Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The instant application having Application No. 16/189,027 is presented for examination by the examiner.


 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 6 and 7 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 

As per claims 6 and 7, it is unclear what these claims further define as the terms recited within are already in claim 1.  The phrase “in combination with” does not definitively convey a combination when the system acted on and controlled access to the resource at the source.  Appropriate correction is required.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.






Claims 1-11, 14-16, 19 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by NPL cited on IDS submission 11/13/18, item 10, entitled “Use Key Vault from App Service with Managed Service Identity” published by CawaMS last changed on 12/4/17, hereinafter CawaMS.


a processor; a memory in operable communication with the processor [local machine/hardware of the cloud; step 4]; 
a developer digital identity [Azure AD credential from developer account] which has been authenticated [summary section]; 
a development tool which is executable with the processor under the authenticated developer digital identity [Visual Studio signed in with the developer’s account; see summary and beginning of step 4]; and 
the software program [Web APP], which is executable with the processor under control or scrutiny by the development tool, the software program including a program authentication portion [authentication extension] which upon execution with the processor retrieves a resource access credential [arrow 2 of figure from step 4 request an authentication token that is returned in arrow 3] which is: 
(i) usable by the software program to access the secured resource [token gains access to key vault’s secret; arrow 4/5] , 
(ii) based on the authenticated developer digital identity [Key Vault configuration builder will use the Visual Studio sign-in account to get a token; step 4], and 
(iii) retrieved from a resource access credential source [Azure Services – arrow 3] which is external to the following software program constituents: all source code of the software program, all configuration files of the software program [background: “Web App can authenticate to Azure Key Vault without the need to manage Azure AD credentials and to change source code”; step 4: “It also prevents credentials from being checked in to source code” and summary “The web app was successfully able to get a secret at runtime from Azure Key Vault using your developer account during development, and using MSI when deployed to Azure, without any code change between local development environment and Azure”]. 

As per claim 2, CawaMS teaches the development tool comprises an integrated development environment [Azure cloud].
As per claim 3, CawaMS teaches the development tool is extensible by at least one pluggable tool extension [step 1].
As per claim 4, CawaMS teaches the software program comprises at least one of the following: a user-facing application, middleware, a web service, a cloud infrastructure component, or an application which has a version deployed in a cloud (step 6).
As per claim 5, CawaMS teaches all source code of the software program and all configuration files of the software program are each free of any currently effective resource access credential [token comes from the Azure Services Authentication extension, not the source code; step 4] and are each also free of any hard-coded path which identifies a storage location which contains a currently effective resource access credential [Visual Studio handles logging into the Azure Services and is not a part of the Web Apps source code or configuration file; step 4]. 
As per claims 6 and 7, CawaMS teaches the secured resource [key vault] and the resource access credential source [Azure Services Authentication extension]. 

the development tool [Visual Studios] receiving a developer digital identity and a developer credential [user logs into Visual Studio with an Azure account with username and password; prerequisite 1 and first image of step 4] ; 
the development tool transmitting representations of the developer digital identity and developer credential to an identity management directory [username password is check against subscription with Azure AD]; 
the development tool getting a verification from the identity management directory, which verifies that the developer digital identity is authenticated [Visual Studio is shown with the user having successfully logged into Azure through VS; image from Step 4]; 
the development tool obtaining a resource access credential based on the authenticated developer digital identity [The Key Vault configuration builder will use the Visual Studio sign-in account to get a token; step 4 arrow 2/3]; 
a software program [Web App] being under development in the development tool; 
the software program requesting access to a secured resource [vault] based on the resource access credential [Step 4, arrow 4]; and 
the software program which is under development in the development tool gaining access to the secured resource based on the resource access credential [token] [step 4 arrow 5]; 

As per claims 9, CawaMS teaches wherein the development tool receiving a developer digital identity comprises at least one of the following: 
the development tool displaying a set of account identifiers and the development tool acquiring an account selection which selects an account corresponding to one of the displayed account identifiers, wherein the developer digital identity corresponds to the selected account [see image from the troubleshooting section with multiple accounts]; 
the development tool displaying a set of tenant identifiers and the development tool acquiring a tenant selection which selects a tenant corresponding to one of the displayed tenant identifiers, wherein the developer digital identity corresponds to the selected tenant; or 
the development tool displaying a set of directory service identifiers and the development tool acquiring a directory service selection which selects a directory service corresponding to one of the displayed directory service identifiers, wherein the developer digital identity corresponds to the selected directory service. 


As per claim 10, CawaMS teaches the software program being under development in the development tool comprises the development tool performing at least one of the following software development functions on at least a portion of the software program within an hour [immediately is within an hour] of the software program requesting access to the secured resource based on the resource access credential: text editing, software designing, syntax checking, source code completing, code generating, compiling, executable building, defect detecting, debugging [step 4, arrow 1], provisioning, deploying, diagnostic performing, performance monitoring, performance profiling.  
As per claim 11, CawaMS teaches the software program determining that access to one or more secured resources will not be available based on a digital identity of the software program because the digital identity of the software program cannot be authenticated in an environment which currently contains the software program [Web App needs get secret access to the key vault; see Common issues across environments, last page]. 

As per claim 14, CawaMS teaches the software program requesting access to a secured resource based on the resource access credential comprises sending the resource access credential to a web application program interface [sends token from Web APP to the Azure Key Vault; step 4, arrow 4]. 
As per claim 15, CawaMS teaches the software program requesting access to a secured resource based on the resource access credential comprises sending the resource access credential to a cloud-hosted management service which provides management of one or more of the following: cryptographic keys, digital certificates, or 
As per claim 16, it is rejected for the same reasons as claim 8.  Claim 16 states the IDE is the development tool which maps to claim 8.  The secured resource of CawaMS is cloud-hosted.

As per claim 19, CawaMS teaches the software program gains access to the cloud-hosted secured resource without requiring authentication of a digital identity which is specific to the software program [background shows the App’s Azure AD credential is not used].
As per claim 20, CawaMS teaches the same executable form of the software program gaining access to the cloud-hosted secured resource when the software program is under development in the IDE as when the software program runs independently of and outside the IDE [the local machine version of the Web App is uploaded to the cloud in step 6]. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over CawaMS.
As per claim 17, CawaMS does not explicitly teach repeating the same process as taught in claim 16 for a second resource access credential.  CawaMS teaches obtaining a resource access credential in the form of a token to access the key vault, both of which are cloud-hosted.  There is no reason to believe the method taught by CawaMS is limited to a single key vault.  There many such vaults in practice.  CawaMS does not limit the method to a particular key vault.  Therefore it would have been obvious before the effective filing date of the invention to incorporate more than one accessible key vault and have tokens for accessing each respectively.  Substituting many key vaults in the system for one does not produce any unpredictable results.  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  

	Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over CawaMS in view of USP Application Publication  2017/0374177 to VMware, hereinafter VMware.
.  

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over CawaMS in view of USP 9,727,445 to Simernitski et al., hereinafter Simernitski.

As per claim 18, CawaMS teaches the software program requests access to the cloud-hosted secured resource based on the resource access credential during an execution session of the software program (step 4) and a debug mode but not explicitly one or more of the following debugging functions on the software program during the execution session: step forward a specified number .  
Allowable Subject Matter
Claim 12 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431