DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Appeal Brief filed on 12/20/2020 to application 15/201,325.

Reopened Prosecution
In view of the appeal brief filed on September 19, 2014, PROSECUTION IS HEREBY REOPENED. A new rejection of the claims is set forth below.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:

/LUU T PHAM/
Supervisory Patent Examiner, Art Unit 2439


As per instant Amendment, Claims 1, 9, and 17 are independent claims.  Claims 1-21 have been examined and are pending. This Action is made Non-FINAL. 


Response to Arguments

Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 12/20/2020, with respect to the rejections of claims 1-21 have been fully considered but are moot because new references are cited in rejecting the independent claims.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing 
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 

Claims 1, 3-6, 9, 11-14, 16, 17, and 19-21 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Chakra (US20100313239), filed June 9, 2009, in view of  Chua (US9038151), filed March 15, 2013, and Drumm (US6643683), filed May 8, 2000.
Regarding claim 1, Chakra discloses a method, comprising (Chakra, paragraph 0081, “A data processing system suitable for storing and/or executing program code [i.e., method] include at least one processor coupled directly or indirectly to memory elements through a system bus.  The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution”);
receiving, from a client device by a policy system, a request to access data, the request comprising user credentials (Chakra, paragraph 0024, “In response to making this determination, the authorized user [i.e., client device] may initiate a user interface action associated with a device that stores or renders the content to request an adjustment of an amount of content associated with a redacted portion of content.  In response to receiving the request via the user interface action, a determination of an access privilege level of the person associated with the request may be made to determine whether the person is authorized to issue the request to adjust the redacted amount of content.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”; paragraph 0064, “Monitoring the rendered location may also include monitoring for additional login requests [i.e., login requests encompasses user credentials] from users associated with a device proximate to the rendered location.  Many other examples of monitoring a rendered content location exist and all are considered within the scope of the present subject matter.”);
and, whether the request is to be denied, to be allowed with obligations that define conditions for access to a limited portion of the data requested by the client device (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content [i.e., limited portion of the data requested by the client device] may be protected distinctly [i.e., to be denied and allowed with obligations encompasses protected distinctly] from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., conditions for access].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”); 
 or to be allowed without obligations (Chakra, paragraph 0023, “Access to content may be granted [i.e., without obligations] or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”);
based at least on a determination that the request is to be denied (Chakra, paragraph 0017, “For either individual or multiple person content access situations, access control may be provided to prevent unauthorized viewing, copying, pasting to a clipboard, printing, or other rendering of content [i.e., request is to be denied] that has a higher access requirement than the person(s), device(s), or location(s) associated with the content access situation.”);
based at least on a determination that the request is to be allowed with obligations (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content may be protected distinctly from other identifiable portions of content [i.e., obligations].  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach.  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications”; “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”);
providing, by the policy decision point, authorizing the node to allow the client device to access requested data specified without obligation (Chakra, paragraph 0030, “FIG. 2 is a block diagram of an example of an implementation of a core processing module 200 suitable for use in association with a computing device, such as the computing device 102, or the computing device_1 106 through the computing device_N 108 [i.e., policy decision point encompasses at least one of the computing devices], to perform automated access control [i.e., authorizing and allow the client device to access requested data specified without obligation] for rendered output based upon access privilege requirements for content and an access privilege level of at least one of a person, a device [i.e., client device], and/or a location associated with a content rendering action.  It will be assumed that the computing device 102 represents a device that stores renderable content that is subject to access controls and that processes content rendering actions, such as requests for renderable content from any of the computing device_1 106 through the computing device_N 108.  It is understood that complementary actions to those described above may be performed by a core processing module 200 [i.e., policy decision point] associated with any of the computing device [i.e., node]_1 106 through the computing device_N 108 to respond to access controls implemented by the core processing module 200 [i.e., policy decision point]  of the computing device 102.”).

