Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsOracle International Corporation › 18900020
Last updated: April 19, 2026
Application No. 18/900,020

NESTED RESOURCE IDENTITY MANAGEMENT FOR CLOUD RESOURCES

Non-Final OA §102§103§DP
Filed
Sep 27, 2024
Examiner
LEE, PHILIP C
Art Unit
2454
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
1 (Non-Final)
78%
Grant Probability
Favorable
1-2
OA Rounds
2y 9m
To Grant
96%
With Interview

Interview Optional

+18.7% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 306 resolved cases, 2023–2026

Examiner Intelligence

LEE, PHILIP C View full profile →
Grants 78% — above average
78%
Career Allow Rate
237 granted / 306 resolved
+19.5% vs TC avg
Strong +19% interview lift
Without
With
+18.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
18 currently pending
Career history
324
Total Applications
across all art units

Statute-Specific Performance

§101
6.7%
-33.3% vs TC avg
§103
46.1%
+6.1% vs TC avg
§102
24.1%
-15.9% vs TC avg
§112
16.8%
-23.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 306 resolved cases

Office Action

§102 §103 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Allowable Subject Matter Claims 5 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims, and overcoming the double patenting rejection. Reason for Allowance The following is an examiner’s statement of reasons for allowance: The prior arts fail to teach the invention comprising: enabling a first resource to assert a first identity associated with the first resource, wherein the first resource resides in a first tenancy provided by a cloud service provider (CSP); enabling the first resource to assert a second identity associated with a second resource residing in a tenancy of a customer of the CSP, wherein the first resource is a sub-resource of the second resource; obtaining, for the first resource, information identifying the second resource, the information identifying the second resource representing a Uniform Resource Locator (URL) of a resource endpoint associated with the second resource; and obtaining, for the first resource, the second identity associated with the second resource based on the information identifying the second resource and a first token for the first resource; and accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer. Double Patenting Instant Application 1. A method comprising: enabling a first resource to assert a first identity associated with the first resource, wherein the first resource resides in a first tenancy provided by a cloud service provider (CSP); enabling the first resource to assert a second identity associated with a second resource residing in a tenancy of a customer of the CSP, wherein the first resource is a sub-resource of the second resource; and accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer. 11. A system comprising: a memory; and one or more processors configured to perform processing, the processing comprising: enabling a first resource to assert a first identity associated with the first resource, wherein the first resource resides in a first tenancy provided by a cloud service provider (CSP); enabling the first resource to assert a second identity associated with a second resource residing in a tenancy of a customer of the CSP, wherein the first resource is a sub-resource of the second resource; and accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer. 17. A non-transitory computer-readable medium storing instructions executable by a computer system that, when executed by one or more processors of the computer system, cause the one or more processors to perform operations comprising: enabling a first resource to assert a first identity associated with the first resource, wherein the first resource resides in a first tenancy provided by a cloud service provider (CSP); enabling the first resource to assert a second identity associated with a second resource residing in a tenancy of a customer of the CSP, wherein the first resource is a sub-resource of the second resource; and accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer. Patent 12137145 1. A method comprising: obtaining, for a first resource residing in a service tenancy of a plurality of service tenancies provided by a cloud service provider (CSP), a first identity associated with the first resource and information identifying a second resource, wherein the information identifying the second resource represents a Uniform Resource Locator (URL) of a resource endpoint associated with the second resource and wherein the first resource is a sub-resource of the second resource; obtaining a first token for the first resource using the first identity, the first token enabling the first resource to assert the first identity; obtaining, for the first resource, a second identity associated with the second resource using the first token and the information identifying the second resource, wherein the second resource is created in a customer tenancy provided by the CSP; obtaining a second token for the first resource using the second identity, the second token enabling the first resource to assert the second identity; and using, by the first resource, the second token to access another resource residing in the customer tenancy. 