Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
1.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/30/2021 has been entered.

Response to Arguments
2.	Applicant’s arguments with respect to claims 1-3, 5-14, 16-17 and 19-21 have been considered but are moot because the new ground of rejection does not rely on prior rejections’ teaching or matter specifically challenged in the argument.
 
Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 3, 5-9, 13-14, 17 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Roche et al., U. S. Patent No. 9774586 in view of Factor et al., U. S. Patent Publication No. 2014/0330869.
Regarding claim 1, Roche discloses a method of managing sub-tenants in a cloud computing environment, the method comprising: receiving a request to access sub-set of data of an asset from a cloud computing system from a sub-tenant device associated with a sub-tenant of a tenant, wherein the sub-tenant is associated with an asset, wherein the request comprises a sub-tenant identifier, a tenant identifier, and an asset identifier (see Roche, col. 9 lines 58-61; col. 16 lines 36-39 and col. 18 lines 24-42; a request to access tenant associated data comprising identification information is received from a client); determining whether the sub-tenant is authorized to access the requested sub-set of data of the asset using the sub-tenant identifier, the tenant identifier, and the asset identifier based on at least one role and associated permissions to access the requested sub-set data of the asset (see Roche, col. 26 line 65-col. 27 line 24, col. 27 lines 35-41 and col. 28 lines 5-35; determination is made as to whether the requesting client has role and privilege access to the requested data); and providing access to the requested sub-set data of the asset to the sub- tenant when the sub-tenant is authorized to access the requested sub-set data of the asset (see Roche, col. 7 lines 17-23; Upon authenticating the requesting client role, access is permitted to the requested data).
Although Roche discloses the invention substantially as claimed, it does not explicitly disclose determining that the tenant associated with the sub-tenant is authorized to access sub- set of data of the asset using the tenant identifier; determining that the sub-
Factor teaches determining that the tenant associated with the sub-tenant is authorized to access sub- set of data of the asset using the tenant identifier and determining that the sub-tenant is authorized to access the sub-set of data of the asset using the sub-tenant identifier (see Factor, ¶ [0034]-[0036] and [0040]). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to incorporate the teachings of Factor with that of Roche in order to ensure and safeguard data from being accessed by unauthorized members.

Regarding claim 3, Roche-Factor teaches further comprising: determining whether there exists an active session with the sub-tenant based on the sub-tenant identifier; and establishing a session with the sub-tenant when there exists no active session with the sub-tenant (see Roche, col. 20 lines 10-15 and col. 12 line 64-col. 13 line 1).

Regarding claim 5, Roche-Factor teaches wherein determining whether the sub-tenant is authorized to access the sub-set of asset data comprises: determining at least one role defined for the sub-tenant based on the sub-tenant identifier; determining one or more permissions associated with the determined role; and determining whether the sub-tenant is authorized to access the sub-set of asset data based on the determined role and permissions associated with the sub-tenant (see Roche, col. 9 line 62-col. 10 line 16).



Regarding claim 7, Roche-Factor teaches wherein providing access to the requested data of the asset based on the access token comprises: retrieving the sub-set of asset data from a data store via appropriate application programming interface; and visualizing the retrieved sub-set of data of the asset on the sub-tenant device associated with the sub-tenant (see Roche, col. 16 line 62-col. 17 line 15 and col. 29 lines 45-49).

Regarding claim 8, Roche-Factor teaches wherein the access token is valid during the active session with the sub-tenant (see Roche, col. 18 lines 12-17).

Regarding claim 9, Roche-Factor teaches further comprising: creating a sub-tenant profile in a sub-tenant database, wherein the sub- tenant profile comprises the sub-tenant identifier, at least one tenant identifier, at least one asset identifier, at least one role and permissions granted by at least one tenant to access at least sub-set of asset data associated with the at least one asset identifier (see Roche, col. 3 lines 45-67).


Although Roche discloses the invention substantially as claimed, it does not explicitly disclose determining that the tenant associated with the sub-tenant is authorized to access sub- set of data of the asset using the tenant identifier; determining that the sub-
Factor teaches determining that the tenant associated with the sub-tenant is authorized to access sub- set of data of the asset using the tenant identifier and determining that the sub-tenant is authorized to access the sub-set of data of the asset using the sub-tenant identifier (see Factor, ¶ [0034]-[0036] and [0040]). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to incorporate the teachings of Factor with that of Roche in order to ensure and safeguard data from being accessed by unauthorized members.

Regarding claim 14, Roche-Factor teaches further comprising one or more sub-tenant devices communicatively coupled to the system (see Roche, fig. 1 and col. 4 lines 25-31).

Regarding claim 17, Roche-Factor teaches further comprising instructions that when executed by the one or more processing units, cause the one or more processing units to: determine whether there exists an active session with the sub-tenant based on the sub-tenant identifier; and establish a session with the sub-tenant when there exists no active session with the sub-tenant (see Roche, col. 20 lines 10-15 and col. 12 line 64-col. 13 line 1).

Regarding claim 18, Roche-Factor teaches wherein the instructions to determine whether the sub-tenant is authorized to access the requested sub-set of data of the 

Regarding claim 19, Roche-Factor teaches wherein the instructions to determine whether the sub-tenant is authorized to access the sub-set of asset data comprise instructions that when executed by the one or more processing units, cause the one or more processing units to: determine at least one role defined for the sub-tenant based on the sub-tenant identifier; determine one or more permissions associated with the determined role; and determine whether the sub-tenant is authorized to access the sub-set of asset data based on the determined role and permissions associated with the sub-tenant (see Roche, col. 9 line 62-col. 10 line 16).

