Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 06/27/2022 has been entered.
This Office Action is in response to the communication and claim amendment
filed on 06/27/2022; claims 1, 13, and 14 have been amended; Claim 12 was canceled; claims 1, 13, and 14 are independent claims.  Claims 1-11 and 13-19 have been examined and are pending. This Action is made Non-FINAL. 
Response to Arguments
Claims 14-17 and 19 are interpreted under 35 U.S.C. 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph as reciting means-plus functions are maintained.
Applicants’ arguments in the instant amendment, filed on 06/27/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
a. Applicants argue: Oliveira and Srinivasan, either alone or in combination, do not teach or disclose an access manager module of a cloud platform determining “credentials for a security data zone based on the first access token,” included within the query from the querying application, as recited by independent claim 1 (Applicant Remarks/Arguments, page 9, filed 06/27/2022).
Applicants’ arguments with respect to aforementioned limitations have been fully considered but are moot in view of the new ground(s) of rejection.
b.  Applicants argue: Oliveira and Srinivasan, either alone or in combination, do not teach or disclose “generating, by the access manager module of the cloud platform, a second access token based on the determined credentials,” which are determined based on the first access token,”; “performing, by the querying application of the cloud platform, a read access, a write access, or the read access and the write access to the data stored in the security data zone of the cloud platform for the user specified in the received query using the returned second access token” as recited by independent claim 1 (Applicant Remarks/Arguments, pages 11-12, filed 06/27/2022).
       The Examiner disagrees with the Applicants. The Examiner respectfully submits that Oliveira and Srinivasan does disclose some portion of the aforementioned limitations as the following:
Oliveira discloses generating, by the access manager module of the cloud platform, a second access token, based on the determined credentials, and transmitting the second access token to the querying application, which uses a returned second access token to obtain access to data stored in the security data zone to be processed by the querying application (Oliveira: abstract, pars. 0003, 0052, The authorization manager 118 can check the authenticity of the credential(s) (e.g., compare the entered credential(s) to stored credential(s) of the user ...More particularly, the authorization manger send (210) an access token [i.e. returned the second access token] to the application 116); and
performing, by the querying application of the cloud platform, a read access, a write access, or the read access and the write access to the data stored in the security data zone of the cloud platform for the user specified in the received query using the returned second access token (Oliveira: abstract, par. 0053, Consequently, the application 116 send (212) a request data to the user-specific container 122, the request including the access token, and  the container (assuming the access token is still valid) provide (212) the request data).
Srinivasan discloses receiving a query from a querying of the cloud platform, the querying including a first access token (Srinivasan: par. 0093, when an access token request comes in from a particular client, to check the access token scope requested by that request with the scope registered for that client application);
It is clear that the combination of Oliveira and Srinivasan as a whole does teach some portion of aforementioned limitations. 



Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “A system for providing access by an application to data stored in a security data zone of a cloud platform, the system comprising: an access manager module configured to: receive … ; determine …; generate …; and perform …” recited in claims 14-17 and 19.  Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), fourth paragraph:
Subject to the [fifth paragraph of 35 U.S.C. 112 (pre-AIA )], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 7 is rejected under 35 U.S.C. 112(d) or 35 U.S.C. 112 (pre-AIA ), fourth paragraph as failing to further limit subject matter of other claim to which it refers.
Regarding claim 7, claim 7 depends on the independent claim 1. Claim 7 recites the limitation “performing, by the querying application, a read access, a write access, or the read access and the write access to data stored in the security data zone of the respective user using the returned second access token.” is already in claim 1.  Therefore, claim 7 fails to further limit subject matter of claim 1 to which it refers.  As a result, claim 7 is rejected under 35 U.S.C 112(d).  It is suggested that claim 7 be canceled.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 13, 14-16, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over de Oliveira et al. (“Oliveira,” US 2017/0169249, published Jun. 15, 2017) in view of Srinivasan et al. (“Srinivasan,” US 2019/0103968, filed Sep. 27, 2018), further in view of Hecht et al. (“Hecht,” US 2019/0207772, filed Mar. 20, 2018).
