Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-2 and 8-11 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Martinez et al. (20170126787). Below the features of claim 1 discloses (the references to Martinez is disclosed in brackets while the original wording of the claim 1 being is in italics below with words/phrases in parenthesis to show how features of Martinez are addressing features of the present application):
■    A method for automating the rollout of software components in an enterprise-wide information technology platform, the method comprising:
[paragraph 0032 "According to other embodiments, the present invention may provide a method and system for a virtualization environment adapted for development and deployment of at least one software workload (rollout), the virtualization environment having a meta model framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. [...] In embodiments, the security zone may be a geographic zone, a network zone, an enterprise zone (enterprise wide), an operational zone, an organizational zone, and the like." Also, In reference to the automating feature automatic features of sect. 0032 and sect. 0077. Also, see the deploying feature in reference to the rollout feature, which functions in an enterprise (enterprise-wide platform) via sect. 0020.]
■    receiving, at a development automation server from a developer access point, a request calling a delegated privilege command (DPC) and identifying a developer and an automation project comprising components and definitions;
[paragraph 0057 "Some systems may, for example, enable: self-service access to cloud-computing resources by end-users, developers, and admins; automated services with respect to cloud-computing services comprising of one or more cloud computing resources (e.g., management, building, configuration, publication, validation, and building of cloud-computing services); rapid provisioning (e.g., deployment, release, scheduling, control etc.) of cloud-computing resources within a cloud-computing service; governance control of cloud-computing resources within a cloud-computing service (e.g., application of security and non-security policies to cloud-computing resources), audit control of cloud-computing services; or secure access to cloud-computing services."] Self-service access to above-mentioned cloud computing resource resp. automated services implies a request to such resources/services.
[fig. 10; paragraph 0116 "The center point module may enforce access policies, ensuring that the right users are accessing the right assets and deploying those assets in the right places, and the like."] The paragraph discloses that only appropriately authorized users may execute deployment actions which is necessarily a privileged action/command. As the authorization implies identification of a developers, the paragraph discloses "calling a delegated privilege command (DPC) and identifying a developer and an automation project comprising components and definitions" as currently claimed. See also the dedicated server (development automation server) in sect. 0018 in view of the inherent requests/authorizations based on specific authorization credentials to the specific enterprise in sect. 0020 (identifying developer, components and definitions available only to users with the specific authorization credentials.
identity module in accordance with an embodiment of the present invention." See the identifying feature in sects. 0096-0097]
■    verifying, by a privilege activities management server against a set of stored privilege policies that identify DPCs associated with respective privilege levels and identify users associated with the respective privilege levels that the developer has a privilege level sufficient for calling the DPC;
[paragraph 0020 "The security policy can be configured to only allow software packages that comply with the security zone's based on access control policies (identifying respective privileges) via sect. 0076 with different users (such as the types identified in sect. 0006 and 0063) having specific privileges based on user types as indicated in sect. 0092 based on features such as the different classes of users (sect. 0105) and the users role in the organization (sect. 0123) based on policies to be deployed with the security zone." (sect. 0076)]
[paragraph 0065 "Builder module may be configured to assemble, validate (verify), and publish a cloud-computing service or computer workload for consumption (i.e., use) by a user." See also the validation feature in sect. 0006 and the verifying and validating feature of sect. 0065]
- releasing the components and definitions to a Development Engine in accordance with the DPC, wherein releasing step is performed by the development automation server in response to verifying the developer having a sufficient privilege level to call the first DPC;
[paragraph 0065 "Builder module may be configured to assemble, validate, and publish a cloud-computing service or computer workload for consumption (i.e., use) by a user."] Publishing a cloud-computing service or computer workload corresponds to releasing a component based on validation (verifying) features above and in sect. 0057 based on the security policy (again verifying privileges to execute the specific command (DPC) designated by the policy, agency, etc. via sect. 0020].
