DETAILED ACTION
1.	 Claims 1-20 are pending in this application.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. §102 and §103 (or as subject to pre-AIA  35 U.S.C. §102 and §103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Rejections - 35 USC § 101
3.	35 U.S.C. §101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

		Claim 1-20 are rejected under 35 U.S.C. §101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites determining the amount of use of each icon over a predetermined period of time, and ranking the icons based on the determined amount of use.

	The following is an analysis based on 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

Step 1, Statutory Category?
	Claims 1-7 are directed to a non-transitory machine-readable medium.
	Claims 8-14 are directed to a method.
	Claims 15-20 are directed to a system.
	Therefore, claims 1-20 fall into at least one of the four statutory categories.

Step 2A, Prong I: Judicial Exception Recited?
		The examiner submits that the foregoing claim limitations constitute a “mental process”, as the claims cover performance of the limitations in the human mind, given the broadest reasonable interpretation.

	As per claims 1, 8, and 15, similarly recite the limitation “determine a set of technical keys for the set of entities” This limitation is equivalent to a person judgment of a set/group of technical keys to be associated with a set of entities. The selection/determination of the set of technical keys can be made in the person's mind based on simple judgments and observations. There is nothing in the limitation that make it so complex to not be accomplish int the human mind.

	 Dependent claims 2-7, 9-14, and 16-20 further elaborate upon the recited abstract ideas in claims 1, 8, and 15.
	Accordingly, claims 1-20 recite at least one abstract idea.

Step 2A, Prong II: Integrated into a Practical Application?
	The claims recite the following additional limitations:
		As per claims 1, 8, and 15 the claims similarly recite the additional limitations of 
	“receive a metadata model definition comprising a set of entity definitions specifying a set of entities, a set of semantic key definitions specifying a set of semantic keys associated with the set of entities, and a set of relationship definitions specifying a set of relationships between the set of entities” Which is an example of adding insignificant extra-solution activity (pre-solution) to the judicial exception (see MPEP § 2106.05(g)). Specifically, the additional limitation is an example of mere data gathering. This does not provide integration into a practical application.
	“wherein the set of semantic keys are configured to be used by an application to refer to the set of entities;” Which is an example of mere instructions to apply an exception (see MPEP 2106.05(f)). Specifically, the additional limitation is an example of a limitation that invokes computers or other machinery merely as a tool to perform an existing process. A limitation having broad applicability across many fields of endeavor not provide meaningful limitations that integrate a judicial exception into a practical application or amount to significantly more.

	“wherein the set of technical keys are configured to be used by the device to refer to the set of entities;” Which is an example of mere instructions to apply an exception (see MPEP 2106.05(f)). Specifically, the additional limitation is an example of a limitation that invokes computers or other machinery merely as a tool to perform an existing process. This does not provide integration into a practical application. Use of a computer or other machinery in its ordinary capacity for economic or other tasks (e.g., to receive, store, or transmit data) or simply adding a general purpose computer or computer components after the fact to an abstract idea (e.g., a fundamental economic practice or mathematical equation) does not integrate a judicial exception into a practical application or provide significantly more (see MPEP § 2106.05(g)).

	“store the metadata model definition and the set of technical keys in a first set of records;” Which is an example of adding insignificant extra-solution activity (pre-solution) to the judicial exception (see MPEP § 2106.05(g)). Specifically, the additional limitation is an example of mere data gathering. This does not provide integration into a practical application.
	
	In addition, claim 15 recites the additional limitations of 
	“receive a set of changes to the metadata model;” Which is an example of adding insignificant extra-solution activity (pre-solution) to the judicial exception (see MPEP § 2106.05(g)). Specifically, the additional limitation is an example of mere data gathering. This does not provide integration into a practical application. 
	
	“modify the metadata model based on the set of changes to form a second metadata model definition;” Which is an example of adding insignificant extra-solution activity (pre-solution) to the judicial exception (see MPEP § 2106.05(g)). Specifically, the additional limitation is selection of a particular data source or type of data to be manipulated. This does not provide integration into a practical application.

	“store the second metadata model definition in a second set of records.” Which is an example of adding insignificant extra-solution activity (pre-solution) to the judicial exception (see MPEP § 2106.05(g)). Specifically, the additional limitation is an example of mere data gathering. This does not provide integration into a practical application. 

	The examiner submits that the recited limitations, emphasized above, do not integrate the aforementioned abstract ideas into a practical application.
		Dependent claims 2-7, 9-14, and 16-20 further elaborate upon the recited abstract ideas in claims 1, 8, and 15 but do not provide additional elements, and so do not integrate the abstract ideas into a practical application.
	Therefore, claims 1-20 do not integrate the recited abstract ideas into a practical application.
	
