DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is in response to Application filed on December 14, 2021 in which claims 1-25 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 14, 2021 and June 09, 2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-25 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No.11,347,560. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-25 of the present application are being anticipated by claims 1-25 of US Patent No. 11,347,560.

Claims 1-25 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No.10,817,346. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-25 of the present application are being anticipated by claims 1-21 of US Patent No. 10,817,346.

US Application 17/550,916
US Patent No. 11,347,560
US Patent No. 10,817,346
1. A computer-implemented method of initializing an application instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that enables a service provider for a SaaS application to set configuration parameters for the project implemented on the cloud- based computing service and initializing the project in which an application instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS application infrastructure builder autonomously, without the service provider having access to the builder, to build the application instance in the project; and after the application instance is built, delivering application services.

2. The computer-implemented method of claim 1, further including a customer organization controlling installation of maintenance updates, from the service provider, to the application instance delivering application services.

3. The computer-implemented method of claim 1, further including the SaaS application
infrastructure builder locking down and securing the project in which an application instance 1s built.

4. The computer-implemented method of claim 1, wherein the cloud-based computing
service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.

5. The computer-implemented method of claim 1, wherein the application instance provides isolated code and data management services to customers.

6. The computer-implemented method of claim 1, further including the application instance delivering application services to end user apps visiting a customer’s web site.


7. The computer-implemented method of claim 1, further including the application instance delivering application services to a customer's web site that is in communication with the application instance running in the project.

8. The computer-implemented method of claim 1, further including: the service provider for the SaaS application utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when a customer organization requests support that requires access to the project and/or configuration parameters of the project; and
generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked.

9. The computer-implemented method of claim 8, wherein at least two people must
collaborate with the service provider for the SaaS application to retrieve the credentials for the customer organization.

10. A tangible non-transitory computer readable storage media, including program
instructions loaded into memory that, when executed on processors cause the processors to implement a method of initializing an application instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the method including: at a first time, running a SaaS cluster configuration engine that enables a service provider for a SaaS application to set configuration parameters for the project implemented on the cloud- based computing service and initializing the project in which an application instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS application infrastructure builder autonomously, without the service provider having access to the builder, to build the application instance in the project; and after the application instance is built, delivering application services.

11. The tangible non-transitory computer readable storage media of claim 10, further including a customer organization controlling installation of maintenance updates, from the service provider, to the application instance delivering application services.

12. The tangible non-transitory computer readable storage media of claim 10, further including the SaaS application infrastructure builder locking down and securing the project in which an application instance is built.

13. The tangible non-transitory computer readable storage media of claim 10, wherein the cloud-based computing service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.

14. The tangible non-transitory computer readable storage media of claim 10, wherein the application instance provides isolated code and data management services to customers.

15. The tangible non-transitory computer readable storage media of claim 10, further including the application instance delivering application services to end user apps visiting a customer's web site.

16. The tangible non-transitory computer readable storage media of claim 10, further including the application instance delivering application services to a customer’s web site that is in communication with the application instance running in the project.

17. The tangible non-transitory computer readable storage media of claim 10, further including: the service provider for SaaS application utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when a customer organization requests support that requires access to the project and/or configuration parameters of the project; and generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked. {

18. The tangible non-transitory computer readable storage media of claim 17, wherein at least two people must collaborate with the service provider for SaaS application to retrieve the credentials for the customer organization.

19. A system for initializing an application instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the system including a processor, memory coupled to the processor and computer instructions from the non-transitory computer readable storage media of claim 10 loaded into the memory.

20. The system of claim 19, further including a customer organization controlling installation of maintenance updates, from the service provider, to the application instance delivering application services.

21. The system of claim 19, further including the SaaS application infrastructure builder locking down and securing the project in which an application instance is built.

22. The system of claim 19, further including the application instance delivering application services to end user apps visiting a customer's web site.

23. The system of claim 19, further including the application instance delivering application services to a customer’s web site that is in communication with the application instance running in the project.

