DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	The Office action is in response to the patent application filed on December 14, 2018.  The application contains 29 claims.  Claims 1-29 are directed to a method, a system, and a computer-readable storage media for consolidating identity information across an enterprise comprising a plurality of enterprise systems.  Claims 1-29 are pending.
Claim Rejections - 35 USC § 103

3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-5, 12-15, and 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over King et al. (U.S. 8,656,508 B2), hereinafter “King”, in view of McMahon (U.S. 2007/0233600 A1).
Referring to claims 1, 12, 21:
	i.	King teaches:
                      A computer-implemented method for consolidating identity information across an enterprise comprising a plurality of enterprise systems, comprising (see King, col. 3, line 54 ‘Within an enterprise, an employee may "belong" to one or more 
organizational units, such as a department and a project.’):
           copying a plurality of entitlements associated with a user from at least one of the enterprise systems to at least one other of the enterprise systems (see King, fig. 5, ‘530 role hierarchy [i.e., where ‘role’ corresponding to ‘entitlement’ ]; col. 5, line 40 ‘role directory 550 maintain a copy of role hierarchy 530’; col. 2, line 42 ‘multiple roles a user might have a "manager" role and a "developer" role, each having different rights, preferences and limitations [i.e., a plurality of entitlements associated with a user ]’);
           identifying a user at an identity provider (see King, col. 3, line 60 ‘information about those employees are stored within corporate directory 210 [i.e., an identity provider ], which may be implemented as a data directory supported by one or more directory services.’; col. 4, line 16 ‘resource 216 might represent authorization to access a particular internal Web server, while resource 218 might represent authorization to access a firewall to the Internet.’);
           receiving a request from the user to access a resource associated with one of the enterprise systems (see King, col. 4, line 6 ‘Depending on an employee's title or job description within the enterprise, an employee may be assigned one or more roles within the security management/administration system.’);
            determining, based on at least one copy of at least one entitlement, whether the user is authorized to access the requested resource (see King, col. 4, line 9 ‘Group object 212 is associated with role object 214, which defines a role having basic access rights to resources 216 and 218.’);
             responsive to the determination indicating that the user is authorized to access the requested resource, providing access to the requested resource (see King, col. 4, line 9 ‘Group object 212 is associated with role object 214, which defines a role having basic access rights to resources 216 and 218.’); and
             responsive to the determination indicating that the user is not authorized to access the requested resource, denying access to the requested resource (see King, col. 4, line 30 ‘a clerical employee may be allowed to view a purchase order in the invoice management application, but not be able to approve it [i.e., denying ], whereas a manager role would have permission to approve the purchase order.’).
	King discloses identifying a user at an identity provider (see King, col. 3, line 60 ‘information about those employees are stored within corporate directory 210 [i.e., an identity provider ], which may be implemented as a data directory supported by one or more directory services.’).  However, King does not explicitly disclose the authenticating. 

	iii.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of McMahon into the system of King to implement authentication.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, McMahon’s teaching could enhance the system of King,  because authentication can enhance the security of the role-managed software licensing system.
Referring to claims 2, 13, 22:
		King and McMahon further disclose:
		each entitlement is associated with a group of users; and determining whether the user is authorized to access the requested resource comprises determining whether the user belongs to a group that is indicated, in the at least one copy of at least one entitlement, to be authorized to access the requested resource (see King, col. 3, line 64 ‘User object 202 represents not only an employee but also a manager, so user 
object 202 is associated with group object 212, which represents a group of similar managers.’)
Referring to claims 3, 14, 23:
		King and McMahon further disclose:
                     matching the user to an account on the identity provider; retrieving at least one identity provider authorization for the user; and determining, based on the retrieved at least one identity provider authorization, whether the user is authorized to access the requested resource (see King, col. 3, line 60 ‘information about those employees are stored within corporate directory 210 [i.e., an identity provider ], which may be implemented as a data directory supported by one or more directory services.’; col. 4, line 16 ‘resource 216 might represent authorization to access a particular internal Web server, while resource 218 might represent authorization to access a firewall to the Internet.’).
Referring to claims 4, 15, 24:
		King and McMahon further disclose:
identities 14 associated with employee 20 [i.e., mapping the user identity to a second user identity ],…for example, Human Resources Department 110, …, Information Technologies Department, ...’; claim 23 ‘federated entitlements for at least one system user’); 
                      determining at least one entitlement for the user at a service provider (see King, fig. 5, ‘role hierarchy 530 [i.e., where ‘role’ corresponding to ‘entitlement’ ]’, ‘enterprise provider 501 [i.e., service provider ]’); and
                      importing the at least one entitlement from the service provider so as to authorize access to the requested resource (see King, col. 5, line 40 ‘role directory 550 [i.e., the identity provider ] maintain a copy of role hierarchy 530 [i.e., importing the at least one entitlement from the service provider ]’).
 		It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of McMahon into the system of King to implement identity mapping.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, McMahon’s teaching could enhance the system of King,  because McMahon teaches “identity management” (see McMahon, [0001]), which can enhance the security of the role-managed software licensing system.
Referring to claim 5:
		King and McMahon further disclose:
           wherein importing the at least one entitlement from the service provider comprises copying the at least one entitlement into a transient repository (see King, see King, col. 5, line 40 ‘role directory 550 [i.e., the identity provider ] maintain a copy of role hierarchy 530 [i.e., importing the at least one entitlement from the service provider ]’; col. 3, line 39 ‘database 17’).

