DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 02/22/2021.
Status of claims in the instant application:
Claims 1, 3-7, 9-13, 16-19, 27-28, 30 and 32-33 are pending.
Claims 1, 7, 13 and 19 have been amended.
Claims 2, 8, 14-15, 20-26, 29 and 31 have been canceled.
No new claim has been added.
Information Disclosure Statement
Information Disclosure Statements (IDS) filed on 02/22/2021 have been considered, and a signed copies of the IDS forms have been attached to this office action.
EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Ted Rittmaster (Attorney, Reg. No. 32,933) on 03/03/2021. These Examiner’s amendments are subsequent to entering the claims filed by the Applicant on 02/22/2021.
---------------------------------- Start of Examiner’s Amendment -----------------------------------
The claims of the application are amended as follows:
Claim 1. (Currently Amended) A method for implementing ad hoc groups in a policy hierarchy environment, the method comprising: 
receiving a key orchestration operation request, the key orchestration operation request being a request to perform a key orchestration operation based on one or more 
applying, to the request, based on a policy hierarchy, a combination of policies, wherein the policy hierarchy is a sequence of policies, the sequence of policies applied based on a creation time of the combination of policies, wherein the combination of policies comprises two or more of 
a sum of policies based on the policy hierarchy defined for the node, 
a sum of policies based on the policy hierarchy defined for the group, 
a sum of policies based on the policy hierarchy defined for the client, or 
a sum of policies based on the policy hierarchy defined for the user; 
evaluating the key orchestration operation request based on each policy of the combination of policies, comprising evaluating whether the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure based on the combination of policies; and
executing the key orchestration operation in response to a determination that the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure, the key on a communication network, where the one or more encryption objects are used  in encrypting data.
Claim 2. (Canceled)
Claim 3. (Previously Presented) The method of claim 1, further comprising in response to the key orchestration operation request failing the evaluating based on the combination of policies, invalidating the key orchestration operation.  
Claim 4. (Previously Presented) The method of claim 1, wherein the sum of policies defined for the group is applied after the sum of policies defined for the node is applied.
Claim 5. (Previously Presented) The method of claim 4, wherein the sum of policies defined for the client is applied after the sum of policies defined for the node is applied.
Claim 6. (Previously Presented) The method of claim 4, wherein the sum of policies defined for the user is applied after the sum of policies defined for the node is applied. 
Claim 7. (Currently Amended) A non-transitory computer-readable medium comprising computer-readable instructions such that, when executed, causes a processor to:
receive a key orchestration operation request, the key orchestration operation request being a request to perform a key orchestration operation based on one or more cryptographic attributes of one or more encryption objects, the one or more encryption objects used to encrypt data, the key orchestration operation being at least one of 
apply, to the request, based on a policy hierarchy, a combination of policies, wherein the policy hierarchy is a sequence of policies, the sequence of policies applied based on a creation time of the combination of policies, wherein the combination of policies comprises two or more of 
a sum of policies based on the policy hierarchy defined for the node, 
a sum of policies based on the policy hierarchy defined for the group, 
a sum of policies based on the policy hierarchy defined for the client, or 
a sum of policies based on the policy hierarchy defined for the user; 
evaluate the key orchestration operation request based on each policy of the combination of policies, comprising evaluating whether the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure based on the combination of policies; and
execute the key orchestration operation in response to a determination that the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure, the key orchestration operation including transmitting the one or more encryption objects on a communication network, where the one or more encryption objects are used  in encrypting data.  
Claim 8. (Canceled) 
Claim 9. (Previously Presented) The non-transitory computer-readable medium of claim 7, wherein the computer-readable instructions, when executed, further cause the processor to, in response to the key orchestration operation request failing the evaluating based on the combination of policies, invalidating the key orchestration operation.  
Claim 10. (Previously Presented) The non-transitory computer-readable medium of claim 7, wherein the sum of policies defined for the group is applied after the sum of policies defined for the node is applied.
Claim 11. (Previously Presented) The non-transitory computer-readable medium of claim 10, wherein the sum of policies defined for the client is applied after the sum of policies defined for the node is applied.