Step 2B: Claim provides an Inventive Concept?
	When considered individually or in combination, the additional limitations/elements of claims 1-20 do not amount to significantly more than the judicial exception for the same reasons discussed above as to why the additional limitations/elements do not integrate the abstract idea into a practical application. 	The additional limitations/elements of outlined in Step 2A performing functions as designed simply accomplishes execution of the abstract ideas.
	Further, the additional limitations/elements of “receiving …;” where the receiving is merely receiving data that was transmit by computer devices. The “receiving …;” is claimed similarly claimed in claims 1, 8, and 15 are an example of simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception (see MPEP § 2106.05(d).II) as “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec”. Specifically, the additional limitation is an example of receiving or transmitting data over a network.
	Further, the additional limitations/elements of “storing …;” where the receiving is merely store data that was retrieved from a computer device. The “storing …;” is claimed similarly claimed in claims 1, 8, and 15 are an example of simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception (see MPEP § 2106.05(d).II) as “iv. Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93;”. Specifically, the additional limitation is an example of storing and retrieving information in memory.

	Furthermore, the additional limitations/elements of “a non-transitory machine-readable medium, a program, at least one processing unit of a device, a metadata model definition, an application, and a set of processing units” which is a high-level recitation of a generic computer components and represents mere instructions to apply on a computer as in MPEP 2106.05(f), which does not provide integration into a practical application.
		In conclusions from above for the elements reciting generic computer components as mere instructions to apply on a computer per MPEP 2106.05(f) are carried over and do not provide significantly more than the abstract idea. Looking at the limitations in combination and the claims as a whole does not change this conclusion and the claim is ineligible.
	Therefore, the additional limitations of claims 1-20 do not amount to significantly more than the judicial exception.
	Thus, claims 1-20 recite abstract ideas with additional elements rendered at a high level of generality resulting in claims that do not integrate the abstract idea into a practical application or amount to significantly more than the judicial exception. 
	Therefore, the claims are not patent eligible. 

Claim Rejections - 35 USC § 103
4. 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. § 102 and § 103 (or as subject to pre-AIA  35 U.S.C. § 102 and § 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
 The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section § 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre-AIA  35 U.S.C. § 103(a) are summarized as follows:

1.    Determining the scope and contents of the prior art.
2.    Ascertaining the differences between the prior art and the claims at issue.
3.    Resolving the level of ordinary skill in the pertinent art.
4.    Considering objective evidence present in the application indicating obviousness or nonobviousness.


5.	Claims 1-2, 8-9, and 15 are rejected under 35 U.S.C. § 103 as being unpatentable over Shukla et al. (US 20190349357 A1) in view of Sgobba et al. (US 20220345518 A1).

