Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
This action is in response to the communication filed on 06/08/2020.
Claims 1-21 are under examination.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 8, 12, 15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Heldman et al. (US 2021/0112059 A1), Totale et al. (US 2020/0257516 A1), Schaefer et al. (US 2015/0269390 A1) and Hopkins et al. (US 2017/0126742 A1).
Regarding claim 1, Heldman et al. discloses A method for controlling access to data in a multitenant environment [abs, An application programming interface (API) platform accesses cloud-based software services in a cloud computing system], the method comprising: providing a multitenant platform [par. 0018, “Example embodiments of the present disclosure may be described in terms of a multitenant and/or cloud computing architecture or platform”]; executing one or more applications on the multitenant platform [par. 0018, “A multi-tenant platform or architecture, such as those discussed herein, may provide a tenant with a dedicated share of a software instance typically including one or more of tenant specific data, user management, tenant-specific functionality, configuration, customizations, non-functional properties, associated applications”]; defining an organization hierarchy in the multitenant platform, the organization hierarchy comprising a first organization and a plurality of sites owned by the first organization [par. 0018, “ a given cloud service customer organization could have many different tenancies with a single cloud service provider representing different groups within the organization”, par. 0043, the policies 35 can specify (within various levels of granularity) particular users, and user groups, that are authorized to access particular resources or types of resources, based on the org's hierarchical structure, and security and regulatory requirements], each of the plurality of sites representing a data isolation boundary for data of the first organization [par. 0018, “Multi-tenancy is a feature of cloud computing where physical or virtual resources are allocated in such a way that multiple tenants and their computations and data are isolated from and inaccessible to one another. As used herein, the term “tenant” refers to a group of users (e.g., cloud service users) who share common access with specific privileges to a software instance and/or a set of computing resources”];
Heldman et al. does not explicitly disclose each of the plurality of sites associated with one or more subscriptions to the one or more applications, wherein the multitenant platform enables the first organization to authorize a plurality of site users associated with the first site to access the one or more applications associated with the one or more subscriptions associated with that site.
However Totale et al. teaches each of the plurality of sites associated with one or more subscriptions to the one or more applications, wherein the multitenant platform enables site-level subscription-based access to the one or more applications, wherein the multitenant platform enables the first organization to authorize a plurality of site users associated with the first site to access the one or more applications associated with the one or more subscriptions associated with that site [par. 0030, “Platform 110 provides a multi-tenant environment in which tenants that have subscribed to one or more of the applications may access the applications using the client devices 120”, par. 0031, “Cloud-based platform 110 has a, application management system 112 that manages the different applications that are available to tenants on the platform. Tenants register with a management service 114 that controls their access to the applications on the platform. Management service 114 provides an interface to manage the Installation, Deployment and Upgrade of applications. Management service 114 may perform functions such as creating new tenants, authenticating tenants, maintaining tenant subscription records, and so on”].
[Totale et al.: par. 0005].
They do not explicitly disclose providing a user interface providing a unified view of the plurality of sites of the first organization.
However, Schaefer et al. teaches providing a user interface providing a unified view of the plurality of sites of the first organization [par. 0048, “the graphical user interface 100 displays each of the tenants 106 and the sub-tenants 108 in an hierarchical diagram 104 (such as an organization chart). In some implementations, an hierarchical diagram 104 is a diagram that shows the structure of other sub-organizations in a given organization and relationships among them”, par. 0071].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Schaefer et al. into the teaching of Heldman et al. and Totale et al. with the motivation such that the graphical user interface displays each of the one or more tenants and the one or more sub-tenants in an organization chart to show the structure of members or participants in an organization and relationships among them as taught by Schaefer et al. [Schaefer et al.: par. 0007].
They do not explicitly disclose the multitenant platform enables the first organization to designate a plurality of user partitions within a first site of the plurality of sites, each user 
However, Hopkins et al. teaches the multitenant platform enables the first organization to designate a plurality of user partitions within a first site of the plurality of sites, each user partition designating a corresponding set of site users and a corresponding authentication service [par. 0039, “… partitions associated with a tenant”, par. 0070, “An identity domain is a logical namespace for users and groups, typically representing a discrete set of users and groups in a physical store. Identity domains are used to identify the users associated with particular partitions”, par. 0089, “identity domains serve as a connection/alignment point between “tenants” and “partitions”. A single identity domain represents a tenant's users (i.e., there is a 1-1 mapping between tenants and identity domains)”, par. 0086, “Authentication services are always local and are delegated to the realm of the current partition…”]; and wherein, for each site user of the plurality of site users associated with the first site, the multitenant platform enables access to each of the one or more subscriptions associated with the first site only if the site user is authenticated by the corresponding authentication service designated in a user partition corresponding to the site user [par. 0018, “the present invention provides for per-partition configuration of security services including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout in a multi-tenant server environment. Embodiments of the present invention also provide for access control for partition and global resources such that applications deployed to a particular partition are accessible only to users of the particular partition”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Hopkins et al. into the teaching of Heldman et al., Totale et al. and Schaefer et al. with the motivation to provide for per-partition configuration of security services as taught by Schaefer et al. [Schaefer et al.: par. 0007].
Regarding claim 5, the rejection of claim 1 is incorporated.
Heldman et al. further discloses at least one of the plurality of user partitions includes an external user external to the first organization [par. 030, “an owner/operator of DB system 16 may have pre-built the web or user applications for use by clients, customers, and/or agents of a tenant organization (org) to access a tenant space or enterprise social network of that tenant org”].
Regarding claim 8, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 12, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 15, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 19, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.

