DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Status of Claims
The following claim(s) is/are pending in this office action: 1-20
The following claim(s) is/are amended: 1, 10, 19
The following claim(s) is/are new: -
The following claim(s) is/are cancelled: -
Claim(s) 1-20 is/are rejected. This rejection is FINAL.


Previous Rejections Withdrawn
The 35 USC 101 rejection to claim(s) 10-18 is/are withdrawn based on the amendment.


Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 6/24/2022 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered if signed and initialed by the Examiner.


Response to Arguments
Applicant’s arguments filed in the amendment filed 9/28/2022, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below.


Applicant’s Invention as Claimed
Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Murugesan (US Pub. 2018/0083977) in view of Chandrashekhar (US Pub. 2018/0278577) and further in view of Revanuru (US Pub. 2013/0086326).
With respect to Claim 1, Murugesan teaches a method of operating a multi-tenant cloud system, the method comprising: (para. 19; multi-tenant identity and data security management system in cloud deployments)
receiving a request for an authenticate action for a user; (para. 38; requested identity actions. Para. 208; request to perform identity management services. Para. 212; login service.)
creating an authenticate target action; (para. 210; the request is then authenticated. Para. 212; identity management service includes…a token service. Para. 165, 176-179, 218; single sign on using a SSO cookie.)
registering a cache listener for a cache comprising a filter to listen for a target action response that is responsive to the authenticate target action, (paras. 216-218; IDBridge monitors and synchronizes all users in a directory using filter. Para. 244; filter for EmailID or username to retrieve a UID for a user.)
the filter listing a plurality of bridges assigned to an on-premise active directory, (A plurality of bridges will be taught later. Fig. 2, para. 4, 22, 216; IDBridge is a distributed agent that is assigned to an on-premises active directory.)
and sending the authenticate target action to the active directory via the selected bridge; (para. 177; when logging in, Cloud gate sends authentication information to Admin SCIM, which determines authentication. para. 230; IDBridge polls the AD and reports changes to IDCS. Para. 236; IDCS may request to sync now. Paras. 46-47; whenever a user’s group membership is changed on-premises the cloud application changes automatically. Para. 217; AD is the “source of truth” for identities. Therefore it would have been obvious to one of ordinary skill prior to the effective filing date to send the authentication action to the active directory in order to immediately get the authoritative authentication rather than waiting for a periodic update or requested sync to complete. Further, in at least some embodiment passwords are not synced to the cloud (para. 46) and therefore it would have been obvious to send the authentication to the AD in order to check the password.)
and coupled to the multi-tenant cloud system and the on-premise active directory, (para. 4; IDBridge between on-premise active directory and cloud system.)
each bridge sending a count of records it can process with the request (para. 230-231, 235-236; system tracks number of records processed in a given amount of time, which suggests the ability to transmit available capacity. It would have been obvious to one of ordinary skill prior to the effective filing date to send a count of records it can process to allow it to be included in the random selection of bridges. Further, see paras. 274-282; AD may be a single-domain and identify particular users. In other words, a bridge may only be responsible for certain users, which suggests identifying the count of users it can process to make sure that a bridge can process records with the information.)
waiting for the cache callback; and at the cache callback, (para. 175-180; when authentication is confirmed the server redirects to generate a cookie containing an authentication token. Client accepts cookie and allows access. Redirecting to receive the cookie is a cache callback.)
receiving a target action response comprising a result of the authenticate action. (paras. 179-181; browser receives cookie with authentication token.)
But Murugesan does not explicitly teach randomly selecting one of the plurality of bridges.
Chandrashekhar, however, does teach randomly selecting one of the plurality of bridges (Examiner initially asserts Murugesan suggests a plurality of bridges because it describes the IDBridge as a “distributed agent.” See Murugesan, Fig. 2, para. 4, 22, 216; IDBridge is a distributed agent that is assigned to an on-premises active directory. Regardless, since Chandrashekhar is more explicit and also teaches random selection Examiner will cite that. Fig. 1, Para. 24; system has multiple bridges for communication and they may be selected by random selection.)
Each of the plurality of bridges comprising a different bridge identifier (para. 24; each bridge has a bridge identifier.)
It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of Murugesan with the random selection of a plurality of bridges to allow for scalability or to allow for failover in the event a bridge fails. (Chandrashekhar, para. 24)
But modified Murugesan does not explicitly teach a cache listener generating a cache callback when a cache event occurs.
Revanuru, however, does teach the cache listener generating a cache callback when a cache event occurs; (para. 71, 73-74; cache event listener. Cache callbacks were previously taught but see also paras. 288-289; cache callback in response to completion, which is an event.)
It would have been obvious to one of ordinary skill prior to the effective filing date to combine the method of modified Murugesan with the cache listener in order to take action in response to a cache changing. (Revanuru, para. 74)

With respect to Claim 2, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein each of the bridges provides a polling request comprising an application identifier (para. 230; IDBridge syncs by polling at intervals. Paras. 55, 176, 242-243; SCIM ID for identifying resources including metadata that describes the application.)
And Chandrashekhar also teaches and its corresponding bridge identifier. (para. 24; bridge identifier.)
The same motivation to combine as the independent claim applies here.

