DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	This Office Action has been issued in response to Applicant’s Communication of amended application S/N 16/295,313 filed on June 7, 2022.  Claims 1 to 27 are currently pending with the application.

Claim Objections
Claims 1, 2, 10, 11, 19, and 20 are objected to because of the following informalities:  
Claim 1 reads: “and own protocol” in line 7, and should read “and a protocol”; “a LDAP protocol”, in line 11, and should read “an LDAP protocol”; and “external directories for accessing data cache”, in line 13, and should read “external directories for accessing a data cache”, for purposes of clarity. Same rationale applies to claims 10 and 19, since they recite similar limitations.
Claim 2 reads “wherein user data is maintained” in line 1, and for purposes of clarity and consistency, it should read “wherein the user data is maintained”. Same rationale applies to claims 11 and 20, since they recite similar limitations.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 to 27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “external directory has its unique function” in line 6.  There is insufficient antecedent basis for this limitation in the claim.
Same rationale applies to claims 10 and 19, since they recite similar limitations, and to claims 2 to 9, 11 to 18, and 20 to 27, by virtue of their dependency on claims 1, 10, and 19.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 to 3, 7 to 12, 16 to 21, and 25 to 27 are rejected under 35 U.S.C. 103 as being unpatentable over Luthra et al. (U.S. Patent No. 8,706,692) hereinafter Luthra, in view of Kan et al. (U.S. Publication No. 2010/0064353) hereinafter Kan, and further in view of Sakura et al. (U.S. 
Publication No. 2017/0310672) hereinafter Sakura.
	As to claim 1:
	Luthra discloses:
A computer-implemented method for managing enterprise data [Column 4, lines 1 to 11 teach combining, changing, and properly routing information from disparate sources of infrastructure data, such as a Human Resource Management System, directory services, facilities management system, data security system, etc.; Column 7, line 37 teaches a corporate infrastructure management system (“CIMS”)], the method comprising: 
creating, by a number of processors, a human resources (HR) database [Column 6, lines 35 to 39 teaches a human resources database that stores employee statuses, where a human resources administrator may update the database to reflect a new employee hire or the termination of an employee; Column 12, lines 31 to 33 teach human resources database is updated with the employee’s status as terminated]; 
creating, by the number of processors, an interface in communication with the HR database and a number of third party heterogeneous external directories [Column 7, lines 35 to 39 teach corporate infrastructure management system provides clients with functionality to manage, update, and access the disparate databases across various platforms; Column 8, lines 27 to 39 teach CMS allows scalability, and provides a centralized infrastructure that ensures that business applications are separate from infrastructure sources, and that no users and clients can access the directory services directly, while associating data among the multitude of infrastructure sources, hence, an interface in communication with the databases (including the human resources database), and third party heterogeneous directories; Column 10, line 1 teaches CIMS interface can store information about resources within the directories, and further lines 10 to 20 teach the interface (CIMS) can create and store information about different account types required to run an organization, such as an employee account and a functional account, where an employee account is one that is used by an employee and maps directly to a record in the employee database, in other words, the interface is in communication with the HR database, and external directories; Column 12, lines 6 to 13 teach routing requests, and accessing internal data stores and external system resources outside of CIMS], wherein each external directory has its unique function and own protocol that differs from functions and protocols of other third party heterogenous external directories [Column 8, lines 11 to 17 teach CIMS is open to multiple platforms and formats, enabling the integration of disparate systems in a scalable manner, where many third party and vendor systems uses their own platforms and formats, therefore, each external directory has a respective protocol; Column 10, lines 47 to 55 teach external system resources include directory services, databases, or any other infrastructure data, where one directory can be used for North American locations, and anther can be used for European locations, therefore, each external directory has a respective; Column 11, lines 3 to 16 teach the interface can receive SOAP, HTTP, and Queue requests, and requests in a proprietary protocol, and as a result, it is able to communicate with various clients operating on various platforms, hence, different protocols; Column 12, lines 6 to 13 teach routing requests, and accessing internal data stores and external system resources outside of CIMS, using SOAP, messaging queues, ASDI, LDAP, etc.]; and 
