Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-22 are pending in this application. 

Claim Objections
Claims 2-3, 6, 12, 14, 16 and 18-21 are objected to because of the following informalities: 
Regarding claims 2-3 and 6, claims 2 and 6 recite the limitation “the software-as-a-service platform supports.” To positively recite active steps of the claimed method, it’s suggested the aforementioned limitation be further amended to “supporting, by the software-as-a-service platform;” (emphasis added).
Regarding claims 12 and 21, claims 12 and 21 recite the limitation “a workgroup identity spans.” To positively recite active steps of the claimed method, it’s suggested the aforementioned limitation be further amended to “spanning, by a workgroup identity;” (emphasis added).
Regarding claim 14, claim 14 recites the limitation “the cloud provider account stores.” To positively recite active steps of the claimed method, it’s suggested the aforementioned limitation be further amended to “storing, by the cloud provider account;” (emphasis added).
Regarding claim 16, claim 16 recites the limitation “the software-as-a-service platform supports,” To properly recite embodiments and associate functions of the claimed system, it’s suggested that the aforementioned limitation be further amended to ““the software-as-a-service platform configured to support;” (emphasis added). Claim 
Regarding claims 18-21, claims 18-21 recite the limitations “[t]he computer implemented method of claim;” It’s believed a typographical error; it’s suggested that the aforementioned limitation be further amended to “[t]he system of claim ..” (emphasis added).

Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 10/26/2021, 11/10/2021 and 01/07/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 22 is rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. 
Regarding claim 22; claim 22 is rejected under 35 U.S.C. 101 because the claims is directed to non-statutory subject matter.  Claim 22 is directed to “[o]ne or more computer-readable media.” The specification does not limit the claimed “computer-readable media” to non-transitory medium. At most paragraph [0499], the specification just states that “computer-readable media herein can be non-transitory and can be limited to implementations not consisting of a signal;” (emphasis added). The term “can be” is not an affirmative statement to limit the claimed “computer-readable media” to statutory media.  Under a recent precedential opinion, the scope of the recited “computer readable storage medium” encompasses transitory media such as signals or carrier waves, where, as here the Specification does not limit the computer readable storage medium to non-transitory forms.  See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 35 U.S.C. 101 since it encompassed transitory media).  The Examiner respectfully suggests that the claim be amended to either “A non-transitory computer-readable storage medium” or “a computer-readable storage device,” or the like to make the claim statutory under 35 USC 101; (emphasis added).  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4-7, 9-11, 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114) in view of Richardson et al (“Richardson,” CN111625346, see Google Translation) and further in view of Bansal et al (“Bansal,” US 20180077138). 