Regarding claim 1, Oliveira teaches a method for providing access by an application to data stored in a security data zone of a cloud platform, the method comprising:
determining, by an access manager module of the cloud platform, in response to the query received from the querying application of the cloud platform, credentials for a security data zone based on determining, by the access manager module (Oliveira: fig. 2, step 208, par. 0052, the user 130 transmits a request (202) to execute an application 116.  The application 116 sends an authorization request (204) to the authorization manager 118 requesting access to personal data… In some examples, the user grants/denies the request to access the personal data.  For example, and in response to the authorization request, the user 130 can enter a credential (or credentials), which are sent (208) to the authorization manager 118.  The authorization manager 118 can check the authenticity of the credential(s) (e.g., compare the entered credential(s) to stored credential(s) of the user);
generating, by the access manager module of the cloud platform, a second access token, based on the determined credentials, and transmitting the second access token to the querying application, which uses a returned second access token to obtain access to data stored in the security data zone to be processed by the querying application (Oliveira: abstract, pars. 0003, 0052, The authorization manager 118 can check the authenticity of the credential(s) (e.g., compare the entered credential(s) to stored credential(s) of the user … More particularly, the authorization manger send (210) an access token to the application 116); and
performing, by the querying application of the cloud platform, a read access, a write access, or the read access and the write access to the data stored in the security data zone of the cloud platform for the user specified in the received query using the returned second access token (Oliveira: abstract, par. 0053, Consequently, the application 116 send (212) a request data to the user-specific container 122, the request including the access token, and  the container (assuming the access token is still valid) provide (212) the request data).
Oliveira discloses determining, by an access manager module of the cloud platform, in response to the query received from the querying application of the cloud platform, credentials for a security data zone based on determining, by the access manager module does not explicitly disclose receiving a query from a querying application of the cloud platform, the querying including a first access token, whether the first access token included in the received query belongs to an application registered at the access manager module and whether a user specified in the received query is allowed to use the registered application.”
However, in an analogous art, Srinivasan teaches
receiving a query from a querying application of the cloud platform, the querying including a first access token (Srinivasan: par. 0093, when an access token request comes in from a particular client, to check the access token scope requested by that request with the scope registered for that client application);
determining whether the first access token included in the received query belongs to an application registered at the access manager module and whether a user specified in the received query is allowed to use the registered application (Srinivasan: par. 0093, when an access token request comes in from a particular client, to check the access token scope requested by that request with the scope registered for that client application);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Srinivasan with the method and system of Oliveira to include receiving a querying application of the cloud platform, the querying including a first access token, whether the first access token included in the received query belongs to an application registered at the access manager module and whether a user specified in the received query is allowed to use the registered application. One would have been motivated to authenticate a user, so that a Cloud Gate permits access to protected resource, thus preventing unauthorized access to data (Srinivasan: abstract, 0007, 0042).
Oliveira discloses determining, by an access manager module of the cloud platform, in response to the query received from the querying application of the cloud platform, credentials for a security data zone based on determining, by the access manager module but does not explicitly disclose credentials based the first access token.
However, in an analogous art, Hecht discloses that credentials based access token. (Hecht: par. 0019, an access token can include credentials (e.g., a user name or password) or keys (e.g., cryptographic). The cloud-computing environment can be configured to use an access token for authorization and/or authentication of an API communication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hecht with the method and system of Oliveiria and Srinivasan to include credentials based the first access token. One would have been motivated to rely on a cloud computing implementation of an application architecture reduces development times and development costs, thus increasing the flexibility and scalability of applications (Hecht: par. 0002).
Regarding claim 2, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1.  The combination of Oliveira, Srinivasan, and Hecht further discloses wherein the application is registered at the access manager module of the cloud platform for assignment of at least one first access token but does not explicitly disclose, comprising a manager access login name, a manager access password, or the manager access login name and the manager access password.
Although Oliveira, Srinivasan, and Hecht do not explicitly disclose the application is registered at the access manager module of the cloud platform for assignment of at least one first access token but does not explicitly disclose, comprising a manager access login name, a manager access password, or the manager access login name and the manager access password.
However, these additional features above are merely of design option the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 00052; Srinivasan: par. 0093).	
Regarding claim 3 the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1.   Although Oliveira, Srinivasan, and Hecht do not explicitly disclose further comprising notifying the access manager module of the cloud platform by a service provider module of a service provider of the respective application about a relationship between the service provider and user that allows the respective user to use the registered application of the service provider.
However, these additional features above are merely of design option of the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093).
Regarding claim 4, the combination of Oliveira and Srinivasan teaches the method of claim 1.   Although Oliveira and Srinivasan do not explicitly disclose further comprising, wherein the query is transmitted by an application to the access manager module when the application is initiated on a user device of a user.