searching, by the number of processors, user data indicated by a user request through the interface across the number of third party heterogeneous external directories using a LDAP protocol [Column 8, lines 40 to 53 teach maintaining and synchronizing user data through the interface (CIMS) across the multiple domains and directory servers; Column 10, lines 46 to 59 teach managing and synchronizing data through the interface, across external directories; Column 12, lines 10 to 13 teach accessing external resources using for example, LDAP, therefore, using LDAP protocol; Column 13, lines 40 to 44 teach CIMS can aggregate, enrich, relate, and arrange infrastructure information from disparate sources, and enhance cross-domain membership; Column 12, lines 54 to 58 teach operating with a client application that allows a user to request an e-mail distribution list, including members, hence, user data indicated in the user request, where  the CIMS receives the request and verifies whether the distribution list already exists and whether the requested members are entitled to be on the list], wherein the interface serves as a proxy for requests between the number of third party heterogeneous external directories and the HR database [Column 11, lines 61 to 62 teaches all requests passing through CIMS are proxied; Column 15, lines 52 to 53 teach the interface acts as a layer between the directory services and a business application], and wherein the interface maintains authorization credentials with the number of third party heterogeneous external directories [Column 10, lines 1 to 9 teach the CIMS interface can store information about resources within the directories, and map user access credentials to resources, in other words, maintaining authorization credentials with the directories; Column 16, lines 7 to 12 teach CIMS manage credential data across directory services or third party systems]; and
in response to failure to find the user data indicated by the user request in the number of third party heterogeneous external directories, adding, by the number of processors, the user data to the number of third party heterogenous external directories until there is no new data to be synchronized across the number of third party heterogenous external directories [Column 12, lines 54 to 60 teach a user to requests an e-mail distribution list, including members, (user data indicated in the user request), where the CIMS receives the request and verifies whether the distribution list already exists and whether the requested members are entitled to be on the list, and once it has been verified, the CIMS can allow the creation of the list and update the necessary directory services and databases, in other words, upon failing to find that the user data and list already exists, allowing to add the user data in the directories and databases].
	Luthra does not appear to expressly disclose a lightweight directory access protocol (LDAP) interface, using the interface to limit data transfer speed to prevent the interface from using all available bandwidth, wherein the LDAP interface binds with the number of third party heterogeneous external directories for accessing data cache of the number of third party heterogenous external directories; adding the user data to the data cache of the number of third party heterogenous external directories.
	Kan discloses:
using the interface to limit data transfer speed to prevent the interface from using all available bandwidth [Paragraph 0039 teaches policies can be used to block, throttle, accelerate, enhance, or transform network traffic that is part of an identified network flow, and may be enforced by network traffic controlling devices such as switches, routers, firewalls, proxies, IPS, and EPS systems; Paragraph 0045 teaches actions to be performed on network traffic may include actions to block, throttle, accelerate, enhance, or transform network traffic, therefore, including throttling, which limits data transfer speed to manage bandwidth].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by using the interface to limit data transfer speed to prevent the interface from using all available bandwidth, as taught by Kan [Paragraph 0039, 0045], because both applications are directed to management and maintenance of user authentication credentials; by controlling network traffic, including implementation of throttling, performance and network traffic is improved.
Neither Luthra nor Kan appear to expressly disclose a lightweight directory access protocol (LDAP) interface, wherein the LDAP interface binds with the number of third party heterogeneous external directories for accessing data cache of the number of third party heterogenous external directories; and adding the user data to the data cache of the number of third party heterogenous external directories.
Sakura discloses:
a lightweight directory access protocol (LDAP) interface [Paragraph 0125 teaches an LDAP that receive requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, or corporate office system, hence, an LDAP interface], wherein the LDAP interface binds with the number of third party heterogeneous external directories for accessing data cache of the number of third party heterogenous external directories [Paragraph 0119 teaches a cloud-based authentication system that includes a corporate office system, an LDAP datastore, an LDAP bind 618, etc.; Paragraph 0125 teaches receiving requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, corporate office system, where the system can bind to a remote LDAP, and can cache authentication requests];
adding the user data to the data cache of the number of third party heterogenous external directories [Paragraph 0104 teaches data synchronization will be used to distribute data to network devices such that it is available locally, by caching credentials in the network device].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by incorporating a lightweight directory access protocol (LDAP) interface, wherein the LDAP binds with the number of third party heterogeneous external directories for accessing data cache of the number of third party heterogenous external directories, and adding the user data to the data cache of the number of third party heterogenous external directories, as taught by Sakura [Paragraph 0019, 0025, 0104], because the applications are directed to management and maintenance of user authentication credentials; including an LDAP binding for authentication requests enables the management, updating, and improvement of authentication techniques into an existing system with minimal impact to network configuration (See Sakura Para [0007]).

