DETAILED ACTION
Claims 1-20 are pending in this application. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 09/30/2019 and 01/18/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-9, 11-12, 15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Factor et al (“Factor,” US 20140330869 as disclosed in the IDS filed 01/18/2021) in view of Li et al (“Li,” “A Refined RBAC Model for Cloud Computing,” th International Conference on Computer and Information Science,” Pages 43-48 as disclosed in the IDS filed 01/18/2021).  

Regarding claim 1, Factor discloses a method, comprising:
implementing, by a computer system, a platform for providing data protection scopes to shared infrastructure services according to a nested tenancy model that permits a hierarchy having a plurality of levels; (Factor, FIG’s 2, 3A, 4A, as described by paragraphs [0026]-[0044], describes implementing, by a computer system a multi-level multi-tenant storage system with a security gateway platform for providing data protection scopes to shared infrastructure services according to a nested tenancy model that permits a hierarchy having a plurality of levels)
receiving, by the computer system, a first request to provision, for a particular shared infrastructure service, a first data protection scope for a cloud product having a first set of tenants; (Factor, FIG’s 2, 3A, 4A, as described by paragraphs [0026]-[0044], describes receiving, by the computer system, a first request to provision for a certain shared infrastructure service a first data protection scope as defined as a limited set of privileges for that level in a tenant hierarchy for a resource on the cloud [cloud product] having a first set of tenants)
in response to the first request, provisioning the first data protection scope for the cloud product; (Factor, FIG’s 2, 3A, 4A, as described by paragraphs [0026]-[0044], describes in response to the first request, provisioning the first data protection scope as defined as a limited set of privileges for said level for the cloud service [product] at n-levels)
(Factor, FIG’s 2, 3A, 4A, as described by paragraphs [0026]-[0044] discloses receiving, by the computer system, a second request to provision for the particular shared infrastructure service, a second data protection scope for a service product as defined as another set of limited privileges for another level in the tenant hierarchy of an n-level hierarchy). 
in response to the second request, provisioning the second data protection scope for the service object (Factor, FIG’s, 2, 3A, 4A as described by paragraphs [0026]-[0044] describes in response to the second request, provisioning the second data protection scope as defined as a limited set of privileges for the service object at n-level of the tenant hierarchy). 
Factor fails to explicitly disclose at a top-most level of the hierarchy. 
However, in an analogous art, Li discloses a top-most level of the hierarchy (Li, Page 43, Right Column, Last Paragraph, protection mechanism based on the role-based access (RBAC) control model, Section II. Security Risks for cloud providers, Page 46, Under Roles, Right Column, the entire structure of roles finally form a hierarchy and Last Paragraph, when more roles are designed, they can be organized into hierarchies to facilitate their management, Section IV. Using RBAC in the cloud, page 46, Right Column. Access to Data and Services, Section IV, Subsections protected objects and sessions; In Figures 1-4, only one level of the hierarchy appears to be actually used (the top most level))
Therefore, it would have been obvious to one of ordinary skill in the art before the


Regarding claim 2, Factor and Li disclose the method of claim 1. 
Factor further discloses further comprising:
provisioning, by the computer system, a third data protection scope for a particular one of the first set of tenants, wherein the second data protection scope is provisioned at a next level of the scope hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants).
(Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants).

Regarding claim 3, Factor and Li disclose the method of claim 2. 
Li further discloses wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product (Li, FIG 3 shows protected objects in Amazon EC2 with an ID of type string which is a product identifier for the cloud product)
wherein provisioning the third data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the (Li, Page 45, Left Column, Second Paragraph:  protection mechanism based on the role-based access (RBAC) control model,  Page 44, Section II: Security Risks for cloud providers, Page 46, Right Column, Under Roles: the entire structure of roles finally form a hierarchy, Page 46, Section IV. Using RBAC in the Cloud, Right Column, when more roles are designed, they can be organized into hierarchies to facilitate their management, page 46, Right Column; Access to Data and Services, Section IV, Subsections Protected Objects and Sessions; Figures 1-4 describe a cloud product tenant identifier in a multi-tenant environment with a tenant identifier).
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product, wherein provisioning the third data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the cloud product tenant identifier includes the cloud product identifier. One would have been motivated to provide a protection mechanism based on the Role Based Access Control (RBAC) model for cloud services (Li, Page 43, Last Paragraph, Right Column). 