However, these additional features above are merely of design option the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093).
Regarding claim 5, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1. Although Oliveira, Srinivasan, and Hecht do not explicitly disclose, wherein the credentials for the security data zone of the user comprise a user name, a password, or the user name and the password.
However, these additional features above are merely of design option the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093; Hecht: par. 0019).
Regarding claim 6, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1. Although Oliveira, Srinivasan, and Hecht do not explicitly disclose wherein the second access token is generated by an identity and access management unit of the cloud platform.
However, these additional features above are merely of design option the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093).
Regarding claim 7, the combination of Oliveira and Srinivasan teaches the method of claim 1.  The combination of Oliveira, Srinivasan, and Hecht further discloses wherein further comprising performing, by the querying application a read access, a write access, or the read access and the write access to data stored in the security data zone of the respective user using the returned second access token (Oliveira: abstract, par. 0053, Consequently, the application 116 send (212) a request data to the user-specific container 122, the request including the access token, and  the container (assuming the access token is still valid) provide (212) the request data).
Regarding claim 8, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1.  Although Oliveira, Srinivasan, and Hecht do not explicitly disclose further comprising evaluating, manipulating or evaluating and manipulating of the user, the evaluating, the manipulating, or the evaluating and the manipulating of the data of the user comprising processing, by the application, the data stored in the security data zone of the user accessed by the application.
However, these additional features above are merely of design option of the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093).
Regarding claim 9, the combination of Oliveira and Srinivasan teaches the method of claim 1. Although Oliveira, Srinivasan, and Hecht do not explicitly disclose wherein the security data zone of the user comprises a logically separated data storage area in a data storage resource connected with the cloud platform or forming part of the cloud platform.
However, these additional features above are merely of design option of the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093,).
Regarding claim 10, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1. Although Oliveira, Srinivasan, and Hecht do not explicitly disclose wherein the generated unique second access token is valid for a predefined time period.
However, these additional features above are merely of design option of the combination of Oliveira, Srinivasan, and Hecht (Oliveira: abstract, pars. 0003, 0052; Srinivasan: par. 0093).
Regarding claim 13, claim 13 is directed to a system comprising: a processor (Oliveira: figs. 1, 4; pars. 0061, 0065) configured to provide access by and     application to data stored in a security data zone of a cloud platform; and a program memory Oliveira: figs. 1, 4, pars. 0061, 0065) storing a program code that, when executed by the processor, configures the processor to: associated with the method claimed in claim 1; claim 13 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 14, Oliveira teaches a system for providing access by an application to data stored in a security data zone of a cloud platform, the system comprising:
an access manager module configured to:
determine, in response to the query received from the querying application, credentials for a security data zone of a user (Oliveira: fig. 2, step 208, par. 0052, the user 130 transmits a request (202) to execute an application 116.  The application 116 sends an authorization request (204) to the authorization manager 118 requesting access to personal data… In some examples, the user grants/denies the request to access the personal data.  For example, and in response to the authorization request, the user 130 can enter a credential (or credentials), which are sent (208) to the authorization manager 118.  The authorization manager 118 can check the authenticity of the credential(s) (e.g., compare the entered credential(s) to stored credential(s) of the user); 
generate a second access token based on the retrieved credentials, and transmit the second access token to the querying application that uses the returned second access token to obtain access to data stored in the security data zone of the respective user to be processed by the querying application (Oliveira: abstract, pars. 0003, 0052, The authorization manager 118 can check the authenticity of the credential(s) (e.g., compare the entered credential(s) to stored credential(s) of the user …More particularly, the authorization manger send (210) an access token to the application 116);
perform, by the querying application of the cloud platform, a read access, a write access, or the read access and the write access to the data stored in the security data zone of the cloud platform for the user specified in the received query using the returned second access token (Oliveira: abstract, par. 0053, Consequently, the application 116 send (212) a request data to the user-specific container 122, the request including the access token, and  the container (assuming the access token is still valid) provide (212) the request data).
Oliveira discloses determine, in response to the query received from the querying application, credentials for a security data zone of a user but does not explicitly disclose receiving a query from a querying application of the cloud platform, the query including a first access token; when the access manager module determines that the first access token included in the received query belongs to a registered application registered at the access manager module, and that the user specified in the received query is allowed to use the registered application.