24. A computer-implemented method of initializing a secure application instance isolated from malicious code and interacting with a server, the initializing managed using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that enables a service provider for a SaaS service to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which the secure application instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS service infrastructure builder autonomously, without the service provider having access to the builder, to build the secure application instance in the project; and after the secure application instance is built, delivering secure application services for interacting with the server.

25. The computer-implemented method of claim 24, further including a customer organization controlling installation of maintenance updates, from the service provider, to the secure application instance delivering application services.
1. A computer-implemented method of initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS identity management to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which an identity management instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS identity management infrastructure builder autonomously, without the service provider having access to the builder, to build the identity management instance in the project; and after the identity management instance is built, delivering identity management services.
2. The computer-implemented method of claim 1, further including a customer organization controlling installation of maintenance updates, from the service provider, to the identity management instance delivering identity management services.
3. The computer-implemented method of claim 1, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
4. The computer-implemented method of claim 1, wherein the cloud-based computing service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.
5. The computer-implemented method of claim 1, wherein the identity management instance provides authentication and authorization services to customers.
6. The computer-implemented method of claim 1, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
7. The computer-implemented method of claim 1, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
8. The computer-implemented method of claim 1, further including: the service provider for SaaS identity management utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when a customer organization requests support that requires access to the project and/or configuration parameters of the project; and generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked.
9. The computer-implemented method of claim 8, wherein at least two people must collaborate with the service provider for SaaS identity management to retrieve the credentials for the customer organization.
10. A tangible non-transitory computer readable storage media, including program instructions loaded into memory that, when executed on processors cause the processors to implement a method of initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the method including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS identity management to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which an identity management instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS identity management infrastructure builder autonomously, without the service provider having access to the builder, to build the identity management instance in the project; and after the identity management instance is built, delivering identity management services.
11. The tangible non-transitory computer readable storage media of claim 10, further including a customer organization controlling installation of maintenance updates, from the service provider, to the identity management instance delivering identity management services.
12. The tangible non-transitory computer readable storage media of claim 10, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
13. The tangible non-transitory computer readable storage media of claim 10, wherein the cloud-based computing service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.
14. The tangible non-transitory computer readable storage media of claim 10, wherein the identity management instance provides authentication and authorization services to customers.
15. The tangible non-transitory computer readable storage media of claim 10, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
16. The tangible non-transitory computer readable storage media of claim 10, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
17. The tangible non-transitory computer readable storage media of claim 10, further including: the service provider for SaaS identity management utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when a customer organization requests support that requires access to the project and/or configuration parameters of the project; and generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked.
18. The tangible non-transitory computer readable storage media of claim 17, wherein at least two people must collaborate with the service provider for SaaS identity management to retrieve the credentials for the customer organization.
19. A system for initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the system including a processor, memory coupled to the processor and computer instructions from the non-transitory computer readable storage media of claim 10 loaded into the memory.
20. The system of claim 19, further including a customer organization controlling installation of maintenance updates, from the service provider, to the identity management instance delivering identity management services.
21. The system of claim 19, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
22. The system of claim 19, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
23. The system of claim 19, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
24. A computer-implemented method of initializing a secure application instance isolated from malicious code and interacting with a server, the initializing managed using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS service to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which the secure application instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS service infrastructure builder autonomously, without the service provider having access to the builder, to build the secure application instance in the project; and after the secure application instance is built, delivering secure application services for interacting with the server.
25. The computer-implemented method of claim 24, further including a customer organization controlling installation of maintenance updates, from the s

