Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 05/02/2022; Claims 1, 3, 4, 7-8, 11, 13-14, 17-18, 20; New claims 21-22 have been added; Claims 2 and 12 have been cancelled; Claims 1, 3-11, 13-22 have examined and are pending. This Action is made FINAL.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/24/2022 is being considered by the examiner.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 05/02/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: Mathew does not disclose or suggest “enrolling a subset of the user identities that comprise a status that indicates MFA enrollment..., wherein the enrolling does not include user verification of the received MFA security factors for the user identities,” as recited in amended claim 1; Mathew also fails to disclose or suggest “enrolling a subset of the user identities that comprise a status that indicates MFA enrollment using a secure application programming interface (API) call to the identity cloud management system,” as recited in amended claim 1(Applicant Remarks/Arguments, pages 8-10, filed 05/02/2022).
         The Examiner disagrees with the Applicants. The Examiner respectfully submits that the combination of Mathew, Kumar, and Anderson does disclose the aforementioned limitations as the following:
Mathew discloses enrolling a subset of the user identities, wherein the enrolling comprises creating an MFA footprint for each of the subset of user identities within an MFA database (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes [i.e. MFA footprint] to the attribute database [i.e. MFA database]. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name), and each created MFA footprint comprises a received MFA security factor corresponding to the user identities (Mathew: par. 0094; par. 0033), wherein the enrolling does not include user verification of the received MFA security factors for the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name).  Mathew teaches bulk enrollment including MFA security factor for the user identities without user verification.
Kumar discloses wherein status for the user identities (Kumar:  Fig. 7, Col. 10, lines 23-53, … Field 703 is a flag indicating whether the user's contact information [i.e. status] has been validated using a means that is dependent on the contact type ..).
Anderson teaches using a secure application program interface (API) call to the identity cloud management system (Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials.).   It is clear that the combination of Mathew, Kumar, and Anderson as whole does teach the aforementioned limitations. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3-4, 6, 8, 11, 13-14, 16, 18, 20, and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019).
Regarding claim 1, Mathew discloses a method for bulk multifactor authentication (MFA) enrollment in an identity cloud management system, the method comprising:
 receiving, in association with the credential, a bulk set of user identities and MFA enrollment information comprising one or more MFA security factors for the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment [i.e. MFA enrollment information] which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database [i.e. MFA security factors for user identities] to migrate user attributes to the attribute database [i.e. MFA database]. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name [i.e. associate with credential]);
enrolling a subset of the user identities, wherein the enrolling comprises creating an MFA footprint for each of the subset of user identities within an MFA database (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes [i.e. MFA footprint] to the attribute database [i.e. MFA database]. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name), and each created MFA footprint comprises a received MFA security factor corresponding to the user identities (Mathew: par. 0094; par. 0033), wherein the enrolling does not include user verification of the received MFA security factors for the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name); and 
Mathew does not explicitly disclose creating an entity in the identity cloud management system, wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system.
However, in an analogous art, Eicken discloses wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Eicken with the method and system of Mathew to include wherein creating an entity in the identity cloud management system, wherein the entity is issued a credential comprising a permissions scope for communicating with the identity cloud management system. One would have been motivated to utilize a management system to facilitate authorized authenticated request to the multi-tenant computing cloud using the access credential associated with the access entity (Eicken: pars. 0002-0003).
Mathew teaches bulk enrollment but does not explicitly teach a status for the user identities, and wherein at least a mix of communication addresses and shared secrets.
However, in an analogous art, Kumar teaches wherein status for the user identities (Kumar:  Fig. 7, Col. 10, lines 23-53, … Field 703 is a flag indicating whether the user's contact information [i.e. status] has been validated using a means that is dependent on the contact type ..), and wherein at least a mix of communication addresses and shared secrets (Kumar:  Fig. 7, Col. 10, lines 23-53, Preferred embodiment of the current invention contains data attributes, for example, a unique identifier 700 for each user; Field 701A is the contact address for the user [i.e. communication address] describing the electronic contact information details associated with the field 701B, contact type for the user describing the type of contact user has registered with the system for example email [i.e. communication address], phone number etc…; … Fields 704 contains a unique username for the user within the system and field 705 contains a password [i.e. secret] that is private to the user and is provided by the user at the time of establishing a connection with central controller for validating the user's identity.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kumar with the method and system of Mathew and Eicken to include wherein a status for the user identities, and wherein the MFA security factors comprise at least a mix of communication addresses and shared secrets. One would have been motivated to provide sharing, synchronization and control of shared information within an information sharing context using an electronic device (Kumar: Col. 3, lines 55-58).