Regarding claim 5, Factor and Li disclose the method of claim 1.
Factor further discloses further comprising:
provisioning, by the computer system, a fourth data protection scope for a particular cloud product accessing the particular shared infrastructure service in the (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants).
wherein the fourth data protection scope is provisioned subordinately to the second data protection scope in the scope hierarchy, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants).

Regarding claim 6, Factor and Li disclose the method of claim 5. 
Factor further discloses further comprising:
provisioning, by the computer system, a fifth data protection scope for a particular tenant of the particular cloud product accessing the particular shared infrastructure service in the context of the service product; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants).
wherein the fifth data protection scope is provisioned subordinately to the fourth data protection scope in the scope hierarchy, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0008], [0030], [0035]-[0037], [0042] describes sub-tenants)..

Regarding claim 7, Factor and Li disclose the method of claim 1. 
Factor further discloses further comprising:
provisioning, by the computer system, a single-tenant data protection scope at the top-most level of the hierarchy; (Factor, [0029]-[0030], describes provisioning, by the computer system, a single-tenant data protection scope)
(Factor, [0029]-[0030], describes wherein there are no data protection scopes provisioned by sub-tenants to the single-tenant data protection scope)

Regarding claim 8, Factor and Li disclose the method of claim 1.
Factor further discloses further comprising:
receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy; (Factor, [0053], discloses a request for accessing resources at the first server system; [0043] describes to access information association with a particular data protection scope at a particular level of the hierarchy). 
wherein the access request is received via a URL that indicates the particular data protection scope, (Factor, [0036] describes receiving an access request via a URL that indicates the particular data protection scope)

Regarding claim 9, Factor and Li disclose the method of claim 1. 
Factor further discloses further comprising:
receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).
wherein the access request includes an indicator of whether the particular data protection scope is authorized to submit the request. (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level; [0046] describes the gatekeeper may be implemented to limit access to tenant data or parameters stored on shared storage by verifying that the request submitted by request processor is associated with a tenant that is authorized to access the target data. To accomplish this, the gatekeeper verifies that the process ID of the request processor that submitted the request is associated with (e.g. matches) the proper tenant ID associated with the requested data).

Regarding claim 11, Factor discloses a non-transitory computer-readable storage medium storing program instructions that are capable of being executed by a computer system to perform operations comprising:
provisioning, by the computer system for a shared infrastructure service, a first data protection scope for a cloud product having a first set of tenants, wherein the first data protection scope is provisioned; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level)  and
provisioning, by the computer system for the shared infrastructure service, a second data protection scope for a particular one of the first set of tenants, wherein the second data protection scope is provisioned at a next level of the scope hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).
wherein the second data protection scope is provisioned subordinately to the first data protection scope in the scope hierarchy, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).
Factor fails to explicitly disclose at a top level of a scope hierarchy.
However, in an analogous art, Li discloses at a top level of a scope hierarchy (Li, Page 43, Right Column, Last Paragraph, protection mechanism based on the role-based access (RBAC) control model, Section II. Security Risks for cloud providers, Page 46, Under Roles, Right Column, the entire structure of roles finally form a hierarchy and Last Paragraph, when more roles are designed, they can be organized into hierarchies to facilitate their management, Section IV. Using RBAC in the cloud, page 46, Right Column. Access to Data and Services, Section IV, Subsections protected objects and sessions; In Figures 1-4, only one level of the hierarchy appears to be actually used (the top most level))
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include at a top level of a scope hierarchy. One would 