Regarding claim 1, Gholami discloses a computer-implemented method comprising:
Gholami discloses sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account;  (Gholami, Pages 109-111, Right Column Under Section Access Control describes sending a request to a user management module [credentials management service] for One-Time Passwords which are derived from a public ID of the Yubikey token [limited temporary derived credentials] valid for the cloud provider account; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
receiving the limited temporary derived credentials valid for the cloud provider account; (Gholami, Pages 109-111, Right Column Under Section Access Control; Section B. User Management; Section C. Custom Authentication Realm disclose a receiving One-Time Passwords which are derived from the public ID of the Yubikey token [limited temporary derived credentials] valid for the cloud provider; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
and providing the limited temporary derived credentials for use by the identity, (Gholami, Pages 109-111, Right Column Under Section Access Control; Section B. User Management; Section C. Custom Authentication Realm disclose and providing the One-Time Passwords which are derived from the public ID of the Yubikey token [limited temporary derived credentials] for use by the identity; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
Gholami fails to explicitly disclose in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control,
However, in an analogous art, Richardson discloses in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control (Richardson, Page 3, Line 55, tenants; Page 8, Lines 3 & , genome sequencing; Page 8, Line 16, SaaS (Software-as-a-service); Page 5, Lines 19-21, enhanced security policies for access). 
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Richardson with the method/system of Gholami to include in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control. One would have been motivated to provide services to cloud users from a high performance computing environment (Richardson, Page 4, Lines 10-11).  
Gholami and Richardson fail to explicitly disclose discovering a cloud provider account for an identity accessing the software-as-a-service platform, (Gholami, [0044], [0052], [0054] describe discovering a cloud provider account for an identity accessing the software-as-a-service platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include discovering a cloud provider account for an identity accessing the software-as-a-service platform. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 4, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 1. 
Bansal further discloses further comprising: receiving policy-based access control configuration information for the plurality of tenants; (Bansal, [0064], [0070], [0101] describes further comprising: receiving policy-based access control configuration information for the plurality of tenants)
wherein the limited temporary derived credentials are limited to rights indicated in the policy-based access control configuration information, (Bansal, [0212], [0213] describes derived credentials in form of token that according to policy defines an expiration time of the token [limited temporary derived credentials]; also see [0189]-[0197]). 
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include further comprising: receiving policy-based access control configuration information for the plurality of tenants; wherein the limited temporary derived credentials are limited to rights indicated in the policy-based access control configuration information. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 5, Bansal, Richardson and Gholami disclose the computer-implemented method of claim 1. 
Bansal further discloses further comprising: receiving underlying credentials for the cloud provider account; (Bansal, [0051], [0212], [0213] describes further comprising: receiving underlying request access tokens [credentials] for the cloud provider account; also see [0189]-[0197]).
wherein the limited temporary derived credentials are derived from the underlying credentials, (Bansal, [0189]-[0197] describes wherein the limited temporary derived credentials are derived from the underlying credentials)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include further comprising: receiving underlying credentials for the cloud provider account, wherein the limited temporary derived credentials are derived from the underlying credentials. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 6, Bansal, Richardson and Gholami disclose the computer-implemented method of claim 1. 
Bansal further discloses wherein: the software-as-a-service platform supports limited temporary derived credentials for a plurality of cloud provider types, (Bansal, [0018], [0189]-[0197], [0024] describes wherein: the software-as-a-service platform supports limited temporary derived credentials for a plurality of cloud provider types)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include wherein: the software-as-a-service platform supports limited temporary derived credentials for a plurality of cloud provider types. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 7, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 6. 
Bansal further discloses wherein: discovering the cloud provider account comprises discovering a cloud provider type of the cloud provider account, (Bansal, [0018], [0189]-[0197], [0024] describes wherein: the software-as-a-service platform supports limited temporary derived credentials for a plurality of cloud provider types)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include wherein: discovering the cloud provider account comprises discovering a cloud provider type of the cloud provider account. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]).  

Regarding claim 9, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 1. 
Bansal further discloses wherein: the identity is one of a plurality of different identity types supported by the software-as-a-service platform, (Bansal, [0054], [0067], [0140], [0152], describe wherein: the identity is one of a plurality of different identity types supported by the software-as-a-service platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include wherein: the identity is one of a plurality of different identity types supported by the software-as-a-service platform. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 10, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 9. 
Bansal further discloses wherein: the identity is of type “application.” (Bansal, [0067], [0081], application)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include wherein: the identity is of type “application.” One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 11, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 9. 
Bansal further discloses the identity is of type “workgroup,” (Bansal, [0081], groups)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include the identity is of type “workgroup,” One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 13, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 1. 
Bansal further discloses wherein: the identity types supported by the software-as-a-service platform comprise: (Bansal, [0054], [0067], [0140], [0152], describe wherein: the identity types supported by the software-as-a-service platform)
application; (Bansal, [0067], [0081], application)
tenant; (Bansal, [0069] and [0121], tenant)
workgroup; and (Bansal, [0081], groups)
and user (Bansal, [0018], [0081], [0020], user)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include wherein: the identity types supported by the software-as-a-service platform comprise: application; tenant; workgroup and user. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 

Regarding claim 14, Gholami, Richardson and Bansal disclose the method of claim 1. 
Richardson further discloses wherein: the cloud provider account stores a genomic digital data resource; (Richardson, Page 8, Lines 1-5 describe wherein: the cloud provider account stores a genomic digital data resource)
access to the genomic digital data resource is controlled by a role identifier linked to a policy-based access control definition; (Richardson, Pages 8, Line 3, genome sequencing; Page 4, Line 15 describes a role identifier; Page 5, Lines 19-21, enhanced security policies for access)
and the method further comprises: responsive to a request for access to the genomic digital data resource, providing the role identifier specified in the policy-based access control definition for the request for access, (Richardson, Pages 8, Line 3, genome sequencing; Page 4, Line 13-15 describes a request for access and a role identifier; Page 5, Lines 19-21, enhanced security policies for access)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Richardson with the method/system of Gholami to include in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control. One would have been motivated to provide services to cloud users from a high performance computing environment (Richardson, Page 4, Lines 10-11).  