testing, using the Development Engine, the components and definitions through to a completed and linked set of components and definitions;
[paragraph 0077 "In embodiments, the present invention may provide for automated processes to support a continuous integration cycle to migrate a computing workload from a development environment to an operational environment. The continuous integration cycle may include maintaining a code repository, automating the build process, self-testing the build process (i.e. linked set of components (see the meta models and update integrity testing in sect. 0077) and definitions (see the definitions in sect. 0077), automatically deploying the build, and the like. The policies and meta models defined and assigned to the computing workload environment follow the build from its creation using the Builder Module through to its publication into the Consumption module. This capability allows the enterprise to greatly reduce the time required to develop, test, deploy and update a computing workload. "]
s releasing, by the development automation server in accordance with a second received DPC, the completed and linked set of components and definitions from the Development Engine to a Production Engine in response to verifying a user associated with the second DPC as having a privilege level that is sufficient to call the second DPC;
[paragraph 0077 "In embodiments, the present invention may provide for automated processes to support a continuous integration cycle to migrate (release) a computing workload from a development environment (development engine) to an operational environment (via the production engine of sect. 0031) based on the user’s security level (privilege level) as indicated above and in sect. 0020. The continuous integration cycle may include maintaining a code repository, automating the build process, self-testing the build process, automatically deploying the build, and the like. The policies and meta models defined and assigned to the computing workload environment follow the build from its creation using the Builder Module through to its publication into the Consumption module. This capability allows the enterprise to greatly reduce the time required to develop, test, deploy and update a computing workload."]
issue commands to cloud-computing services, such as stopping, running scripts, creating storage volumes, and attaching storage volumes to the cloud-computing services. The interface may be a web page, command line, development tool, and the like, such as eclipse or visual studio, and apps such as iphone/ipad applications. In embodiments, an API may be called that will allow a user to make changes and consume services in a wav that is consistent with the company policy." (privilege level)
Above-mentioned paragraphs disclose a (common) continuous deployment pipeline which are typically used to deploy a software workload in a production environment, i.e. to release "the completed and linked set of components and definitions from the Development Engine to a Production Engine" as currently claimed. This release may necessitate a second, different set of privileges which is indicated by [fig. 9D; paragraph 0110-0111] and by [fig. 10] which shows that developers and Ops/Operations Managers are different groups of people].
- deploying, using the production engine, the completed and linked components and definitions in a controlled testing environment to validate readiness for enterprise-wide deployment without human intervention; and implementing, by a production automation server, the enterprise-wide deployment of the completed and linked components and definitions from the production engine to an operation layer of an enterprise system in response to the readiness for enterprise-wide deployment being validated.
[see paragraph 0077. See also sect. 0030-0031 in which the condition set in sect. 0030 is considered to provide for the automating feature; while the testing is provided in a pre-production (testing environment) via sect. 0031. The validating feature is addressed above and the implementing feature is considered inherent (see the implementing feature of sect. 0020 and 0132)].
2,    The method of claim 1, further comprising the steps of:
user, and verifying, based on the stored privilege policies, that the riser associated with the received third DPC has a privilege level that is sufficient to call the third DPC, and wherein the third DPC is used to perform the implementing step [(see the cited portions above in view of the updating (coordinating as indicated above between developers, managers etc.) feature (second, third etc. command) based on security (privilege levels, as indicated above and policies as in sect. 0067). Furthermore, the various groups (users (internal and external), developers, administrators, service partners, etc. specified in sect. 0006 would inherently have different privilege levels  for security purposes].
8. The Method of claim I, further comprising:
recording operations performed according to any DPC in a security log (see the recording feature in sect. 0099).
Claims 9-10 are rejected for the same reasons as claims 1-2 above.
In reference to claim 11, the build module in sect. 0011 is considered to provide for the developer layer. See also the security zone in sect. 0032 in view of the different corporate entities in sect. 0149.
Allowable Subject Matter
Claims 3-7 and 12-16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
3.    The method of claim 1, wherein the step of verifying a received DPC further comprises;
analyzing the associated definitions and components to identify any components or definitions requiring execution using a privileged username;
calculating a respective checksum for each identified component or definition; and
verifying, using a compliance program, that a respective name and calculated checksum for each identified component or definition matches entries in a previously stored list of names and respective checksums, and wherein release of a given identified component or definition is contingent upon verification of the respective name and calculated checksum.
The closest references of record is to Zamir et al. - 20170315794 and Vidal et al. – 20110131564 (other than Martinez et al. - 20170126787); which both provide for providing checksums for files or applications; but, do not provide for checksums for components or privilege usernames or for the analyzing, calculating or verifying features above.

Claims 4-7 and 12-16 are objected to for the same reasons as claim 3 above.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN Q CHAVIS whose telephone number is (571)272-3720.  The examiner can normally be reached on Monday-Friday 9-5:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 






/JOHN Q CHAVIS/Primary Examiner, Art Unit 2193