Regarding claim 20, Roche-Factor teaches wherein the instructions to provide access to the requested data of the asset to the sub-tenant comprise instructions that when executed by one or more processing units, cause the one or more processing units to: generate an access token for providing access to the requested subset of asset data, wherein the access token comprises the role and the associated permissions granted for the sub-tenant, the sub-tenant identifier, and the asset identifier; and provide access 

Regarding claim 21, Roche discloses a non-transitory machine-readable medium including instructions stored therein, that when executed by one or more processing units, cause the one or more processing units to: receive a request to access sub-set of data of an asset from a cloud computing system from a sub-tenant device associated with a sub-tenant of a tenant, wherein the sub- tenant is associated with an asset, wherein the request comprises a sub-tenant identifier, a tenant identifier, and an asset identifier (see Roche, col. 9 lines 58-61; col. 16 lines 36-39 and col. 18 lines 24-42; a request to access tenant associated data comprising identification information is received from a client); determine whether the sub-tenant is authorized to access the requested sub-set of data of the asset using the sub-tenant identifier, the tenant identifier, and the asset identifier based on at least one role and associated permissions to access the requested sub-set data of the asset (see Roche, col. 26 line 65-col. 27 line 24, col. 27 lines 35-41 and col. 28 lines 5-35; determination is made as to whether the requesting client has role and privilege access to the requested data); and provide access to the requested sub-set data of the asset to the sub-tenant when the sub-tenant is authorized to access the requested sub-set data of the asset (see Roche, col. 7 lines 17-23; Upon authenticating the requesting client role, access is permitted to the requested data).
Although Roche discloses the invention substantially as claimed, it does not explicitly disclose determining that the tenant associated with the sub-tenant is authorized to 
Factor teaches determining that the tenant associated with the sub-tenant is authorized to access sub- set of data of the asset using the tenant identifier and determining that the sub-tenant is authorized to access the sub-set of data of the asset using the sub-tenant identifier (see Factor, ¶ [0034]-[0036] and [0040]). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to incorporate the teachings of Factor with that of Roche in order to ensure and safeguard data from being accessed by unauthorized members.

4.	Claims 2 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Roche in view of Factor as applied to claim 1 above and further in view of Pleau et al., U. S. Patent Publication No. 2016/0087960.
Regarding claim 2, although Roche-Factor discloses further comprising: rejecting the request to access the requested sub-set data of the asset when the sub-tenant is not authorized to access the requested sub-set data of asset (Roche, col. 7 lines 17-23); it does not explicitly disclose and sending a notification indicating that the sub-tenant is not authorized to access the requested sub-set data of the asset to the sub-tenant device. 
Pleau teaches sending a notification indicating that the sub-tenant is not authorized to access the requested sub-set data of the asset to the sub-tenant device (see Pleau, ¶ [0082]). It would have been obvious to one of ordinary skill in the art before the effective 

Regarding claim 16, Roche-Factor-Pleau teaches further comprising instructions that when executed by the one or more processing units, cause the one or more processing units to: reject the request to access the requested sub-set data of the asset when the sub- tenant is not authorized to access the requested sub-set data of asset; and send a notification indicating that the sub-tenant is not authorized to access the requested sub-set data of the asset to the sub-tenant device (see Roche, col. 11 lines 53-58 and Pleau, ¶ [0082]).

5.	Claims 10 -12 are rejected under 35 U.S.C. 103 as being unpatentable over Roche in view of Factor as applied to claim 1 above, and further in view of Beiter et al., U. S. Patent Publication No. 2016/0337365.
Regarding claim 10, although Roche discloses the invention substantially as claimed, it does not explicitly disclose further comprising: updating the sub-tenant profile in a sub-tenant database.
Beiter teaches further comprising: updating the sub-tenant profile in a sub-tenant database (see Beiter, ¶ [0041] and [0044]). It would have been obvious to one ordinary skill in the art before the effective filling date of the invention to incorporate the teachings of Beiter with that of Roche-Factor in order to effectively keep up-to-date the access privilege profiles of the clients so that access may be grant according to their role and privileges. 

Regarding claim 11, Roche-Factor-Beiter teaches further comprising: providing access to one or more sub-tenant profiles of sub-tenants to the associated tenant (see Beiter, ¶ [0040]-[0041]).

Regarding claim 12, Roche-Factor-Beiter teaches further comprising: receiving a request to update information associated with the asset from the sub-tenant device, wherein the request comprises the sub-tenant identifier, the asset identifier, and the information associated with the asset to be updated; and updating the information associated with the asset in an associated asset model (see Roche, col. 1 lines 45-53 and Beiter, ¶ [0016], [0041]).

Prior Art of Record
6.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Please refer to form PTO-892 (Notice of Reference Cited) for a list of relevant prior art.
a) US 2014/0215590 A1 is directed to a multi-tenant cloud storage system is provided. The cloud storage system a plurality of tenants, each tenant is configured to utilize an isolated logical partition of the cloud storage system accessible to a respective tenant portal, wherein the plurality of tenants includes at least a first type tenant and a second type tenant, each of the first type tenant and the second type tenant are configured to provision its respective set of members with a different storage policy.

Conclusion
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED IBRAHIM whose telephone number is (571)270-1132. The examiner can normally be reached Monday through Friday from 9:30AM to 6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on 571-272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MOHAMED IBRAHIM/Primary Examiner, Art Unit 2444