DETAILED ACTION
This non-final office action is in response to claims 1-20 filed on 06/28/2019 for examination. Claims 1-20 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/22/2020 and 01/18/2021 have been considered by the examiner. 

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because: 
Reference character “108” has been used to designate both service provider 108 (see, e.g., [0026]) and service 108 (see [0066]).  
Reference character “112” has been used to designate both service provider 112 (see, e.g., [0026]) and service 112 (see [0066]).  
Reference character “127” has been used to designate both policy 127 (see, e.g., [0028]) and multi-tenant API 127 (see, e.g., [0058]).  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to alter the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
Claims 6 and 19 is/are objected to because of the following informalities: 
Claim 6, lines 7-8 recites “the first representation and second representation […]”. For clarity of antecedent basis with regards to the previously introduced second representation (see claim 6, line 4), examiner suggests amending to, e.g., “the first representation and the second representation […]” Claim 19 recites a similar deficiency, and is objected to under like rationale.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 14 and 18 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Particularly, Claim 14 recites the limitation "the second tenant" in line 7.  There is insufficient antecedent basis for this limitation in the claim. Claim 18 recites a similar limitation, and is rejected under like rationale.

Consideration Under 35 USC § 101
Note: the claims have been considered and analyzed by the Examiner under 35 USC § 101 with respect to statutory category and the abstract idea, and appear to recite a form of subject matter statutorily compliant with § 101.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 10-12 and 15-17 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rosado (US20200412538, Hereinafter “Rosado”).
Regarding claim 10, Rosado teaches a non-transitory, computer-readable medium storing instructions that when executed by a multi-tenant platform cause multi-tenant platform to perform operations ([0032-0033] – system implemented via computer readable medium storing instructions of the multi-tenant platform to be executed via processor) comprising: 
receiving, at the multi-tenant platform ([0020] – system is multi-tenant system), a request from an end user of a first service of a first tenant of the multi-tenant platform for the first service to access a second service of the multi-tenant platform to perform a transaction ([0003]&[0019] – request received from a service <i.e., that is making the request> of first tenant to access a connected service <i.e., a second service> in the virtual private cloud (VPC); [0020] – received request is for the multi-tenant platform to access a service to complete a transaction on behalf of a user <i.e., the end user>), wherein the request includes a first access token that is associated with the end user ([0019] – request from the first tenant includes a JSON web token <i.e., first access token in first format> used to authenticate/confirm the service request is valid for the requesting tenant; [0020]&[0022] – received and generated JSON and access token are utilized to then acquire the transaction token to complete the transaction on behalf of a user <i.e., end user>); 
generating, by the multi-tenant platform using the first access token, a universal access token associated with the end user ([0019] – system creates an access token for the user’s request that uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system using the tenant private key created based on authentication of the tenant <which uses the JSON web token in step 210, i.e., using the first access token>); 
generating, by the multi-tenant platform using the universal access token, a second access token that is associated with the end user ([0020] – access token created in S230 used to request and receive a transaction token <i.e., second access token>; [0020]&[0022] – received and generated JSON ; and 
using, by the multi-tenant platform, the second access token to communicate with the second service to perform the transaction ([0020-0021] – transaction token <i.e., second access token> used to authorize access to system resources and complete the service); 
wherein the first access token, second access token, and universal access tokens are in different formats ([0019] – standard JWON Web token received <first token in first format>, then generated JSON access token <i.e., universal access token> payload is customized to a tenant-specific format; [0020] – Oauth transaction token <i.e., second access token> is similarly in a tenant custom format <i.e., each token is in a different/customized format>).
  
Regarding claim 11, Rosado teaches the computer-readable medium of claim 10, wherein the universal access token includes: 
a header that identifies the universal access token (Rosado at [0019] – produced access token includes a header identifying the token, and access token uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system); 
a payload including (Rosado at [0019] – produced access token includes a payload): 
an issuer indication of the tenant that requested the transaction (Rosado at [0019] – produced access token payload includes the identifier of the first tenant that is requesting the transaction), and 
an expiration time that limits a time period during which the universal access token is useable (Rosado at [0019] – produced access token payload includes a token expiration date); and 
a cryptographic signature (Rosado at [0019] – produced token payload includes digital signature).  