Claims 2, 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Heldman et al. (US 2021/0112059 A1), Totale et al. (US 2020/0257516 A1), Schaefer et al. (US 2015/0269390 A1) and Hopkins et al. (US 2017/0126742 A1) as applied to claims 1, 5, 8, 12, 15 and 19 above, and further in view of Olsson et al. (US 11,113,459 B1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Heldman et al. discloses policy [par. 0043].
They do not explicitly disclose receiving at the multitenant platform a policy at an organization level of the organization hierarchy and pushing the policy to a site level.
However Olsson et al. teaches receiving at the multitenant platform a policy at an organization level of the organization hierarchy and pushing the policy to a site level [col. 7, lines 58-61, “an organization can enable administrators to customize tenant-specific rules 304 by uploading, generating, editing, and/or deleting tenant specific rules 304 or a portion thereof”, col. 8, lines 27-29, “tenant-specific rules 304 for a specific tenant or group of tenants can be accessed and applied to a corresponding tenant”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Olsson et al. into the teaching of Heldman et al., Totale et al., Schaefer et al. and Hopkins et al. with the motivation to apply tenant-specific rules 304 for a specific tenant or group of tenants as taught by Olsson et al. [Olsson et al.: col. 8, lines 27-29].
Regarding claim 9, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 16, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.

Claims 3-4, 6, 10-11, 13, 17-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Heldman et al. (US 2021/0112059 A1), Totale et al. (US 2020/0257516 A1), Schaefer et al. (US 2015/0269390 A1) and Hopkins et al. (US 2017/0126742 A1) as applied to claims 1, 5, 8, 12, 15 and 19 above, and further in view of Kabesa et al. (US 2020/0177597 A1).
Regarding claim 3, the rejection of claim 1 is incorporated.
Heldman et al. discloses the multitenant platform and access of the - 28 -first user to the first subscription is isolated from access of the second user to the second subscription [par. 0018, “Multi-tenancy is a feature of cloud computing where physical or virtual resources are allocated in such a way that multiple tenants and their computations and data are isolated from and inaccessible to one another”].
They do not explicitly disclose the multitenant platform enables a single email address to be used to simultaneously access a first subscription of the first organization as a first user and a second subscription of a second organization as a second user.
However Kabesa et al. teaches the multitenant platform enables a single email address to be used to simultaneously access a first subscription of the first organization as a first user and a second subscription of a second organization as a second user [par. 0036, “each user may be associated with one or more local user accounts. For example, a user may be an employee of different clients at different points in time. As another example, a user may simultaneously act as an independent contractor of different clients. As yet another example, a user may have local accounts associated with different services of the computing services system 200”, par. 0038, “the identity verification engine 214 is configured to perform various operations related to verifying user identity information. For example, a user may specify a personal email address when creating or modifying a user account”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Kabesa et al. into the teaching of Heldman et al., Totale et al., Schaefer et al. and Hopkins et al. with the motivation to verifying user identity information as taught by Kabesa et al. [Kabesa et al.:par. 0038].
Regarding claim 4, the rejection of claim 1 is incorporated.
Heldman et al. discloses the multitenant platform and access of the - 28 -first user to the first subscription is isolated from access of the second user to the second subscription [par. 0018, “Multi-tenancy is a feature of cloud computing where physical or virtual resources are allocated in such a way that multiple tenants and their computations and data are isolated from and inaccessible to one another”].
They do not explicitly disclose the multitenant platform enables a single email address to be used to simultaneously access a first subscription of the first organization as a first user and a second subscription of the first organization as a second user.
However Kabesa et al. teaches the multitenant platform enables a single email address to be used to simultaneously access a first subscription of the first organization as a first user and a second subscription of the first organization as a second user [par. 0036, “each user may be associated with one or more local user accounts... As yet another example, a user may have local accounts associated with different services of the computing services system 200”, par. 0038, “the identity verification engine 214 is configured to perform various operations related to verifying user identity information. For example, a user may specify a personal email address when creating or modifying a user account”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Kabesa et al. into the teaching of Heldman et al., Totale et al., Schaefer et al. and Hopkins et al. with the motivation to verifying user identity information as taught by Kabesa et al. [Kabesa et al.:par. 0038].
Regarding claim 6, the rejection of claim 1 is incorporated.
Heldman et al. discloses the multitenant platform.
Hopkins et al. discloses the plurality of user partitions.
They do not explicitly disclose at least one of the plurality of user partitions comprises a first user having an email address that has a domain which is different than a domain of the first site.
However Kabesa et al. teaches at least one of the plurality of user partitions comprises a first user having an email address that has a domain which is different than a domain of the first site [par. 0036, “each user may be associated with one or more local user accounts. For example, a user may be an employee of different clients at different points in time. As another example, a user may simultaneously act as an independent contractor of different clients. As yet another example, a user may have local accounts associated with different services of the computing services system 200”, par. 0038, “the identity verification engine 214 is configured to perform various operations related to verifying user identity information. For example, a user may specify a personal email address when creating or modifying a user account”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Kabesa et al. into the teaching of Heldman et al., Totale et al., Schaefer et al. and Hopkins et al. with the motivation to verifying user identity information as taught by Kabesa et al. [Kabesa et al.:par. 0038].
Regarding claim 10, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 11, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 13, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.
Regarding claim 17, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 18, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 20, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.