	As per claim 1, Shukla teaches a non-transitory machine-readable medium storing a program executable by at least one processing unit of a device, the program comprising sets of instructions for (Shukla, par. [0140], “The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.” Wherein the computer readable storage medium is interpreted as the non-transitory machine-readable medium):
	a set of semantic key definitions specifying a set of semantic keys associated with the set of entities (Shukla, fig. 6, par. [0012], [0041], [0059], “Tokens for issuing strong cryptographic identity are generated in the cloud-computing environment by the cloud service and associated with specific entity ID and security policy groups for that entity.” Where security policy groups are interpreted as the set of semantic key definitions. Where the entity IDs are interpreted as the set of semantic keys associated with the set of entities), and 
	a set of relationship definitions specifying a set of relationships between the set of entities (Shukla, figs. 6-7, par. [0062]-[0064], “the handler process can enforce the security policies y maintaining association between groups and IP addresses upon successful authentication. Then for any network connection, groups corresponding to the source and destination IP addresses are obtained and the security policy specified for communication between those two groups is enforced.” Wherein the values defined in the source and destination IP addresses are interpreted as the set of relationship definitions. Wherein the association between groups are interpreted as the set of relationships between the set of entities), 
	wherein the set of semantic keys are configured to be used by an application to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “In the illustrated example, three applications APP_ A 810, APP_B 820, and APP_C 830 belong to three different groups.” Where the applications are interpreted to be configured to use the set of semantic to refer to the set of entities); 
	determining a set of technical keys for the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group firewall rules 840 are converted to IP firewall rules 850 based on the observed address of the remote application.” Wherein the group firewall rules are interpreted as the determining a set of technical keys for the set of entities. The group firewall rules contain key such as the IP addresses for source and destination), 
	wherein the set of technical keys are configured to be used by the device to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group security policy is further modularized according to the server port address of the service.” Wherein the group security policy includes the set of technical keys are configured to be used by the device to refer to the set of entities); and 	
	storing the metadata model definition and the set of technical keys in a set of records (Shukla, figs. 6, 8, par.[0064]-[0065], “The group security policies restrict any communication between the members of GROUP_A and GROUP_B while permitting communications between GROUP_A and GROUP_C and GROUP_B and GROUP_C. The network security policies specifying these restrictions are specified as group rules 840” Wherein the group rules 840 can be interpreted as the metadata model definition herein. The IP firewall rules can be interpreted as the set of technical keys in a set of records. Each group in the set of groups are interpreted to be a record. See table 800 of fig. 8).
However, it is noted that the prior art of Shukla does not explicitly teach “receiving a metadata model definition comprising a set of entity definitions specifying a set of entities”
	On the other hand, in the same field of endeavor, Sgobba teaches receiving a metadata model definition (Sgobba, fig. 2, par. [0052]-[0053], [0088], “Receiving an application module;” Wherein the receiving an application module is interpreted as the receiving a metadata model definition)
	comprising a set of entity definitions specifying a set of entities (Sgobba, fig. 2, par. [0053], [0110], “determines values of a first set of metadata for the received application module” Wherein the first set of metadata is interpreted as the set of entity definitions. The metadata I interpreted to have the entity definitions. The entity can be for example script, or any other entity comprising a set of instructions. Further, “the first set of metadata comprises n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1.” Wherein the n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1 is interpreted to specifying a set of entities. Where the entities can be for example script, or any other entity comprising a set of instructions, see par. [0110]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system into Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to reduce decision errors and can thus save processing resources that would otherwise be required to deploy wrongly classified programs (Sgobba par. [0004]). 

	As per claim 2, Sgobba teaches wherein the set of records is a first set of records, wherein the program further comprises sets of instructions for: 
	receiving a set of changes to the metadata model (Sgobba, par. [0030]-[0032], “receiving a first training set comprising multiple (e.g., a plurality) first sets of metadata of application modules” Wherein the receiving the first training set is interpreted as the receiving the set of changes to the metadata model); 
	modifying the metadata model based on the set of changes to form a second metadata model definition (Sgobba, par. [0033], “the method further comprises updating the first training set by the received application module and the associated classification, and using the updated first training set for retraining the trained first machine learning model.” Wherein the updating the first training set is interpreted as the modifying the metadata model based on the set of changes to form a second metadata model definition. Further, par. [0034], [0037]-[0038], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system;” wherein the second sets of metadata of application modules is interpreted as the form a second metadata model definition); and 
	storing the second metadata model definition in a second set of records (Sgobba, par. [0034], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system; training an untrained second machine-learning model on the second training set, thereby creating the second trained model.” Wherein the second training set is interpreted as the second set of records. The second sets of metadata of application modules and the second training set are inherited to be stored). 