Regarding claim 12, Factor and Li disclose the computer-readable medium of claim 11. 
Li further discloses wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product wherein provisioning the second data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the cloud product tenant identifier includes the cloud product identifier, (Li, FIG 3 shows protected objects in Amazon EC2 which correspond to objects that are protected that have an ID of type string; FIG 4 shows session with a role with ID’s). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include wherein provisioning the first data protection scope includes generating a cloud product identifier for the cloud product wherein provisioning the second data protection scope includes generating a cloud product tenant identifier for the particular one of the first set of tenants, wherein the cloud product tenant identifier includes the cloud product identifier. One would have been motivated to provide a protection mechanism based on the Role Based Access Control (RBAC) model (Li, Page 43, Right Column, Last Paragraph).   


Regarding claim 15, Factor and Li discloses the computer-readable medium of claim 11. 
Factor further discloses the operations further comprising:
receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).
wherein the access request is received via a URL that indicates the particular data protection scope, (Factor, [0036], An authenticator 320 may be implemented to authenticate a request by verifying the validity of the request parameters and the authentication credentials extracted from the request by security gateway 310. Extracting tenant and sub-tenant identities from a request may be performed through encoding the tenant information (e.g., tenant ID) in HTTP authentication headers for a submitted request. In one embodiment, tenant information may be passed as part of the uniform resource locator (URL) of the resource which the client requests to access. Optionally, the security gateway 310 may split the authentication process to subparts, where a sub-process corresponds to a certain level of the tenant hierarchy).

Regarding claim 17, Factor and Li disclose the computer-readable medium of claim 11. 
Factor further discloses the operations further comprising: provisioning, by the computer system for the shared infrastructure service, a third data protection scope for a second cloud product having a second set of tenants, wherein the third data protection scope is provisioned at the top level of the scope hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).and
provisioning, by the computer system for the shared infrastructure service, a fourth data protection scope for a particular one of the second set of tenants, wherein the fourth data protection scope is provisioned at the next level of the scope hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level) and
in response to a request from particular one of the first set of tenants, extending, by the computer system for the shared infrastructure service, a trust relationship between the second data protection scope and the fourth data protection scope such the particular one of the second set of tenants has a same level of access to the shared infrastructure service as the particular one of the first set of tenants, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).

Regarding claim 18, Factor discloses a non-transitory computer-readable storage medium storing program instructions that are capable of being executed by a computer system to perform operations comprising:
provisioning, by the computer system for a shared infrastructure service, a first data protection scope for a service product that manages data for cloud products and tenants of the cloud products, wherein the first data protection scope is provisioned; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service) and
(Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service).
Factor fails to explicitly disclose at a top level of a scope hierarchy. 
However, in an analogous art, Li discloses at a top level of a scope hierarchy (Li, Page 43, Right Column, Last Paragraph, protection mechanism based on the role-based access (RBAC) control model, Section II. Security Risks for cloud providers, Page 46, Under Roles, Right Column, the entire structure of roles finally form a hierarchy and Last Paragraph, when more roles are designed, they can be organized into hierarchies to facilitate their management, Section IV. Using RBAC in the cloud, page 46, Right Column. Access to Data and Services, Section IV, Subsections protected objects and sessions; In Figures 1-4, only one level of the hierarchy appears to be actually used (the top most level))
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include at a top level of a scope hierarchy. One would have been motivated to provide a protection mechanism based on the Role Based Access Control (RBAC) model (Li, Page 43, Right Column, Last Paragraph)


Regarding claim 19, Factor and Li disclose the computer-readable storage medium of claim 18.
Factor and Li disclose further comprising:
provisioning, by the computer system for the shared infrastructure service, a third data protection scope for the service product in the context of a particular tenant of the particular cloud product, wherein the third data protection scope is provisioned at a third level of the scope hierarchy subordinate to the top level and the second level; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service).
wherein data associated with the first data protection scope is isolated from data associated with other data protection scopes provisioned at the top level, data associated with the second data protection scope is isolated from data associated with other data protection scopes provisioned at the second level, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service).
and data associated with the third data protection scope is isolated from data associated with other data protection scopes provisioned at the third level, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service).

