Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments

	Applicant has amended to indicate the previous nonce terms in Claim 1 are not to be interpreted under 112 f.
	Applicant argues “In rejecting Claim 1, the Office Action relies upon paragraph [0084] of Sehgal, to teach the claimed features of assigning the role on the integrated account based on location information and schedule information of the terminal…Sehgal’s association of home or work address with digital survey resource permission roles corresponding to particular work locations merely means assigning one member (“John Smith”) to a particular office location (“Salt Lake City office”) based on the location of the member’s home address (“Salt Lake City address”).
	At the outset, the Examiner disagrees with this characterization. Sehgal teaches “automatically update a…role based on changes to the digital metadata corresponding to an entity member (Paragraph [0025]).” Sehgal teaches digital metadata can include location (Paragraph [0075]). Therefore Sehgal teaches updating a role based on changes to location corresponding to an entity member. That is, as the location or home address of the member changes so does the role.
	Applicant argues: “Sehgal is completely silent on allowing access to a same office location or a cloud service with varying digital survey permission roles based on a location of the access by the member or the terminal (Remarks pg. 12).”
	The claim requires “access to a first cloud service from a first location with a first role and access to the first cloud service form a second location different from the first location with a second role different from the first role.”
	Sehgal in Paragraph [0170] teaches a first cloud service (“server device includes cloud-based processing and storage capabilities”).
	Sehgal in Paragraph [0004] teaches “digital survey data can be dynamically generated or revised and individuals/computing device having access to such data can change locations…at any time.”
	Sehgal teaches an example in Figure 4 of John Smith having a first role in Salt Lake City. Sehgal in Fig. 6C teaches if any user (including John Smith) changes location to the Midwest and has the other conditions their role is automatically changed to a second role different than the first role.
	Therefor Sehgal teaches wherein a terminal is allowed to access to a first cloud service from a first location with a first role (Fig. 4, Salt lake city, first role) and access to a cloud service from a second location with a second role (Fig. 6C, Midwest, second role).
	The remaining arguments are similar to the ones above and are rejected for a similar rationale.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lao (US 2021/0084031) in view of Sehgal (US 2022/0078195)


Regarding Claim 1,

Lao (US 2021/0084031) teaches an integrated management system comprising: 
a plurality of cloud systems configured to provide cloud services (Figure 1, Cloud Apps 102, 104, 110, 112); 
a terminal configured to access the plurality of cloud systems using an integrated account to which a role has been assigned and to be provided with resources (Figure 1, terminal, 106)(Paragraph [0064] teaches providing application access based on role within organization); 
and a management server configured to manage a plurality of integrated accounts so that the terminal accesses the plurality of cloud systems using the integrated account (Figure 1, Oracle Identity Cloud Service 142), wherein the management server comprises: 
a management unit configured to register the integrated account for accessing the plurality of cloud systems and assign the role on the integrated account based on schedule information (Paragraph [0064] teaches registering the account for accessing the cloud systems and assigning a role, wherein the role is determined based on changes over time)(Paragraph [0063] teaches dynamic authentication policy is set based on location, time of day); 
and an access unit configured to authenticate the access to the plurality of cloud systems using the integrated account, wherein the access unit simplifies an authentication system by managing the access to the cloud services using the integrated account based on a multi-token, and wherein the management unit maps the integrated account to a role for access to the cloud systems (Paragraph [0086] teaches assigning access tokens for authentication granted to roles) and outputs information on an accessible cloud service based on the location information or the schedule information (Paragraph [0063] teaches dynamic authentication policy is set based on location, time of day);.
Lao does not explicitly teach assign the role on the integrated account based on location information and schedule information of the terminal wherein the terminal is allowed to access a first cloud service form a first location with a first role, and is allowed to access the first cloud service from a second location, different from the first location, with a second role, different from the first role
Sehgal (US 2022/0078195) teaches assign the role on the integrated account based on location information and schedule information of the terminal (Paragraph [0084] teaches digital permission mapping can utilize work locations and schedules to map members onto a permission role) wherein the terminal is allowed to access a first cloud service form a first location with a first role, and is allowed to access the first cloud service from a second location, different from the first location, with a second role, different from the first role (Paragraph [0170] first cloud service)(Paragraph [0004] “data can be dynamically…access to such data can change locations…at any time.”)( (Fig. 4, Salt lake city, first location first role) (Fig. 6C, Midwest second location, second role).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Lao with the location and schedule based roles of Sehgal
The motivation is to allow for greater flexibility by using dynamic resource permission systems (Paragraph [0032] of Sehgal) 

Regarding Claim 2,

 Lao and Sehgal teaches the integrated management system of claim 1. Sehgal teaches  wherein the management unit automatically changes the role on the integrated account based on the location information or the schedule information (Figure 6C, teaches automatic role enrollment).

Regarding Claim 3,

Lao and Sehgal teaches the integrated management system of claim 1. Lao teaches wherein when the terminal accesses the cloud systems using the integrated account, the management unit stores history data related to a service, resources, and a work history used in the integrated account (Paragraph [0065] teaches auditing access history, service and resources).