	As per claim 8, Shukla teaches a method comprising (Shukla, Abstract, a new method):
	a set of semantic key definitions specifying a set of semantic keys associated with the set of entities (Shukla, fig. 6, par. [0012], [0041], [0059], “Tokens for issuing strong cryptographic identity are generated in the cloud-computing environment by the cloud service and associated with specific entity ID and security policy groups for that entity.” Where security policy groups are interpreted as the set of semantic key definitions. Where the entity IDs are interpreted as the set of semantic keys associated with the set of entities), and 
	a set of relationship definitions specifying a set of relationships between the set of entities (Shukla, figs. 6-7, par. [0062]-[0064], “the handler process can enforce the security policies y maintaining association between groups and IP addresses upon successful authentication. Then for any network connection, groups corresponding to the source and destination IP addresses are obtained and the security policy specified for communication between those two groups is enforced.” Wherein the values defined in the source and destination IP addresses are interpreted as the set of relationship definitions. Wherein the association between groups are interpreted as the set of relationships between the set of entities), 
	wherein the set of semantic keys are configured to be used by an application to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “In the illustrated example, three applications APP_ A 810, APP_B 820, and APP_C 830 belong to three different groups.” Where the applications are interpreted to be configured to use the set of semantic to refer to the set of entities); 
	determining a set of technical keys for the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group firewall rules 840 are converted to IP firewall rules 850 based on the observed address of the remote application.” Wherein the group firewall rules are interpreted as the determining a set of technical keys for the set of entities. The group firewall rules contain key such as the IP addresses for source and destination), 
	wherein the set of technical keys are configured to be used by the device to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group security policy is further modularized according to the server port address of the service.” Wherein the group security policy includes the set of technical keys are configured to be used by the device to refer to the set of entities); and 
	storing the metadata model definition and the set of technical keys in a set of records (Shukla, figs. 6, 8, par. [0064]-[0065], “The group security policies restrict any communication between the members of GROUP_A and GROUP_B while permitting communications between GROUP_A and GROUP_C and GROUP_B and GROUP_C. The network security policies specifying these restrictions are specified as group rules 840” Wherein the group rules 840 can be interpreted as the metadata model definition herein. The IP firewall rules can be interpreted as the set of technical keys in a set of records. Each group in the set of groups are interpreted to be a record. See table 800 of fig. 8).
However, it is noted that the prior art of Shukla does not explicitly teach “receiving a metadata model definition comprising a set of entity definitions specifying a set of entities”
	On the other hand, in the same field of endeavor, Sgobba teaches receiving a metadata model definition (Sgobba, fig. 2, par. [0052]-[0053], [0088], “Receiving an application module;” Wherein the receiving an application module is interpreted as the receiving a metadata model definition)
	comprising a set of entity definitions specifying a set of entities (Sgobba, fig. 2, par. [0053], [0110], “determines values of a first set of metadata for the received application module” Wherein the first set of metadata is interpreted as the set of entity definitions. The metadata I interpreted to have the entity definitions. The entity can be for example script, or any other entity comprising a set of instructions. Further, “the first set of metadata comprises n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1.” Wherein the n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1 is interpreted to specifying a set of entities. Where the entities can be for example script, or any other entity comprising a set of instructions, see par. [0110]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system into Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to reduce decision errors and can thus save processing resources that would otherwise be required to deploy wrongly classified programs (Sgobba par. [0004]). 

	As per claim 9, Sgobba teaches wherein the set of records is a first set of records, the method further comprising: receiving a set of changes to the metadata model (Sgobba, par. [0030]-[0032], “receiving a first training set comprising multiple (e.g., a plurality) first sets of metadata of application modules” Wherein the receiving the first training set is interpreted as the receiving the set of changes to the metadata model); 
	modifying the metadata model based on the set of changes to form a second metadata model definition (Sgobba, par. [0033], “the method further comprises updating the first training set by the received application module and the associated classification, and using the updated first training set for retraining the trained first machine learning model.” Wherein the updating the first training set is interpreted as the modifying the metadata model based on the set of changes to form a second metadata model definition. Further, par. [0034], [0037]-[0038], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system;” wherein the second sets of metadata of application modules is interpreted as the form a second metadata model definition); and 
storing the second metadata model definition in a second set of records (Sgobba, par. [0034], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system; training an untrained second machine-learning model on the second training set, thereby creating the second trained model.” Wherein the second training set is interpreted as the second set of records. The second sets of metadata of application modules and the second training set are inherited to be stored).