As to claim 2:
	Luthra further discloses:
user data is maintained and synchronized across the number of third party heterogeneous external directories according to business logic-specified directory tools associated with the number of third party heterogeneous external directories [Column 11, lines 3 to 16 teach the interface can receive SOAP, HTTP, and Queue requests, and requests in a proprietary protocol, and as a result, it is able to communicate with various clients operating on various platforms, in other words, managing the data across external directories and clients based on each respective directory tools, platforms, and protocols; Column 12, lines 6 to 13 teach routing requests, and accessing internal data stores and external system resources outside of CIMS, using SOAP, messaging queues, ASDI, LDAP, etc.].

As to claim 3:
	Luthra discloses:
the interface serves as a system of record data source [Column 16, lines 57 to 64 teach CIMS interface introduces the concept of an “enterprise” golden source single system, which provides access to authoritative sources of information as well as executing change against the underlying sources, therefore, a system of record data source].
Luthra does not appear to expressly disclose an LDAP interface.
Sakura discloses:
a lightweight directory access protocol (LDAP) interface [Paragraph 0125 teaches an LDAP that receive requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, or corporate office system, hence, an LDAP interface].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by incorporating an LDAP interface, as taught by Sakura [Paragraph 0104], because the applications are directed to management and maintenance of user authentication credentials; including an LDAP interface enables the management, updating, and improvement of authentication techniques into an existing system with minimal impact to network configuration (See Sakura Para [0007]).

As to claim 7:
	Luthra discloses:
the interface maintains the authorization credentials with the number of third party heterogeneous external directories on an on-demand basis [Column 9, lines 23 to 27 teach CIMS interface passes along updates as necessary so that related systems reflect the changes made to the infrastructure local data store, by reconciling the required state versus the actual state, where reconciliation can occur on command or on a periodic basis, therefore, maintaining the authorization credentials with the external directories can occur on an on-demand basis (on 
command)].
Luthra does not appear to expressly disclose an LDAP interface.
Sakura discloses:
a lightweight directory access protocol (LDAP) interface [Paragraph 0125 teaches an LDAP that receive requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, or corporate office system, hence, an LDAP interface].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by incorporating an LDAP interface, as taught by Sakura [Paragraph 0104], because the applications are directed to management and maintenance of user authentication credentials; including an LDAP interface enables the management, updating, and improvement of authentication techniques into an existing system with minimal impact to network configuration (See Sakura Para [0007]).

As to claim 8:
	Luthra discloses:
the interface provides a protocol transition between the HR database and the number of third party heterogeneous external directories [Column 11, lines 1 to 16 teach CIMS interface employs a multi-tier system to collect the data, aggregate the data from different sources, report, and change the data, where the interface can receive SOAP, HTTP, Queue requests, and requests in a proprietary protocol, and therefore, is able to communicate with various clients operating on various platforms, in other words, can manage, and transition between different protocols; Column 12, lines 6 to 13 teach managing and routing read and write requests from internal data sources and external data stores and systems, where systems external to the interface can be accessed using SOAP, messaging queues, ADSI, LDAP, etc., in other words, has the ability to transition between differing protocols].
Luthra does not appear to expressly disclose an LDAP interface.
Sakura discloses:
a lightweight directory access protocol (LDAP) interface [Paragraph 0125 teaches an LDAP that receive requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, or corporate office system, hence, an LDAP interface].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by incorporating an LDAP interface, as taught by Sakura [Paragraph 0104], because the applications are directed to management and maintenance of user authentication credentials; including an LDAP interface enables the management, updating, and improvement of authentication techniques into an existing system with minimal impact to network configuration (See Sakura Para [0007]).

As to claim 9:
	Luthra discloses:
a user comprises one of: an individual user; an organization; or a team of individuals [Column 6, lines 36 to 37 teach human resources database that stores employee statuses; Column 13, lines 5 to 10 teach group memberships, including a user account membership of a group, and nested relationships where a group can be a member of other groups].
	Claims 10 to 12, 16 to 21, and 25 to 27 are rejected under the same rationale, since they recite similar limitations as those recited in claims 1 to 3, and 7 to 9.
Claims 4 to 6, 13 to 15, and 22 to 24 are rejected under 35 U.S.C. 103 as being unpatentable over Luthra et al. (U.S. Patent No. 8,706,692) hereinafter Luthra, in view of Kan et al. (U.S. Publication No. 2010/0064353) hereinafter Kan, in view of Sakura et al. (U.S. Publication No. 2017/0310672) hereinafter Sakura, and further in view of McAdams et al. (U.S. Patent No. 10,986,081) hereinafter McAdams.
As to claim 4:
	Luthra as modified by Kan and Sakura discloses all the limitations as set forth in the rejections of claim 1 above, but does not appear to expressly disclose mapping users listed in the external directories to users listed in the HR database.
McAdams discloses:
mapping users listed in the number of third party heterogeneous external directories to users listed in the HR database [Column 6, lines 12 to 19 teach defining user attribute mappings to link the third-party service directory to contractor service directory].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by mapping users listed in the external directories to users listed in the HR database, as taught by McAdams [Column 6], because the applications are directed to management and maintenance of user authentication credentials; mapping users in external directories to users in the HR database, or their internal organization, enables the users to access resources managed via use of other directories that are linked to their organization’s directory, by using a single set of credentials, or the set of credentials for their organization, simplifying thereby the user’s authentication process (See McAdams [Col 3, lines 8-24]).