However, in an analogous art, Chua discloses according to (i) one or more data access policies and (ii) the user credentials (Chua, column 31, lines 1-13, “However, rather than using this 802.1X session to enforce policies, SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.  Thus, initially, SDN controller 112 may begin an authentication session with a client device (390), e.g., client device 102.  During the authentication session, SDN controller 112 may receive authentication credentials from client device 102 (392).”);
the request comprising user credentials, the node being separate from the policy system (Chua, col. 31, lines 1-13, “In another example, a computer-readable storage medium has stored thereon instructions that, when executed, cause a processor of a controller device for a software defined network (SDN) to receive credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol, determine one or more policies that are applicable to the client device based on the received credentials [i.e., policy system], and program network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the client device.”; col. 20, lines 18-26, “One of web clients 202 may request data from a web server, which may be internal to or external to system 200.  Web proxy 212 may be configured to act as a proxy device to the web server.  That is, SDN controller 218 may program switch 210 to direct network traffic destined for the web server to web proxy 212 via connection 222, instead.  Web proxy 212 may then act on behalf of the web server, e.g., by caching resources stored by the web server and responding to requests for the resources on behalf of the web server.”; col. 4, lines 33-43, “In another example, a method includes receiving, by a controller device for a software defined network (SDN), credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol, determining, by the controller device, one or more policies that are applicable to the client device based on the received credentials, and programming, by the controller device, network devices  [i.e., node being separate from the policy system] of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the client device.”);
determining, by a policy decision point of the policy system (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”);
in response to results of the determining, perform, by the policy system, actions including (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a first set of packet flows that can be trusted and a second set of packet flows that are not trusted.  Then, SDN controller 112 may determine a first set of one or more paths [i.e., action] for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., another action] for the second set of packet flows that direct the second set of packet flows through the security device (based on the determination that the second set of packet flows are not trusted).”); column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”);
(Chua, column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access [i.e., requesting data] that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”; column 10, lines 4-16, “To identify a user and device prior to applying the appropriate policy, standards-based techniques can be used.  Therefore, in accordance with these techniques, these stacks may be moved onto a central application/control platform, so that the authentication function can be appropriately performed on the central platform.  The central platform may be a controller, such as SDN controller 112 [i.e., policy system], or simply an application that has a southbound OpenFlow or other SDN interface.”);
based at least on a determination that the request is to be allowed without obligations (Chua, column 7, lines 28-54, “That is, SDN controller 112 may program network devices of SDN 106 to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow--explicitly allow a certain network flow to proceed to its destination Block--explicitly block a certain flow from traversing SDN 106 Mirror--allow the traffic, but send a copy of the traffic for deeper inspection or recording to, e.g., one of service devices 116 Redirect--redirect the traffic to another network device (such as a honeypot device or other device of service devices 116) for either inspection or to keep a potential hacker `busy` to determine if there is a real security threat [i.e., request without obligations may be allowed encompasses inspection or to keep a potential hacker `busy` to determine if there is a real security threat].  Transform--modify or translate values of headers of packets in the network flow Encapsulate--encapsulate packets in the network flow with a particular header”);
redirecting, by the policy system, the request to a short circuit handler executing on the name node of the distributed file system, the short circuit handler configured to determine whether to perform security check actions on the request based on a sender of the request, wherein redirecting the request comprises either (i) instructing the client device to re-submit the request to the short circuit handler executing on the name node rather than to the policy system (Chua, column 31, lines 30-47, “SDN controller 112 [i.e., policy subsystem] may then program network devices [i.e., short circuit handler] of the SDN to enforce the policies (400).  For example, SDN controller 112 may program the network devices to direct packet flows including client device 102 along various paths, depending on the applicable policies for the packet flows.” [i.e., re-submit the request encompasses program the network devices to direct packet flows including client device 102 along various paths] )
 or (ii) forwarding the request on behalf of the client device to the short circuit handler (Chua, column 25, line 66, through column 26, line 14, “As another example, when a client device is not trusted, SDN controller 112 may construct a path through the SDN that directs packets associated with the untrusted client device along a path designated for "untrusted" network traffic.” [i.e., forwarding the request on behalf of the device to the short circuit handler encompasses the SDN directing “untrusted” network traffic along a path]; col. 7, lines 28-50, “SDN controller 112 [i.e. policy system] may receive data as input from service devices 116Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows.  That is, SDN controller 112 may program network devices of SDN 106 [i.e., short circuit handler] to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow”);
providing, by the policy decision point, a verification to the short circuit handler, the verification verifying that the redirected request requires no obligations (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a second set of packet flows that are not trusted [i.e., request requires no obligations encompasses packet flows that are determined not to be trusted].  Then, SDN controller 112 may determine a first set of one or more paths  for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., redirected] for the second set of packet flows that direct the second set of packet flows through the security device [i.e., short circuit handler] (based on the determination that the second set of packet flows are not trusted).”) [i.e. verification to the short circuit handler encompasses the second set of packet flows as untrusted]);
and authorizing the node to allow the client device to access requested data specified in the redirected request without obligation (Chua 151, col. 7, lines 28-50, “SDN controller 112 may receive data as input from service devices 116.  For example, SDN controller 112 may be configured to receive data from an intrusion detection system (IDS) device, a Denial of Service (DoS) device, a Distributed Denial of Service (DDoS) device, an intrusion prevention system (IPS) device, or the like [i.e., these detection devices can flag requested data as needing further inspection].  Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows.  That is, SDN controller 112 may program network devices of SDN 106 to perform programmed actions [i.e., authorizing the node] on packets of a packet flow based on this data.  Such programmed actions may include: Allow [i.e., allow the client device to access requested data specified in the redirected request without obligation]”; col. 25, lines 32-42, “In the example of FIG. 5, SDN controller 112 determines zones for packet flows through the network devices forming the SDN (304).  The zones generally correspond to packet flows, that is, paths through the SDN followed by particular packets.  SDN controller 112 may store data defining the zones in the data model discussed above.  The data defining the zones may specify entities (e.g., users, devices, or the like) that have access to each zone [i.e., authorizing the node to allow the client device to access requested data]. Thus, SDN controller 112 may program network devices of the SDN such that entities that are not authorized to access a particular zone are prevented from accessing the zone.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chua with the system/method of Chakra to include comprising a name node and one or more data nodes, the request comprising user credentials, the name node being separate from the policy system; determining, by a policy decision point of the policy system; in response to results of the determining, perform, by the policy system, actions including: requesting data from the distributed file system by the policy system; and based at least on a determination that the request is to be allowed without obligations: redirecting, by the policy system, the request to a short circuit handler executing on the name node of the distributed file system, the short circuit handler configured to determine whether to perform security check actions 

One would have been motivated to provide users with the benefits of directing network traffic along one or more paths (Chua, column 1, lines 56-63).
Chakra and Chua disclose receiving, from a client device by a policy system, a request to access data, comprising a name node and one or more nodes, the request comprising user credentials, the node being separate from the policy system; the node, the request comprising user credentials, requesting data by the policy system, but  do not explicitly disclose receiving, from a client device by a policy system, a request to access data stored on a distributed file system; notifying the client device of request denial by the policy system; the name node on the distribution file system; requesting data from the distributed file system by the policy system.
However, in an analogous art, Drumm discloses receiving, from a client device by a policy system, a request to access data stored on a distributed file system comprising a name node and one or more data nodes; the name node on the distribution file system; requesting data from the distributed file system by the policy system (Drumm, column 9, line 63, through column 10, line 9, “Once a command is received, control passes to block 188 to verify the security handshake provided in the command sent by the web server.  Any number of conventional handshaking mechanisms may be utilized to ensure authorized access to the timing data generated by the timing analysis engine.  For example, a security handshake such as common access by both the web server and application server to a common key file on a secure distributed file system such as AFS (Andrew File System), DFS (Distributed File System) [i.e., name node and data nodes on the distribution file system] or NFS (Network File System) may be used in the illustrated embodiment.  Note that the client typically does not need access to the key file.  The web server through normal configuration may request authentication from a client to allow access to secure files from the file system.”);
notifying the client device of request denial by the policy system (Drumm, column 8, lines 59-65, “Next, block 146 determines whether the client is authorized to access the requested timing data.  If not, control passes to block 148 to prepare an access denied page that indicates to the user that the client computer is not authorized to access the requested data [i.e., policy system encompasses determination of authorization to access and preparing denied page].  Control then passes to block 150 to serve the prepared page to the client and thereby notify the client of the denial of access.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Drumm with the system/method of Chakra and Chua to include receiving, from a client device by a policy system, a request to access data stored on a distributed file system; notifying the client device of request denial by the policy system.