Claim 12. (Previously Presented) The non-transitory computer-readable medium of claim 11, wherein the sum of policies defined for the user is applied after the sum of policies defined for the node is applied. 
Claim 13. (Currently Amended) A system for implementing ad hoc groups in a policy hierarchy environment, the system comprising:
a memory; and
a processor configured to:
receive a key orchestration operation request, the key orchestration operation request being a request to perform a key orchestration operation based on one or more 
apply, to the request, based on a policy hierarchy, a combination of policies, wherein the policy hierarchy is a sequence of policies, the sequence of policies applied based on a creation time of the combination of policies, wherein the combination of policies comprises two or more of a sum of policies based on the policy hierarchy defined for the node, 
a sum of policies based on the policy hierarchy defined for the group, 
a sum of policies based on the policy hierarchy defined for the client, or 
a sum of policies based on the policy hierarchy defined for the user; 
evaluate the key orchestration operation request based on each policy of the combination of policies, comprising evaluating whether the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure based on the combination of policies; and
execute the key orchestration operation in response to a determination that the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure, the key on a communication network, where the one or more encryption objects are used  in encrypting data.  
Claim 14-15. (Canceled) 
Claim 16. (Previously Presented) The system of claim 13, wherein the sum of policies defined for the group is applied after the sum of policies defined for the node is applied.
Claim 17. (Previously Presented) The system of claim 16, wherein the sum of policies defined for the client is applied after the sum of policies defined for the node is applied.
Claim 18. (Previously Presented) The system of claim 17, wherein the sum of policies defined for the user is applied after the sum of defined for with the node is applied.
Claim 19. (Currently Amended) A system for implementing ad hoc groups in a policy hierarchy environment, the system comprising: 
means for receiving a key orchestration operation request, the key orchestration operation request being a request to perform a key orchestration operation based on one or more cryptographic attributes of one or more encryption objects, the one or more encryption objects used to encrypt data, the key orchestration operation being at least one of managing one or more uses of encryption, distributing one or more encryption objects, coordinating one or more encryption objects among a plurality of applied key orchestration platforms, the key orchestration operation request received at a client 
means for applying, to the request, based on a policy hierarchy, a combination of policies, wherein the policy hierarchy is a sequence of policies, the sequence of policies applied based on a creation time of the combination of policies, wherein the combination of policies comprises two or more of a sum of policies based on the policy hierarchy defined for the node, 
a sum of policies based on the policy hierarchy defined for the group, 
a sum of policies based on the policy hierarchy defined for the client, or 
a sum of policies based on the policy hierarchy defined for the user; 
means for evaluating the key orchestration operation request based on each policy of the combination of policies, comprising evaluating whether the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure based on the combination of policies; and
means for executing the key orchestration operation in response to a determination that the one or more cryptographic attributes of the one or more encryption objects associated with the key orchestration operation request are cryptographically secure, the key orchestration operation including transmitting the one or more encryption objects on a communication network, where the one or more encryption objects are used  in encrypting data.  
Claim 20-26. (Canceled)	
Claim 27. (Previously Presented) The method of claim 1, wherein evaluating the key orchestration operation request based on each policy of the combination of policies in the policy hierarchy comprises: 
evaluating the key orchestration operation request based on one of the sum of policies based on the policy hierarchy defined for the node, the sum of policies based on the policy hierarchy defined for the group, the sum of policies based on the policy hierarchy defined for the client, or the sum of policies based on the policy hierarchy defined for the user, the evaluation determining whether the key orchestration operation request is cryptographically secure; and
evaluating the key orchestration operation request based on another one of the sum of policies based on the policy hierarchy defined for the node, the sum of policies based on the policy hierarchy defined for the group, the sum of policies based on the policy hierarchy defined for the client, or the sum of policies based on the policy hierarchy defined for the user, the evaluation determining whether the key orchestration operation request is cryptographically secure.
Claim 28. (Previously Presented) The method of claim 1, wherein evaluating the key orchestration operation request based on each policy of the combination of policies in the policy hierarchy comprises evaluating the sum of policies based on the policy hierarchy defined for the node, the sum of policies based on the policy hierarchy defined for the group, the sum of policies based on the policy hierarchy defined for the client, and the sum of policies based on the policy hierarchy defined for the user based on a sequence, the evaluation determining whether the key orchestration operation request is cryptographically secure.
