33DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-17 are presented for examination. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-11 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Pitre et al., US 2019/0102162.

Regarding claim 1, Pitre discloses a method for using an integrated control framework for an application comprising a plurality of application modules (paragraph 0254: Application Templates and Upgrade Framework), comprising: 
in an information processing apparatus comprising at least one computer processor: 
defining an application profile, an application model, and a target cloud environment for an application (fig. 6 and paragraph 0245:  capabilities exposed by the data model of the application, OAuth profile.  0269: cloud targets); 
identifying a plurality of security, resiliency, and controls requirements for the target cloud environment (0132: develop their own backend application that consumes the services of IDCS, and provide the backend applications to the target businesses); 
configuring a plurality of security controls for the application based on the security, resiliency, and controls requirements (0219: An entitlement is a privilege in an application (e.g., used to determine authorization in that application). For managed applications, any account attribute may be an entitlement. For unmanaged applications, “AppRoles” represents these privileges.); and 
deploying the security controls to the target cloud environment (fig. 13, granting an unmanaged application (e.g., public cloud applications) requires granting AppRole (privilege) as well which is not required for other types of applications (e.g., managed applications).). Regarding claim 2, Pitre discloses the method of claim 1, further comprising: logging supporting information and results of relevant decisions for the deployed security controls (paragraph 0049, policy administration; testing; logging; auditing; etc). Regarding claim 3, Pitre discloses the method of claim 1, wherein the application model specifies at least one of a regulatory standard, an industry standard, and a best practice for the application (0042: Business practices are usually matured and standardized around an in-house IAM system such as “Oracle IAM Suite” from Oracle Corp. Even small to medium organizations usually have their business processes designed around managing user access through a simple directory solution such as Microsoft Active Directory (“AD”). To enable on-premise integration, embodiments provide tools that allow customers to integrate their applications with IDCS.). Regarding claim 4, Pitre discloses the method of claim 1, wherein the application model is configured to be programmatically analyzed (0068: applies sophisticated analytics to user profiles, access history, provisioning/de-provisioning, and fine-grained entitlements). Regarding claim 5, Pitre discloses the method of claim 1, wherein the application model comprises a directed graph having vertices and edges, wherein the vertices represent at least one of data flow endpoints, compute instances, storage instances, network topology, and auto scaling units, and the edges represent at least one of data flow, replication, failover, containment, and trust (0232:  OAuth resource and possibly to SAML as well. “clientType” indicates the type of the client and the type of access that the App has when it acts as an OAuthClient. It can be “confidential”, “public”, or “trusted”. “redirectURIs” indicates redirect URIs of the application; each value is a URI within the App. T). Regarding claim 6, Pitre discloses the method of claim 1, wherein the plurality of security, resiliency, and controls requirements for the target cloud environment are identified using a catalog of control requirements for at least one of the target cloud environment, a jurisdiction, an industry standard, and a best practice (paragraph 0242: the application to be added may be selectable from an application catalog, or may be a SAML, mobile, or trusted application. ). Regarding claim 7, Pitre discloses the method of claim 1, wherein the step of identifying a plurality of security, resiliency, and controls requirements for the target cloud environment comprises: for each application module: a controls selection engine walking the application model and identifying a list of inline, preventive, detective and reactive controls applicable to the application profile; configuring the selected controls to implement a corresponding set of inline, preventive, detective and reactive functions, based on the target cloud environment, the application model and the application profile; and deploying the configured controls to the target cloud environment (0222: Each application can have any number of facets. Each facet is a set of attributes that describe one aspect of the behavior of the application. FIG. 13, application 1301 holds an optional reference to each facet (e.g., SAML service provider facet 1302, form fill facet 1303, OAuth client facet 1304, OAuth resource server facet 1305, and provisioning target facet 1306).). Regarding claim 8, Pitre discloses the method of claim 7, further comprising: a controls parameterization engine receiving at least one control procedure for the identified controls; and the controls parameterization engine selecting a strongest of the at least one control procedure (0088: Administration service also supports a set of remote procedure call-style (“RPC-style”) REST interfaces). Regarding claim 9, Pitre discloses the method of claim 7, further comprising: applying at least one of the preventive controls to a deployment pipeline for the application; wherein deployment of the application is terminated in response to one of the preventive controls being triggered (0293: When the application administrator clicks on “Resync” button, it triggers a full re-synchronization job that deletes existing AMI entries and then synchronizes all accounts from the target service. This results in upgrade of accounts which involves running a full synchronization job which is triggered only if the upgraded application is “isManagedApp=true”.). Regarding claim 10, Pitre discloses the method of claim 7, further comprising: generating target environment-specific scripts and code snippets and injecting the scripts and code snippets at appropriate parts of a continuous integration/continuous deployment pipeline; and performing runtime validation on the application modules using detective tools to identify a deviation from an expected configuration or behavior (0272: he application template script does the following: (1) seeds the application template and related artifacts; (2) the seeding logic is “GET” followed by “PUT”; and (3) replaces payload in the application template and uses “appTemplate.isUpgraded=True”. In one embodiment, “PUT” is better than “PATCH” as it can use the latest payload (location) to replace the existing payload.). Regarding claim 11, Pitre discloses the method of claim 2, further comprising: providing access to the results and associated evidence via a user interface according to a user role, wherein different user roles have different access to the log and associated evidence (0067: providing users with the application access appropriate for their identity and role within the organization, certifying that they have the correct ongoing access permissions (e.g., as their role or the tasks or applications used within their role change over time), and promptly de-provisioning them as their departure from the organization may require. ). 
Allowable Subject Matter
Claims 12-17 are allowed.
	Reasons for allowances will be furnished at the time of allowance of the application.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20190342315 to Smelove et al.
US 20190294613  to Sullivan et al. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUBREY H WYSZYNSKI/Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434