 (Drumm: col. 8, lines 59-65).
Regarding claim 3, Chakra, Chua, and Drumm discloses the method of claim 1.  Chakra and Chua discloses wherein the obligations are defined by a setting in the one or more data access policies, the setting specifying that at least a portion of the data to be accessed is to be redacted (Chakra, paragraph 0016, “For multiple person access situations, access may be controlled based upon the persons that are present or as a global setting for a given location.  Rendering may be configured for a given application, for all applications associated with a device, for main display devices, for remote display devices, and for clipboard copy and printing operations.  Automated access controls for rendered output may be configured in advance or at the start of a meeting to allow flexibility based upon changes from planned to actual attendance.  Access controls may be configured to automatically start at the beginning of meetings.”; paragraph 0019, “a web log (e.g., blog) application may pass security settings to a rendering device for protection of portions of displayed blog content [i.e., the setting specifying at least a portion of the data to be accessed is to be redacted].”; paragraph 0018, “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”)   (Chua, column 10, lines 53-58, “As yet another possible extension, the central control platform for mobile devices can look up user and/or device location information via various device location services, such as source IP address, GPS information, DNS, or other location based services, to extend the policy enforcement to specific locations.  The central controller could also use time, day, and/or date as an element in decision making.  Thus, a central policy server controller may apply fine grained policies based on user, device, application, time, and/or location information, and apply these policies on L2 network devices, such as switches (e.g., network device 108 and network device 110).”) .  The motivation is the same as that of the claim from which this claim depends.
Regarding claim 4, Chakra, Chua, and Drumm discloses the method of claim 1.  Chakra discloses comprising, based at least on a determination that the request is to be allowed with obligations, redacting data retrieved from the distributed file system, wherein the redacting comprises at least one of filtering, masking or encrypting at least a portion of the retrieved data according to the setting (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content may be protected distinctly from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., with obligations and according to setting].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications”; “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”; paragraph 0020, “In either instant messaging or email communications, the content may be automatically further redacted or blocked [i.e., masked]} if the instant message or email is forwarded by the receiver or if the receiver attempts to forward the content to another party.”).
Regarding claim 5, Chakra, Chua, and Drumm discloses the method of claim 1.    Chakra discloses further comprising performing, by the short circuit handler the security check actions, the security check actions comprising determining whether one or more requests received by the short circuit handler are received from the client device or from the policy system (Chakra, paragraph 0020, “Additionally, email applications may be configured to provide automated access control for rendered output based upon the sender access privileges, receiver access privileges, or access privileges associated with persons on the copy list and blind copy list (e.g., cc and bcc lists) associated with an email communication.” --- received from a client device or from a policy system encompasses based upon the sender). Chua discloses communicating with the policy decision point (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”).    Drumm discloses for verification only based at least on a determination that the one or more requests are from the client device and not from the policy decision point (Drumm, col. 7, line 64, through col. 8, line 9, “Returning again to FIG. 2, it may be desirable in some implementations to implement security precautions to ensure only authorized parties are permitted to control access the timing data generated by the timing analysis engine.  In the illustrated implementation, this is implemented using a secure file system such as AFS or DFS, whereby users are required to provide a user ID and password to access specific data.”).
Regarding claim 6, Chakra, Chua, and Drumm discloses the method of claim 5.  Chua discloses further comprising denying, by the short circuit handler, the one or more request upon verification from the policy decision point  (Chua, column 25, lines 32-52, “The data defining the zones may specify entities (e.g., users, devices, or the like) that have access to each zone.  Thus, SDN controller 112 [i.e., policy decision point] may program network devices [i.e., short circuit handler] of the SDN such that entities that are not authorized to access a particular zone are prevented from accessing the zone.”).  The motivation is the same as that of the claim from which this claim depends.  Chakra discloses that the one or more requests are to be allowed with obligations (Chakra, paragraph 0062, “When a determination is made that there is at least one access privilege requirement for at least one portion of the renderable content that is higher than an access privilege level of at least one of the person, the device, and/or the location associated with the access request [i.e., requests that are to be allowed with obligations], the process 600 automatically redacts any content with a higher access privilege requirement than the access privilege level associated with the access request at block 616.  Automatically redacting a portion of the renderable content may include removing the portion of the renderable content from a renderable version of the renderable content, and may include either blanking or darkening the portion of the renderable content within the renderable version of the renderable content.”).
Regarding claim 9, Chakra discloses a system comprising: one or more processors; and a non-transitory computer-readable medium storing instructions that, upon execution by the one or more processors, cause the one or more processors to perform operations comprising (Chakra, paragraph 0081, “A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus.  The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution”);
receiving, from a client device by a policy system, a request to access data, the request comprising user credentials (Chakra, paragraph 0024, “In response to making this determination, the authorized user [i.e., client device] may initiate a user interface action associated with a device that stores or renders the content to request an adjustment of an amount of content associated with a redacted portion of content.  In response to receiving the request via the user interface action, a determination of an access privilege level of the person associated with the request may be made to determine whether the person is authorized to issue the request to adjust the redacted amount of content.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”; paragraph 0064, “Monitoring the rendered location may also include monitoring for additional login requests [i.e., login requests encompasses user credentials] from users associated with a device proximate to the rendered location.  Many other examples of monitoring a rendered content location exist and all are considered within the scope of the present subject matter.”);
and, whether the request is to be denied, to be allowed with obligations that define conditions for access to a limited portion of the data requested by the client device (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content [i.e., limited portion of the data requested by the client device] may be protected distinctly [i.e., to be denied and allowed with obligations encompasses protected distinctly] from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., conditions for access].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”); 
 or to be allowed without obligations (Chakra, paragraph 0023, “Access to content may be granted [i.e., without obligations] or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”);
based at least on a determination that the request is to be denied (Chakra, paragraph 0017, “For either individual or multiple person content access situations, access control may be provided to prevent unauthorized viewing, copying, pasting to a clipboard, printing, or other rendering of content [i.e., request is to be denied] that has a higher access requirement than the person(s), device(s), or location(s) associated with the content access situation.”);
(Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content may be protected distinctly from other identifiable portions of content [i.e., obligations].  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach.  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications”; “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”);
providing, by the policy decision point, authorizing the node to allow the client device to access requested data specified without obligation (Chakra, paragraph 0030, “FIG. 2 is a block diagram of an example of an implementation of a core processing module 200 suitable for use in association with a computing device, such as the computing device 102, or the computing device_1 106 through the computing device_N 108 [i.e., policy decision point encompasses at least one of the computing devices], to perform automated access control [i.e., authorizing and allow the client device to access requested data specified without obligation] for rendered output based upon access privilege requirements for content and an access privilege level of at least one of a person, a device [i.e., client device], and/or a location associated with a content rendering action.  It will be assumed that the computing device 102 represents a device that stores renderable content that is subject to access controls and that processes content rendering actions, such as requests for renderable content from any of the computing device_1 106 through the computing device_N 108.  It is understood that complementary actions to those described above may be performed by a core processing module 200 [i.e., policy decision point] associated with any of the computing device [i.e., node]_1 106 through the computing device_N 108 to respond to access controls implemented by the core processing module 200 [i.e., policy decision point]  of the computing device 102.”).
Chakra discloses receiving, from a client device by a policy system, a request to access data, the request comprising user credentials; providing, by the policy decision point, authorizing the node to allow the client device to access requested data specified without obligation, but does not explicitly disclose according to (i) one or more data access policies and (ii) the user credentials; comprising a name node and one or more data nodes, the request comprising user credentials, the name node being separate from the policy system; determining, by a policy decision point of the policy system; in response to results of the determining, perform, by the policy system, actions including: requesting data from the distributed file system by the policy system; and based at least on a determination that the request is to be allowed without obligations: redirecting, by the policy system, the request to a short circuit handler executing on the name node of the distributed file system, the short circuit handler configured to determine whether to perform security check actions on the request based on a sender of the request, wherein redirecting the request comprises either (i) instructing the client device to re-submit the request to the short circuit handler executing on the name node rather than to the policy system or (ii) forwarding the request on behalf of the client device to the short circuit handler, and providing, by the policy decision point; a verification to the short circuit handler, the verification verifying that the redirected request 
However, in an analogous art, Chua discloses according to (i) one or more data access policies and (ii) the user credentials (Chua, column 31, lines 1-13, “However, rather than using this 802.1X session to enforce policies, SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.  Thus, initially, SDN controller 112 may begin an authentication session with a client device (390), e.g., client device 102.  During the authentication session, SDN controller 112 may receive authentication credentials from client device 102 (392).”);
the request comprising user credentials, the node being separate from the policy system (Chua, col. 31, lines 1-13, “In another example, a computer-readable storage medium has stored thereon instructions that, when executed, cause a processor of a controller device for a software defined network (SDN) to receive credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol, determine one or more policies that are applicable to the client device based on the received credentials [i.e., policy system], and program network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the client device.”; col. 20, lines 18-26, “One of web clients 202 may request data from a web server, which may be internal to or external to system 200.  Web proxy 212 may be configured to act as a proxy device to the web server.  That is, SDN controller 218 may program switch 210 to direct network traffic destined for the web server to web proxy 212 via connection 222, instead.  Web proxy 212 may then act on behalf of the web server, e.g., by caching resources stored by the web server and responding to requests for the resources on behalf of the web server.”; col. 4, lines 33-43, “In another example, a method includes receiving, by a controller device for a software defined network (SDN), credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol, determining, by the controller device, one or more policies that are applicable to the client device based on the received credentials, and programming, by the controller device, network devices  [i.e., node being separate from the policy system] of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the client device.”);
determining, by a policy decision point of the policy system (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”);
in response to results of the determining, perform, by the policy system, actions including (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a first set of packet flows that can be trusted and a second set of packet flows that are not trusted.  Then, SDN controller 112 may determine a first set of one or more paths [i.e., action] for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., another action] for the second set of packet flows that direct the second set of packet flows through the security device (based on the determination that the second set of packet flows are not trusted).”); column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”);
requesting data by the policy system (Chua, column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access [i.e., requesting data] that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”; column 10, lines 4-16, “To identify a user and device prior to applying the appropriate policy, standards-based techniques can be used.  Therefore, in accordance with these techniques, these stacks may be moved onto a central application/control platform, so that the authentication function can be appropriately performed on the central platform.  The central platform may be a controller, such as SDN controller 112 [i.e., policy system], or simply an application that has a southbound OpenFlow or other SDN interface.”);
based at least on a determination that the request is to be allowed without obligations (Chua, column 7, lines 28-54, “That is, SDN controller 112 may program network devices of SDN 106 to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow--explicitly allow a certain network flow to proceed to its destination Block--explicitly block a certain flow from traversing SDN 106 Mirror--allow the traffic, but send a copy of the traffic for deeper inspection or recording to, e.g., one of service devices 116 Redirect--redirect the traffic to another network device (such as a honeypot device or other device of service devices 116) for either inspection or to keep a potential hacker `busy` to determine if there is a real security threat [i.e., request without obligations may be allowed encompasses inspection or to keep a potential hacker `busy` to determine if there is a real security threat].  Transform--modify or translate values of headers of packets in the network flow Encapsulate--encapsulate packets in the network flow with a particular header”);
redirecting, by the policy system, the request to a short circuit handler executing on the name node of the distributed file system, the short circuit handler configured to determine whether to perform security check actions on the request based on a sender of the request, wherein redirecting the request comprises either (i) instructing the client device to re-submit the request to the short circuit handler executing on the name node rather than to the policy system (Chua, column 31, lines 30-47, “SDN controller 112 [i.e., policy subsystem] may then program network devices [i.e., short circuit handler] of the SDN to enforce the policies (400).  For example, SDN controller 112 may program the network devices to direct packet flows including client device 102 along various paths, depending on the applicable policies for the packet flows.” [i.e., re-submit the request encompasses program the network devices to direct packet flows including client device 102 along various paths] )
 or (ii) forwarding the request on behalf of the client device to the short circuit handler (Chua, column 25, line 66, through column 26, line 14, “As another example, when a client device is not trusted, SDN controller 112 may construct a path through the SDN that directs packets associated with the untrusted client device along a path designated for "untrusted" network traffic.” [i.e., forwarding the request on behalf of the device to the short circuit handler encompasses the SDN directing “untrusted” network traffic along a path]; col. 7, lines 28-50, “SDN controller 112 [i.e. policy system] may receive data as input from service devices 116Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows.  That is, SDN controller 112 may program network devices of SDN 106 [i.e., short circuit handler] to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow”);
providing, by the policy decision point, a verification to the short circuit handler, the verification verifying that the redirected request requires no obligations (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a second set of packet flows that are not trusted [i.e., request requires no obligations encompasses packet flows that are determined not to be trusted].  Then, SDN controller 112 may determine a first set of one or more paths  for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., redirected] for the second set of packet flows that direct the second set of packet flows through the security device [i.e., short circuit handler] (based on the determination that the second set of packet flows are not trusted).”) [i.e. verification to the short circuit handler encompasses the second set of packet flows as untrusted]).
and authorizing the node to allow the client device to access requested data specified in the redirected request without obligation (Chua 151, col. 7, lines 28-50, “SDN controller 112 may receive data as input from service devices 116.  For example, SDN controller 112 may be configured to receive data from an intrusion detection system (IDS) device, a Denial of Service (DoS) device, a Distributed Denial of Service (DDoS) device, an intrusion prevention system (IPS) device, or the like [i.e., these detection devices can flag requested data as needing further inspection].  Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows.  That is, SDN controller 112 may program network devices of SDN 106 to perform programmed actions [i.e., authorizing the node] on packets of a packet flow based on this data.  Such programmed actions may include: Allow [i.e., allow the client device to access requested data specified in the redirected request without obligation]”; col. 25, lines 32-42, “In the example of FIG. 5, SDN controller 112 determines zones for packet flows through the network devices forming the SDN (304).  The zones generally correspond to packet flows, that is, paths through the SDN followed by particular packets.  SDN controller 112 may store data defining the zones in the data model discussed above.  The data defining the zones may specify entities (e.g., users, devices, or the like) that have access to each zone [i.e., authorizing the node to allow the client device to access requested data]. Thus, SDN controller 112 may program network devices of the SDN such that entities that are not authorized to access a particular zone are prevented from accessing the zone.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chua with the system/method of Chakra to include comprising a name node and one or more data nodes, the request comprising user credentials, the name node being separate from the policy system; determining, by a policy decision point of the policy system; in response to results of the determining, perform, by the policy system, actions including: requesting data from 