 

s 6-11, 16-20, and 25-29  are rejected under 35 U.S.C. 103 as being unpatentable over King et al. (U.S. 8,656,508 B2), in view of McMahon (U.S. 2007/0233600 A1), further in view of Zimmermann et al. (U.S. 2018/0027006 A1), hereinafter “Zimmermann”. 
Referring to claims 6, 16, 25:
	i.	King and McMahon further disclose:
           mapping the user identity, such as on the identity provider, to a second user identity, such as on a service provider (see McMahon, fig. 2; [0031] ‘FIG. 2 is a block diagram showing an employee 20 of organization 10, example identities 14 associated with employee 20 [i.e., mapping the user identity to a second user identity ],…for example, Human Resources Department 110, …, Information Technologies Department 130, ...’); 
           at the service provider, determining that the user is a member of a service provider group (see King, fig. 5, ‘enterprise provider 501 [i.e., the service provider ]’, ‘role directory 550 [i.e., the identity provider ]’; col. 3, line 64 ‘User object 202 represents not only an employee but also a manager, so user object 202 is associated with group object 212, which represents a group of similar managers.’); 
           at the service provider, based on the membership of the user in the service provider group, determining at least one entitlement for the user (see King, col. 4, line 9 ‘Group object 212 is associated with role object 214, which defines a role [i.e., entitlement ] having basic access rights to resources 216 and 218.’); and 
                      importing the at least one entitlement from the service provider so as to authorize access to the requested resource (see King, col. 5, line 40 ‘role directory 550 [i.e., the identity provider ] maintain a copy of role hierarchy 530 [i.e., importing the at least one entitlement from the service provider ]’).
 		It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of McMahon into the system of King to implement identity mapping.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, McMahon’s teaching could enhance the system of King,  because McMahon teaches “identity management” (see McMahon, [0001]), which can enhance the security of the role-managed software licensing system.

	ii.	Zimmermann disclose cache (see Zimmermann, [0329] ‘a temporary cache buffer’).
                      Additionally, Zimmermann further disclose or suggests a phone call (see Zimmermann, [0003] ‘customer relationship management (CRM)…smart phones’). 
iii.       It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Zimmermann into the system of King to use cache buffer.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, Zimmermann’s teaching could enhance the system of King,  because using cache buffer for storage can speed up access.
Referring to claim 7:
		King, McMahon, and Zimmermann further disclose:
           wherein importing the at least one entitlement from the service provider comprises copying the at least one entitlement into a transient repository (see King, see King, col. 5, line 40 ‘role directory 550 [i.e., the identity provider ] maintain a copy of role hierarchy 530 [i.e., importing the at least one entitlement from the service provider ]’; col. 3, line 39 ‘database 17’).
Referring to claims 8, 17, 26:
		King, McMahon, and Zimmermann further disclose:
           	wherein determining at least one entitlement for the user comprises issuing a call to service provider to request permission information, and receiving the requested permission information (see King, fig. 5, ‘enterprise provider 501 [i.e., service provider ]’. And McMahon, [0032] ‘phone systems’).
           	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of McMahon into the system of King to use the phone systems.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, McMahon’s teaching could enhance the system of King,  because phone systems are well known and popular as a communication means.
Referring to claims 9, 18, 27:
	King, McMahon, and Zimmermann further disclose identifying an account (see King, col. 4, line 13 ‘an intranet account’), the authenticating (see McMahon, [0025] ‘authenticate …pass code’), and the writeback (see Zimmermann, [0186] ‘write back’; [0272] ‘user account’).
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of McMahon into the system of King to implement authentication.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, McMahon’s teaching could enhance the system of King,  because authentication can enhance the security of the role-managed software licensing system. 
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Zimmermann into the system of King to use the write back.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, Zimmermann’s teaching could enhance the system of King,  because Zimmermann teaches “method for improved enterprise data security.” (see Zimmermann, [0001]). 
Referring to claims 10, 19, 28:
King, McMahon, and Zimmermann further disclose:
          	wherein authenticating the user in connection with the identified account comprises authenticating the user based on singlesign-on at the identity provider (see Zimmermann, [0111] ‘single sign-on (SSO)’).
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Zimmermann into the system of King to use SSO.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, Zimmermann’s teaching could enhance the system of King, because Zimmermann teaches “method for improved enterprise data security.” (see Zimmermann, [0001]).
Referring to claims 11, 20, 29:
King, McMahon, and Zimmermann further disclose:
		presenting the user with a link to a service provider page; and receiving user input via the service provider page to perform the writeback (see Zimmermann, [0377] ‘URL’).
           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Zimmermann into the system of King to use URL.  King teaches "One embodiment is directed generally to software licensing, and more particularly to role-managed software licensing.”(see King, col. 1, line 6).  Therefore, Zimmermann’s teaching could enhance the system of King, because using URL to pass the object content is well known and popular in the IT industry.
Conclusion

6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	Cole; Gary et al.( US 10484243 B2) disclose Application management for a multi-tenant identity cloud service;
(b)	McCarthy; Kevin L. et al.( US 20150163206 A1) disclose customizable secure data exchange environment;
(c)	Rehman; Muhammad(US 20130103640 A1) disclose entitlement management in an on-demand system;
(d)	Wyn-Harris; Jeremy(US 20130133048 A1) disclose identity assessment method and system;
(e)	Versteeg; Steven Cornelis et al.( US 9942321 B2) disclose Identity-to-account correlation and synchronization.

 	7.          Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571)272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.

            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/PEILIANG PAN/
Examiner, Art Unit 2492

/TAE K KIM/Primary Examiner, Art Unit 2492