DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The Office Action is in response to claims filed on 7/31/2020 where claims 1 – 24 are pending and ready for examination.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
 
The information disclosure statement (IDS) submitted on 2/17/2022 is in  compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.








Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-3, 6, 8-11, 14, 16-19, 22, and 24 are rejected under 35 USC 102(a)(2) as anticipated by Xu (US 2020/0257700)

	Regarding claim 1, Xu discloses a non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor cause the processor to perform acts for identity management, the acts comprising (see e.g. [0209] “ ... software stored in memory or other computer readable or tangle medium, and executed by a processor”):

	establishing a centralized identity authentication management service as a master over a master identity database of the centralized identity authentication management service (

	see e.g. [0023] “... a cloud scale Identity and Access Management (“IAM”) platform ...”

	see e.g. [0069] “ ... the fundamental function of an IAM solution is to enable and support the entire user provisioning life cycle. This includes providing users with the application access appropriate for their identity and role within the organization, certifying that they have the correct ongoing access permission ...”

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”

	see e.g. [0227}, [0023], [0025]

	see e.g. [0014] “... a master IDCS deployment ...”

The Examiner notes the Applicant identity feature is within the context of identity and access management; see e.g. Applicant’s Specification [0027]);

	establishing a non-master copy of the master identity database that is distributed to a location other than that of the centralized identity authentication management service (
	see e.g. [0021]

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	 	
	see e.g.  [0296] “... global resources such as global resource types and schemas, which are the metadata of resource definition in IDCS, need to also be replicated among data centers and regions ...” see e.g. [0223]	

The Examiner notes an instance is inherently created
	
	see e.g. [0227}, [0023], [0025]); and

	establishing ongoing coordination between the master identity database and the non-master copy to synchronize differences between the master identity database and the non-master copy of the identity database (

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	see e.g. Fig. 14)

	Regarding claim 2, Xu discloses the non-transitory computer readable medium of claim 1, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	exposing a URL of the centralized identity authentication management service configured to receive a WRITE request from a computing node that hosts the non-master copy (

	see e.g. [0229] “At 1420, a SCIM write request for one of the replicable resources comes to Admin Service 1405 at master 1401”

	see e.g. [0160] “ ... HTTP Uniform Resource Locator (“URL”) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211]).





	
	Regarding claim 3, Xu discloses the non-transitory computer readable medium of claim 1, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	establishing a proxy service within a given computing node, the proxy service
configured to process a READ request using the identity authentication management service of the given computing node and configured to forward a WRITE request to the centralized identity authentication management service.
 (
	see e.g. [0241] “ Apply Handler 1470 ... different types of operations (i.e. as a result of schema-based REST APIs for Create, Read, Update, Delete, and Query (“CRUDQ”) operations on all IDCS resources) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211], [0237], [0243]

	The Examiner notes the Apply Handler is equivalent to the proxy service)
			
	Regarding claim 6. Xu discloses The non-transitory computer readable medium of claim 1, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	recognizing an occurrence of a cloud infrastructure node being added and configuring a copy of the master identity database on the cloud infrastructure node (
	see e.g. [0023] “ ... a cloud scale Identity and Access Management (“IAM”) platform ...”
	see e.g. [0038] “ ... a cloud-scale API platform and implements horizontally scalable microservices for elastic scalability ...”. ).
	See e.g., [0112] “ ... scale horizontally (or scale out/in) means to add more nodes to (or remove nodes from) a system, such as adding a new computer to a distributed software application. Horizontal scalability allows an application to scale almost infinitely ...”)