One would have been motivated to provide users with the benefits of directing network traffic along one or more paths (Chua, column 1, lines 56-63).
Chakra and Chua disclose receiving, from a client device by a policy system, a request to access data, comprising a name node and one or more nodes, the request comprising user credentials, the node being separate from the policy system; the node, the request comprising user credentials, requesting data by the policy system, but  do not explicitly disclose receiving, from a client device by a policy system, a request to access data stored on a distributed file system; notifying the client device of request denial by the policy system; the name node on the distribution file system; requesting data from the distributed file system by the policy system.
(Drumm, column 9, line 63, through column 10, line 9, “Once a command is received, control passes to block 188 to verify the security handshake provided in the command sent by the web server.  Any number of conventional handshaking mechanisms may be utilized to ensure authorized access to the timing data generated by the timing analysis engine.  For example, a security handshake such as common access by both the web server and application server to a common key file on a secure distributed file system such as AFS (Andrew File System), DFS (Distributed File System) [i.e., name node and data nodes on the distribution file system] or NFS (Network File System) may be used in the illustrated embodiment.  Note that the client typically does not need access to the key file.  The web server through normal configuration may request authentication from a client to allow access to secure files from the file system.”);
notifying the client device of request denial by the policy system (Drumm, column 8, lines 59-65, “Next, block 146 determines whether the client is authorized to access the requested timing data.  If not, control passes to block 148 to prepare an access denied page that indicates to the user that the client computer is not authorized to access the requested data [i.e., policy system encompasses determination of authorization to access and preparing denied page].  Control then passes to block 150 to serve the prepared page to the client and thereby notify the client of the denial of access.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Drumm 

