Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/7/2025 was filed after the mailing date of the application on 9/5/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Allowable Subject Matter
Claims 7, 17 and 27 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 5-6, 8-9, 11-13, 15-16, 18-19, 21-23, 25-26 and 28-29 are rejected under 35 U.S.C. 103 as being unpatentable over Glaser (US Patent Pub. 20220303348) in view of Xu (US patent Pub. 20200257700).
As per claims 1, 11 and 21: Glaser discloses a computer-implemented method for identity management, comprising (see abstract):
automatically assigning identity management and authentication responsibilities to an identity provider (Paragraph 24; receives an incoming request from a requesting security service (e.g., IIQ) (Block 401). The request can be a request for the target application to perform a task, function or action. In response, the experience layer 103 will perform an authentication check and allows all or only certain defined actions based on either implementation or the use of an authentication process (e.g., Oauth)) (Paragraph 20; Applications 111 can be connected to other applications and components. In the illustrated example, the App3 is connected to an abstraction layer of the universal security services manager 101 via robotic process automation (RPA));
establishing communication among the identity consumption platform, the identity
provider, and the separate component, to enable identity management and authentication by the identity provider and to further enable attribute provisioning by the separate component (see figure 3; Paragraph 13; The components can communicate to one another through any protocol or mechanism. In one implementation, the components communicate using the system for cross-domain identity management (SCIM) protocol while connecting to the target applications through various network communication methods (REST, SOAP, LDAP, JDBC, flat file, and similar technologies) leveraging integration systems such as MuleSoft software by MuleSoft, LLC based on APIs); and
Glaser does not specifically disclose automatically assigning attribute provisioning to a component that is separate from the identity provider; at the separate component, performing attribute provisioning for the identity consumption platform.
XU discloses data is stored in a global database (e.g., global database 620 of FIG. 6, also referred to as the “Global_IDaaS DB”).” The metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table column mappings (Paragraph 298).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Glaser and Xu in it’s entirety, to modify the technique of Glaser for components that communicate using the system for cross-domain identity management (SCIM) protocol while connecting to the target applications by adopting Xu's teaching metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database. The motivation would have been to improve identity management.
As per claims 2, 12 and 22: The method of claim 1, wherein automatically assigning attribute provisioning to the separate component comprises automatically assigning attribute mapping to the separate component (Paragraph 87; SCIM is an open standard for automating the exchange of user identity information between identity domains or information technology (“IT”) systems, as provided by, e.g., IETF, RFCs 7642, 7643, 7644. The SCIM++ platform service provides identity administration services and enables customers to access IDP features of IDCS. The administration services expose a set of stateless REST interfaces (i.e., APIs) that cover identity lifecycle, password management, group management, etc., exposing such artifacts as web-accessible resources).
As per claims 3, 13 and 23: The method of claim 1, wherein the identity provider comprises an Okta identity cloud (See Glaser; Paragraph 13 okta services) (see Xu, Pargraph 30; IDCS).
As per claims 5, 15 and 25: The method of claim 1, wherein the separate component comprises a user lifecycle component (Paragraph 20; Applications 111 can be connected to other applications and components. In the illustrated example, the App3 is connected to an abstraction layer of the universal security services manager 101 via robotic process automation (RPA)).
As per claims 6, 16 and 26: The method of claim 1, further comprising:
at the separate component, obtaining, from the identity provider, a list of users to
provision to the identity consumption platform (See Xu; Paragraph 297-298); at the separate component, obtaining, from the identity provider, attributes for
the users (See Xu; Paragraph 298; data is stored in a global database (e.g., global database 620 of FIG. 6, also referred to as the “Global_IDaaS DB”).” The metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table column mappings);
storing the user attributes in a database; and retrieving the stored user attributes to provision users and user attributes for the identity consumption platform (See Xu; Paragraph 297; For a new attribute, the schema metadata that needs to be replicated can include what the attribute is, the attribute type, and which database table and column the attribute is to be stored within. In embodiments, the schema metadata is a JSON format).
As per claim 8, 18 and 28: The method of claim 6, wherein obtaining the list of users to provision to the identity consumption platform comprises using API's associated with the identity provider (see Glaser figure 3; Paragraph 13; The components can communicate to one another through any protocol or mechanism. In one implementation, the components communicate using the system for cross-domain identity management (SCIM) protocol while connecting to the target applications through various network communication methods (REST, SOAP, LDAP, JDBC, flat file, and similar technologies) leveraging integration systems such as MuleSoft software by MuleSoft, LLC based on APIs).
As per claims 9, 19 and 29: The method of claim 6, wherein performing attribute provisioning for the identity consumption platform comprises using API's associated with the identity consumption platform (See XU Pargraph 298; discloses data is stored in a global database (e.g., global database 620 of FIG. 6, also referred to as the “Global_IDaaS DB”).” The metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table column mappings).
Claim(s) 4, 10, 14, 20, 24 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Glaser (US Patent Pub. 20220303348) in view of Xu (US patent Pub. 20200257700) and in view of Muthuthodi (US Patent Pub. 2024/0118815).
As per claims 4, 14 and 24: The method of claim 1, automatically assigning attribute provisioning to a component that is separate from the identity provider; at the separate component, performing attribute provisioning for the identity consumption platform (See XU Pargraph 298; discloses data is stored in a global database (e.g., global database 620 of FIG. 6, also referred to as the “Global_IDaaS DB”).” The metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table column mappings).
However Glaser and Xu do not specifically disclose wherein the identity consumption platform comprises an AWS IAM Identity center (See Muthuthodi; Paragraph 46; AWS IAM (Amazon Web Services Identity & Access Management) require a high number of policies to maintain user level access and to not using dynamic row filtering and masking of data, as a user having an IAM profile has access to data and can access them using any AWS/Azure APIs (Application Programming Interfaces) directly) (WIPO Muthuthodi; Paragraph 69; perform the authentication of a client 302 the access control system may use various approaches such as a password-based authentication, an SCIM (System for Cross-domain Identity Management) API authentication or a namespace and service token authentication).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Glaser, Xu and Muthuthodi in it’s entirety, to modify the technique of Glaser for components that communicate using the system for cross-domain identity management (SCIM) protocol while connecting to the target applications by adopting Muthuthodi's teaching for a metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table. The motivation would have been to improve identity management.
As per claims 10, 20 and 30: The method of claim 9, wherein performing attribute provisioning for the identity consumption platform comprises using API's associated with the identity consumption platform (See XU Pargraph 298; discloses data is stored in a global database (e.g., global database 620 of FIG. 6, also referred to as the “Global_IDaaS DB”).” The metadata to be replicated includes the global resource types and schemas that contain the resource to database table mapping and SCIM attribute to database table column mappings).
However Glaser and Xu do not specifically disclose wherein the APIs associated with the Identity consumption platform comprise AWS SCIM APIs (See Muthuthodi; Paragraph 75; perform the authentication of a client 302 the access control system may use various approaches such as a password-based authentication, an SCIM (System for Cross-domain Identity Management) API authentication or a namespace and service token authentication).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Yeung and Vantalon in it’s entirety, to modify the technique of Yeung for reduce the rate of license validation requests to less than a threshold value by adopting Vantalon's teaching for contact the CA server to access the media if the initial rights and license exceed those provided during the bridge operation. The motivation would have been to improve software license management.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at 5712705440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANTHONY D BROWN/Primary Examiner, Art Unit 2408