Claims 7, 14 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Heldman et al. (US 2021/0112059 A1), Totale et al. (US 2020/0257516 A1), Schaefer et al. (US  as applied to claims 1, 5, 8, 12, 15 and 19 above, and further in view of Kostyukov et al. (US 2018/0167378 A1).
Regarding claim 7, the rejection of claim 1 is incorporated.
Heldman et al. discloses the multitenant platform.
Hopkins et al. discloses the plurality of user partitions.
They do not explicitly disclose each user in the plurality of site users is defined by a combination of an email address and an identifier for the first site.
However Kostyukov et al. teaches each user in the plurality of site users is defined by a combination of an email address and an identifier for the first site [par. 0036, “The tenant 120 further uses the user attribute schema to transmit data concerning its users, as well as data which are expected to be generated in the process of provisioning. This data may include various types of user attributes, such as, for example, a username, email address, address, subscription id, tenant id, and zip-code”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Kostyukov et al. into the teaching of Heldman et al., Totale et al., Schaefer et al. and Hopkins et al. with the motivation for a user's authentication as taught by Kostyukov et al. [Kostyukov et al.:abs.].
Regarding claim 14, it recites limitations similar to claim 7. The reason for the rejection of claim 7 is incorporated herein.
Regarding claim 21, it recites limitations similar to claim 7. The reason for the rejection of claim 7 is incorporated herein.


Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20210281428 A1		METHOD AND APPARATUS FOR MANAGING CLOUD SERVICES USING SMART CONTRACTS AND BLOCKCHAINS IN A FEDERATION OF CLOUD PROVIDERS
US 11113294 B1		Recommending Query Templates During Query Formation
US 10673628 B1		Authentication And Authorization Token Management Using Life Key Service
US 20190222988 A1		SERVICE MANAGEMENT AND PROVISIONING
US 20130111558 A1		SECURE MACHINE ENROLLMENT IN MULTI-TENANT SUBSCRIPTION ENVIRONMENT
US 20130086670 A1		PROVIDING THIRD PARTY AUTHENTICATION IN AN ON-DEMAND SERVICE ENVIRONMENT
US 20130031613 A1		SECURE ACCESS TO CUSTOMER LOG DATA IN A MULTI-TENANT ENVIRONMENT
US 20120079134 A1		PROVIDING VIRTUAL NETWORKS USING MULTI-TENANT RELAYS
US 11140169 B1		Cloud Platform Access System

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JASON CHIANG/Primary Examiner, Art Unit 2431