Regarding claim 12, Rosado teaches the computer-readable medium of claim 11, wherein the payload further includes: first tenant payload information including a first representation of the end user within the first service (Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the transaction is being performed for <i.e., second representation of end user>); and second tenant payload information including a second representation of the end user within the second service (Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the transaction is being performed for <i.e., second representation of end user> used in authentication of the user with the second service in [0020]).  

Regarding claim 13, Rosado teaches the computer-readable medium of claim 10, the operations further comprising: determining that the end user is authorized to access the first service and access the second service (Rosado at [0019]-[0020] – entity <end user> is authorized against the first service using the first token, and the end user is authorized against the second service using the access token + transaction token; [0017], [0022]-[0023] – access is based on permissions for the user; [0015] – entities may comprise users).  

Regarding claim 15, Rosado teaches a multi-tenant platform (abstract – system is a multi-tenant platform) comprising: a computer processor circuit ([0032]-[0033] – system comprises a processor circuit); and a computer-memory storing instructions that when executed by the computer processor causes the multi-tenant platform to perform operations ([0032-0033] – technique may be comprising: 
receiving, at the multi-tenant platform ([0020] – system is multi-tenant system), a request from a first service of a first tenant of the multi-tenant platform for the first service to access a second service of the multi-tenant platform ([0003]&[0019] – system is a multi-tenant system, and receives a request from a service of first tenant to access a service <i.e., a second service> in the virtual private cloud (VPC); [0020] – received request is for the multi-tenant platform to access a service to complete a transaction on behalf of a user <i.e., the end user>), wherein the request includes a first access token ([0019] – request from the first tenant includes a JSON web token <i.e., first access token in first format> used to authenticate/confirm the service request is valid for the requesting tenant; [0020] – received and generated JSON and access token are utilized to then acquire the transaction token to complete the transaction); 
generating, by the multi-tenant platform using the first access token, a universal access token([0019] – system creates an access token that uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system using the tenant private key created based on authentication of the tenant <which uses the JSON web token in step 210, i.e., using the first access token>); 
generating, by the multi-tenant platform using the universal access token, a second access token ([0020] – access token created in S230 used to request and receive a transaction token <i.e., second access token>); and 
sending, from the multi-tenant platform to the second service, a program call to the second service including the second access token ([0020-0021] – transaction token <i.e., second access token> used to authorize access to the second service resource and to complete the first service transaction; .  

Regarding claim 16, Rosado teaches the multi-tenant platform of claim 15, wherein the universal access token includes: 
a header that identifies the universal access token (Rosado at [0019] – produced access token includes a header identifying the token, and access token uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system); 
a payload including (Rosado at [0019] – produced access token includes a payload): 
an issuer indication of the tenant associated with the request (Rosado at [0019] – produced access token payload includes the first tenant), and 
an expiration time that limits a time period during which the universal access token is useable (Rosado at [0019] – produced access token payload includes a token expiration date); and 
a cryptographic signature (Rosado at [0019] – produced token payload includes digital signature).  