One would have been motivated to provide users with the benefits of being informed of denial of an access request (Drumm: col. 8, lines 59-65).
Regarding claim 11, Chakra, Chua, and Drumm discloses the system of claim 9.  Chakra and Chua discloses  wherein the obligations are defined by a setting in the one or more data access policies, the setting specifying that at least a portion of the data to be accessed is to be redacted (Chakra, paragraph 0016, “For multiple person access situations, access may be controlled based upon the persons that are present or as a global setting for a given location.  Rendering may be configured for a given application, for all applications associated with a device, for main display devices, for remote display devices, and for clipboard copy and printing operations.  Automated access controls for rendered output may be configured in advance or at the start of a meeting to allow flexibility based upon changes from planned to actual attendance.  Access controls may be configured to automatically start at the beginning of meetings.”; paragraph 0019, “a web log (e.g., blog) application may pass security settings to a rendering device for protection of portions of displayed blog content [i.e., the setting specifying at least a portion of the data to be accessed is to be redacted].”; paragraph 0018, “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”)   (Chua, column 10, lines 53-58, “As yet another possible extension, the central control platform for mobile devices can look up user and/or device location information via various device location services, such as source IP address, GPS information, DNS, or other location based services, to extend the policy enforcement to specific locations.  The central controller could also use time, day, and/or date as an element in decision making.  Thus, a central policy server controller may apply fine grained policies based on user, device, application, time, and/or location information, and apply these policies on L2 network devices, such as switches (e.g., network device 108 and network device 110).”).
Regarding claim 12, Chakra, Chua, and Drumm discloses the system of claim 11.  Chakra discloses the operations comprising, based at least on a determination that the request is to be allowed with obligations, redacting data retrieved from the distributed file system, wherein the redacting comprises at least one of filtering, masking or encrypting at least a portion of the retrieved data according to the setting (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content may be protected distinctly from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., with obligations].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications”; “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”; paragraph 0020, “In either instant messaging or email communications, the content may be automatically further redacted or blocked [i.e., masked]} if the instant message or email is forwarded by the receiver or if the receiver attempts to forward the content to another party.”).
Regarding claim 13, Chakra, Chua, and Drumm discloses the system of claim 11.  Chakra discloses wherein the short circuit handler is configured to perform the security check actions that comprise: determining whether one or more requests received by the short circuit handler are received from the client device or from the policy system (Chakra, paragraph 0020, “Additionally, email applications may be configured to provide automated access control for rendered output based upon the sender access privileges, receiver access privileges, or access privileges associated with persons on the copy list and blind copy list (e.g., cc and bcc lists) associated with an email communication.” --- received from a client device or from a policy system encompasses based upon the sender).  Chua discloses communicating with the policy decision point  (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”).  Drumm discloses for verification only based at least on a determination that the one or more requests are from the client device and not from the policy decision point (Drumm, col. 7, line 64, through col. 8, line 9, “Returning again to FIG. 2, it may be desirable in some implementations to implement security precautions to ensure only authorized parties are permitted to control access the timing data generated by the timing analysis engine.  In the illustrated implementation, this is implemented using a secure file system such as AFS or DFS, whereby users are required to provide a user ID and password to access specific data.”). The motivation is the same as that of the claim from which this claim depends.
Regarding claim 14, Chakra, Chua, and Drumm discloses the system of claim 11.  Chua discloses wherein the short circuit handler is configured to deny the one or more request upon verification from the policy decision point (Chua, column 25, lines 32-52, “The data defining the zones may specify entities (e.g., users, devices, or the like) that have access to each zone.  Thus, SDN controller 112 [i.e., policy decision point] may program network devices [i.e., short circuit handler] of the SDN such that entities that are not authorized to access a particular zone are prevented from accessing the zone.”).  The motivation is the same as that of the claim from which this claim depends.  Chakra discloses that the one or more requests are to be allowed with obligations (Chakra, paragraph 0062, “When a determination is made that there is at least one access privilege requirement for at least one portion of the renderable content that is higher than an access privilege level of at least one of the person, the device, and/or the location associated with the access request [i.e., requests that are to be allowed with obligations], the process 600 automatically redacts any content with a higher access privilege requirement than the access privilege level associated with the access request at block 616.  Automatically redacting a portion of the renderable content may include removing the portion of the renderable content from a renderable version of the renderable content, and may include either blanking or darkening the portion of the renderable content within the renderable version of the renderable content.”).
Regarding claim 16, Chakra, Chua, and Drumm discloses the system of claim 9.  Chakra and Chua discloses wherein the short circuit handler is configured to initiate communication with policy system to inquire (Chua, col. 22, lines 4-21, “The network devices [i.e., short circuit handler] along the path may be configured to send confirmation messages [i.e., initiate communication] to SDN controller 218 [i.e., policy system] after receiving the test packet.  After the last network device along the path receives the test packet, the last network device may forward the packet back to SDN controller 218 or drop the packet and send a confirmation message to SDN controller 218.” ).  Chakra discloses whether the request is to be denied, to be allowed with obligations, or to be allowed without obligations (Chakra, paragraph 0018, “The content may be configured for protection granularly [i.e., whether the request is to be denied, to be allowed with obligations, or to be allowed without obligations] , such that identifiable portions of content may be protected distinctly from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach.  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0023, “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”).
Regarding claim 17, Chakra discloses a non-transitory computer-readable medium storing instructions that, upon execution by one or more processors, cause the one or more processors to perform operations comprising (Chakra, paragraph 0081, “A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus.  The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution”);
receiving a request to access data, the request being associated with user credentials (Chakra, paragraph 0064, “Monitoring the rendered location may also include monitoring for additional login requests [i.e., login requests encompasses user credentials] from users associated with a device proximate to the rendered location.  Many other examples of monitoring a rendered content location exist and all are considered within the scope of the present subject matter.”); 
determining, whether the request received is received from a client device or from a policy system (Chakra, paragraph 0020, “Additionally, email applications may be configured to provide automated access control for rendered output based upon the sender access privileges, receiver access privileges, or access privileges associated with persons on the copy list and blind copy list (e.g., cc and bcc lists) associated with an email communication.” --- received from a client device or from a policy system encompasses based upon the sender);
in response to determining that the request is from a client device (Chua, col. 10, lines 4-16, “To identify a user and device prior to applying the appropriate policy, standards-based techniques can be used.”),
performing, by the short circuit handler, actions including (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a first set of packet flows that can be trusted and a second set of packet flows that are not trusted.  Then, SDN controller 112 may determine a first set of one or more paths [i.e., action] for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., another action] for the second set of packet flows that direct the second set of packet flows through the security device (based on the determination that the second set of packet flows are not trusted).”); column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”)from ;
on whether the request is to be denied (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content may be protected distinctly [i.e., request is to be denied encompasses content that may be distinctly protected] from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach.  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”); 
to be allowed with obligations that define conditions for access to a limited portion of the data requested by the client device, or to be allowed without obligations (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content [i.e., limited portion of the data requested by the client device] may be protected distinctly [i.e., to be denied and allowed with obligations encompasses protected distinctly] from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., conditions for access].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”); 
based at least on a determination that the request is to be allowed without obligations, allowing the client device to access the requested data (Chakra, paragraph 0018, “The content may be configured for protection granularly, such that identifiable portions of content [i.e., limited portion of the data requested by the client device] may be protected distinctly [i.e., to be denied and allowed with obligations encompasses protected distinctly] from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach [i.e., conditions for access].  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0060, “The process 600 may determine the access privilege requirement for the content associated with the access request via the access control storage area 224 of the database 220 of the device, such as the computing device 102 [i.e., policy system], that stores (e.g., owns) the renderable content.”);
in response to determining that the request includes the flag, allowing a client computing device to access the requested data, the client computing device being identified based on the user credentials associated with the request (Chakra, paragraph 0060, “The process 600 may also retrieve a confidentiality flag and any associated metadata associated with the access privilege requirement of any regulated portions of the renderable content.  Based upon these examples, the process 600 then determines the access privilege requirement for the content associated with the access request by, for example, analyzing access control information, a confidentiality flag, and/or metadata associated with the renderable content [i.e., user credentials].  The process 600 may further identify the access privilege requirement of at least one portion of the renderable content based upon the access control information, the confidentiality flag, and/or the metadata.”; paragraph 0018, “Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications).
Chakra discloses receiving a request to access data, the request being associated with user credentials; determining, whether the request received is received from a client device or from a policy system; but does not explicitly disclose receiving a request to access data by a short circuit handler executing on a node, determining, by the short circuit handler, whether the request received by the short circuit handler is received from a client device or 
However, in an analogous art, Chua discloses communicating with a policy decision point (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”);
receiving a request to access data by a short circuit handler executing on a node, the request being associated with user credentials (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices [i.e., short circuit handler executing on a node]  of the SDN to enforce the policies.”);
determining, by the short circuit handler, whether the request received by the short circuit handler is received from a client device or from a policy system (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112  may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices [i.e., short circuit handler] of the SDN to enforce the policies.”);
of the policy system for verification of the user credentials (Chua, col. 31, lines 1-13, “During the authentication session, SDN controller 112 may receive authentication credentials from client device 102 (392).  The credentials may be in accordance with the Lightweight Directory Access Protocol (LDAP), Microsoft Active Directory, a public key certificate in accordance with PKI, or the like.  After authenticating client device 102, SDN controller 112 may terminate the authentication session (394).”);
receiving a decision from the policy decision point (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 [i.e., policy decision point] may be configured to program network devices of the SDN to enforce the policies.”);
in response to the decision, performing actions including (Chua, column 14, lines 52-63, “Thus, SDN controller 112 [i.e., policy system] may determine separate sets of packet flows based on security controls, e.g., a first set of packet flows that can be trusted and a second set of packet flows that are not trusted.  Then, SDN controller 112 may determine a first set of one or more paths [i.e., action] for the first set of packet flows that omit a security device for the first set of packet flows (that is, based on the determination that the first set of packet flows can be trusted), and a second set of one or more paths [i.e., another action] for the second set of packet flows that direct the second set of packet flows through the security device (based on the determination that the second set of packet flows are not trusted).”); column 10, lines 38 to 47, “In this manner, the central control platform can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”);
in response to determining that the request is from a policy system, determining whether the request includes a flag indicating that the request is to be allowed without obligation  (Chua, col. 10, lines 38-47, “In this manner, the central control platform [i.e., policy system] can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”; col. 21, lines 32-52, “After SDN controller 218 determines that a particular packet flow should be inspected for intrusion detection, SDN controller 218 may program switch 210 to direct packets of the packet flow to IDS 214.  SDN controller 218 may further configure IDS 214 to send data back to switch 210, such as data indicating whether packets of the packet flow represent a network attack and/or data of the packet flow after the data [i.e., flag indicating that the request is to be allowed without obligation because it was trusted but if not a security threat it is allowed] has been inspected.  In some examples, data of the packet flow representing an attack may be dropped or forwarded to a containment device, rather than being forwarded along the original packet flow.”; column 7, lines 28-54, “That is, SDN controller 112 may program network devices of SDN 106 to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow--explicitly allow a certain network flow to proceed to its destination Block--explicitly block a certain flow from traversing SDN 106 Mirror--allow the traffic, but send a copy of the traffic for deeper inspection or recording to, e.g., one of service devices 116 Redirect--redirect the traffic to another network device (such as a honeypot device or other device of service devices 116) for either inspection or to keep a potential hacker `busy` to determine if there is a real security threat [i.e., request without obligations may be allowed encompasses inspection or to keep a potential hacker `busy` to determine if there is a real security threat].  Transform--modify or translate values of headers of packets in the network flow Encapsulate--encapsulate packets in the network flow with a particular header”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chua with the system/method of Chakra to include communicating with a policy decision point; of the policy system for verification of the user credentials, receiving a decision from the policy decision point; in response to determining that the request is from a policy system, determining whether the request includes a flag indicating that the request is to be allowed without obligation.