Claim 29. (Canceled) 
Claim 30. (Previously Presented) The method of claim 1, wherein the group comprises at least one node of the policy hierarchy and a component outside of the policy hierarchy.
Claim 31. (Canceled)
Claim 32. (Previously Presented) The method of claim 1, wherein the one or more cryptographic attributes comprise a size of each of the one or more encryption objects.
Claim 33. (Previously Presented) The method of claim 1, wherein the one or more cryptographic attributes comprises a time at which each of the one or more encryption objects is generated.
---------------------------------------- End Examiner’s Amendment ----------------------------------
Response to Arguments
Applicant’s remarks/arguments filed on 02/22/2021 have been fully considered. Therefore, the Applicant is directed to the response below.
Applicant’s arguments, see page [10] of the remarks filed, regarding rejection of claims under 35 USC 101 have been considered in view of the claim amendments filed on 02/22/2021 and further in view of the Examiner’s amendment noted previously, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see page [10-11] of the remarks filed, regarding rejection of claims under 35 USC 112 have been considered in view of the claim amendments filed on 02/22/2021 and they are persuasive. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1, 3-7, 9-13, 16-19, 27-28, 30 and 32-33 are allowed, but they are renumbered as claims 1-20.
The following is an examiner’s statement of reasons for allowance: the following prior arts were yielded during the examination of applicant’s amended set of claims filed in response to office action mailed on 12/21/2020 and that was later amended in the Examiner’s amendment as noted previously. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
US-PGPUB 20150271158 A1 (Ronca): Ronca discloses a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
The disclosure of Ronca relates generally to managing trust relationships between computer systems and, in an example embodiment, a system that restricts the applicability of cryptographic key material in an authentication context by a rule set.
US-PGPUB 20150086020 A1 (Harjula et al.): Harjula discloses a centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into key sets and trust sets. Policies may apply at any level within the key store. Policies and associated keys may be grouped and organized to manage groups of keys according to common policies and to present complex relationships to a user. Lower level keys may inherit policy properties from higher levels. Higher levels may be locked to preclude changes at lower levels. Policies may include a variety of properties/fields to facilitate key management. Policies may determine what actions are taken with respect to a key or group of keys.
This disclosure relates to discovery and management of keys used with secure protocols and systems. More particularly, the disclosure relates to discovery and management of keys and trust relationships in environments employing Secure Shell (SSH), Secure File Transfer Protocol (SFTP), Secure Copy (SCP) and other related protocols used in a variety of environments that may include such systems as Unix, Linux, and similar operating systems on both server and client computers, and on computer appliances including routers, switches, and firewalls.
US-PGPUB 20160277187 A1 (Nabeel): Nabeel discloses methods of providing policy based access to master keys, enabling keys to be distributed to groups of users in a secure manner while minimizing disruptions to the user in the event of changes to group membership or changes to user attributes. User attributes are identified. Policies are rewritten in terms of user attributes. New unique user attribute keys are generated 
US-PGPUB 20160182470 A1 (Rubin et al.): Rubin discloses that a cryptography service allows for management of cryptographic keys and for the evaluation of security expectations when processing incoming requests. In some contexts, the cryptography service, upon receiving a request to perform a cryptographic operation, evaluates a set of security expectations to determine whether the cryptographic key or keys usable to perform the cryptographic operation should be trusted. A response to the request is dependent on evaluation of the security expectations.
US PAT. 8213620 B1 (Sussland et al): Sussland discloses a method for distributing encryption keys stored by a centralized key manager, operationally coupled to a first encryption device and the second encryption device is provided. The first encryption device and the second encryption device may request the CKM to provide the stored encryption keys in different formats and each encryption device may use a different encryption format to encrypt information. If the encryption devices are authorized to receive the stored encryption keys, then the CKM prepares the requested keys in different formats and provides them to the encryption devices.
15.	None of the prior arts of record, alone or in combination, discloses all the limitations of the amended independents claims 1, 7, 13 and 19. Therefore, the .
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
/MAHABUB S AHMED/Examiner, Art Unit 2434

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434