Regarding claim 17, Rosado teaches the multi-tenant platform of claim 16, wherein the transaction is associated with an end user (Rosado at [0019] – payload includes an audience field identifying the audience; see also [0016] & [0020] – transaction token is used in place of the user ID/password <i.e., is associated with the user>); and wherein the payload further includes: first tenant payload information including a first indication of the end user within the first service (Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the ; and second tenant payload information including a second indication of the end user within the second service(Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the transaction is being performed for <i.e., second representation of end user> used in authentication of the user with the second service in [0020]).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-5, 7-8, 14, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rosado in view of Bahrenburg et al. (US20200007529, Hereinafter “Bahrenburg”).
Regarding claim 1, Rosado teaches a method comprising: 
receiving, at a multi-tenant platform ([0020] – system is multi-tenant system), a request from a first service of a first tenant of the multi-tenant platform to access a second service [[of a second tenant]] of the multi-tenant platform to perform a transaction ([0003]&[0019] – system is a multi-tenant system, and receives a request from a service of first tenant to access a service <i.e., a second service> in the virtual private cloud (VPC); [0020] – received request is for the multi-tenant platform to access a service to complete a transaction), wherein the request includes a first access token that is usable to authenticate the transaction with the first tenant and is in a first format used by the first service ([0019] – request from the first tenant includes a JSON web token <i.e., first access token in first ; 
generating, by the multi-tenant platform using the first access token, a universal access token ([0019] – system creates an access token that uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system using the tenant private key created based on authentication of the tenant <which uses the JSON web token in step 210, i.e., using the first access token>); 
generating, by the multi-tenant platform using the universal access token, a second access token ([0020] – access token created in S230 used to request and receive a transaction token <i.e., second access token>), wherein the second access token is useable to authenticate the transaction [[with the second tenant]] and is in a second format used by the second service ([0020] – the transaction token is used to securely conduct and authenticate transactions with the second service in place of, e.g., user ID and password. The transaction token may be a OAuth token and include a custom format <i.e., in a second format>. Transaction token is used with the connected application <i.e., second service>); and 
using, by the multi-tenant platform, the second access token to communicate with the second service to perform the transaction ([0020-0021] – transaction token <i.e., second access token> used to authorize access to system resources and complete the service).
While Rosado discloses requesting a transaction token to access the resources of a second service provider (Rosado at [0019-0021], see “connected application”), Rosado appears to fail to specifically disclose wherein the accessed application/second service is of a second tenant.
However, Bahrenburg discloses configuring a first tenant service to cross-request access to application services of a second tenant in a multi-tenancy system (see abstract, [0096]-[0110] – access 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rosado with the teachings of Bahrenburg, wherein the accessed second service of Rosado is the service of a second tenant, to allow for cross-tenant requests and resource sharing between the plurality entities in the multi-tenant system (see, e.g., Bahrenburg at [0011], [0096]-[0110]).

Regarding claim 2, the combination of Rosado and Bahrenburg teaches the method of claim 1, wherein the universal access token includes: a header that identifies the universal access token (Rosado at [0019] – produced access token includes a header identifying the token, and access token uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system); a payload including (Rosado at [0019] – produced access token includes a payload): an issuer indication of the first tenant (Rosado at [0019] – produced access token payload includes the first tenant), and an expiration time that limits a time period during which the universal access token is useable (Rosado at [0019] – produced access token payload includes a token expiration date); and a cryptographic signature (Rosado at [0019] – produced token payload includes digital signature).  

Regarding claim 3, the combination of Rosado and Bahrenburg teaches the method of claim 2, wherein the transaction is associated with an end user (Rosado at [0019] – payload includes an audience field identifying the audience; see also [0016] & [0020] – transaction token is used in place of the user ID/password <i.e., is associated with the user>); and wherein the payload further includes: first tenant payload information including a first representation of the end user within the first service Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the transaction is being performed for <i.e., second representation of end user>); and second tenant payload information including a second representation of the end user within the second service (Rosado at [0019] – payload includes an issuer field which identifies the requesting entity <i.e., a first representation of the end user>, and also may comprise a subject field identifying the entity the transaction is being performed for <i.e., second representation of end user> used in authentication of the user with the second service in [0020]). 

Regarding claim 4, the combination of Rosado and Bahrenburg teaches the method of claim 1, receiving, at the multi-tenant platform, an additional request from the first service to access a third service of a third tenant of the multi-tenant platform to perform an additional transaction (Rosado at [0003]&[0019] – system is a multi-tenant system, and receives a request from a service of first tenant to access any connected service <i.e., a third service, see also [0001-0002] – the access system allows to a plurality of applications> in the VPC; [0020] – received request is for the multi-tenant platform to access a service to complete a transaction; Note: As disclosed in Bahrenburg at [0094]-[0106], requests may be cross-tenant in the system and use a directory service <i.e., routing other (third+) requests in a similar manner to tenants as the second service request>), wherein the additional request includes an additional first access token that is usable to authenticate the transaction with the first tenant and is in a first format used by the first service (Rosado at [0019] – each request from the first tenant includes a JSON web token <i.e., additional first access token in first format> used to authenticate/confirm the service request is valid for the requesting tenant; [0020] – received and generated JSON and access token are utilized to then acquire the transaction token to complete the transaction  <i.e., system operates similarly for any “connected application” requested>); and generating, by the multi-tenant platform using the additional first access token, an additional universal access token having the same format as the universal access token(Rosado at [0019] – system creates an access token that uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system using the tenant private key created based on authentication of the tenant, which uses the JSON web token in step 210, i.e., using the first access token <i.e., system operates similarly for any “connected application” requested>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Rosado and Bahrenburg with the teachings of Rosado, wherein a third tenant is accessed using the token access system, to allow for cross-tenant requests and resource sharing between the plurality entities in the multi-tenant system (see, e.g., Bahrenburg at [0011], [0096]-[0110]).