As to claim 5:
Luthra as modified by Kan and Sakura discloses all the limitations as set forth in the 
rejections of claim 1 above, but does not appear to expressly disclose mapping employee 
groupings in the number of third party heterogeneous external directories to teams listed in the HR database.
McAdams discloses:
mapping employee groupings in the number of third party heterogeneous external directories to teams listed in the HR database [Column 9, lines 27 to 29 teaches a link has been established between a group of a contractor service directory and a group of a third-party service directory, in other words, mapping employee groupings in the external directories as represented by the third-party service directory, to groups in the HR database, as represented by the contractor service directory].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by mapping employee groupings in the external directories to teams listed in the HR database, as taught by McAdams [Column 9], because the applications are directed to management and maintenance of user authentication credentials; mapping groups in external directories to groups in the HR database enables the users to access resources managed via use of other directories that are linked to their organization’s directory, by using a single set of credentials, or the set of credentials for their organization, simplifying thereby the user’s authentication process, and increasing the flexibility of managing and maintaining internal authentication information (See McAdams [Col 3, lines 8-24]).

As to claim 6:
Luthra as modified by Kan and Sakura discloses:
a lightweight directory access protocol (LDAP) interface [Sakura - Paragraph 0125 teaches an LDAP that receive requests for on-premises directory and authorizations for remote sites, such as another office at the same (first) company, corporate office system, or an office of a second company that recognizes guests from the first company, or corporate office system, hence, an LDAP interface].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by incorporating an LDAP interface, as taught by Sakura [Paragraph 0104], because the applications are directed to management and maintenance of user authentication credentials; including an LDAP interface enables the management, updating, and improvement of authentication techniques into an existing system with minimal impact to network configuration (See Sakura Para [0007]).
Neither Luthra, nor Kan, nor Sakura appear to expressly disclose defining a team comprising a subset of user profiles selected from among a number of user profiles in the HR database; and selecting a subset of external directories from among the number of third party heterogeneous external directories that are accessible by members of the team through the interface.
	McAdams discloses:
defining a team comprising a subset of user profiles selected from among a number of user profiles in the HR database [Column 5, lines 60 to 61 teach creating a third-party contractor group; Column 6, lines 1 to 5 teach selecting users that are included in the newly created third-party contractor group, which are employees of the contractor service; Column 13, lines 38 to 40 teach selecting via the interface, the users that are to be included in the newly created group]; and 
selecting a subset of third party heterogeneous external directories from among the number of third party heterogeneous external directories that are accessible by members of the team through the interface [Column 13, lines 29 to 38 teach via the interface, the contractor indicates acceptance for linking the directories, and the directory control sub-system updates an entry corresponding to the contractor’s directory to indicate the creation of the new group and to indicate that this new group is used to bridge from the contractor’s directory group to the third-party’s directory, in other words, selecting an external directory that will be accessible by members of the team or group].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to combine the teachings of the cited references and modify the invention as taught by Luthra, by defining a team comprising a subset of user profiles selected from among a number of user profiles in the HR database; and selecting a subset of external directories from among the number of external directories that are accessible by members of the team through the interface, as taught by McAdams [Column 5, 6, 13], because the applications are directed to management and maintenance of user authentication credentials; having the ability to define authorization credentials to external resources by creating groups that can be linked to external directories, increases the flexibility and ease of managing and maintaining authorization credentials, including the removal of links at any time (See McAdams [Col 3, lines 8-24]).
Claims 13 to 15, and 22 to 24 are rejected under the same rationale, since they recite similar limitations as those recited in claims 4 to 6.

Response to Arguments
	The following is in response to arguments filed on June 7, 2022.  Applicant’s arguments have been carefully and respectfully considered, but are moot in view of new grounds of rejections, as necessitated by the amendments.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAQUEL PEREZ-ARROYO whose telephone number is (571)272-8969. The examiner can normally be reached Monday - Friday, 8:00am - 5:30pm, Alt Friday, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 571-272-4046. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RAQUEL PEREZ-ARROYO/Primary Examiner, Art Unit 2169