Claims 2 and 3 are rejected under 35 U.S.C. 103 as being unpatentable over Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114), Richardson et al (“Richardson,” CN111625346, see Google Translation) in view of Bansal et al (“Bansal,” US 20180077138) and further in view of Hasan et al (“Hasan,” US 20150372857).

Regarding claim 2, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 1. 
Gholami, Richardson and Bansal fail to explicitly disclose wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant.
However, in an analogous art, Hasan discloses wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant, (Hasan, [0011], [0027], [0009] describes and the software-as-a-service platform supports multiple different cloud provider accounts per tenant)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hasan with the method/system of Gholami, Richardson and Bansal to include wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant. One would have been motivated to provide an extension of a single tenant cloud across multiple cloud providers (Hasan, [0002]).
Regarding claim 3, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 1. 
Gholami, Richardson and Bansal fail to explicitly disclose wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant.
However, in an analogous art, Hasan discloses wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant, (Hasan, [0011], [0027], [0009] describes and the software-as-a-service platform supports multiple different cloud provider accounts per tenant)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hasan with the method/system of Gholami, Richardson and Bansal to include wherein: the software-as-a-service platform supports multiple different cloud provider accounts per a single tenant. One would have been motivated to provide an extension of a single tenant cloud across multiple cloud providers (Hasan, [0002]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114), Richardson et al (“Richardson,” CN111625346, see Google Translation) and further in view of Bansal et al (“Bansal,” US 20180077138) and further in view of Yu et al (“Yu,” US 20210092105). 

Regarding claim 8, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 7. 
Gholami, Richardson and Bansal disclose wherein: the credentials management service is external to the software-as-a-service platform.
However, in an analogous art, Yu discloses wherein: the credentials management service is external to the software-as-a-service platform (Yu, [0033]-[0034], 202, 208 FIG 2 shows the credential manager as part of the server not the SAAS platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yu with the method/system of Gholami, Richardson and Bansal to include wherein: the credentials management service is external to the software-as-a-service platform. One would have been motivated to provide credential control among a plurality of client devices (Yu, [0001]). 

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114), Richardson et al (“Richardson,” CN111625346, see Google Translation) in view of Bansal et al (“Bansal,” US 20180077138) and further in view of Harar et al (“Harar,” US 20210224194).

Regarding claim 12, Gholami, Richardson and Bansal disclose the computer-implemented method of claim 11. 
Gholami, Richardson and Bansal fail to explicitly disclose wherein: a workgroup identity spans a plurality of the tenants of the software-as-a- service platform.
However, in an analogous art, Harar discloses wherein: a workgroup identity spans a plurality of the tenants of the software-as-a- service platform, (Harar, [0074], [0027], [0151], describes wherein: a workgroup identity spans a plurality of tenants of the software-as-a-service platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Harar with the method/system of Gholami, Richardson and Bansal to include wherein: a workgroup identity spans a plurality of the tenants of the software-as-a- service platform. One would have been motivated to provide improved efficiency during computations in a distributed computing system (Harar, [0004]).

Claims 15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (“Bansal,” US 20180077138) and further in view of Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114). 

