Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  1/8/2020. The instant application has claims 1-20 pending. The system, method and medium for detecting an multi-tenant request and obtaining credentials from vault server for perform the request. There a total of 20 claims.


Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

The applicant arguments relating to double patenting rejection is persuasive, the rejection is withdrawn.

The applicant amendments to claim 15 overcomes the 35 USC 112(d) rejection.

The applicant amendments to claim 16 overcomes the 35 USC 101 rejection.
Allowable Subject Matter
Claims 12-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-11, 14-17, 19-20  is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2014/0380441 to Stauth in view of US Patent 9483627 to Ferg.

Regarding Claim 1, 15-16, 19, Stauth discloses  A computer-implemented method comprising: receiving, by a computing device  implemented in a client network, a vault access request for vault credentials  stored by a vault server implemented in the client network  in performance of a task of remediating an error (Fig. 2 item 204, the credentials information for web service & Fig. 4 item 434, 410, 430 Central Server and Credentials Information, Fig. 2 item 201 & Par. 0015 the Turn ON signal refers to error being remediated by master server);  verifying, by the  computing device, that a source 
vault credentials from the vault server based on verifying that the source of 
the vault access request originated from the multitenant application server(Par. 0015, API calls with credentials files & Par. 0028).

But Stauth does not disclose the credentials obtained from vault server being used without access the vault server. However, Ferg discloses   storing, at the multitenant application server, the vault credentials obtained from the vault server, the multitenant application server uses the vault credentials to execute a multitenant application task without having to access the vault server(Col 4 Ln 29-48, the credentials from proxy with the request being modified & Abstract & Fig. 3 item 305, 307, 309, 311) .

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Stauth invention of accessing a web service with credentials being authenticated to include credentials obtained from vault server being used without access the vault server in order to have an modified request with initial user credentials replaced as taught in Ferg see Col 4 LN 29-48.


	
 2. Stauth discloses the method of claim 1, wherein the vault credentials are required to access one or more client servers in the client network(Par. 0015, the master-slave for the HTTP request).  

Regarding Claim 3, 17,  Stauth discloses the method of claim 1, wherein the verifying whether the source of the vault access request originated from a multitenant application server is performed by a vault security module implemented within the computing device(Par. 0021, the API calls for various computing applications).  

Regarding Claim 4. Stauth discloses the method of claim 1, further comprising verifying, by the computing device, that the vault access request includes credentials that a party requesting the vault credentials is an authorized party(Par. 0028, the Master sends  a signal once authenticated).  

Regarding Claim 5. Stauth discloses the method of claim 1, wherein the vault access request includes authentication information used to verify the source of the vault access request(Par. 0028, the instance ID, secret password being authentication).  

Regarding Claim 6, 20,  Stauth discloses the method of claim 5, wherein: the authentication information includes a certificate, and the verifying whether the source of the vault access request originated from a multitenant application server is based on at least one of: certificate-based authentication;  
    PNG
    media_image1.png
    14
    132
    media_image1.png
    Greyscale
 encryption or decryption; an internet protocol (IP) address via which the vault access request is 

Regarding Claim 7. Stauth discloses the method of claim 1, further comprising preventing, by the computing device, access to the vault server and the vault credentials when the source of the vault access request has not been verified as originating from the multitenant application server(Par. 0028, the verification of instance ID).  

Regarding Claim 8. Stauth discloses the method of claim 1, further comprising receiving an application instruction as part of the vault access request (Par. 0028-0029, credentials being verifed).  

Regarding Claim 9. Stauth discloses the method of claim 8, further comprising executing the multitenant application task by executing the multitenant application task in accordance with the application instruction (4Fig. 4 item Run Application).  

Regarding Claim 10. Stauth discloses the method of claim 9, wherein executing the multitenant application task includes accessing one or more client servers using the vault credentials(Fig. 4 Credentials Information).  

Regarding Claim 11. Stauth discloses the method of claim 10, further comprising providing the vault credentials to the multitenant application server(Par. 008).  

Regarding Claim 14. Stauth discloses the method of claim 1, wherein the computing device is implemented within a client network and the multitenant application server is implemented with a service provider network, wherein the client network and the service provider network are separate networks(Fig. 4 AWS & Par. 008).  

Regarding Claim 18, Stauth discloses  the computer program product of claim 16, wherein the program instructions further cause the computing device to execute a multitenant application task using the vault credentials in accordance with an application instruction received from the multitenant application server(Par. 008.).  

	Conclusion	

The Examiner notes that communication through email is permitted only after authorization with submission of PTO/SB/439 form. Please file this form in EFS or thorough central fax before proceeding to communicate via email with the examiner. The submission of the PTO/SB/439 form via email will NOT be accepted.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  



Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on 9-5. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov