Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant’s arguments were considered, but were not persuasive.  Examiner reserves the right to use any of the previous cited art going forward.   Solely in the interest of advancing prosecution, Examiner has incorporated Berg US 2020/0120098  which teaches tenant specific access policies and uses attribute based access control policies which are stored on a multi-tenant storage system.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 11, 12, 19, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Berg US 2020/0120098 in view of Chhabra US 2020/0007455 

As per claims 1, 12, 19.  As per claim 1, Berg teaches (Currently Amended) A computer implemented method, comprising:  receiving an access request from a workload in a multi-tenant computing system that includes a plurality of tenants, the access request being indicative of a selecting, based on information in the access request, a relevant-selected tenant- specific data access policy being specific to a_particular one of the tenants associated with the requestor the 
Chhabra more explicitly teaches identifying a set of requestor attributes corresponding to the requestor and a set of resource attributes corresponding to the resource; generating an access decision indicative of whether the requested access is granted based on the set of requestor attributes, the set of resource attributes [0023][0024][0025][0034]  (Users are associated with tags or attributes in an attribute based access control system and associated resources with additional tags or attributes)



As per claims 3. Chhabra teaches The computer implemented method of claim 1, and further comprising: determining whether any of the requestor attribute or the resource attribute are included with the access request; and if not, obtaining any of the requestor attribute and the resource attribute that are not included with the access request. [0024] [0034][0039] [0041] [0064]-[0066]   (teaches obtaining a set of requestor attributes and resource attributes from a storage system)
Berg additionally teaches determining attributes in addition or not included in an access request from a multitenant access storage system [0115]-[0116], [0122], [0139]

As per claims 11, Berg teaches the multitenant policy storage system includes a set of tenant specific policy stores each tenant specific policy store corresponds to a different one of the tenants, and stores a set of tenant specific data access policies, for the corresponding tenant separate from data access policies for other tenants, and obtaining the selected tenant specific data access policy comprising: selecting the tenant specific policy store corresponding to the particular tenant and obtaining the selected tenant specific data access policy from the selected tenant specific policy store. [0021][0022][0042][00115]-[0119] [0132] [0139]   (Berg teaches a multitenant system using attribute and/or role based access control, the access control policy is tenant specific (explicitly stated in [0132]) , obtaining said policy from a multitenant storage system, that the attributes of both the tenant and user are used to determine an access decisions, and returning said decision. )


Chhabra [0024] [0034][0039] [0041] [0064]-[0066]   (teaches obtaining a set of requestor attributes and resource attributes from a storage system)



Claim 2, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Berg US 2020/0120098 in view of Chhabra US 2020/0007455 in view of Garcia US 8,788,815


As per claims 2, 13 Garcia teaches The computer implemented method of claim 1 wherein obtaining the relevant tenant- specific access policy comprises: obtaining the relevant tenant-specific access policy from the multi-tenant policy storage system in encrypted form; and decrypting the relevant tenant-specific access policy.  (Column 2 lines 8-28)   (teaches retrieving and decrypting an access policy)
It would have been obvious to one of ordinary skill in the art to use the encrypted policy of Garcia with the previous combination because it increases security.

Claim 4, 5, 7-10, 15-18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Berg US 2020/0120098 in view of Chhabra US 2020/0007455 in view of Joshi US 10,628,388

As per claims 4. Joshi teaches The computer implemented method of claim 3 wherein obtaining any of the requestor attribute and the set of resource attributes that are not included in the access request, comprises:   obtaining any of the requestor attribute that are not included with the access request from a multi-tenant attribute storage system that segments attributes corresponding to 
Chhabra teaches obtaining any of the set of requestor attributes and the set of resource attributes that are not included with the access request from a storage system. [0024] [0034][0039] [0041] [0064]-[0066]
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the storage of Joshi with the previous system because it provides extra security.

As per claims 5. Joshi teaches The computer implemented method of claim 3 wherein obtaining any of requestor attribute and the set of resource attributes that are not included in the access request, comprises: obtaining any of the resource attribute that are not included in the access request from the multi-tenant attribute storage system that segments attributes corresponding to different tenants.  (Column 10 lines 31-50)  (Joshi explicitly teaches segmenting data for different tenants)

Chhabra teaches obtaining any of the set of requestor attributes and the set of resource attributes that are not included with the access request from a storage system. [0024] [0034][0039] [0041] [0064]-[0066]



As per claims 7, Chhabra teaches The computer implemented method of claim 4 and further comprising: generating a user interface with a user actuatable tag type generation input 

As per claims 8, 16. Chhabra teaches The computer implemented method of claim 7 and further comprising: generating a user interface with user actuatable tag generation input mechanism; detecting user actuation of the tag generation input mechanism indicative of a tag of a given tag type; and  storing the tag in a tag store.  [0019][0020][0030][0031][0116] (creation modification of tags for users and resources for access control)


As per claim 9, 17. Chhabra teaches the computer implemented method of claim 8 and further comprising: generating a user interface with user actuatable tag mapping input mechanism; detecting user actuation of the tag mapping input mechanism indicative of a mapping between a tag of a tag type to a resource identity; and storing the mapping in the multi-tenant attribute storage system.  
[0019][0020][0030][0031][0116] (creation modification of tags for users and resources for access control)
Berg additionally teaches user, resource, environmental and device attributes [0042] and a Multitenant storage system [0139]




Claim 6, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Berg US 2020/0120098 in view of Chhabra US 2020/0007455 in view of CAI US 2020/0097673

As per claims 6, 14. CAI teaches The computer implemented method of claim 1 wherein generating the access decision comprises: obtaining environment attribute corresponding to an environment in which the workload operates; obtaining a device attribute corresponding to a device from which the access request was originated; and generating the access decision based on the environment attribute and the device attribute.  [0042][0043][0045][0046][0049]  (teaches using attributes including device and environment to determined access)
It would have been obvious to one of ordinary skill in the art to use the tags of CAI with the previous combination because it increases metadata options.



Claims 10, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Berg US 2020/0120098 in view of Chhabra US 2020/0007455 in view of Ryland US 9,438,506

As per claims 10, Ryland teaches obtaining the relevant tenant specific data access policy comprises accessing a set of mappings corresponding to the tenant which each mapping maps a tag of a tag type to a resource identity and generating the access decision comprises generating the access decision based on the set of mapping corresponding to the tenant and the resource identity identifies one or more of a user a device an environment or a computing system resource.  (Column 10 lines 13-37)
 It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the mapping of Ryland with the prior art because it explicitly shows access control configurations.

Berg teaches  an access control system for tenants including tags/attributes mapped to resources, tenants and users [0042] [0115]-[0119]
Chhabra teaches the resource identity identifies one of a user, a device, an environment, or a computing system resource.  [0032]

As per claim 15, Berg teaches the multitenant policy storage system includes a set of tenant specific policy stores each tenant specific policy store corresponds to a different one of the tenants, and stores a set of tenant specific data access policies, for the corresponding tenant 
Berg does not explicitly use the term “mapping”.  
Ryland teaches obtaining the relevant tenant specific data access policy comprises accessing a set of mappings corresponding to the tenant which each mapping maps a tag of a tag type to a resource identity and generating the access decision comprises generating the access decision based on the set of mapping corresponding to the tenant and the resource identity identifies one or more of a user a device an environment or a computing system resource.  (Column 10 lines 13-37)

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439