Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the application 16/692,235 filed on 11/22/2019. Claims have been added; claims 1, 11, and 20 are independent claims.  Claims 1-20 have been examined and are pending. This Action is made Non-FINAL.

Drawings
The drawings were received on 11/22/2019.  These drawings are reviewed and accepted by the Examiner.

Information Disclosure Statement
The information disclosure statement (IDSs) submitted on 07/01/2021, 11/22/2019, and 11/22/2019 are being considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.
Claim 1-4, 6-8, 11-14, 16-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019).
Regarding claim 1, Mathew discloses method for bulk multifactor authentication (MFA) enrollment in an identity cloud management system, the method comprising: 
 receiving, in association with the credential, a bulk set of user identities and MFA enrollment information comprising one or more MFA security factors for the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment [i.e. MFA enrollment information] which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database [i.e. MFA security factors for user identities] to migrate user attributes to the attribute database [i.e. MFA database]. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name [i.e. associate with credential]); 
enrolling a subset of the user identities, wherein the enrolling comprises creating an MFA footprint for each of the subset of user identities within an MFA database (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes [i.e. MFA footprint] to the attribute database [i.e. MFA database]. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name), and each created MFA footprint comprises a received MFA security factor corresponding to the user identities (Mathew: par. 0094; par. 0033).
Mathew does not explicitly disclose creating an entity in the identity cloud management system, wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system.
However, in an analogous art, Eicken discloses wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system (Eiken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Eicken with the method and system of Mathew, wherein creating an entity in the identity cloud management system, wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system to provide users (Eicken: pars. 0002-0003).
Mathew teaches a system for authentication of user with footprint and validating, but Mathew does not explicitly teach a status for the user identities.
However, in an analogous art, Kumar teaches wherein status for the user identities (Kumar:  Fig. 7, Col. 10, lines 23-53, … Field 703 is a flag indicating whether the user's contact information [i.e. status] has been validated using a means that is dependent on the contact type ..), and wherein at least a mix of communication addresses and shared secrets (Kumar:  Fig. 7, Col. 10, lines 23-53, Preferred embodiment of the current invention contains data attributes, for example, a unique identifier 700 for each user; Field 701A is the contact address for the user [i.e. communication address] describing the electronic contact information details associated with the field 701B, contact type for the user describing the type of contact user has registered with the system for example email [i.e. communication address], phone number etc…; … Fields 704 contains a unique username for the user within the system and field 705 contains a password [i.e. secret] that is private to the user and is provided by the user at the time of establishing a connection with central controller for validating the user's identity.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kumar with the (Kumar: Col. 3, lines 55-58).
Mathew discloses enrolling a subset of the user identities, wherein the enrolling comprises creating an MFA footprint for each of the subset of user identities within an MFA database as recited above but does not explicitly disclose securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system.
However, in an analogous art, Anderson teaches wherein securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system (Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Anderson with the method and system of Mathew, Eicken, and Kumar, wherein securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system to provide users with a means for affording flexibility by ensuring dynamic increase/decrease of storage and/or processing requirements based on utilization, thus reducing cost required for maintain or (Anderson: pars.  0001-0002).
Regarding claim 2, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 1. Mathew further discloses, wherein the enrolling does not include user verification of the received MFA factors for the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name). 
Regarding claim 3, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 2. Mathew further discloses, wherein, upon receiving the bulk set of user identities and MFA enrollment information, the enrolling is automatically performed without interactions with users corresponding to the user identities (Mathew: par. 0094; the user enrollment module 322  also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name). 
Regarding claim 4, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 2. The combination of Mathew, Eicken, Kumar, and Anderson further discloses, wherein the user identities and MFA enrollment information are received from a trusted source (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory, par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name; Britton: pars. 0074, 0075). 
Regarding claim 6, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4.  The combination of Mathew, Eicken, Kumar, and Anderson further discloses wherein the communication addresses comprise a mix of email addresses and phone numbers (Kumar:  Fig. 7, Col. 10, lines 23-53, Preferred embodiment of the current invention contains data attributes, for example, a unique identifier 700 for each user; Field 701A is the contact address for the user [i.e. communication address] describing the electronic contact information details associated with the field 701B, contact type for the user describing the type of contact user has registered with the system for example email [i.e. communication address], phone number etc.; contact information, field 702, describing contact information contains multiple records for fields 701A and 701B as shown in the FIG. 7 for the actual values where the user can be contacted electronically depending on the respective contact type and contact address).