One would have been motivated to provide users with the benefits of directing network traffic along one or more paths (Chua, column 1, lines 56-63).
Chakra and Chua disclose receiving a request to access data by a short circuit handler executing on a node, the request being associated with user credentials; a node, but 
However, in an analogous art, Drumm discloses receiving a request to access data by a short circuit handler executing on a name node of a distributed file system, the request being associated with user credentials; a name node of a distributed file system; based at least on a determination that the request is to be denied or to be allowed with obligations, notifying the client device of a request denial (Drumm, column 8, lines 59-65, “Next, block 146 determines whether the client is authorized to access the requested timing data [i.e., based at least on a determination that the request is to be denied or to be allowed with obligations].  If not, control passes to block 148 to prepare an access denied page that indicates to the user that the client computer is not authorized to access the requested data.  Control then passes to block 150 to serve the prepared page to the client and thereby notify the client of the denial of access.”; column 9, line 63, through column 10, line 9, “Once a command is received, control passes to block 188 to verify the security handshake provided in the command sent by the web server.  Any number of conventional handshaking mechanisms may be utilized to ensure authorized access to the timing data generated by the timing analysis engine.  For example, a security handshake such as common access by both the web server and application server to a common key file on a secure distributed file system such as AFS (Andrew File System), DFS (Distributed File System) [i.e., name node and data nodes on the distribution file system] or NFS (Network File System) may be used in the illustrated embodiment.  Note that the client typically does not need access to the key file.  The web server through normal configuration may request authentication from a client to allow access to secure files from the file system.”)).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Drumm with the system/method of Chakra and Chua to include based at least on a determination that the request is to be denied or to be allowed with obligations, notifying the client device of a request denial.