	As per claim 15, Shukla teaches a system comprising (Shukla, par. [0045], computing system): 
	a set of processing units (Shukla, par. [0045], central processing units (CPU) 14); and 
	a non-transitory machine-readable medium storing instructions that when executed by at least one processing unit in the set of processing units cause the at least one processing unit to (Shukla, par. [0140], “The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.” Wherein the computer readable storage medium is interpreted as the non-transitory machine-readable medium): 
	a set of semantic key definitions specifying a set of semantic keys associated with the set of entities (Shukla, fig. 6, par. [0012], [0041], [0059], “Tokens for issuing strong cryptographic identity are generated in the cloud-computing environment by the cloud service and associated with specific entity ID and security policy groups for that entity.” Where security policy groups are interpreted as the set of semantic key definitions. Where the entity IDs are interpreted as the set of semantic keys associated with the set of entities), and 
	a set of relationship definitions specifying a set of relationships between the set of entities (Shukla, figs. 6-7, par. [0062]-[0064], “the handler process can enforce the security policies y maintaining association between groups and IP addresses upon successful authentication. Then for any network connection, groups corresponding to the source and destination IP addresses are obtained and the security policy specified for communication between those two groups is enforced.” Wherein the values defined in the source and destination IP addresses are interpreted as the set of relationship definitions. Wherein the association between groups are interpreted as the set of relationships between the set of entities), 
	wherein the set of semantic keys are configured to be used by an application to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “In the illustrated example, three applications APP_ A 810, APP_B 820, and APP_C 830 belong to three different groups.” Where the applications are interpreted to be configured to use the set of semantic to refer to the set of entities); 
	determine a set of technical keys for the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group firewall rules 840 are converted to IP firewall rules 850 based on the observed address of the remote application.” Wherein the group firewall rules are interpreted as the determining a set of technical keys for the set of entities. The group firewall rules contain key such as the IP addresses for source and destination), 
	wherein the set of technical keys are configured to be used by the device to refer to the set of entities (Shukla, figs. 6-8, par. [0064]-[0065], “The group security policy is further modularized according to the server port address of the service.” Wherein the group security policy includes the set of technical keys are configured to be used by the device to refer to the set of entities); 	
	store the metadata model definition and the set of technical keys in a first set of records (Shukla, figs. 6, 8, par. [0064]-[0065], “The group security policies restrict any communication between the members of GROUP_A and GROUP_B while permitting communications between GROUP_A and GROUP_C and GROUP_B and GROUP_C. The network security policies specifying these restrictions are specified as group rules 840” Wherein the group rules 840 can be interpreted as the metadata model definition herein. The IP firewall rules can be interpreted as the set of technical keys in a set of records. Each group in the set of groups are interpreted to be a record. See table 800 of fig. 8);
	However, it is noted that the prior art of Shukla does not explicitly teach “receive a metadata model definition comprising a set of entity definitions specifying a set of entities; receive a set of changes to the metadata model; modify the metadata model based on the set of changes to form a second metadata model definition; and store the second metadata model definition in a second set of records.”
	On the other hand, in the same field of endeavor, Sgobba teaches receiving a metadata model definition (Sgobba, fig. 2, par. [0052]-[0053], [0088], “Receiving an application module;” Wherein the receiving an application module is interpreted as the receiving a metadata model definition)
	comprising a set of entity definitions specifying a set of entities (Sgobba, fig. 2, par. [0053], [0110], “determines values of a first set of metadata for the received application module” Wherein the first set of metadata is interpreted as the set of entity definitions. The metadata I interpreted to have the entity definitions. The entity can be for example script, or any other entity comprising a set of instructions. Further, “the first set of metadata comprises n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1.” Wherein the n1 metadata M.sub.1.sup.1, M.sub.2.sup.1, M.sub.3.sup.1 . . . M.sub.n1.sup.1, where n1≥1 is interpreted to specifying a set of entities. Where the entities can be for example script, or any other entity comprising a set of instructions, see par. [0110]).
	receive a set of changes to the metadata model (Sgobba, par. [0030]-[0032], “receiving a first training set comprising multiple (e.g., a plurality) first sets of metadata of application modules” Wherein the receiving the first training set is interpreted as the receiving the set of changes to the metadata model); 
	modify the metadata model based on the set of changes to form a second metadata model definition (Sgobba, par. [0033], “the method further comprises updating the first training set by the received application module and the associated classification, and using the updated first training set for retraining the trained first machine learning model.” Wherein the updating the first training set is interpreted as the modifying the metadata model based on the set of changes to form a second metadata model definition. Further, par. [0034], [0037]-[0038], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system;” wherein the second sets of metadata of application modules is interpreted as the form a second metadata model definition); and 
	store the second metadata model definition in a second set of records (Sgobba, par. [0034], “receiving a second training set comprising multiple (e.g., a plurality) second sets of metadata of application modules, wherein each second set of metadata is associated with a type of computing environment of an off-premise system; training an untrained second machine-learning model on the second training set, thereby creating the second trained model.” Wherein the second training set is interpreted as the second set of records. The second sets of metadata of application modules and the second training set are inherited to be stored).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system into Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to reduce decision errors and can thus save processing resources that would otherwise be required to deploy wrongly classified programs (Sgobba par. [0004]). 

6.	Claims 3-4, 10-11, and 16-17  are rejected under 35 U.S.C. § 103 as being unpatentable over Shukla et al. (US 20190349357 A1) in view of Sgobba (US 20220345518 A1) in further view of Ziemer (US 20220012426 A1).

	As per claim 3, Shukla, and Sgobba teach all the limitations as discussed in claim 2 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity.”
	On the other hand, in the same field of endeavor, Ziemer teaches wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity (Ziemer, figs. 17-19, par. [0220], “The only Transformation is to change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255).” Wherein the change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255) is interpreted as the modification to a datatype of a field of an entity in the set of entities. Further, par. [0239], “Transformation Rules 1950 specify the scope of elements of the ontology and their designated data model object. The user can specify Object Naming Rules 1960 to support naming standards.” Where the Transformation Rules are interpreted as the addition of a transformation rule to the entity).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ziemer that teaches systems for transforming metadata into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to develop software using conceptualization of all topics related to a specific problem, and transforms models into program code (Ziemer par. [0002]). 