Regarding claim 7, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4. The combination of Mathew and Samprathi further discloses, wherein the enrolling is based on a secure API call that includes user and MFA data or an upload of an electronic document that includes user and MFA data (Mathew: par. 0094; the user enrollment module 322 also provide for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name; Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials.). 
Regarding claim 8, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 7. The combination of Mathew, Eicken, Kumar, and Anderson further discloses, wherein creating the entity in the identity cloud management system comprises: creating, by a user associated with a tenant of the identity cloud management system (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), an application within the identity cloud management system (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), wherein the application comprises the entity that is issued the credential that grants the permission scope (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), and the permission scope grants the application access to an identity cloud management system secure API for enrolling the subset of identities (Mathew: par. 0094; Eiken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor; (Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials). 
Regarding claim 11, claim 11 is directed to a system for bulk multifactor authentication (MFA) enrollment in an identity cloud management system, the system comprising: one or more servers (Mathew: par. 0007) comprising a processor (Mathew: par. 0007) and memory (Mathew: par.  0007) storing instructions for execution by the processor associated with the method claimed in claim 1; claim 11 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 12
Regarding claim 13, claim 13 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 14, claim 14 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 8, and is therefore rejected under similar rationale.
Regarding claim 20, claim 20 is directed to a non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to perform bulk multifactor authentication (MFA) enrollment in an identity cloud management system associated with the method claimed in claim 1; claim 20 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Claims 5  and 15 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, Kinsey,” US 2014/0358816, published Dec. 4, 2014).
Regarding claim 5, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4. Mathew, Eicken, Kumar, and Anderson do not explicitly disclose, further comprising importing the set of bulk user identities into an identity cloud management system user database.
However, in an analogous art, Kinsey discloses wherein importing the set of bulk user identities into an identity cloud management system user database (Kinsey: par. 0089, integration with the user's databases 20 and other complete integration meaning that a user can directly read/import from any and all existing database(s) 20 and data 90).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kinsey with the method and system of Mathew, Eicken, Kumar, and Anderson, wherein importing the set of bulk user identities into an identity cloud management system user database to provide users with a means for launching a window that prompts the user to qualify a client or customer information. The window has an icons, with different colors as indicators as to whether the user is supposed to offer a specific good or service to the customer (Kinsey: par. 0010).
Regarding claim 15
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and in view of  Lander et al. (“Lander,” US 2017/0331813, published Nov. 16, 2017).
Regarding claim 9, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 8.  Mathew, Eicken, Kumar, and Anderson do not explicitly disclose, wherein the trusted source comprises the user associated with the tenant. 
However, in an analogous art, Lander discloses wherein the trusted source comprises the user associated with the tenant (Lander: par. 0088, IDCS also provides a schema service (or a persistence service) that allows for using a database schema. A schema service allows for delegating the responsibility of managing database schemas to IDCS. Accordingly, a user of IDCS does not need to manage a database since there is an IDCS service that provides that functionality. For example, the user uses the database to persist schemas on a per tenant basis, and when there is no more space in the database, the schema service will manage the functionality of obtaining another database and growing the space so that the users do not have to manage the database themselves; pars. 0099, 0130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lander with the method and system of Mathew, Eicken, Kumar, and Anderson, wherein the trusted source comprises the user associated with the tenant to provide users with a means for providing (Lander: pars. 0004, 0065).
Regarding claim 19, claim 19 is similar in scope to claim 9, and is therefore rejected under similar rationale.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and Kalaboukis et al. (“Kalaboukis,” US 2008/0141138, published Jun. 12, 2008).
Regarding claim 10, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4.  The combination of Mathew, Eicken, Kumar, and Anderson discloses wherein the subset of the user identities that comprise a status but does not explicitly disclose “status that indicates MFA enrollment includes all or a portion of the bulk set of user identities.” 
However, in an analogous art, Kalaboukis discloses  (Kalaboukis: par. 0034, the user can enter a list of user identities for each portion of a selected status indicator or for the entire selected status indicator). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kalaboukis with the method and system of Mathew, Eicken, Kumar, and Anderson, wherein the subset of the user identities that comprise a status that indicates MFA enrollment includes all or a portion of the bulk set of user identities to provide users with a means for allowing a user to effectively update and manage the status information, and allows other user to read the status information. The method expands on the types of status information that is provided by the former user to the latter user (Kalaboukis: abstract, par. 0004).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information 

/Canh Le/
Examiner, Art Unit 2439

January 24th, 2022 


/JAHANGIR KABIR/Primary Examiner, Art Unit 2439