One would have been motivated to provide users with the benefits of being informed of denial of an access request (Drumm: col. 8, lines 59-65).
Regarding claim 19, Chakra, Chua, and Drumm disclose the non-transitory computer-readable medium of claim 17.  Chakra discloses wherein the obligations are defined by a setting in one or more data access policies, the setting specifying that at least a portion of the data to be accessed is to be redacted (Chakra, paragraph 0016, “For multiple person access situations, access may be controlled [i.e., policy] based upon the persons that are present or as a global setting for a given location.  Rendering may be configured for a given application, for all applications associated with a device, for main display devices, for remote display devices, and for clipboard copy and printing operations.  .”; paragraph 0019, “a web log (e.g., blog) application may pass security settings to a rendering device for protection of portions of displayed blog content.”; paragraph 0005, “computer readable program code configured to  [i.e., setting] automatically redact the at least one portion of the renderable content [i.e., at least a portion of the data to be accessed is to be redacted] determined to have the access privilege requirement higher than the access privilege level of the at least one of the person, the device, and the location associated with the content rendering action”).
Regarding claim 20, Chakra, Chua, and Drumm disclose the non-transitory computer-readable medium of claim 17.  Chua discloses wherein the policy system is configured to enforce one or more data access policies for accessing the data (Chua, column 10, lines 53-58, “As yet another possible extension, the central control platform for mobile devices can look up user and/or device location information [i.e., accessing the data] via various device location services, such as source IP address, GPS information, DNS, or other location based services, to extend the policy enforcement [i.e., enforce one or more data access policies] to specific locations.  The central controller could also use time, day, and/or date as an element in decision making.  Thus, a central policy server controller may apply fine grained policies based on user, device, application, time, and/or location information, and apply these policies on L2 network devices, such as switches (e.g., network device 108 and network device 110).”).
Regarding claim 21, Chakra, Chua, and Drumm disclose the method of claim 1.  Chua discloses wherein redirecting comprises forwarding by the policy system to the short circuit handler, the request on behalf of the client device, and wherein the verification is provided, by the policy system, in form of a flag indicating that the request is allowed without obligation (Chua, col. 10, lines 38-47, “In this manner, the central control platform [i.e., policy system] can perform all of the necessary policy evaluations based on user identity and other context to determine the nature of access that should be granted, as well as the orchestration of necessary services to filter or scan each and every flow”; col. 21, lines 32-52, “After SDN controller 218 determines that a particular packet flow should be inspected for intrusion detection, SDN controller 218 may program switch 210 to direct packets of the packet flow to IDS 214.  SDN controller 218 may further configure IDS 214 to send data back to switch 210, such as data indicating whether packets of the packet flow represent a network attack and/or data of the packet flow after the data [i.e., flag indicating that the request is to be allowed without obligation because it was trusted but if not a security threat it is allowed] has been inspected.  In some examples, data of the packet flow representing an attack may be dropped or forwarded to a containment device, rather than being forwarded along the original packet flow.”; column 7, lines 28-54, “That is, SDN controller 112 [i.e., short circuit handler] may program network devices of SDN 106 to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow--explicitly allow a certain network flow to proceed to its destination Block--explicitly block a certain flow from traversing SDN 106 Mirror--allow the traffic, but send a copy of the traffic for deeper inspection or recording to, e.g., one of service devices 116 Redirect--redirect the traffic to another network device (such as a honeypot device or other device of service devices 116) for either inspection or to keep a potential hacker `busy` to determine if there is a real security threat [i.e., request without obligations may be allowed encompasses inspection or to keep a potential hacker `busy` to determine if there is a real security threat].  Transform--modify or translate values of headers of packets in the network flow Encapsulate--encapsulate packets in the network flow with a particular header; column 25, line 66, through column 26, line 14, “As another example, when a client device is not trusted, SDN controller 112 may construct a path through the SDN that directs packets associated with the untrusted client device along a path designated for "untrusted" network traffic.” [i.e., forwarding the request on behalf of the device to the short circuit handler encompasses the SDN directing “untrusted” network traffic along a path]; col. 7, lines 28-50, “SDN controller 112 [i.e. policy system] may receive data as input from service devices 116Based on this information, SDN controller 112 may make network enforcement decisions for specific traffic flows.  That is, SDN controller 112 may program network devices of SDN 106 [i.e., short circuit handler] to perform programmed actions on packets of a packet flow based on this data.  Such programmed actions may include: Allow”).

Claims 2, 10, and 18 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Chakra (US20100313239), filed June 9, 2009, in view of  Chua (US9038151), filed March 15, 2013, and Drumm (US6643683), filed May 8, 2000, and further in view of Nishiki (US20150201036), filed January 13, 2015.
Regarding claims 2, 10, and 18, Chakra, Chua, and Drumm disclose the method, system, non-transitory computer-readable medium, respectively.
Chakra, Chua, and Drumm do not explicitly disclose wherein the distributed file system is a Hadoop Distributed File System (HDFS).
However, in an analogous art, Nishiki discloses wherein the distributed file system is a Hadoop Distributed File System (HDFS) (Nishiki, paragraph 0003, “Under the circumstances, in a distributed file system technology that is representative of a Hadoop distributed file system (HDFS) of Hadoop, large files are divided into small units (blocks), stored in local disks of plural servers, and read from the plural servers (disks) in parallel when reading the files to realize a high throughput (for example, refer to items of "Architecture", "Deployment-Administrative commands", "HDFS High Availability Using the Quorum Journal Manager", [online], The Apache Software Foundation, [searched on Nov.  15, 2013], the Internet http://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/HDFSHi- ghAvailabilityWithQJM.html).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Nishiki with the system/method/ non-transitory computer-readable medium of Chakra, Chua, and Drumm to include based at least on a determination that the request is to be denied or to be allowed with obligations, notifying the client device of a request denial.