10. A system comprising: a memory; and one or more processors configured to perform processing, the processing comprising: obtaining, for a first resource residing in a service tenancy of a plurality of service tenancies provided by a cloud service provider (CSP), a first identity associated with the first resource and information identifying a second resource, wherein the information identifying the second resource represents a Uniform Resource Locator (URL) of a resource endpoint associated with the second resource and wherein the first resource is a sub-resource of the second resource; obtaining a first token for the first resource using the first identity, the first token enabling the first resource to assert the first identity; obtaining, for the first resource, a second identity associated with the second resource using the first token and the information identifying the second resource, wherein the second resource is created in a customer tenancy provided by the CSP; obtaining a second token for the first resource using the second identity, the second token enabling the first resource to assert the second identity; and using, by the first resource, the second token to access another resource residing in the customer tenancy. 15. A non-transitory computer-readable medium storing instructions executable by a computer system that, when executed by one or more processors of the computer system, cause the one or more processors to perform operations comprising: obtaining, for a first resource residing in a service tenancy of a plurality of service tenancies provided by a cloud service provider (CSP), a first identity associated with the first resource and information identifying a second resource, wherein the information identifying the second resource represents a Uniform Resource Locator (URL) of a resource endpoint associated with the second resource and wherein the first resource is a sub-resource of the second resource; obtaining a first token for the first resource using the first identity, the first token enabling the first resource to assert the first identity; obtaining, for the first resource, a second identity associated with the second resource using the first token and the information identifying the second resource, wherein the second resource is created in a customer tenancy provided by the CSP; obtaining a second token for the first resource using the second identity, the second token enabling the first resource to assert the second identity; and using, by the first resource, the second token to access another resource residing in the customer tenancy. Claim 1 is non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of U.S. Patent 12137145 in view of Elmenshawy et al, U.S. Patent Application Publication 2021/0409345. Claim 1 of U.S. Patent 12137145 does not claim accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer. Elmenshawy teaches accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer ([79]-[85], e.g., accessing, by the second resource, a third resource (e.g., object storage system) by asserting the first identifier/identity, wherein the third resource resides in the client’s tenancy). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include Elmenshawy’s teaching because by doing so it would allow resources in different tenancies of a cloud computing system to interact with each other, thus improving the access control of the system. Except for the identified elements above, claim 1 of 12137145 contains every elements of claim 1 in the instant application and thus anticipate the claim of the instant application. Claim 1 of the instant application therefore are not patently distinct from the earlier claim and as such is unpatentable over non-provisional obvious-type double patenting. Claims 11 and 17 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 10 and 15 of U.S. Patent 12137145 in view of Elmenshawy for the same reason as set forth in claim 1 above. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-3, 6-7, 9-13, 15, and 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Elmenshawy et al, U.S. Patent Application Publication 2021/0409345 (hereinafter Elmenshawy). As per claim 1, Elmenshawy teaches the invention as claimed comprising: enabling a first resource to assert a first identity associated with the first resource, wherein the first resource resides in a first tenancy provided by a cloud service provider (CSP) ([79]-[85], e.g., enabling second resource to assert an identifier/identity associated with a second resource, wherein the second resource is a compute instance as part of providing the cloud service); enabling the first resource to assert a second identity associated with a second resource residing in a tenancy of a customer of the CSP, wherein the first resource is a sub-resource of the second resource ([79]-[85], e.g., enabling the second resource to assert another identifier/identity associated with a first resource residing in the client’s tenancy, wherein the second resource is upon which the first resource is built); and accessing, by the first resource, a third resource by asserting the second identity, wherein the third resource resides in the tenancy of the customer ([79]-[85], e.g., accessing, by the second resource, a third resource (e.g., object storage system) by asserting the first identifier/identity, wherein the third resource resides in the client’s tenancy). As per claim 2, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy further teach wherein the first tenancy is a service tenancy of a plurality of service tenancies provided by the CSP ([10][11][36]), wherein the service tenancy represents a provisioning platform for provisioning, configuring, and managing a plurality of cloud resources associated with a plurality of cloud services provided by the CSP ([113][115]). As per claim 3, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy further teach obtaining a first token for the first resource using the first identity ([48][79]-[85]); and using the first token to enable the