	Regarding claim 8, Xu discloses the non-transitory computer readable medium of claim 6, wherein a virtual machine running on the cloud infrastructure node is authenticated by the master identity authentication management service on the cloud infrastructure node (Xu;

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”
	see e.g. Fig. 6A illustrating Authentication APIs 688b
	see e.g. [0004] “ ... authenticate a first client and store resources .. the first data center in communication with a second data center that is configured to replicate the resources ...”
	see e.g. [0051] “ ... identity context, authentication and authorization; policy administration” see e.g. [0083]; see e.g. [0118]; see e.g. [0165])

)

	Regarding claim 9, Xu discloses a method for identity management, the method comprising:

	establishing a centralized identity authentication management service as a master over a master identity database of the centralized identity authentication management
service (

	see e.g. [0023] “... a cloud scale Identity and Access Management (“IAM”) platform ...”

	see e.g. [0069] “ ... the fundamental function of an IAM solution is to enable and support the entire user provisioning life cycle. This includes providing users with the application access appropriate for their identity and role within the organization, certifying that they have the correct ongoing access permission ...”

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”

	see e.g. [0227}, [0023], [0025]

	see e.g. [0014] “... a master IDCS deployment ...”

The Examiner notes the Applicant identity feature is within the context of identity and access management; see e.g. Applicant’s Specification [0027]);

	establishing a non-master copy of the master identity database that is distributed to a location other than that of the centralized identity authentication management service (
	see e.g. [0021]

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	 	
	see e.g.  [0296] “... global resources such as global resource types and schemas, which are the metadata of resource definition in IDCS, need to also be replicated among data centers and regions ...” see e.g. [0223]	

The Examiner notes an instance is inherently created
	
	see e.g. [0227}, [0023], [0025]); and

	establishing ongoing coordination between the master identity database and the non-master copy to synchronize differences between the master identity database and the non-master copy of the identity database (

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	see e.g. Fig. 14).
	Regarding claim 10. Xu discloses the method of claim 9, further comprising exposing a URL of the centralized identity authentication management service configured to receive a WRITE request from a computing node that hosts the non-master copy (

	see e.g. [0229] “At 1420, a SCIM write request for one of the replicable resources comes to Admin Service 1405 at master 1401”

	see e.g. [0160] “ ... HTTP Uniform Resource Locator (“URL”) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211]).
	
	Regarding claim 11, Xu discloses the method of claim 9, further comprising:

	establishing a proxy service within a given computing node, the proxy service configured to process a READ request using the identity authentication management service of the given computing node and configured to forward a WRITE request to the centralized identity authentication management service (

	see e.g. [0229] “At 1420, a SCIM write request for one of the replicable resources comes to Admin Service 1405 at master 1401”

	see e.g. [0160] “ ... HTTP Uniform Resource Locator (“URL”) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211])..

	Regarding claim 14, Xu discloses the method of claim 9, further comprising:
	recognizing an occurrence of a cloud infrastructure node being added and configuring a copy of the master identity database on the cloud infrastructure node (
	see e.g. [0023] “ ... a cloud scale Identity and Access Management (“IAM”) platform ...”
	see e.g. [0038] “ ... a cloud-scale API platform and implements horizontally scalable microservices for elastic scalability ...”. ).
	see e.g., [0112] “ ... scale horizontally (or scale out/in) means to add more nodes to (or remove nodes from) a system, such as adding a new computer to a distributed software application. Horizontal scalability allows an application to scale almost infinitely ...”)
.
	Regarding claim 16, Xu discloses the method of claim 14, wherein a virtual machine running on the cloud infrastructure node is authenticated by the master identity authentication management service on the cloud infrastructure node (Xu;

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”
	see e.g. Fig. 6A illustrating Authentication APIs 688b
	see e.g. [0004] “ ... authenticate a first client and store resources .. the first data center in communication with a second data center that is configured to replicate the resources ...”
	see e.g. [0051] “ ... identity context, authentication and authorization; policy administration” see e.g. [0083]; see e.g. [0118]; see e.g. [0165]).