Regarding claim 15, Bansal discloses a multi-tenant, cloud-based system comprising:
one or more processors; (Bansal, [0184], processor)
memory coupled to the one or more processors; (Bansal, [0184] describes memory coupled to the one or more processors)
a mapping between identities accessing a software-as-a-service platform and cloud provider accounts; (Bansal, [0044], [0054], [0062]-[0063] describes a mapping between identities accessing a software-as-a-service platform and cloud provider accounts; also see [0065]-[0067])
a policy store comprising policy-based access control definitions; (Bansal, [0066], [0096], [0106], [0109]-[0110], [0162], describes a policy store comprising policy-based access control definitions). 
wherein the memory comprises computer-executable instructions causing the one or more processors to perform operations comprising: (Bansal, [0184] describes memory coupled to the one or more processors)
based on the mapping, discovering a cloud provider account for an identity accessing the software-as-a-service platform; (Bansal, [0044], [0054], [0062]-[0063] describes discovering a cloud provider account for an identity accessing the software-as-a-service platform; also see [0065]-[0067])
Bansal fails to explicitly disclose a genomic digital data resource linked to a role identifier and stored at a given cloud provider account external to the software-as-a-service platform; sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account; receiving the limited temporary derived credentials valid for the cloud provider account; and providing the limited temporary derived credentials or use by the identity to access the genomic digital data resource. 
However, in an analogous art, Gholami discloses a genomic digital data resource linked to a role identifier and stored at a given cloud provider account external to the software-as-a-service platform; (Gholami, Page 109, Section IV. BioBankCloud Security Framework; FIG 4, Page 111, Under Section Authorization and Table 1 describes a genomic digital data resource linked to a role identifier and stored at a given cloud provider account external to the software-as-a-service platform; also see pages 106-113)
sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account; (Gholami, Pages 109-111, Right Column Under Section Access Control describes sending a request to a user management module [credentials management service] for One-Time Passwords which are derived from a public ID of the Yubikey token [limited temporary derived credentials] valid for the cloud provider account; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
receiving the limited temporary derived credentials valid for the cloud provider account; and (Gholami, Pages 109-111, Right Column Under Section Access Control; Section B. User Management; Section C. Custom Authentication Realm disclose a receiving One-Time Passwords which are derived from the public ID of the Yubikey token [limited temporary derived credentials] valid for the cloud provider; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
providing the credentials for use by the identity to access the genomic digital data resource (Gholami, Pages 109-111, Right Column Under Section Access Control; Section B. User Management; Section C. Custom Authentication Realm disclose and providing the One-Time Passwords which are derived from the public ID of the Yubikey token [limited temporary derived credentials] for use by the identity; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gholami with the method/system of Bansal to include a genomic digital data resource linked to a role identifier and stored at a given cloud provider account external to the software-as-a-service platform; sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account; receiving the limited temporary derived credentials valid for the cloud provider account; and providing the limited temporary derived credentials or use by the identity to access the genomic digital data resource. One would have been motivated to provide a security framework for genomics analysis (Gholami, Page 106, Introduction). 

Regarding claim 17, Bansal and Gholami disclose the system of claim 15. 
Bansal further discloses evaluated at a time of a request for access (Bansal, [0200], [0019], [0034] and [0087] describe evaluated at a time of request for access)
Gholami further discloses wherein the memory further comprises computer-executable instructions causing the one or more processors to perform operations comprising: granting access to the genomic digital data resource according to a policy- based access control definition, (Gholami, Pages 109-111, Right Column Under Section Access Control describes using a OTP (one-time password) to grant access to genomic data stored in BioBankCloud; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gholami with the method/system of Bansal to include wherein the memory further comprises computer-executable instructions causing the one or more processors to perform operations comprising: granting access to the genomic digital data resource according to a policy- based access control definition. One would have been motivated to provide a security framework for genomics analysis (Gholami, Page 106, Introduction). 

Regarding claim 18, Bansal and Gholami disclose the computer-implemented method of claim 15. 
Bansal further discloses wherein: the identity is one of a plurality of different identity types supported by the software-as-a-service platform, (Bansal, [0054], [0067], [0140], [0152], describe wherein: the identity is one of a plurality of different identity types supported by the software-as-a-service platform)

Regarding claim 19, Bansal and Gholami disclose the computer-implemented method of claim 15. 
Bansal further discloses wherein: the identity is of type “application,” (Bansal, [0067], [0081], application)

Regarding claim 20, Bansa and Gholami disclose the computer-implemented method of claim 15. 
Bansal further discloses wherein: the identity is of type “workgroup,” (Bansal, [0081], groups)





Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (“Bansal,” US 20180077138), in view of Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114) and further in view of Hasan et al (“Hasan,” US 20150372857).

Regarding claim 16, Bansal and Gholami disclose the system of claim 15. 
Bansal and Gholami fail to explicitly disclose wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; and the software-as-a-service platform supports multiple different cloud provider accounts per tenant.
However, in an analogous art, Hasan discloses wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; (Hasan, [0011], [0027], [0009] describes wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant)
and the software-as-a-service platform supports multiple different cloud provider accounts per tenant, (Hasan, [0011], [0027], [0009] describes and the software-as-a-service platform supports multiple different cloud provider accounts per tenant)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hasan with the method/system of Bansal and Gholami to include wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; and the software-as-a-service platform supports multiple different cloud provider accounts per tenant. One would have been motivated to provide an extension of a single tenant cloud across multiple cloud providers (Hasan, [0002]).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (“Bansal,” US 20180077138), Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114) and further in view of Harar et al (“Harar,” US 20210224194). 