1. A computer-implemented method of initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS identity management to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which an identity management instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS identity management infrastructure builder autonomously, without the service provider having access to the builder, to build the identity management instance in the project; after the identity management instance is built, delivering identity management services; and at a third time following the second time, running a SaaS maintenance service, under sovereign control of a customer organization, to pull from the service provider and to install in the project, maintenance updates for the identity management instance, without exposing data secured by the customer organization to the service provider.
2. The computer-implemented method of claim 1, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
3. The computer-implemented method of claim 1, wherein the cloud-based computing service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.
4. The computer-implemented method of claim 1, wherein the identity management instance provides authentication and authorization services to customers.
5. The computer-implemented method of claim 1, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
6. The computer-implemented method of claim 1, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
7. The computer-implemented method of claim 1, further including: the service provider for SaaS identity management utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when the customer organization requests support that requires access to the project and/or configuration parameters of the project; and generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked.
8. The computer-implemented method of claim 7, wherein at least two people must collaborate with the service provider for SaaS identity management to retrieve the credentials for the customer.
9. A tangible non-transitory computer readable storage media, including program instructions loaded into memory that, when executed on processors cause the processors to implement a method of initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the method including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS identity management to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which an identity management instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS identity management infrastructure builder autonomously, without the service provider having access to the builder, to build the identity management instance in the project; after the identity management instance is built, delivering identity management services; and at a third time following the second time, running a SaaS maintenance service, under sovereign control of a customer organization, to pull from the service provider and to install in the project, maintenance updates for the identity management instance, without exposing data secured by the customer organization to the service provider.
10. The tangible non-transitory computer readable storage media of claim 9, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
11. The tangible non-transitory computer readable storage media of claim 9, wherein the cloud-based computing service is one of Google Cloud Platform (abbreviated GCP), Amazon Web Services (abbreviated AWS) or Microsoft Azure Virtual Platform.
12. The tangible non-transitory computer readable storage media of claim 9, wherein the identity management instance provides authentication and authorization services to customers.
13. The tangible non-transitory computer readable storage media of claim 9, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
14. The tangible non-transitory computer readable storage media of claim 9, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
15. The tangible non-transitory computer readable storage media of claim 9, further including: the service provider for SaaS identity management utilizing a “break glass” scenario for accessing escrowed project access credentials, stored on a different platform than the cloud-based computing service, at a time when the customer organization requests support that requires access to the project and/or configuration parameters of the project; and generating one or more notices to the customer organization and a security administrator for the service provider that the “break glass” scenario has been invoked.
16. The tangible non-transitory computer readable storage media of claim 9, wherein at least two people must collaborate with the service provider for SaaS identity management to retrieve the credentials for the customer.
17. A system for initializing an identity management instance using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, the system including a processor, memory coupled to the processor and computer instructions from the non-transitory computer readable storage media of claim 9 loaded into the memory.
18. The system of claim 17, further including the SaaS identity management infrastructure builder locking down and securing the project in which an identity management instance is built.
19. The system of claim 17, further including the identity management instance delivering identity management services to end user apps visiting a customer's web site.
20. The system of claim 17, further including the identity management instance delivering identity management services to a customer's web site that is in communication with the identity management instance running in the project.
21. A computer-implemented method of initializing a secure application instance isolated from malicious code and interacting with a server, the initializing managed using a software as a service (abbreviated SaaS) model in a project implemented on a cloud-based computing service, including: at a first time, running a SaaS cluster configuration engine that links a service provider for SaaS service to set configuration parameters for the project implemented on the cloud-based computing service and initializing the project in which the secure application instance will be built, then removing authorization of the SaaS cluster configuration engine to access to the project, including removing access to set the configuration parameters; at a second time following the first time, running a SaaS service infrastructure builder autonomously, without the service provider having access to the builder, to build the secure application instance in the project; after the secure application instance is built, delivering secure application services for interacting with the server; and at a third time following the second time, running a SaaS maintenance service, under sovereign control of a customer organization, to pull from the service provider and to install in the project, maintenance updates for the secure application instance, without exposing data secured by the customer organization to the service provider.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANTZ COBY whose telephone number is (571)272-4017. The examiner can normally be reached Monday-Thursday 7AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571 270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/FRANTZ COBY/Primary Examiner, Art Unit 2456                                                                                                                                                                                                        
September 8, 2022