first resource to assert the first identity ([48][79]-[85], e.g., obtaining a digital certificate for second resource using the identifier/infrastructure identifier). As per claim 6, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy further teach obtaining a second token for the first resource using the second identity ([82][52][79]-[85]); and using the second token to enable the first resource to assert the second identity ([79]-[85]). As per claim 7, Elmenshawy teaches the invention as claimed in claim 6 above. Elmenshawy further teach wherein the second token represents a resource principal session token associated with the second resource, the resource principal session token representing a temporary session token and a secure credential associated with the second resource that enables the second resource to authenticate itself to one or more resources provided by the CSP ([52][59][60]). As per claim 9, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy further teach wherein the first identity represents a resource principal identity associated with the first resource that enables the first resource to be authorized to access a plurality of cloud resources provided by the CSP ([43][49][70]) and wherein the first identity associated with the first resource is obtained from a control plane associated with a service that owns the first resource in the first tenancy provided by the CSP ([69][106]). As per claim 10, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy further teach wherein the second identity for the second resource represents a resource principal identity associated with the second resource that enables the second resource to be authorized to access a plurality of cloud resources provided by the CSP and wherein the second identity for the second resource is obtained from a customer control plane associated with the second resource ([87]-[89]). As per claims 11 and 17, they are rejected for the same reason as set forth in claim 1 above. See [144] and figure 15 for a system comprising: a memory; and one or more processors configured to perform processing of claim 1. As per claims 12 and 19, they are rejected for the same reason as set forth in claim 2 above. As per claim 13, it is rejected for the same reason as set forth in claim 3 above. As per claim 15, it is rejected for the same reason as set forth in claim 6 above. As per claim 18, it is rejected for the same reason as set forth in claim 9 above. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Elmenshawy. As per claim 4, Elmenshawy teaches the invention as claimed in claim 3 above. Although Elmenshawy teach wherein the first token represents a resource principal session token associated with the first resource, wherein the resource principal session token and a secure credential associated with the first resource that enables the first resource to authenticate itself to a plurality of cloud resources provided by the CSP ([43][49][70]), however Elmenshawy is silent in regards to resource principal session token represents a temporary session token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include resource principal session token (e.g., digital certificate) represents a temporary session token because by doing so it would allow the resource principal session token (e.g., digital certificate) to be enabled only within a time period, thus improving the security of Elmenshawy’s system. Claims 8, 16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Elmenshawy in view of Pandiri et al, U.S. Patent Application Publication 2023/0097763. As per claim 8, Elmenshawy teaches the invention as claimed in claim 1 above. Elmenshawy is silent in regards to wherein the tenancy of a customer of the CSP represents an account created for the customer of the CSP that subscribes to one or more services provided by the CSP. Pandiri teaches wherein the tenancy of a customer of the CSP represents an account created for the customer of the CSP that subscribes to one or more services provided by the CSP ([4]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Pandiri’s teaching with Elmenshawy’s system in order to allow a customer to access the services under this tenancy, thus improving the security and access control of Elmenshawy’s system. As per claims 16 and 20, they are rejected for the same reason as set forth in claim 8 above. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Philip Lee whose telephone number is (571)272-3967. The examiner can normally be reached on 6a-3p M-F. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair- direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PHILIP C LEE/Primary Examiner, Art Unit 2454
Read full office action

Prosecution Timeline

Sep 27, 2024
Application Filed
Mar 18, 2026
Non-Final Rejection — §102, §103, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/669,100
Patent 12603820
SYSTEM AND METHOD FOR CELLULAR NETWORK PREDICTION MODEL ANALYSIS
2y 5m to grant Granted Apr 14, 2026
17/582,660
Patent 12596794
SYSTEMS AND METHODS FOR ADAPTIVE ACTION WITH DISTRIBUTED ENFORCEMENT POINTS
2y 5m to grant Granted Apr 07, 2026
18/263,160
Patent 12598243
Service Request and Response Handling
2y 5m to grant Granted Apr 07, 2026
18/494,391
Patent 12580971
ASSIGNING AGENTS TO COMMUNICATION SESSIONS BASED ON LANGUAGE PREFERENCES IN MOBILE APPLICATIONS
2y 5m to grant Granted Mar 17, 2026
18/575,407
Patent 12580825
APPARATUS, METHOD, AND COMPUTER PROGRAM
2y 5m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
78%
Grant Probability
96%
With Interview (+18.7%)
2y 9m
Median Time to Grant
Low
PTA Risk
Based on 306 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month