As per claim 4, Shukla, and Sgobba teach all the limitations as discussed in claim 3 above.  
	Additionally, Ziemer teaches wherein the program further comprises sets of instructions for: applying the transformation rule to a first record of an instance of the entity in order (Ziemer, fig. 20, par. [0240]-[0244], the transformation process which includes the transformation rule starts with CODT Extraction 2005 and Ontology Platform 2010, represent internal and external tasks, stores, and data objects. Where the CODT Extraction is interpreted as the first record of the instance of the entity in order); 
	generating a second record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Wherein the Create Import Files is interpreted to includes the second record of the instance of the entity); and 
storing in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Where the Import Files 2235 is the Ontology MDS is interpreted as the storing in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity).

	As per claim 10, Shukla, and Sgobba teach all the limitations as discussed in claim 9 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity.”
	On the other hand, in the same field of endeavor, Ziemer teaches wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity (Ziemer, figs. 17-19, par. [0220], “The only Transformation is to change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255).” Wherein the change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255) is interpreted as the modification to a datatype of a field of an entity in the set of entities. Further, par. [0239], “Transformation Rules 1950 specify the scope of elements of the ontology and their designated data model object. The user can specify Object Naming Rules 1960 to support naming standards.” Where the Transformation Rules are interpreted as the addition of a transformation rule to the entity).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ziemer that teaches systems for transforming metadata into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to develop software using conceptualization of all topics related to a specific problem, and transforms models into program code (Ziemer par. [0002]). 

As per claim 11, Shukla, and Sgobba teach all the limitations as discussed in claim 10 above.  
	Additionally, Ziemer teaches applying the transformation rule to a first record of an instance of the entity in order (Ziemer, fig. 20, par. [0240]-[0244], the transformation process which includes the transformation rule starts with CODT Extraction 2005 and Ontology Platform 2010, represent internal and external tasks, stores, and data objects. Where the CODT Extraction is interpreted as the first record of the instance of the entity in order); 
	generating a second record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Wherein the Create Import Files is interpreted to includes the second record of the instance of the entity); and 
storing in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Where the Import Files 2235 is the Ontology MDS is interpreted as the storing in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity).

	As per claim 16, Shukla, and Sgobba teach all the limitations as discussed in claim 15 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity.”
	On the other hand, in the same field of endeavor, Ziemer teaches wherein the set of changes includes a modification to a datatype of a field of an entity in the set of entities and an addition of a transformation rule to the entity (Ziemer, figs. 17-19, par. [0220], “The only Transformation is to change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255).” Wherein the change the generic Data_Type “Variable characters” to PowerDesigner “Variable Characters (255) is interpreted as the modification to a datatype of a field of an entity in the set of entities. Further, par. [0239], “Transformation Rules 1950 specify the scope of elements of the ontology and their designated data model object. The user can specify Object Naming Rules 1960 to support naming standards.” Where the Transformation Rules are interpreted as the addition of a transformation rule to the entity).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ziemer that teaches systems for transforming metadata into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to develop software using conceptualization of all topics related to a specific problem, and transforms models into program code (Ziemer par. [0002]). 

As per claim 17, Shukla, and Sgobba teach all the limitations as discussed in claim 16 above.  
	Additionally, Ziemer teaches wherein the instructions further cause the at least one processing unit to: apply the transformation rule to a first record of an instance of the entity in order (Ziemer, fig. 20, par. [0240]-[0244], the transformation process which includes the transformation rule starts with CODT Extraction 2005 and Ontology Platform 2010, represent internal and external tasks, stores, and data objects. Where the CODT Extraction is interpreted as the first record of the instance of the entity in order); 
	generate a second record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Wherein the Create Import Files is interpreted to includes the second record of the instance of the entity); and 
store in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity (Ziemer, fig. 22, par. [0248], “the gateway 2125 invokes Create Import Files 2230. For PowerDesigner, the Import Files 2235 is the Ontology MDS; for other tools, the task creates CSV files.” Where the Import Files 2235 is the Ontology MDS is interpreted as the storing in the second record of the instance of the entity results generated from applying the transformation rules to the first record of the instance of the entity).