Regarding claim 5, the combination of Rosado and Bahrenburg teaches the method of claim 1, further comprising: storing a first identity provider model corresponding to the first tenant that models how the first access token is usable to authenticate the transaction with the first tenant (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the specific entity/tenant; [0019] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the specific tenant can perform transactions based on the received first token>; see also [0022-0023] – cloud includes identity specific access roles for defining permissions); and storing a second identity provider model corresponding to the second tenant that models how the second access token is usable to authenticate the transaction with the second tenant (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the Bahrenburg discloses cross-tenant service requests, see [0011], [0096]-[0110] <i.e., with the second tenant>); wherein generating the universal access token includes using the first identity provider model to generate the universal access token (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the entity/tenant; [0019] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the specific tenant can perform transactions based on the received first token>. Then system creates an access token that uniquely corresponds to the tenant such that no other tenant may obtain the same access token <i.e., is a universal access token> in the multi-tenant system using the tenant private key created based on authentication of the tenant <i.e., based on permissions in the model; see also [0022] – cloud includes identity access roles for defining permissions), and wherein generating the second access token includes using the second identity provider model to generate the universal access token (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the transaction token in the system for authentication>. Further, an access token unique across tenants <i.e., the universal token> is generated by the permissions model and is used to generated the transaction token <i.e., second access token>; see also [0022-0023] – cloud includes identity access roles for defining permissions).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Rosado and Bahrenburg as taught in Bahrenburg, wherein the second service is a service of a second tenant, to allow for cross-tenant requests and resource sharing between entities while enforcing permissions determined for each entity (see, e.g., Bahrenburg at [0011], [0096]-[0110]).

Regarding claim 7, the combination of Rosado and Bahrenburg teaches the method of claim 1, wherein the transaction is associated with an end user (Rosado at [0019] – transaction is performed on behalf of a requesting entity <i.e., end user>; [0015] – entities may comprise users); the method further comprising: determining that the end user is authorized to access the first service and access the second service (Rosado at [0019]-[0020] – entity <end user> is checked against the first service using the first token, and the end user is checked against the second service using the access token + transaction token; [0017], [0022]-[0023] – access is based on permissions for the user; [0015] – entities may comprise users).  

Regarding claim 8, the combination of Rosado and Bahrenburg teaches the method of claim 1, further comprising: provisioning, with the multi-tenant platform, a first application program interface (API) to facilitate communications between the multi-tenant platform and the first service (Rosado at [0030] & [0016] – first service communicates with the multi-tenant platform via an API; see also Bahrenburg at [0067] & [0107] – requesting tenant service communicates with the system via an api); and provisioning, with the multi-tenant platform, a second API to facilitate communications between the multi-tenant platform and the second service (Bahrenburg at [0107] – receiving tenant service communicates with the system via an api); wherein receiving the request from the first service includes using the first API (Rosado at [0030] & [0016] – first service communicates with the multi-tenant platform via an API; see also Bahrenburg at [0067] & [0107] – requesting tenant service communicates with the system via an api), and where using the second access token to communicate with the second service includes using the second API (Bahrenburg at [0107] – tokens identify the target API to access a second service; see with Rosado at [0020] wherein the transaction token <i.e., second access token> is used to access the target service).  
Rosado and Bahrenburg as taught in Bahrenburg, further comprising provisioning, with the multi-tenant platform, a first application program interface (API) to facilitate communications between the multi-tenant platform and the first service; and provisioning, with the multi-tenant platform, a second API to facilitate communications between the multi-tenant platform and the second service; wherein receiving the request from the first service includes using the first API, and where using the second access token to communicate with the second service includes using the second API, so that target application APIs may be used to access the resources via standard API calls in a cross-tenant environment (see, e.g., Bahrenburg at [0059], [0067], [0107]).