Regarding Claim 4,

Lao and Sehgal teaches the integrated management system of claim 1. While Lao teaches determines whether an access time is an access permission time based on the schedule information, and releases the access of the terminal if the IP is a not-permitted IP or the access time is not an access permission time (Paragraph [0063] teaches authentication is based on IP address and time of day), 
Lao does not explicitly teach the determining is based on whether an IP of the integrated account is changed while the terminal accesses the cloud systems using the integrated account.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Lao and Sehgal to determine whether an access time is permitted based upon changed IP address and the results would be predictable

Regarding Claim 5,

Lao and Sehgal teaches the integrated management system of claim 1. Lao teaches wherein the management unit maps the integrated account and access rights to a requested cloud service so that the terminal is connected to the plurality of cloud systems using the integrated account, without registering individual accounts with the plurality of cloud systems (Paragraph [0044]).

Regarding Claim 6,

Lao and Sehgal teaches the integrated management system of claim 1. Lao teaches wherein the management unit manages multiple accounts for a cloud system to be accessed based on only primary authentication for the integrated account (Paragraph [0044] “single corporate password”).

Regarding Claim 7,

Lao and Sehgal teaches the integrated management system of claim 1. Lao teaches wherein the management unit comprises: 
an account management unit configured to register the integrated account and assign the role to the integrated account (Paragraph [0096] teaches registering user)(Paragraph [0102] teaches assigning a role); a primary authentication unit configured to primarily authenticate the integrated account and an account of the cloud systems (Paragraph [0103] teaches authenticating user); a connection unit configured to map the integrated account and the role (Paragraph [0096]); 
Sehgal (US 2022/0078195) teaches a schedule unit configured to set the location information and the schedule information for an access permission time in the integrated account (Paragraph [0084] teaches digital permission mapping can utilize work locations and schedules to map members onto a permission role).

Regarding Claim 8,

 Lao and Sehgal teaches the integrated management system of claim 7. Lao teaches wherein the account management unit assigns one integrated account to one user, and registers the integrated account so that the plurality of cloud systems is accessed using the integrated account (Paragraph [0044])..

Regarding Claim 9,

Lao and Sehgal teaches the integrated management system of claim 7. Lao teaches wherein the account management unit generates and manages the integrated account in a user or user group unit (Paragraph [0091] teaches users, groups).

Regarding Claim 10,

Lao and Sehgal teaches the integrated management system of claim 7. Lao teaches wherein the account management unit generates and manages the integrated account for the terminal (Paragraph [0046] teaches managing user accounts).

Regarding Claim 11,

Lao and Sehgal teaches the integrated management system of claim 1, wherein the access unit comprises: an access management unit configured to determine access permission for the cloud systems based on the role assigned to the integrated account; and a secondary authentication unit configured to secondarily authenticate the access to the cloud systems using the integrated account based on the role (Paragraph [0064] teaches certifying the role has correct access permissions).

Regarding Claim 12,

Lao teaches a method of controlling an integrated management system, comprising: 
generating an integrated account connected to a plurality of cloud systems providing cloud services (Paragraph [0046] teaches managing user accounts) (Figure 1, Cloud Apps 102, 104, 110, 112);
 mapping the integrated account and a role for access to the cloud systems(Figure 1, terminal, 106)(Paragraph [0064] teaches providing application access based on role within organization); 
attempting to access, by a terminal, any one of the plurality of cloud systems using the integrated account; 
performing authentication on the integrated account based on a multi-token and determining whether to permit the access to the cloud system based on the role assigned to the integrated account (Paragraph [0086] teaches assigning access tokens for authentication granted to roles); 
outputting information on an accessible cloud service based on the location information or the schedule information; and accessing, by the terminal, the cloud systems to which the access is permitted and being provided with the cloud service (Paragraph [0063] teaches dynamic authentication policy is set based on location, time of day;..
Lao does not explicitly teach assigning a role to the integrated account based on location information or schedule information set in the integrated account; 
Sehgal (US 2022/0078195) teaches assign the role on the integrated account based on location information and schedule information of the terminal (Paragraph [0084] teaches digital permission mapping can utilize work locations and schedules to map members onto a permission role) 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Lao with the location and schedule based roles of Sehgal
The motivation is to allow for greater flexibility by using dynamic resource permission systems (Paragraph [0032] of Sehgal) 


Regarding Claim 13,

Lao and Sehgal teaches the method of claim 12. Lao teaches further comprising: determining whether to permit an IP assigned to the integrated account based on the location information of the integrated account; and determining whether an access time is time when access is permitted based on the schedule of the integrated account (Paragraph [0063] teaches determining whether to permit access based on IP address, location and time of day).

Regarding Claim 14,

Lao and Sehgal teaches the method of claim 12. Lao teaches further comprising: primarily authenticating the integrated account (Paragraph [0063-0064]); and secondarily authenticating the integrated account based on the role, before determining whether to permit the access (Paragraph [0064] teaches certifying the role has correct access permissions)..

Regarding Claims 15-16,

Claims 15-16 are similar in scope to Claims 2, 4 and are rejected for a similar rationale.

Regarding Claims 17-20,

Claims 17-20 are similar in scope to Claims 1-3 and are rejected or a similar rationale.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439