7.	Claims 5-6, 12-13, and 18-19 are rejected under 35 U.S.C. § 103 as being unpatentable over Shukla et al. (US 20190349357 A1) in view of Sgobba (US 20220345518 A1) in further view of Schaffer (US 20170068718 A1).

	As per claim 5, Shukla, and Sgobba teach all the limitations as discussed in claim 2 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity.”
	On the other hand, in the same field of endeavor, Schaffer teaches wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity (Schaffer, fig. 3B, par. [0059], [0067], “determined that there is no conflict in act 326, the identified data location is updated in act 328 by writing the data value in the modified data field in the first database, into the other database” Wherein a first data field value is interpreted to be compare to determine conflict of data. When there is conflict the first data field value is replace by a second field of data value. Further, par. [0063], “validity rules may be defined by a data dictionary and an agent may determine whether one or more actions to enforce validity rules should be initiated based on the data dictionary and an indication of which data value has been modified.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Schaffer that teaches translate request into at least one first operation on the first database and at least one second operation on the external database into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to improve access to records of a database system (Schaffer par. [0032]). 

As per claim 6, Shukla, and Sgobba teach all the limitations as discussed in claim 1 above.  
Additionally, Schaffer teaches wherein storing the metadata model definition in the set of records comprises storing each entity definition in the set of entity definitions in a record in the set of records (Schaffer, fig. 1B, par. [0037], “Relational database 112 may include an appointments table that includes data fields corresponding to the appointments data stored in non-relational database 122 but also includes a phone number data field.” Wherein the appointments table is interpreted to record in the set of records).

	As per claim 12, Shukla, and Sgobba teach all the limitations as discussed in claim 9 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity.”
	On the other hand, in the same field of endeavor, Schaffer teaches wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity (Schaffer, fig. 3B, par. [0059], [0067], “determined that there is no conflict in act 326, the identified data location is updated in act 328 by writing the data value in the modified data field in the first database, into the other database” Wherein a first data field value is interpreted to be compare to determine conflict of data. When there is conflict the first data field value is replace by a second field of data value. Further, par. [0063], “validity rules may be defined by a data dictionary and an agent may determine whether one or more actions to enforce validity rules should be initiated based on the data dictionary and an indication of which data value has been modified.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Schaffer that teaches translate request into at least one first operation on the first database and at least one second operation on the external database into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to improve access to records of a database system (Schaffer par. [0032]). 

As per claim 13, Shukla, and Sgobba teach all the limitations as discussed in claim 8 above.  
Additionally, Schaffer teaches wherein storing the metadata model definition in the set of records comprises storing each entity definition in the set of entity definitions in a record in the set of records (Schaffer, fig. 1B, par. [0037], “Relational database 112 may include an appointments table that includes data fields corresponding to the appointments data stored in non-relational database 122 but also includes a phone number data field.” Wherein the appointments table is interpreted to record in the set of records).

	As per claim 18, Shukla, and Sgobba teach all the limitations as discussed in claim 15 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity.”
	On the other hand, in the same field of endeavor, Schaffer teaches wherein the set of changes includes a replacement of a first field of an entity with a second field and an addition of a validity rule to the entity (Schaffer, fig. 3B, par. [0059], [0067], “determined that there is no conflict in act 326, the identified data location is updated in act 328 by writing the data value in the modified data field in the first database, into the other database” Wherein a first data field value is interpreted to be compare to determine conflict of data. When there is conflict the first data field value is replace by a second field of data value. Further, par. [0063], “validity rules may be defined by a data dictionary and an agent may determine whether one or more actions to enforce validity rules should be initiated based on the data dictionary and an indication of which data value has been modified.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Schaffer that teaches translate request into at least one first operation on the first database and at least one second operation on the external database into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would be to improve access to records of a database system (Schaffer par. [0032]). 

As per claim 19, Shukla, and Sgobba teach all the limitations as discussed in claim 15 above.  
	Additionally, Schaffer teaches wherein storing the metadata model definition in the first set of records comprises storing each entity definition in the set of entity definitions in a record in the first set of records (Schaffer, fig. 1B, par. [0037], “Relational database 112 may include an appointments table that includes data fields corresponding to the appointments data stored in non-relational database 122 but also includes a phone number data field.” Wherein the appointments table is interpreted to record in the set of records).  

8.	Claims 7, 14, and 20 are rejected under 35 U.S.C. § 103 as being unpatentable over Shukla et al. (US 20190349357 A1) in view of Sgobba (US 20220345518 A1) in further view of Thambundit (US 20200244467 A1).