Regarding claim 14, Rosado teaches the computer-readable medium of claim 10, the operations further comprising: wherein generating the universal access token includes using a first identity provider model to generate the universal access token (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the specific entity/tenant; [0019] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the specific tenant can perform transactions based on the received first token>; see also [0022-0023] – cloud includes identity specific access roles for defining permissions); wherein generating the second access token includes using a second identity provider model to generate the universal access token (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the transaction token in the system for authentication>; see also [0022-0023] – cloud includes identity specific access roles for defining permissions); and wherein the first identity provider model is associated with the first tenant and the second identity provider model is associated with [[the second tenant]] (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the entity/tenant; [0019-0020] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the service can perform transactions with regards to the second service>.; see also [0022] – cloud includes identity access roles for defining permissions).  
Yet, Rosado appears to fail to disclose wherein the second service is held at a second tenant. However, Bahrenburg discloses a first tenant service requesting to access the application services of a second tenant in a multi-tenancy system (see abstract, [0096]-[0110] – access token for first a tenant service sent to a second tenant as part of a request to access the second tenant application).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rosado with the teachings of Bahrenburg, wherein the second service is a service of a second tenant, to allow for cross-tenant requests and resource sharing between entities while enforcing permissions determined for each entity (see, e.g., Bahrenburg at [0011], [0096]-[0110]).

Regarding claim 18, Rosado teaches the multi-tenant platform of claim 15, wherein generating the universal access token includes using a first identity provider model to generate the universal access token (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the specific entity/tenant; [0019] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the specific tenant can perform transactions based on the received first token>; see also [0022-0023] – cloud includes identity specific access roles for defining permissions); wherein generating the second access token includes using a second identity provider model to generate the universal access token (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the transaction token in the system for authentication>; see also [0022-0023] – cloud includes identity specific access roles for defining permissions); and wherein the first identity provider model is associated with the first tenant and the second identity provider model is associated with [[the second tenant]] (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the entity/tenant; [0019-0020] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the service can perform transactions with regards to the second service>.; see also [0022] – cloud includes identity access roles for defining permissions).  
Yet, Rosado appears to fail to disclose wherein the second service is held at a second tenant. However, Bahrenburg discloses a first tenant service requesting to access the application services of a second tenant in a multi-tenancy system (see abstract, [0096]-[0110] – access token for first a tenant service sent to a second tenant as part of a request to access the second tenant application).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rosado with the teachings of Bahrenburg, wherein the second service is a service of a second tenant, to allow for cross-tenant requests and resource sharing between entities while enforcing permissions determined for each entity (see, e.g., Bahrenburg at [0011], [0096]-[0110]).  

Regarding claim 20, Rosado teaches the multi-tenant platform of claim 15. While Rosado disclose the generation of a universal access token by the multi-tenant system (see, e.g., Rosado at Rosado appears to fail to specifically disclose the operations further comprising: sending, from the multi-tenant platform to the first service, the universal access token.
However, Bahrenburg discloses a first tenant service requesting to access the application services of a second tenant in a multi-tenancy system (see abstract, [0096]-[0110] – access token for first a tenant service sent to a second tenant as part of a request to access the second tenant application), the operations further comprising: sending, from the multi-tenant platform to the first service, the universal access token ([0093] – the target tenant produces the token and provides it to the intermediate system of the tenants <i.e., the multi-tenant platform>, which then transfers the access token to the to-be-requesting tenant service <i.e., first service> for use in making service requests to the second tenant)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rosado with the teachings of Bahrenburg, the operations further comprising: sending, from the multi-tenant platform to the first service, the universal access token, so that the first tenant’s service may communicate with the resources in a second tenant (see, e.g., Bahrenburg at [0093], [0096]-[0110]).