Regarding claim 20, Factor and Li disclose the computer-readable storage medium of claim 18. 
Factor discloses further comprising:
provisioning, by the computer system for the shared infrastructure service, a fourth data protection scope for the service product in the context of a second particular cloud product, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service). 
wherein the fourth data protection scope is provisioned at a second level of the scope hierarchy (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service).




Claims 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Factor et al (“Factor,” US 20140330869 as disclosed in the IDS filed 01/18/2021) in view of Li et al (“Li,” “A Refined RBAC Model for Cloud Computing,” 2012 IEEE/ACIS 11th International Conference on Computer and Information Science,” Pages 43-48 as disclosed in the IDS filed 01/18/2021) and further in view of Guigli et al (“Guigli,” US 9813303). 

Regarding claim 4, Factor and Li disclose the method of claim 1. 
Factor further discloses wherein provisioning the third data protection scope (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service). 
Factor and Li fail to explicitly disclose includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product, 
However, in an analogous art, Guigli discloses includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product, (Guigli, Col. 4, Lines 34-37; Col. 5, Lines 1-35 describes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud service; FIG 6 and associated text describes indicating a trust relationship by using a trust registration service)
Therefore, it would have been obvious to one of ordinary skill in the art before the


Regarding claim 13, Factor and Li discloses the computer-readable medium of claim 11. 
Factor discloses wherein provisioning the second data protection scope, (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service). 
Factor and Li fail to explicitly disclose includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product.	However, in an analogous art, Guigli discloses includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product (Guigli, Col. 4, Lines 34-37; Col. 5, Lines 1-35 describes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud service; FIG 6 and associated text describes indicating a trust relationship by using a trust registration service)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Guigli with the method and system of Factor and Li to include wherein provisioning the second data protection scope includes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud product. One would have been motivated to enable tenants deploying virtual machines on a cloud service provider’s platform can retain control of their cloud network topology and Kerberos realm, while still securely accessing services from computer resources joined to the cloud service provider’s realm or domain (Guigli, Col. 1, Lines 7-13).   


Regarding claim 14, Factor, Li and Guigli disclose the computer-readable medium of claim 13. 
Factor further discloses the operations further comprising: receiving, by the computer system, an access request from a remote computer system to access information associated with the second data protection scope; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level) and
Guigli further discloses granting, by the computer system, the access request based on the indicator of the trust relationship, (Guigli, Col. 3, Lines 27-35 describes receive a request for service originated from any tenant of the plurality of tenants and to provide the requested service to the tenant when the tenant is authorized by the service; Col. 4, Lines 34-37; Col. 5, Lines 1-35 describes storing an indicator of a trust relationship between the particular one of the first set of tenants and the cloud service; FIG 6 and associated text describes indicating a trust relationship by using a trust registration service)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Guigli with the method and system of Factor and Li to include granting, by the computer system, the access request based on the indicator of the trust relationship. One would have been motivated to enable tenants deploying virtual machines on a cloud service provider’s platform can retain control of their cloud network topology and Kerberos realm, while still securely accessing services from computer resources joined to the cloud service provider’s realm or domain (Guigli, Col. 1, Lines 7-13).   

Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Factor et al (“Factor,” US 20140330869 as disclosed in the IDS filed 01/18/2021) in view of Li et al (“Li,” “A Refined RBAC Model for Cloud Computing,” 2012 IEEE/ACIS 11th International Conference on Computer and Information Science,” Pages 43-48 as disclosed in the IDS filed 01/18/2021) and further in view of Weissman et al (“Weissman,” US 6212524). 