One would have been motivated to provide users with the benefits of improving the availability of a system having a distributed file system including plural file servers  (Nishiki: paragraph 0008).

Claims 7, 8, and 15 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Chakra (US20100313239), filed June 9, 2009, in view of  Chua (US9038151), filed March 15, 2013, and Drumm (US6643683), filed May 8, 2000, and further in view of Mikel (US20030079143), filed March 2, 2002.
Regarding claim 7, Chakra, Chua, and Drumm disclose the method of claim 1. 
Chua discloses the verification by the policy decision point is provided in response to receiving a verification request from the short-circuit handler to verify that the redirected request requires no obligations (Chua, column 28, lines 32-43, “Moreover, SDN controller 112 may configure the service devices to send the service-related data to SDN controller 112 and program the network devices of the SDN to send reporting data to SDN controller 112 indicative of the programmed action that was performed.  Thus, when one of the network devices performs a particular programmed action in response to service-related data, SDN controller 112 may receive reporting data from the network device indicative of the programmed action (338) [i.e., verification request from short circuit handler to verify the redirected request requires no obligations].  SDN controller 112 may generate a report for a user that consolidates this data in a human-readable format.”).
Drumm discloses the name node of the distributed file system (Drumm, column 9, line 63, through column 10, line 9, “Once a command is received, control passes to block 188 to verify the security handshake provided in the command sent by the web server.  Any number of conventional handshaking mechanisms may be utilized to ensure authorized access to the timing data generated by the timing analysis engine.  For example, a security handshake such as common access by both the web server and application server to a common key file on a secure distributed file system such as AFS (Andrew File System), DFS (Distributed File System) [i.e., name node and data nodes on the distribution file system] or NFS (Network File System) may be used in the illustrated embodiment.  Note that the client typically does not need access to the key file.  The web server through normal configuration may request authentication from a client to allow access to secure files from the file system.”).
Chakra, Chua, and Drumm do not explicitly disclose wherein the redirecting comprises instructing, by the policy system, the client device to resend the request to the name node of the distributed file system.
(Mikel, paragraph 0038, “Where the integrity cannot be verified or the user cannot be authenticated, the server request may be ignored or the server authentication device may instruct server 34 to challenge client 24 to resend the server request and/or provide new credentials.”)
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Mikel with the system/method/ non-transitory computer-readable medium of Chakra, Chua, and Drumm to include wherein the redirecting comprises instructing, by the policy system, the client device to resend the request to the name node of the distributed file system.

One would have been motivated to provide users with the benefits of one pass authentication and encryption enabling secure network communication  (Mikel: paragraph 0001).
Regarding claim 8, Chakra, Chua, Drumm, and Mikel disclose the method of claim 7.  Chua discloses wherein the verification request initiated by the short circuit handler is to inquire (Chua, col. 22, lines 4-21, “The network devices [i.e., short circuit handler] along the path may be configured to send confirmation messages [i.e., initiate communication] to SDN controller 218 [i.e., policy system] after receiving the test packet.  After the last network device along the path receives the test packet, the last network device may forward the packet back to SDN controller 218 or drop the packet and send a confirmation message to SDN controller 218.” ).  Chakra discloses whether the request is to (Chakra, paragraph 0018, “The content may be configured for protection granularly [i.e., whether the request is to be denied, to be allowed with obligations, or to be allowed without obligations] , such that identifiable portions of content may be protected distinctly from other identifiable portions of content.  For example, content may be granularly protected based upon item, category, data type, date, or any other suitable approach.  Content may be flagged with one or more confidentiality flags, either for one or more portions of the content or for an entire item of content, and the content rendering applications may be configured to process any confidentiality flags associated with content processed by the applications.”; paragraph 0023, “Access to content may be granted or redacted in real time based upon the identification of an individual that is located at or that approaches or moves away from a content rendering device.”).
Regarding claim 15, Chakra, Chua, and Drumm disclose the system of claim 9.  
Chua discloses the policy decision point (Chua, column 30, line 65, through column 66, line 13, “As discussed above, SDN controller 112 [i.e., policy decision point] may be configured to utilize a public key infrastructure (PKI)-based protocol, such as 802.1X, to authenticate and/or authorize a client device, e.g., client device 102. However, rather than using this 802.1X session to enforce policies SDN controller 112 may be configured to program network devices of the SDN to enforce the policies.”)  provides the verification in response to receiving a verification request from the short-circuit handler to verily that the redirected request requires no obligations (Chua, column 28, lines 32-43, “Moreover, SDN controller 112 may configure the service devices to send the service-related data to SDN controller 112 and program the network devices of the SDN to send reporting data to SDN controller 112 indicative of the programmed action that was performed.  Thus, when one of the network devices performs a particular programmed action in response to service-related data, SDN controller 112 may receive reporting data from the network device indicative of the programmed action (338) [i.e., verification request from short circuit handler to verify the redirected request requires no obligations].  SDN controller 112 may generate a report for a user that consolidates this data in a human-readable format.”).
Drumm discloses the name node of the distributed file system (Drumm, column 9, line 63, through column 10, line 9, “Once a command is received, control passes to block 188 to verify the security handshake provided in the command sent by the web server.  Any number of conventional handshaking mechanisms may be utilized to ensure authorized access to the timing data generated by the timing analysis engine.  For example, a security handshake such as common access by both the web server and application server to a common key file on a secure distributed file system such as AFS (Andrew File System), DFS (Distributed File System) [i.e., name node and data nodes on the distribution file system] or NFS (Network File System) may be used in the illustrated embodiment.  Note that the client typically does not need access to the key file.  The web server through normal configuration may request authentication from a client to allow access to secure files from the file system.”).
Chakra, Chua, and Drumm disclose the name node of the distributed file system, but do not explicitly disclose wherein the policy system redirects the request by instructing the client device to resend the request to the name node of the distributed file system.
(Mikel, paragraph 0038, “Where the integrity cannot be verified or the user cannot be authenticated, the server request may be ignored or the server authentication device may instruct server 34 to challenge client 24 to resend the server request and/or provide new credentials.”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Mikel with the system/method/ non-transitory computer-readable medium of Chakra, Chua, and Drumm to include wherein the policy system redirects the request by instructing the client device to resend the request to the name node of the distributed file system.

One would have been motivated to provide users with the benefits of one pass authentication and encryption enabling secure network communication  (Mikel: paragraph 0001).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/W.J.M/Examiner, Art Unit 2439          


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439