Regarding claim 21, Bansal and Gholami disclose the computer-implemented method of claim 20. 
Bansal and Gholami fail to explicitly disclose wherein: a workgroup identity spans a plurality of tenants of the software-as-a-service platform.
However, in an analogous art, Harar discloses wherein: a workgroup identity spans a plurality of tenants of the software-as-a-service platform, (Harar, [0074], [0027], [0151], describes wherein: a workgroup identity spans a plurality of tenants of the software-as-a-service platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Harar with the method/system of Bansal and Gholami to include wherein: a workgroup identity spans a plurality of tenants of the software-as-a-service platform. One would have been motivated to provide improved efficiency during computations in a distributed computing system (Harar, [0004]). 




Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Gholami et al (“Gholami,” “A Security Framework for Population-Scale Genomics Analysis,” 2015, IEEE, Pages 106-114), Richardson et al (“Richardson,” CN111625346, see Google Translation) in view of Bansal et al (“Bansal,” US 20180077138) and further in view of Hasan et al (“Hasan,” US 20150372857). 

Regarding claim 22, Gholami discloses one or more computer-readable media comprising:
Gholami discloses sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account; (Gholami, Pages 109-111, Right Column Under Section Access Control describes sending a request to a user management module [credentials management service] for One-Time Passwords which are derived from a public ID of the Yubikey token [limited temporary derived credentials] valid for the cloud provider account; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
receiving the limited temporary derived credentials valid for the cloud provider account; (Gholami, Pages 109-111, Right Column Under Section Access Control describes receiving a OTP (One-Time Password) which is derived from the public key of the Yubikey token valid for the BioBankCloud; Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
providing the limited temporary derived credentials for use by the identity to access the genomic digital data resources at the cloud provider account according to the policy-based access control; (Gholami, Pages 109-111, Right Column Under Section Access Control describes providing the OTP (one-time password) for use by the user to access the genomic data stored in a BioBankCloud account according to policy Page 106-107 describe BiobankCloud which stores genomic data and allows for access control on the data; also see pages 106-113)
Gholami fails to explicitly disclose computer-executable instructions capable of causing a computing system to perform the following in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control. 
However, in an analogous art, Richardson discloses computer-executable instructions capable of causing a computing system to perform the following in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control, (Richardson, Page 3, Line 55, tenants; Page 8, Lines 3 & , genome sequencing; Page 8, Line 16, SaaS (Software-as-a-service); Page 5, Lines 19-21, enhanced security policies for access).
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Richardson with the method/system of Gholami to include in a computing system supporting a plurality of tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control. One would have been motivated to provide services to cloud users from a high performance computing environment (Richardson, Page 4, Lines 10-11).  
Gholami and Richardson fail to explicitly disclose discovering a cloud provider account for an identity accessing the software-as- a-service platform. 
However, in an analogous art, Bansal discloses discovering a cloud provider account for an identity accessing the software-as- a-service platform, (Bansal, [0044], [0052], [0054] describe discovering a cloud provider account for an identity accessing the software-as-a-service platform)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bansal with the method/system of Gholami and Richardson to include discovering a cloud provider account for an identity accessing the software-as- a-service platform. One would have been motivated to provide identity management in a cloud system (Bansal, [0002]). 
Gholami, Richardson and Bansal fail to explicitly disclose wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; and the software-as-a-service platform supports multiple different cloud provider accounts per tenant. 
However, in an analogous art, Hasan discloses wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; (Hasan, [0011], [0027], [0009] describes wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant)
and the software-as-a-service platform supports multiple different cloud provider accounts per tenant (Hasan, [0011], [0027], [0009] describes and the software-as-a-service platform supports multiple different cloud provider accounts per tenant)
Therefore, it would have  been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hasan with the method/system of Gholami, Richardson and Bansal to include wherein: the software-as-a-service platform supports multiple different cloud provider account types per tenant; and the software-as-a-service platform supports multiple different cloud provider accounts per tenant.  One would have been motivated to provide an extension of a single tenant cloud across multiple cloud providers (Hasan, [0002]). 


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002.. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. 
Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JAMES J WILCOX/Examiner, Art Unit 2439



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439