Regarding claim 10, Factor and Li disclose the method of claim 1. 
Factor and Li fail to explicitly disclose wherein the particular shared infrastructure service includes a shared template service operable to: provide one or more selectable database templates that define data types supported for a non-relational database accessible to an application; service a request from the application to manipulate a particular data type defined by a selected database template; in response to the request from the application, identify a set of data manipulation language (DML) instructions based on the selected database template; and issue the identified set of DML instructions to the nonrelational database.
However, in an analogous art, Weismann discloses wherein the particular shared infrastructure service includes a shared template service operable to: provide one or more selectable database templates that define data types supported for a non-relational database accessible to an application; (Weismann, Col. 10, Lines 24-42, FIG 2, element 210; Col. 3, Lines 16-19 and Col. 9. Lines 51-55, describe a consultant using an enterprise manager that defines from where the data in the schema is to be derived and how the data is to be put and selected in a datamart to associate each piece of data with a semantic meaning. Semantic definitions are templates which are selected for converting staging tables data according to predefined semantics. A semantic template defines how a particular type of data is populated into the datamart. Source systems from which the data for the datamart is pulled include non-relational databases or object databases). 
service a request from the application to manipulate a particular data type defined by a selected database template; in response to the request from the application, identify a set of data manipulation language (DML) instructions based on the selected database template; (Col. 11, Lines 1-30; FIG 2, element 204 describes wherein the extraction process 204 loads from source systems into datamart according to SQL statements and semantic definitions that are used to generate and populate the dataset). 
and issue the identified set of DML instructions to the nonrelational database, (Weismann, Col. 11, Lines 11-17; FIG 2 elements 260-270, SQL statements issued to source system and results loaded into staging tables). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include wherein the particular shared infrastructure service includes a shared template service operable to: provide one or more selectable database templates that define data types supported for a non-relational database accessible to an application; service a request from the application to manipulate a .  

Claims 16 is rejected under 35 U.S.C. 103 as being unpatentable over Factor et al (“Factor,” US 20140330869 as disclosed in the IDS filed 01/18/2021) in view of Li et al (“Li,” “A Refined RBAC Model for Cloud Computing,” 2012 IEEE/ACIS 11th International Conference on Computer and Information Science,” Pages 43-48 as disclosed in the IDS filed 01/18/2021) and further in view of Kocher et al (“Kocher,” US 20120017089). 

Regarding claim 16, Factor and Li disclose the computer-readable medium of claim 11. 
Factor discloses the operations further comprising: receiving, by the computer system, an access request from a remote computer system to access information associated with a particular data protection scope at a particular level of the hierarchy; (Factor, [0035]-[0044] describes provisioning, by the computer for the shared infrastructure service, an n-level data protection scope for the storage resources (e.g. storage media, communication bandwidth, processing power etc) [service product] in the context of a second particular cloud resource by a negotiated terms of service; [0043] in particular discloses in a multi-level multi-tenant storage system, the security gateway 310 may be implemented to parse the incoming requests and verify the requests' validity by way of dedicated tenant authentication processes, having a limited set of privileges for a level in the tenant hierarchy. An identifier may be provided that corresponds to the relevant tenant and has the permissions to perform authentication for an identified level so that the spawned process performs the authentication at the corresponding level. At tenant level, the security gateway 310 may extract the corresponding authentication data and pass the data to authenticator 320 spawned for that level).
wherein the access request is signed associated with the particular data protection scope (Factor, [0037] describes an access request that is signed using a cryptographic hash function with the particular data protection scope on a n-hierarchy with permissions on each level). 
Factor and Li fail to explicitly disclose with a cryptographic token. 
However, in an analogous art, Kocher discloses with a cryptographic token, (Kocher, [0060], cryptographic token)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Li with the method and system of Factor to include with a cryptographic token. One would have been motivated to increase security (Kocher, [0003]). 

Conclusion


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439