Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
2.	This is a continuation application which is a continuation of application 17238906, filed 04/23/2021 is a continuation of 16175308, filed 10/30/2018, now U.S. Patent #11012443. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is 10/30/2018.		

Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 04/23/2021 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. 
Drawings
4.	The drawings filed on 04/23/2021 are accepted. 

Specification
5.	The specification filed on 04/23/2021 is also accepted.

Internet Communications
6. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 


Double Patenting

7.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b).
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).


8.	Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 11,012,443 (hereinafter refereed as ‘443 Patent.) Although the conflicting claims are not identical, they are not patentably distinct from each other.
The following is referring to the independent claim


[Symbol font/0xB7]  	As per independent claims 1, 8 and 15, 
		Independent claims 1, 8 and 15 of the instant application and claim 1, of the ‘443 patent recite similar limitation. The above independent claims, namely claims 1,7 and 13 of the instant/present application would have been obvious over independent claims 1,7, and 13 of the ‘443 patent because each and every element of the above independent claims 1, 7 and 13 of the present application is anticipated by the corresponding independent claims 1,7 and 13 of the ‘443 patent.

The following is referring to the dependent claims

[Symbol font/0xB7]  	Referring to dependent claims 2-7, 9-14 and 16-20,
Claims 2-7, 9-14 and 16-20 of the instant application is also anticipated by claim 2-5, 6,8-12 and 14-18 of the ‘443 patent since the corresponding claims further recite similar/same limitation of the same subject matter.
US Patent No. 11,012,443
Instant / current application No. 17/238,906
1. An electronic device configured to implement dynamic deployment of access controls anchored on request actions in a multi-user, on-demand computing environment, comprising: at least one physical memory device capable to store one or more multi-user on demand databases; 

one or more processors coupled with the at least one physical memory device, the one or more processors configurable to: 

receive, via a user interface, a request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements; 

determine whether a virtual access rule logic comprises one or more virtual access check rules that are anchored to specific request actions of the one or more request elements, wherein the virtual access check rules are deployed dynamically to enforce additional access checks against the request; 

and in response to a determination that the virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, apply the one or more virtual access check rules to the request.
1. An electronic device configured to implement dynamic deployment of access controls anchored on request actions in a multi-user, on-demand computing environment, comprising: 
at least one physical memory device capable to store one or more multi-user on demand databases; 

and one or more processors coupled with the at least one physical memory device, the one or more processors configurable to: 

receive, via a user interface, a request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements; 

determine that the request matches one or more anchorless rules that lack dependency on resources engaged during a lifetime of the request; apply the one or more anchorless rules matched by the request; 

and responsive to the one or more anchorless rules lacking a blocking rule for the request, apply one or more virtual access check rules to the request, wherein the one or more virtual access check rules are anchored to specific request actions of the one or more request elements of the request.

3. (Original) The electronic device of claim 2, wherein the one or more processors are configurable to: block the request when the one or more of the anchorless rules comprises a blocking rule for the request.
2. The electronic device of claim 1 wherein the one or more processors are configurable to block the request responsive to the one or more of the anchorless rules comprising the blocking rule for the request.
2. (Original) The electronic device of claim 1, wherein the one or more processors are configurable to: apply one or more anchorless rules to the request.
3. The electronic device of claim 1 wherein the one or more processors are configurable to apply one or more anchored rules to the request.
5. (Original) The electronic device of claim 4, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
4. The electronic device of claim 3, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.

6. (Original) The electronic device of claim 5, wherein the wherein the one or more processors are configurable to: block the request when the one or more of the anchored rules comprises a blocking rule for the request.
5. The electronic device of claim 4, wherein the one or more processors are configurable to block the request when the one or more of the anchored rules comprises a blocking rule for the request.

2. (Original) The electronic device of claim 1, wherein the one or more processors are configurable to: apply one or more anchorless rules to the request.
6. The electronic device of claim 1, wherein the one or more anchorless rules are dependent on resources available directly in the request.
5. (Original) The electronic device of claim 4, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
7. The electronic device of claim 1, wherein the one or more anchorless rules are to block POST requests to a uniform resource identifier (URI) pattern in the request.
7. (Currently amended) A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to: receive, via a user interface, a request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements; determine whether a virtual access rule logic comprises one or more virtual access check rules which that are anchored to specific request actions of the one or more request elements, wherein the virtual access check rules are deployed dynamically to enforce additional access checks against the request; and in response to a determination that the virtual access rule logic comprises one or more AMENDMENT AND RESPONSE UNDER 37 CFR § 1.111Page 4 Serial Number: 16/175,308Atty. Dkt. SFDC-P322virtual access check rules which are anchored to the one or more request elements, apply the one or more virtual access check rules to the request.
8. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to: receive, via a user interface, a request to access one or more resources managed by the one or more processors of an electronic device in a multi-user, on demand computing environment, the request comprising one or more request elements; determine that the request matches one or more anchorless rules that lack dependency on resources engaged during a lifetime of the request; apply the one or more anchorless rules matched by the request; and responsive to the one or more anchorless rules lacking a blocking rule for the request, apply one or more virtual access check rules to the request, wherein the one or more virtual access check rules are anchored to specific request actions of the one or more request elements of the request.
9. (Original) The non-transitory computer-readable medium of claim 8, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to: block the request when the one or more of the anchorless rules comprises a blocking rule for the request.
9. The non-transitory computer-readable medium of claim 8, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to block the request responsive to the one or more of the anchorless rules comprising the blocking rule for the request.