	Regarding claim 17, Xu discloses a system for identity management, the system comprising:

	a storage medium having stored thereon a sequence of instructions (see e.g. [0209] “ ... software stored in memory or other computer readable or tangle medium, and executed by a processor”) ; and

	a processor that executes the sequence of instructions to cause the processor to perform acts comprising  (see e.g. [0209] “ ... software stored in memory or other computer readable or tangle medium, and executed by a processor”),

	establishing a centralized identity authentication management service as a master over a master identity database of the centralized identity authentication management service (

	see e.g. [0023] “... a cloud scale Identity and Access Management (“IAM”) platform ...”

	see e.g. [0069] “ ... the fundamental function of an IAM solution is to enable and support the entire user provisioning life cycle. This includes providing users with the application access appropriate for their identity and role within the organization, certifying that they have the correct ongoing access permission ...”

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”

	see e.g. [0227}, [0023], [0025]

	see e.g. [0014] “... a master IDCS deployment ...”

The Examiner notes the Applicant identity feature is within the context of identity and access management; see e.g. Applicant’s Specification [0027]);

	establishing a non-master copy of the master identity database that is
distributed to a location other than that of the centralized identity authentication management service (
	see e.g. [0021]

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	 	
	see e.g.  [0296] “... global resources such as global resource types and schemas, which are the metadata of resource definition in IDCS, need to also be replicated among data centers and regions ...” see e.g. [0223]	

The Examiner notes an instance is inherently created
	
	see e.g. [0227}, [0023], [0025]) ; and

	establishing ongoing coordination between the master identity database and the non-master copy to synchronize differences between the master identity database and the non-master copy of the identity database  (

	see e.g. [0265] “... replica IDCS instance, resource last -replicated time will be updated on applying change-log and reconciliation of full resource. The change-log-time from master will be used as last-replicated-time to maintain single source of clock”

	see e.g. Fig. 14)

	Regarding claim 18, Xu discloses the system of claim 17, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	exposing a URL of the centralized identity authentication management service
configured to receive a WRITE request from a computing node that hosts the non-master
copy (

	see e.g. [0229] “At 1420, a SCIM write request for one of the replicable resources comes to Admin Service 1405 at master 1401”

	see e.g. [0160] “ ... HTTP Uniform Resource Locator (“URL”) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211]).

	Regarding claim 19, Xu discloses the system of claim 17, further comprising instructions which, when stored in memory and
executed by the processor cause the processor to perform further acts of:

	establishing a proxy service within a given computing node, the proxy service configured to process a READ request using the identity authentication management service of the given computing node and configured to forward a WRITE request to the centralized identity authentication management service (

	see e.g. [0229] “At 1420, a SCIM write request for one of the replicable resources comes to Admin Service 1405 at master 1401”

	see e.g. [0160] “ ... HTTP Uniform Resource Locator (“URL”) ...”

	see e.g. Fig. 14 [0226] – [0228]; see e.g. [0210], [0211]).

	Regarding claim 22, Xu discloses the system of claim 17, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	recognizing an occurrence of a cloud infrastructure node being added and configuring a copy of the master identity database on the cloud infrastructure node (
	see e.g. [0023] “ ... a cloud scale Identity and Access Management (“IAM”) platform ...”
	see e.g. [0038] “ ... a cloud-scale API platform and implements horizontally scalable microservices for elastic scalability ...”. ).
	see e.g., [0112] “ ... scale horizontally (or scale out/in) means to add more nodes to (or remove nodes from) a system, such as adding a new computer to a distributed software application. Horizontal scalability allows an application to scale almost infinitely ...”).

	Regarding claim 24, Xu discloses the system of claim 22, wherein a virtual machine running on the cloud infrastructure node is authenticated by the master identity authentication management service on the cloud infrastructure node (Xu;

	see e.g. [0030] “... Identity Cloud Service (IDCS) ... IDCS provides authentication, authorization ...”
	see e.g.  [0015] “... a master IDCS deployment and a replicate IDCS deployment ...”
	see e.g. Fig. 6A illustrating Authentication APIs 688b
	see e.g. [0004] “ ... authenticate a first client and store resources .. the first data center in communication with a second data center that is configured to replicate the resources ...”
	see e.g. [0051] “ ... identity context, authentication and authorization; policy administration” see e.g. [0083]; see e.g. [0118]; see e.g. [0165]).


