DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are rejected in the Instant Application.


Priority
Examiner acknowledges Applicant’s claim to priority benefits of IN 201941037066 and 62/899888 filed 914/2019 and 9/13/2019, respectively.



Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 5/18/2020, 9/2/2020, 11/5/2020, 12/29/2020, 2/2/2021, 6/16/2021, 11/9/2021, 2/22/2022 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered if signed and initialed by the Examiner.


Claim Rejections
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim(s) 10-18 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
As per claim(s) 10-18, they are being rejected in view of the OG Notice on Subject Matter Eligibility of Computer Readable Media posted on USPTO’s website on 1/28/2010.  It is being reproduced partially below to maintain a clear record:
“The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent.  See MPEP 2111.01.  When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. § 101 as covering non-statutory subject matter.  [[]]
 In an effort to assist the patent community in overcoming a rejection or potential rejection under 35 U.S.C. § 101 in this situation, the USPTO suggests the following approach.  A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim.”



Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Murugesan (US Pub. 2018/0083977) in view of Chandrashekhar (US Pub. 2018/0278577).
With respect to Claim 1, Murugesan teaches a method of operating a multi-tenant cloud system, the method comprising: (para. 19; multi-tenant identity and data security management system in cloud deployments)
receiving a request for an authenticate action for a user; (para. 38; requested identity actions. Para. 208; request to perform identity management services. Para. 212; login service.)
creating an authenticate target action; (para. 210; the request is then authenticated. Para. 212; identity management service includes…a token service. Para. 165, 176-179, 218; single sign on using a SSO cookie.)
registering a cache listener for a cache comprising a filter to listen for a target action response that is responsive to the authenticate target action, (paras. 216-218; IDBridge monitors and synchronizes all users in a directory using filter. Para. 244; filter for EmailID or username to retrieve a UID for a user.)
the filter listing a plurality of bridges assigned to an on-premise active directory; (A plurality of bridges will be taught later. Fig. 2, para. 4, 22, 216; IDBridge is a distributed agent that is assigned to an on-premises active directory.)
and sending the authenticate target action to the active directory via the selected bridge; (para. 177; when logging in, Cloud gate sends authentication information to Admin SCIM, which determines authentication. para. 230; IDBridge polls the AD and reports changes to IDCS. Para. 236; IDCS may request to sync now. Paras. 46-47; whenever a user’s group membership is changed on-premises the cloud application changes automatically. Para. 217; AD is the “source of truth” for identities. Therefore it would have been obvious to one of ordinary skill prior to the effective filing date to send the authentication action to the active directory in order to immediately get the authoritative authentication rather than waiting for a periodic update or requested sync to complete. Further, in at least some embodiment passwords are not synced to the cloud (para. 46) and therefore it would have been obvious to send the authentication to the AD in order to check the password.)
waiting for a cache callback; and at the cache callback, (para. 175-180; when authentication is confirmed the server redirects to generate a cookie containing an authentication token. Client accepts cookie and allows access. Redirecting to receive the cookie is a cache callback.)
receiving a target action response comprising a result of the authenticate action. (paras. 179-181; browser receives cookie with authentication token.)
But Murugesan does not explicitly teach randomly selecting one of the plurality of bridges.
Chandrashekhar, however, does teach randomly selecting one of the plurality of bridges (Examiner initially asserts Murugesan suggests a plurality of bridges because it describes the IDBridge as a “distributed agent.” See Murugesan, Fig. 2, para. 4, 22, 216; IDBridge is a distributed agent that is assigned to an on-premises active directory. Regardless, since Chandrashekhar is more explicit and also teaches random selection Examiner will cite that. Fig. 1, Para. 24; system has multiple bridges for communication and they may be selected by random selection.)
It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Murugesan with the random selection of a plurality of bridges to allow for scalability or to allow for failover in the event a bridge fails. (Chandrashekhar, para. 24)

With respect to Claim 2, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein each of the bridges provides a polling request comprising an application identifier (para. 230; IDBridge syncs by polling at intervals. Paras. 55, 176, 242-243; SCIM ID for identifying resources including metadata that describes the application.)
And Chandrashekhar also teaches and its corresponding bridge identifier. (para. 24; bridge identifier.)
The same motivation to combine as the independent claim applies here.

With respect to Claim 3, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the filter comprises a query operation that returns a corresponding set of data from the cache. (para. 50-51, 86, 181; query for IDCS resources and data. para. 230; IDBridge queries AD and pushes changes to IDCS. Para. 244; filter for EmailID or username to retrieve a UID for a user.)

With respect to Claim 4, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the authentication action request is received at the multi-tenant cloud system. (paras. 120-124, 128; web tier receives a login request from a user browser in a multi-tenant environment.)

With respect to Claim 5, modified Murugesan teaches the method of claim 4, and Murugesan also teaches wherein the result of the authentication action is received from the on-premise active directory. (para. 44, 47, 216; on-premise AD synchronizes changes to cloud through IDBridge, resulting in a near instanteous gain or loss of functionality. Para. 218; AD passwords may be used to authenticates users to cloud applications.)

With respect to Claim 6, modified Murugesan teaches the method of claim 1, and Murugesan also teaches further comprising: while waiting for the cache callback, polling for a thread created for the authentication action; wherein the polling continues until the cache callback or a timeout. (paras. 216-218; IDBridge monitors and synchronizes all users in a directory using filter. para. 230; IDBridge polls the AD and reports changes to IDCS. It would have been obvious to one of ordinary skill prior to the effective filing date to poll until the cache callback because that would indicate that the information was received.)

With respect to Claim 7, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the cache listener is implemented by an in-memory distributed data grid. (para. 192; IDCS cache cluster is implemented by an in-memory distributed data grid.)

With respect to Claim 8, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the authentication action is an asynchronous action comprising changing a password. (para. 53, 85-86; password management. Paras. 95-99; asynchronous near real time tasks are tasks that are not needed for a user to proceed, such as recording. Create user action sends a notification requesting a user to reset their password and is asynchronous. Since a user’s identity is already confirmed when a password change takes place, the disclosure suggests the action can be asynchronous. See also para. 46; passwords are not synchronized between AD and IDCS.)

With respect to Claim 9, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the multi-tenant cloud system accesses the on-premise active directory via a firewall. (para. 173, 188, 216; IDCS accesses outside devices through firewall. IDBridge traverses firewall to reach AD.)

With respect to Claim 10, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Murugesan also teaches a computer-readable medium storing instructions which, when executed by at least one of a plurality of processors, cause the processors to (paras. 200-201; processor 

With respect to Claims 11-18, they are substantially similar to Claims 2-9, respectively, and are rejected in the same manner, the same art and reasoning applying.

With respect to Claim 19, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Murugesan also teaches a multi-tenant cloud system for a plurality of user accounts, the system comprising: one or more processors in communication with a client system (para. 169, 177; user request authorization. Para. 200; servers with processors.)

With respect to Claim 20, it is substantially similar to Claim 2 and is rejected in the same manner, the same art and reasoning applying.


Remarks
	Examiner is aware of copending Application 16/807713 (Pub. 2021/0084031). Examiner makes no provisional nonstatutory double patenting rejection to the claims because even though the claims are similar, they appear to be directed toward improving different features of a common system. Examiner instead puts applicant on notice that when the claims of either application are in a more final form a double patenting rejection may be appropriate.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NICHOLAS P CELANI/Examiner, Art Unit 2449