10. (Original) The non-transitory computer-readable medium of claim 7, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to: apply one or more anchored rules to the request.
10. The non-transitory computer-readable medium of claim 8, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to apply one or more anchored rules to the request.

11. (Original) The non-transitory computer-readable medium of claim 10, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
11. The non-transitory computer-readable medium of claim 10, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.

9. (Original) The non-transitory computer-readable medium of claim 8, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to: block the request when the one or more of the anchorless rules comprises a blocking rule for the request.
12. The non-transitory computer-readable medium of claim 11, further comprising instructions that, when executed by the one or more processors, are configurable to cause the one or more processors to: L block the request when the one or more of the anchored rules comprises a blocking rule for the request.

11. (Original) The non-transitory computer-readable medium of claim 10, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
13. The non-transitory computer-readable medium of claim 8, wherein the one or more anchorless rules are dependent on resources available directly in the request.

11. (Original) The non-transitory computer-readable medium of claim 10, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
14. The non-transitory computer-readable medium of claim 8, wherein the one or more anchorless rules are to block POST requests to a uniform resource identifier (URI) pattern in the request.
13. (Currently amended) A method to implement secure data transfer between entities in a multi-user, on-demand computing environment: 

receiving, via a user interface, a request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements; 

determining whether a virtual access rule logic comprises one or more virtual access check rules which that are anchored to specific request actions of the one or more request elements, wherein the virtual access check rules are deployed dynamically to enforce additional access checks against the request; and in response to a determination that the virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, applying the one or more virtual access check rules to the request.  

15. A method to implement secure data transfer between entities in a multi-user, on-demand computing environment:

 receiving, via a user interface, a request to access one or more resources managed by an electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements; 

determining that the request matches one or more anchorless rules that lack dependency on resources engaged during a lifetime of the request; applying the one or more anchorless rules matched by the request; and responsive to the one or more anchorless rules lacking a blocking rule for the request, applying one or more virtual access check rules to the request, wherein the one or more virtual access check rules are anchored to specific request actions of the one or more request elements of the request.
15. (Original) The method of claim 14, further comprising blocking the request when the one or more of the anchorless rules comprises a blocking rule for the request.
16. The method of claim 15, further comprising blocking the request responsive to the one or more of the anchorless rules comprising the blocking rule for the request.

14. (Original) The method of claim 13, further comprising: applying one or more anchorless rules to the request.
17. The method of claim 15, further comprising applying one or more anchored rules to the request.

17. (Original) The method of claim 16, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.
18. The method of claim 17, wherein the anchored rule is anchored to at least one of a user permission or an entity operation associated with the request.

15. (Original) The method of claim 14, further comprising blocking the request when the one or more of the anchorless rules comprises a blocking rule for the request.
19. The method of claim 18, further comprising blocking the request when the one or more of the anchored rules comprises a blocking rule for the request.

18. (Original) The method of claim 17, further comprising blocking the request when the one or more of the anchored rules comprises a blocking rule for the request.
20. The method of claim 15, wherein the one or more anchorless rules are dependent on resources available directly in the request.



Pertinent Art 
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Erdogan et al. (Pub. No.: US 2014/0067792 A1) provide A system includes a coordinator node and worker nodes in communication with the coordinator node. Each worker node stores data blocks. Each data block has data in a semi-structured format and each data block has an associated foreign table declaration specifying conversion of the data in the semi-structured format into a tabular format interpretable by a query language. A query processor executed by the coordinator node produces a distributed query plan in response to a query language query. The distributed query plan includes sub-queries. The sub-queries are executed by selected worker nodes of the worker nodes. The selected worker nodes use foreign table declarations to convert data in semi-structured formats into tabular formats of a distributed database to provide tabular data in response to the query language query.

Benoit et al. (Pub. No.: US 2015/0067792 A1) provide a method, apparatus, and system to control the unlocking of an entry for a guest having a wireless device by an owner access point. A virtual key for a wireless device and an access control rule associated with the virtual key may be stored at the owner access point. The owner access point may determine whether a virtual key received from a wireless device matches the stored virtual key and whether the access control rule for the stored virtual key is satisfied. If the virtual key matches, and the access control rule for the stored virtual key is satisfied, the owner access point may transmit an open command to the entry.

De Foy et al. (Pub. No.: US 2013/0094445 A1) provide method and apparatus are described for forwarding content delivery network interconnection (CDNI) signaling. A CDNI router content delivery network (CDN) may establish CDNIs with upstream and downstream CDNs. The CDNI router CDN may receive a CDNI route advertisement message from at least one of the upstream and downstream CDNs. The CDNI router CDN may update at least one end-user-based CDNI routing table based on Internet protocol (IP) address blocks in the CDNI route advertisement message. The CDNI router CDN may transmit an updated CDNI route advertisement message to at least one of the upstream and downstream CDNs. At least one of the upstream and downstream CDNs may update at least one end-user-based CDNI routing table based on the end user IP address blocks in the updated CDNI route advertisement message.


Conclusion

10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
September 2, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434