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 4-5, 12-13, and 20-21 are rejected under 35 USC 103 as being unpatentable over Xu in view of Gabrielson (US 11, 372,634)

	Regarding claim 4, Xu discloses the non-transitory computer readable medium of claim 1, wherein the master identity database is in a first availability zone and the non-master identity database is in a second availability zone (Xu; The IDCS deployments (e.g. Fig. 14) are deployed in regions (i.e. zones) to facilitate high availability (i.e. availability zones).)
	
	As evidence of the rationale above Gabrielson discloses:
	Availability zones (Gabrielson; Gabrielson teaches within the context of identity and access management services availability zones;)

	See e.g. Column 6, Line 61 – Column 7, Line 3 “ ... availability zones ... identity and access management service ...”)
	Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the main invention to modify Xu with Gabrielson’s availability zones associated with identity and access management services. The motivation being the combined solution provides for increased efficiencies with respect to high availability services.

	Regarding claim 5, Xu in view of Gabrielson disclose the non-transitory computer readable medium of claim 4, further comprising instructions which, when stored in memory and executed by the processor cause the processor to perform further acts of:

	deploying a replication facility that performs ongoing coordination between the master identity database in the first availability zone and the non-master identity database in the second availability zone (Xu; Xu service in Fig. 14 is a replication service;
	see e.g. Fig. 14; see e.g. [0301] “ ... replication services in the replica region ...”)

	Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the main invention to modify Xu with Gabrielson’s availability zones associated with identity and access management services. The motivation being the combined solution provides for increased efficiencies with respect to high availability services.

	Regarding claim 12, claim 12 comprises the same and similar subject matter as claim 4 and is considered and obvious variation; therefore, it is rejected under the same rationale.

	Regarding claim 13, claim 13 comprises the same and similar subject matter as claim 5 and is considered and obvious variation; therefore, it is rejected under the same rationale.

	Regarding claim 20, claim 20 comprises the same and similar subject matter as claim 4 and is considered and obvious variation; therefore, it is rejected under the same rationale.

	Regarding claim 21, claim 21 comprises the same and similar subject matter as claim 5 and is considered and obvious variation; therefore, it is rejected under the same rationale.


	Claims 7, 15, and 23 are rejected under 35 USC 103 as being unpatentable over Xu in view of Rushton (US 2021/0044540)

	Regarding claim 7, Xu discloses the non-transitory computer readable medium of claim 6, Xu does not expressly disclose further comprising instructions which, when stored in memory and executed by the processor cause the processor to
perform further acts of:

	deploying a replication facility that replicates a policy of the cloud infrastructure node to a computing node that hosts the non-master copy.

	However in analogous art Rushton discloses:

	replication facility that replicates a policy of the cloud infrastructure node to a computing node that hosts the non-master copy (Rushton;

	see e.g. [0035] “ ... an identity and access management (IAM) service ...”
	see e.g. [0188] “ ... quotas can be managed centrally in a single region and replicated globally ... Upon creation, each of the resource quotas 782 and 784 can be replicated into regions ... globally replicates the quota policies...”
	see e.g. [0219] “ ... a cloud infrastructure environment comprising a plurality of regions ...”).

	
	Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xu with Rushton’s policy replication scheme. The motivation being the combined solution provides for increased efficiencies in managing distributed cloud resources.

	Regarding claim 15, claim 15 comprises the same and similar subject matter as claim 7 and is considered and obvious variation; therefore, it is rejected under the same rationale.

	Regarding claim 23, claim 23 comprises the same and similar subject matter as claim 7 and is considered and obvious variation; therefore, it is rejected under the same rationale.




Any inquiry concerning this communication or earlier communications from the Examiner should be directed to TODD L. BARKER whose telephone number is (571) 270 0257. The Examiner can normally be reached on Monday through Friday, 7:30am to 5:00pm.

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's supervisor Vivek Srivastava can be reached on (571) 272 7304.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Shouldyou have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000


/TODD L BARKER/Primary Examiner, Art Unit 2449