However, in an analogous art, Srinivasan teaches
receiving a query from a querying application of the cloud platform, the querying including a first access token (Srinivasan: par. 0093, when an access token request comes in from a particular client, to check the access token scope requested by that request with the scope registered for that client application);
the access manager module determines that the first access token included in the received query belongs to a registered application registered at the access manager module, and that the user specified in the received query is allowed to use the registered application (Srinivasan: par. 0093, when an access token request comes in from a particular client, to check the access token scope requested by that request with the scope registered for that client application);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Srinivasan with the method and system of Oliveira to include receiving a querying application of the cloud platform, the querying including a first access token, the access manager module determines that  the first access token included in the received query belongs to a registered application registered at the access manager module, and that the user specified in the received query is allowed to use the registered application. One would have been motivated to authenticate a user, so that a Cloud Gate permits access to protected resource, thus preventing unauthorized access to data (Srinivasan: abstract, 0007, 0042).
Oliveira discloses determine, in response to the query received from the querying application, credentials for a security data zone of a user but does not explicitly disclose credentials based the first access token.
However, in an analogous art, Hecht discloses that credentials based access token. (Hecht: par. 0019, an access token can include credentials (e.g., a user name or password) or keys (e.g., cryptographic). The cloud-computing environment can be configured to use an access token for authorization and/or authentication of an API communication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Hecht with the method and system of Oliveira and Srinivasan to include credentials based the first access token. One would have been motivated to rely on a cloud computing implementation of an application architecture reduces development times and development costs, thus increasing the flexibility and scalability of applications (Hecht: par. 0002).
Regarding claim 15, claim 15 is similar in scope to claims 2-3, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 8, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 9, and is therefore rejected under similar rationale.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over de Oliveira et al. (“Oliveira,” US 2017/0169249, published Jun. 15, 2017) in view of Srinivasan et al. (“Srinivasan,” US 2019/0103968, filed Sep. 27, 2018), further in view of Hecht et al. (“Hecht,” US 2019/0207772, filed Mar. 20, 2018), and Huynh (Huynh,” US 10,397,207 filed Jul. 17, 2017).
Regarding claim 11, the combination of Oliveira, Srinivasan, and Hecht teaches the method of claim 1. The combination of Oliveira, Srinivasan, and Hecht wherein the credentials for the security data zone of the user but does not explicitly disclose undergo an automatic rotation.
However, in an analogous art, Huynh discloses Automatic credential rotation, wherein automatic credential rotation before each transmission or storage those credentials (Huynh: abstract, Credentials and other sensitive strings can undergo automatic rotation before each transmission or storage of those credentials: Col. 1, lines 61-65.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Huynh with the method and system of Oliveira, Srinivasan, and Hecht to include wherein the credentials for the security data zone of the user undergo an automatic rotation. One would have been motivated to provide for management and improvement of security credentials, and other sensitive data, in an electronic environment (Huynh: abstract, Col. 1: lines 61-65: Col. 3, lines 64-67).
Claims 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over de Oliveira et al. (“Oliveira,” US 2017/0169249, published Jun. 15, 2017) in view of Srinivasan et al. (“Srinivasan,” US 2019/0103968, filed Sep. 27, 2018), further in view of Hecht et al. (“Hecht,” US 2019/0207772, filed Mar. 20, 2018), and Dotchkoff et a. (“Dotchkoff,” US 2019/0123967, published Oct. 19, 2017).
Regarding claim 18, the combination of Oliveira, Srinivasan, and Hecht discloses the method of claim 8. Oliveira, Srinivasan, and Hecht do not explicitly disclose, wherein the data of the user is Internet of Things data of the user.
However, in an analogous art, Dotchkoff discloses, wherein the data of the user is Internet of Things data of the user (Dotchkoff: par. 0037, Application back-end 313 refers to a device, or multiple devices such as a distributed system, that performs actions that enable data collection, storage, and/or actions to be taken based on the IoT data, including user access and control, data analysis, data display, control of data storage, automatic actions taken based on the IoT data, and/or the like).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Dotchkoff with the method and system of Oliveira, Srinivasan, and Hecht to include wherein the data of the user is Internet of Things data of the user. One would have been motivated to provide for the apparatus effectively allows a mapping to be established between tenants in the third-party cloud service and tenants in the IoT support service when a customer initially activates the third-party cloud service along with the IoT support service (Dotchkoff: abstract, Col. 1, lines 26-38).
Regarding claim 19, claim 19 is similar in scope to claim 18, and is therefore rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439

July 27th, 2022



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439