Mathew discloses enrolling a subset of the user identities, wherein the enrolling comprises creating an MFA footprint for each of the subset of user identities within an MFA database as recited above but does not explicitly disclose  using a secure application program interface (API) call to the identity cloud management system; securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system.
However, in an analogous art, Anderson teaches 
using a secure application program interface (API) call to the identity cloud management system (Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials.);
wherein securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system (Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Anderson with the method and system of Mathew, Eicken, and Kumar to include using a secure application program interface (API) call to the identity cloud management system; to include wherein securing access to one or more cloud-based services or applications, wherein the secured access comprises one or more secure API calls to the identity cloud management system. One would have been motivated to provide affording flexibility by ensuring dynamic increase/decrease of storage and/or processing requirements based on utilization, thus reducing cost required for maintain or service hardware resources. The method enables improving computer security for accessing cloud resources (Anderson: pars.  0001-0002).
Regarding claim 3, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 1. Mathew further discloses, wherein, upon receiving the bulk set of user identities and MFA enrollment information, the enrolling is automatically performed without interactions with users corresponding to the user identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name). 
Regarding claim 4, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 1. The combination of Mathew, Eicken, Kumar, and Anderson further discloses, wherein the user identities and MFA enrollment information are received from a trusted source (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory, par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name; Britton: pars. 0074, 0075). 
Regarding claim 6, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4.  The combination of Mathew, Eicken, Kumar, and Anderson further discloses wherein the communication addresses comprise a mix of email addresses and phone numbers (Kumar:  Fig. 7, Col. 10, lines 23-53, Preferred embodiment of the current invention contains data attributes, for example, a unique identifier 700 for each user; Field 701A is the contact address for the user [i.e. communication address] describing the electronic contact information details associated with the field 701B, contact type for the user describing the type of contact user has registered with the system for example email [i.e. communication address], phone number etc.; contact information, field 702, describing contact information contains multiple records for fields 701A and 701B as shown in the FIG. 7 for the actual values where the user can be contacted electronically depending on the respective contact type and contact address).
Regarding claim 8, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4. The combination of Mathew, Eicken, Kumar, and Anderson further discloses, wherein creating the entity in the identity cloud management system comprises: creating, by a user associated with a tenant of the identity cloud management system (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), an application within the identity cloud management system (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), wherein the application comprises the entity that is issued the credential that grants the permission scope (Eicken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor), and the permission scope grants the application access to the identity cloud management system secure API for enrolling the subset of identities (Mathew: par. 0094; Eiken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor; Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials). 
Regarding claim 11, claim 11 is directed to a system for bulk multifactor authentication (MFA) enrollment in an identity cloud management system, the system comprising: one or more servers (Mathew: par. 0007) comprising a processor (Mathew: par. 0007) and memory (Mathew: par.  0007) storing instructions for execution by the processor associated with the method claimed in claim 1; claim 11 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 13, claim 13 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 14, claim 14 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 8, and is therefore rejected under similar rationale.
Regarding claim 20, claim 20 is directed to a non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to perform bulk multifactor authentication (MFA) enrollment in an identity cloud management system associated with the method claimed in claim 1; claim 20 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 21, the combination of Mathew, Eicken, Kumar, and Anderson discloses the method of claim 8, wherein the permission scope grants the application access to an identity cloud management system secure API for enrolling the subset of identities (Mathew: par. 0094; Eiken: par. 0007, creating a new access entity with a new access credential and configuring the access entity's permissions in the multi-tenant compute cloud such that the access entity only has access to the cloud-based service instance being accessed by the requestor; Anderson: par. 0019, The user can then access any cloud resources and/or make API calls corresponding to the role using the received security credentials) without verification of the received MFA security factors for the subset of identities (Mathew: par. 0094; the user enrollment module 322 also provides for bulk enrollment which is utilized by resource provider computers. Bulk enrollment can allow resource provider computers with an existing user information database to migrate user attributes to the attribute database. If a user is enrolled, then asset(s) that are provided by the resource provider computer can be added to the user's asset inventory; par. 0033, “User attributes” can include a specific attribute of a user. A user can be associated with a plurality of user attributes. For example, a user attribute can be “John Doe” which can correspond to the attribute type of name.)
Regarding claim 22, claim 22 is similar in scope to claim 21, and is therefore rejected under similar rationale.


Claims 5  and 15 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and Kinsey (“Kinsey,” US 2014/0358816, published Dec. 4, 2014).
Regarding claim 5, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4. Mathew, Eicken, Kumar, and Anderson do not explicitly disclose, further comprising importing the set of bulk user identities into an identity cloud management system user database.
