
However, in an analogous art, Kruse discloses receiving, at the automation tool, a third request to change an old log-in credential of an account for authenticating to access a resource to a new log-in credential, wherein the third request is received from an entity authenticated at the automation tool, and wherein the automation tool is configured to execute resource management operations over resources comprising the resource, (Kruse discloses in [0014], [0016]-[0017], [0021] receiving, at the automation tool, a third request to change an old log-in credential of an account for authenticating to access a resource to a new log-in credential, wherein the third request is received from an entity authenticated at the automation tool, and wherein the automation tool is configured to execute resource management operations over resources comprising the resource)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kruse with Xing, Desai and Kermetlian to include receiving, at the automation tool, a third request to change an old log-in credential of an account for authenticating to access a resource to a new log-in credential, wherein the third request is received from an entity authenticated at the automation tool, and wherein the automation tool is configured to execute resource management operations over resources comprising the resource. One would have been motivated to providing an automated mechanism through which new credentials for a calling application may be created and locally stored, and old credentials may be deactivated (Kruse, [0014]).
Regarding claim 13, claim 13 is directed to the non-transitory computer-readable medium of claim 9. Claim 13 is similar in scope to claim 5 and is therefore rejected under the same rationale.
Regarding claim 20, claim 20 is a directed to the system of 16. Claim 20 is similar in scope to claim 5 and is therefore rejected under the same rationale.
Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Xing et al (“Xing,” US 2016036860) in view of Desai et al (“Desai,” US 8,326,882) and further in view of Kruse et al (“Kruse,” US 20160357955).
Regarding claim 6, Xing and Desai disclose the method of claim 1.
Xing further discloses and wherein the credentials are validated to determine whether the second request is associated with an entity authorized to access resources at the first data storage (Xing discloses [0052], [0059], [0079] and wherein the credentials are validated to determine whether the second request is associated with an entity authorized to access resources at the first data storage)
Xing and Desai fail to explicitly disclose wherein the second request sent by the access policy manager to the first data storage is authenticated at the first data storage based on credentials provided by the access policy manager, wherein the credentials are obtained through the first request received from the automation tool,
However, in an analogous art, Kruse discloses wherein the second request sent by the access policy manager to the first data storage is authenticated at the first data storage based on credentials provided by the access policy manager, wherein the credentials are obtained through the first request received from the automation tool, and wherein the credentials are validated to determine whether the second request is associated with an entity authorized to access resources at the first data storage, (Kruse discloses in [0020]-[0021], [0061], [0042]-[0043], wherein the second request sent by the access policy manager to the first data storage is authenticated at the first data storage based on credentials provided by the access policy manager, wherein the credentials are obtained through the first request received from the automation tool, and wherein the credentials are validated to determine whether the second request is associated with an entity authorized to access resources at the first data storage)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to combine the teachings of Kruse with Xing and Desai to include wherein the second request sent by the access policy manager to the first data storage is authenticated at the first data storage based on credentials provided by the access policy manager, wherein the credentials are obtained through the first request received from the automation tool, and wherein the credentials are validated to determine whether the second request is associated with an entity authorized to access resources at the first data storage. One would have been motivated to providing an automated mechanism through which new credentials for a calling application may be created and locally stored, and old credentials may be deactivated (Kruse, [0014]).
Regarding claim 14, claim 14 is directed to the non-transitory computer-readable medium of claim 9. Claim 14 is similar in scope to claim 6 and is therefore rejected under the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES J WILCOX/Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439