DETAILED ACTION

Terminal Disclaimer
		The terminal disclaimer(s) filed on 4th May 2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration dates of the full statutory term of the patent(s) granted on U.S. patent(s) 10/798,084 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Ariyeh Akmal (Reg. No. 51,388) on 3rd May 2022.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

CLAIM 1:
 An identity management system for identity management of cloud based computing services in a distributed network computer environment, comprising: 
a hardware processor; 
a non-transitory, computer-readable storage medium, including computer instructions executable by the hardware processor for: 
obtaining identity management data from one or more source systems associated with a distributed enterprise computing environment, the identity management data comprising data on a set of identity management artifacts utilized in identity management for the distributed enterprise computing environment, wherein the source systems include a federated access provider and a cloud service provider; 
determining a set of identities and a set of entitlements associated with the set of identities from the identity management data, including: 
determining, from the identity management data, an Identity and Access Management (IAM) an of the distributed enterprise computing environment, and 
determining, from the identity management data, a cloud access entitlement associated with the federated access provider, wherein the cloud access entitlement represents a second access right associated with the IAM entity of the cloud service provider, the second access right provided through the federated access provider to enable a user of the enterprise to access the cloud service provider; 
obtaining a synthetic role definition comprising a mapping between the IAM entity entitlement and the cloud access entitlement; 
creating a synthetic role at the identity management system based on the received synthetic role definition, wherein the created synthetic role associates the IAM entity entitlement and the cloud access entitlement; 
assigning the created synthetic role to a first identity and interacting with the federated service provider of the enterprise to provision a native account at the federated service provider associated with the first identity; 
obtaining an event log from the cloud service provider, wherein the event log includes events associated with the IAM entity of the cloud service provider; 
            determining one or more events of the event log associated with the first identity; and  
associating the one or more events with the first identity associated with the native account based on the IAM entity entitlement representing the first access right for the IAM entity.

CLAIM 8:
A method for identity management of cloud based computing services in a distributed network computer environment, comprising: 
obtaining identity management data from one or more source systems associated with a distributed enterprise computing environment, the identity management data comprising data on a set of identity management artifacts utilized in identity management for the distributed enterprise computing environment, wherein the source systems include a federated access provider and a cloud service provider; 	
determining a set of identities and a set of entitlements associated with the set of identities from the identity management data, including: 
determining, from the identity management data, an Identity and Access Management (IAM) an of the distributed enterprise computing environment, and 
determining, from the identity management data, a cloud access entitlement associated with the federated access provider, wherein the cloud access entitlement ATTORNEY DOCKET NO.Patent Application76represents a second access right associated with the IAM entity of the cloud service provider, the second access right provided through the federated access provider to enable a user of the enterprise to access the cloud service provider;
            obtaining a synthetic role definition comprising a mapping between the IAM entity entitlement and the cloud access entitlement; 
            creating a synthetic role at the identity management system based on the received synthetic role definition, wherein the created synthetic role associates the IAM entity entitlement and the cloud access entitlement; 
            assigning the created synthetic role to a first identity and interacting with the federated service provider of the enterprise to provision a native account at the federated service provider associated with the first identity; 
            obtaining an event log from the cloud service provider, wherein the event log includes events associated with the IAM entity of the cloud service provider; 
            determining one or more events of the event log associated with the first identity; and
            associating the one or more events with the first identity associated with the native account based on the IAM entity entitlement representing the first access right for the IAM entity.  

CLAIM 15:
A non-transitory computer readable storage mediumhaving instructions stored thereon for identity management of cloud based computing services in a distributed network computer environment, the instructions executable by a hardware processor to perform the steps of 
obtaining identity management data from one or more source systems associated with a distributed enterprise computing environment, the identity management data comprising data on a set of identity management artifacts utilized in identity management for the distributed enterprise computing environment, wherein the source systems include a federated access provider and a cloud service provider; 
determining a set of identities and a set of entitlements associated with the set of identities from the identity management data, including: 
determining, from the identity management data, an Identity and Access Management (IAM) an of the distributed enterprise computing environment, and 
determining, from the identity management data, a cloud access entitlement associated with the federated access provider, wherein the cloud access entitlement represents a second access right associated with the IAM entity of the cloud service provider, the second access right provided through the federated access provider to enable a user of the enterprise to access the cloud service provider; 
obtaining a synthetic role definition comprising a mapping between the IAM entity entitlement and the cloud access entitlement; 
creating a synthetic role at the identity management system based on the received synthetic role definition, wherein the created synthetic role associates the IAM entity entitlement and the cloud access entitlement; 
assigning the created synthetic role to a first identity and interacting with the federated service provider of the enterprise to provision a native account at the federated service provider associated with the first identity; 
obtaining an event log from the cloud service provider, wherein the event log includes events associated with the IAM entity of the cloud service provider; 
determining one or more events of the event log associated with the first identity; and
associating the one or more events with the first identity associated with the native account based on the IAM entity entitlement representing the first access right for the IAM entity.  


Allow Subject Matter

Claims 1 – 21 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 8 &15 (& associated dependent claims).
The present invention is directed to a method for identity management of cloud based computing services in a distributed network computer environment. In view of the closest prior arts such as U.S. Patent 9,692,748 (by Maheshwari) and U.S. Patent 9,276,964 (by Srinivasan), no singular art disclosing nor motivation to combine has been found to anticipate or render obvious the claimed invention in such particular details of doing so in the context of recited limitations such as obtaining identity management data from one or more source systems associated with a distributed enterprise computing environment, the identity management data comprising data on a set of identity management artifacts utilized in identity management for the distributed enterprise computing environment, wherein the source systems include a federated access provider and a cloud service provider; determining a set of identities and a set of entitlements associated with the set of identities from the identity management data, including: determining, from the identity management data, an Identity and Access Management (IAM) entity entitlement representing a first access right associated with an IAM entity of the cloud service provider, the IAM entity associated with an 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.








Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2351 - 2022)