However, in an analogous art, Kinsey discloses wherein importing the set of bulk user identities into an identity cloud management system user database (Kinsey: par. 0089, integration with the user's databases 20 and other complete integration meaning that a user can directly read/import from any and all existing database(s) 20 and data 90).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kinsey with the method and system of Mathew, Eicken, Kumar, and Anderson to include wherein importing the set of bulk user identities into an identity cloud management system user database. One would have been motivated to launche a window that prompts the user to qualify a client or customer information. The window has an icons, with different colors as indicators as to whether the user is supposed to offer a specific good or service to the customer (Kinsey: par. 0010).
Regarding claim 15, claim 15 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Claim 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and Sitaram (“Sitaram, US 2017/0243168, published Aug. 24, 2017).
Regarding claim 7, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4.  The combination of Mathew, Eicken, Kumar, and Anderson discloses receiving, in association with the credential, a bulk set of user identities and MFA enrollment information comprising one or more MFA security factors for the user identities and a status for the user identities but does not explicitly disclose an upload of an electronic document that includes user and MFA data.
However, in an analogous art, Sitaram teaches an upload of an electronic document that includes bulk data (Sitaram: par. 0103; upload a CVS (Comma Separated Value) file which includes relevant but bulk data).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Sitaram with the method and system of Mathew, Eicken, and Kumar, and Anderson to include upload of an electronic document that includes user and MFA data. One would have been motivated to provide the system allows a user provided to automatically aggregate, analyze, and identify retirement plans for a plurality of users; the system that performs a real time computation; the system that offers services which are time saving. (Sitaram: pars. 0022, 0028, 0030).
Regarding claim 17, claim 17 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and in view of  Lander et al. (“Lander,” US 2017/0331813, published Nov. 16, 2017).
Regarding claim 9, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 8.  Mathew, Eicken, Kumar, and Anderson do not explicitly disclose, wherein the trusted source comprises the user associated with the tenant. 
However, in an analogous art, Lander discloses wherein the trusted source comprises the user associated with the tenant (Lander: par. 0088, IDCS also provides a schema service (or a persistence service) that allows for using a database schema. A schema service allows for delegating the responsibility of managing database schemas to IDCS. Accordingly, a user of IDCS does not need to manage a database since there is an IDCS service that provides that functionality. For example, the user uses the database to persist schemas on a per tenant basis, and when there is no more space in the database, the schema service will manage the functionality of obtaining another database and growing the space so that the users do not have to manage the database themselves; pars. 0099, 0130). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lander with the method and system of Mathew, Eicken, Kumar, and Anderson to include wherein the trusted source comprises the user associated with the tenant. One would have been motivated to provide self-service and access request functionality to improve the experience and efficiency of an end user and to reduce costs from help desk calls. The medium enables improving positive digital customer experience and business credibility for employee use, and ultimately contributing to revenue increase, and companies so as to reduce customer help desk calls and costs and improve customer satisfaction (Lander: pars. 0004, 0065).
Regarding claim 19, claim 19 is similar in scope to claim 9, and is therefore rejected under similar rationale.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable Mathew et al. (“Mathew,” US 2020/0274876, filed Feb. 22, 2019) in view of Eicken et al. (“Eicken,” US 2014/0317701, published Oct. 23, 2015), further in view of Kumar (“Kumar,” US 9,185,063, published Nov. 10, 2015), and Anderson et al. (“Anderson,” US 2019/0075115, published Mar. 7, 2019), and Kalaboukis et al. (“Kalaboukis,” US 2008/0141138, published Jun. 12, 2008).
Regarding claim 10, the combination of Mathew, Eicken, Kumar, and Anderson teaches the method of claim 4.  The combination of Mathew, Eicken, Kumar, and Anderson discloses wherein the subset of the user identities that comprise a status but does not explicitly disclose “status that indicates MFA enrollment includes all or a portion of the bulk set of user identities.” 
However, in an analogous art, Kalaboukis discloses enrollment includes all or a portion of the bulk set of user identities (Kalaboukis: par. 0034, the user can enter a list of user identities for each portion of a selected status indicator or for the entire selected status indicator). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kalaboukis with the method and system of Mathew, Eicken, Kumar, and Anderson to include wherein the subset of the user identities that comprise a status that indicates MFA enrollment includes all or a portion of the bulk set of user identities. One would have been motivated to allow a user to effectively update and manage the status information, and allows other user to read the status information. The method expands on the types of status information that is provided by the former user to the latter user (Kalaboukis: abstract, par. 0004).





Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  


For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439
July 19th, 2022



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439