Claim(s) 6 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rosado in view of Bahrenburg, further in view of Solanki et al. (NPL: “Multi-Tenant Access and Information Flow Control for SaaS”, IEEE 2016, Hereinafter “Solanki”).
Regarding claim 6, the combination of Rosado and Bahrenburg teaches the method of claim 5, wherein the transaction is associated with an end user (Rosado at [0020] – transaction token is used in place of the user ID/password <i.e., is associated with the user>); wherein the first identity provider model includes a first representation of the end user (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are ; wherein the second identity provider model includes a second representation of the end user (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the transaction token in the system for authentication>; see also [0022-0023] – cloud includes identity access roles for defining permissions; Bahrenburg discloses cross-tenant service requests, see [0011], [0096]-[0110] <i.e., with the second tenant>, and includes an identity of the requestor <i.e., representation, at [0103], [0105]> in the request). 
While the combination of Rosado and Bahrenburg disclose cross-tenant requests (see, e.g., Bahrenburg at [0096]-[0110]), the combination of Rosado and Bahrenburg appear to fail to disclose wherein the first identity provider model and second identity provider model are represented within a hierarchical data structure that links the first representation and second representation together.  
However, Solanki discloses a system for cross-tenant access control services (see abstract), wherein the first identity provider model and second identity provider model are represented within a hierarchical data structure that links the first representation and second representation together (§ 2.1 – tenants are linked together in a hierarchical data structure to allow for cross-tenant access control, wherein the data of each tenant is shared; § 2.2 – the access rights to each service in the hierarchy are determined based on each user identity <i.e., the representations> in the hierarchy <i.e., each tenant has an identity/representation of the user to be allowed access>; see also § 3.2 and § 3.2.2 mapping each dependency that will be requested for using data resources).  
Rosado and Bahrenburg with the teachings of Solanki, wherein the first identity provider model and second identity provider model are represented within a hierarchical data structure that links the first representation and second representation together, to enforce user identity based access control on cross-tenant services (see, e.g., Solanki at § 2.2, § 5).

Regarding claim 19, Rosado teaches the multi-tenant platform of claim 18, wherein the first identity provider model includes a first indication of an end user (Rosado at [0017] – each component of the system is mapped to the other components where permissions to access other components are determined based on the entity/tenant; [0019] – first token is received from tenant to interact with the system and determine whether to allow access to the resource/service <i.e., system models how the specific tenant can perform transactions based on the received first token>, and entity ID <i.e., indication> is used to match the token for authentication; see also [0022-0023] – cloud includes identity access roles for defining permissions); wherein the second identity provider model includes a second indication of the end user  (Rosado at [0020] – system models how the transaction token <i.e., second access token> is received and used to authenticate the transaction with the second service <i.e., a second model maps the transaction token in the system for authentication>; see also [0022-0023] – cloud includes identity access roles for defining permissions; Bahrenburg discloses cross-tenant service requests, see [0011], [0096]-[0110] <i.e., with the second tenant>, and includes an identity of the requestor <i.e., indication, at [0103], [0105]> in the request). 
While the combination of Rosado and Bahrenburg disclose cross-tenant requests (see, e.g., Bahrenburg at [0096]-[0110]), the combination of Rosado and Bahrenburg appear to fail to disclose 
However, Solanki discloses a system for cross-tenant access control services (see abstract), wherein the first identity provider model and second identity provider model are represented within a hierarchical data structure that links the first indication and second indication together (§ 2.1 – tenants are linked together in a hierarchical data structure to allow for cross-tenant access control, wherein the data of each tenant is shared; § 2.2 – the access rights to each service in the hierarchy are determined based on each user identity <i.e., the representations> in the hierarchy <i.e., each tenant has an identity/representation of the user to be allowed access>; see also § 3.2 and § 3.2.2 mapping each dependency that will be requested for using data resources).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Rosado and Bahrenburg with the teachings of Solanki, wherein the first identity provider model and second identity provider model are represented within a hierarchical data structure that links the first indication and second indication together, to enforce user identity based access control on cross-tenant services (see, e.g., Solanki at § 2.2, § 5).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Rosado in view of Bahrenburg, further in view of Lissack et al. (US20170012962, Hereinafter “Lissack”).
Regarding claim 9, the combination of Rosado and Bahrenburg teaches the method of claim 1. The combination of Rosado and Bahrenburg appear to fail to specifically disclose wherein the universal access token is generated for the transaction and is not used for any subsequent transactions.  
However, Lissack discloses a multi-tenancy system for requesting access to tenant resources using a token (see abstract, [0030]), wherein the token is generated for the transaction and is not used for any subsequent transactions ([0030] – the token is used to access a resource in the multi-tenancy .
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the universal access token of the combination of Rosado and Bahrenburg with the teachings of Lissack, wherein the universal access token is generated for the transaction and is not used for any subsequent transactions, to ensure limitable access to the resource and prevent unauthorized further usage attempts (see, e.g., Lissack at [0040]-[0042]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Carru et al. (US10931656) discloses the generation and usage of a global access token used in cross-region data access with a multi-tenant identity cloud service (see abstract, columns 34-35).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365.  The examiner can normally be reached on Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 






/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438