	As per claim 7, Shukla, and Sgobba teach all the limitations as discussed in claim 1 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities.”
	On the other hand, in the same field of endeavor, Thambundit teaches wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities (Thambundit, fig. 1, par. [0030], “generates master private key 125 by randomly selecting a value from a defined set.” Wherein the randomly selecting the value from the defined set is interpreted as the randomly determining a value for each entity in the set of entities).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Thambundit that teaches authenticating communications into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would allow applications to authenticate communications without having to maintain thousands of keys for all the users hosted by an application (Thambundit par. [0018]). 

	As per claim 14, Shukla, and Sgobba teach all the limitations as discussed in claim 8 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities.”
	On the other hand, in the same field of endeavor, Thambundit teaches wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities (Thambundit, fig. 1, par. [0030], “generates master private key 125 by randomly selecting a value from a defined set.” Wherein the randomly selecting the value from the defined set is interpreted as the randomly determining a value for each entity in the set of entities). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Thambundit that teaches authenticating communications into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would allow applications to authenticate communications without having to maintain thousands of keys for all the users hosted by an application (Thambundit par. [0018]). 

	As per claim 20, Shukla, and Sgobba teach all the limitations as discussed in claim 15 above.  
However, it is noted that the prior art of Shukla, and Sgobba do not explicitly teach “wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities”
	On the other hand, in the same field of endeavor, Thambundit teaches wherein determining the set of technical keys for the set of entities comprises randomly determining a value for each entity in the set of entities (Thambundit, fig. 1, par. [0030], “generates master private key 125 by randomly selecting a value from a defined set.” Wherein the randomly selecting the value from the defined set is interpreted as the randomly determining a value for each entity in the set of entities).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Thambundit that teaches authenticating communications into the combination of Shukla that teaches a cloud-based solution for identity management, authentication, policy management, and policy enforcement for applications and containers, and Sgobba that teaches deploying an application in an environment comprising an on-premises system and off-premises system. Additionally, this permitting a user to access a computing device based on login credentials.
The motivation for doing so would allow applications to authenticate communications without having to maintain thousands of keys for all the users hosted by an application (Thambundit par. [0018]). 

Prior Art of Record
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Hannuksela et al. (US 20220109861 A1), teaches versatile video coding, and more particularly, to a coded picture with mixed VCL NAL unit type.
	Kehoe et al. (US 20120095973 A1), teaches a common type-based data abstraction layer when building data integration applications.
	Church et al. (US 20070214184 A1), teaches management of dependencies between physical and logical elements in an application set.
	Said et al. (US 20070214184 A1), teaches a distributed enterprise development environment involves tens, hundreds, or thousands of developers each working on different portions of the same, or related, applications.
	A reference to specific paragraphs, columns, pages, or figures in a cited prior art reference is not limited to preferred embodiments or any specific examples. It is well settled that a prior art reference, in its entirety, must be considered for all that it expressly teaches and fairly suggests to one having ordinary skill in the art. Stated differently, a prior art disclosure reading on a limitation of Applicant's claim cannot be ignored on the ground that other embodiments disclosed were instead cited. Therefore, the Examiner's citation to a specific portion of a single prior art reference is not intended to exclusively dictate, but rather, to demonstrate an exemplary disclosure commensurate with the specific limitations being addressed. In re Heck, 699 F.2d 1331, 1332-33,216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006,1009, 158 USPQ 275, 277 (CCPA 1968)). In re: Upsher-Smith Labs. v. Pamlab, LLC, 412 F.3d 1319, 1323, 75 USPQ2d 1213, 1215 (Fed. Cir. 2005); In re Fritch, 972 F.2d 1260, 1264, 23 USPQ2d 1780, 1782 (Fed. Cir. 1992); Merck & Co. v. Biocraft Labs., Inc., 874 F.2d 804, 807, 10 USPQ2d 1843, 1846 (Fed. Cir. 1989); In re Fracalossi, 681 F.2d 792,794 n.1,215 USPQ 569, 570 n.1 (CCPA 1982); In re Lamberti, 545 F.2d 747, 750, 192 USPQ 278, 280 (CCPA 1976); In re Bozek, 416 F.2d 1385, 1390, 163 USPQ 545, 549 (CCPA 1969).

Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTONIO CAIA DO whose telephone number is (469)295-9251.  The examiner can normally be reached on Monday - Friday / 06:30 to 16:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Trujillo, James can be reached on (571) 272-3677.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANTONIO J CAIA DO/
Examiner, Art Unit 2157

/James Trujillo/Supervisory Patent Examiner, Art Unit 2157