With respect to Claim 3, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the filter comprises a query operation that returns a corresponding set of data from the cache. (para. 50-51, 86, 181; query for IDCS resources and data. para. 230; IDBridge queries AD and pushes changes to IDCS. Para. 244; filter for EmailID or username to retrieve a UID for a user.)

With respect to Claim 4, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the authentication action request is received at the multi-tenant cloud system. (paras. 120-124, 128; web tier receives a login request from a user browser in a multi-tenant environment.)

With respect to Claim 5, modified Murugesan teaches the method of claim 4, and Murugesan also teaches wherein the result of the authentication action is received from the on-premise active directory. (para. 44, 47, 216; on-premise AD synchronizes changes to cloud through IDBridge, resulting in a near instanteous gain or loss of functionality. Para. 218; AD passwords may be used to authenticates users to cloud applications.)

With respect to Claim 6, modified Murugesan teaches the method of claim 1, and Murugesan also teaches further comprising: while waiting for the cache callback, polling for a thread created for the authentication action; wherein the polling continues until the cache callback or a timeout. (paras. 216-218; IDBridge monitors and synchronizes all users in a directory using filter. para. 230; IDBridge polls the AD and reports changes to IDCS. It would have been obvious to one of ordinary skill prior to the effective filing date to poll until the cache callback because that would indicate that the information was received.)

With respect to Claim 7, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the cache listener is implemented by an in-memory distributed data grid. (para. 192; IDCS cache cluster is implemented by an in-memory distributed data grid.)

With respect to Claim 8, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the authentication action is an asynchronous action comprising changing a password. (para. 53, 85-86; password management. Paras. 95-99; asynchronous near real time tasks are tasks that are not needed for a user to proceed, such as recording. Create user action sends a notification requesting a user to reset their password and is asynchronous. Since a user’s identity is already confirmed when a password change takes place, the disclosure suggests the action can be asynchronous. See also para. 46; passwords are not synchronized between AD and IDCS.)

With respect to Claim 9, modified Murugesan teaches the method of claim 1, and Murugesan also teaches wherein the multi-tenant cloud system accesses the on-premise active directory via a firewall. (para. 173, 188, 216; IDCS accesses outside devices through firewall. IDBridge traverses firewall to reach AD.)

With respect to Claim 10, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Murugesan also teaches a non-transitory computer-readable medium storing instructions which, when executed by at least one of a plurality of processors, cause the processors to (paras. 200-201; processor and non-transitory medium such as a hard disk)

With respect to Claims 11-18, they are substantially similar to Claims 2-9, respectively, and are rejected in the same manner, the same art and reasoning applying.

With respect to Claim 19, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Murugesan also teaches a multi-tenant cloud system for a plurality of user accounts, the system comprising: one or more processors in communication with a client system (para. 169, 177; user request authorization. Para. 200; servers with processors.)

With respect to Claim 20, it is substantially similar to Claim 2 and is rejected in the same manner, the same art and reasoning applying.


Remarks
Applicant argues at Remarks, pg. 7 that the claims are amended to include a non-transitory computer readable medium and therefore fit a statutory class. Examiner agrees and withdraws the rejection.
Applicant amends each of the independent claims to claim a cache listener generating a cache callback and a plurality of bridges with a different bridge identifier, each bridge sending a count of records it can process. Applicant argues at Remarks, pg. 9 that the previously cited art fails to a teach a cache listener. Applicant also argues at Remarks, pg. 9 that Chandrashekhar fails to disclose bridges coupled to the multi-tenant cloud system and the on-premise active directory and that the arts fail to teach each bridge sending a count of records it can process with the request.
With respect to the cache listener, Examiner is content to resolve the issue by citing Oracle’s prior art that expressly teaches a cache event listener, see newly-cited Revanuru. With respect to the fact that Chandrashekhar fails to teach bridges used between a cloud and on-premise active directory, Examiner points to Murugesan for the teaching. Applicant does not dispute Murugesan teaches the cloud/on-premise active directory context. Chandrashekhar also taught different bridge identifiers. Consequently, the remaining issue is bridges sending a count of records they can process with the request. The feature is obvious over Murugesan, which teaches bridges syncing data that includes the number of records processed. Since the system can count the number of records it can process, the act of reporting available record-processing capacity is enabled. Further, there is a motivation for doing so – since the bridges are randomly selected, a communication that a bridge has ability to process records would make it eligible for selection for random selection for work assignment.
All claims remain obvious and all claims are rejected.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NICHOLAS P CELANI/Examiner, Art Unit 2449