70DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/06/2020 has been entered.
Claims 1-25 are pending with claims 1-4, 6, 9-13, 15-16, 18, 20-22 and 25 having been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/28/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant's arguments filed 10/28/2020 have been fully considered.
Applicant’s arguments with respect to the rejection(s) of amended independent claim(s) 1, 13 and 20 under 103 have been fully considered and are persuasive.  
While Shimoe is now used to teach the new limitation of “selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container”. Bojinov is still used to teach the claim limitation “identifying a key label for the security policy for the container” Bojinov teaches in paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to (the claimed key label) by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key that applies specifically to that directory or file. This pointer in the Inode that points to the Xinode that that contains the cryptographic keys is the key label.
Applicant’s arguments with respect to rejection of now amended claim 25 have been fully considered and are persuasive.  The prior art does not teach “selecting a security policy for the container, based on: a date that the container was created, a location where the container was created, a sensitivity level of the container, a name of a user requesting the creation of the container, an authorization level of the user, an amount of available storage space within the system, a current security level being implemented within the system, and business requirements associated with the system”. The rejection of claim 25 has been withdrawn. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Bojinov et al (US 2009/0268903) in view of Shimoe et al. (US 2011/0231900).
With respect to claim 1 Pawgi teaches a computer-implemented method, comprising: 
identifying a creation of a container within a system (see figure 9a step 901 and paragraph 0093 i.e. The storage server initially receives a write request at 901); 
selecting a security policy for the container (see Bojinov figure 9a step 903 and paragraph 0093 i.e. The process then checks the ACLs in the xinode at 903 to determine whether to allow the write request); 
identifying a key label associated with the security policy for the container (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to (the claimed key label) by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file); 
retrieving, utilizing the processor, a data encryption key, utilizing the key label; and encrypting the container, utilizing the data encryption key (see Bojinov paragraph 0101-0102 i.e. Among other information, the xinode indicates the selected granularity of encryption. For example, in the case of a file, the xinode of the file indicates whether a unique key is assigned to that particular file, as opposed to assigning a key only at the volume level. If granular encryption has not been specified for the target volume (963), then at 964 the process selects the appropriate key for the volume that contains the block to be written. If, on the other hand, granular encryption has been specified (e.g., directory level or file level encryption), then at 965 the process selects the appropriate sub-volume level cryptographic key (e.g., directory key or file key) based on the logical offset of the block within the file. The process then compresses the data block and encrypts the compressed data block at 966, and writes it to the PPS subsystem 4 at 967). 
Bojinov does not teaches selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container.
Shimoe teachers selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 2 Bojinov teaches the computer-implemented method of claim 1 but does not disclose the container is created within the system in response to a submission of a definition of the container by a user within the system, and the security policy is further selected for the container, utilizing the one or more attributes of the container. 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container 

With respect to claim 3 Bojinov teaches the computer-implemented method of claim 1, but does not disclose wherein the one or more attributes of the user that requested the creation of the container include: a name of the user that requested the creation of the container, an authorization level of the user, an account number of the user, a department number of the user, and a physical location of the user; and
the security policy for the container is also selected based on: one or more attributes of the container including: a name of the container, a size of the container, a type of the container, a date that the container was created, a location where the container was created, and a sensitivity level of the container, and one or more attributes of an environment associated with the container, including: a current security level being implemented within the system, and one or more business requirements associated with the system.
Shimoe teaches wherein the one or more attributes of the user that requested the creation of the container include: a name of the user that requested the creation of the container, an authorization level of the user, an account number of the user, a department number of the user, and a physical location of the user (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management 
the security policy for the container is also selected based on: one or more attributes of the container including: a name of the container, a size of the container, a type of the container, a date that the container was created, a location where the container was created, and a sensitivity level of the container (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
one or more attributes of an environment associated with the container, including: a current security level being implemented within the system, and one or more business requirements associated with the system (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 4 Bojinov teaches the computer-implemented method of claim 1, but does not disclose wherein the one or more attributes of the user that requested the creation of the container include: a name of the user that requested the creation of the container, an authorization level of the user, an account number of the user, a department number of the user, and a physical location of the user. 
user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container 

With respect to claim 5 Bojinov teaches the computer-implemented method of claim 1, wherein the security policy for the container is also selected based on one or more attributes of an environment associated with the container, including a current security level being implemented within the system, and one or more business requirements associated with the system (see Bojinov paragraph 0043-0044 i.e. In certain embodiments, the crypto decision logic 41 performs data indexing and classification, to index and classify write data received from clients, for possible encryption and/or for other security modifications (e.g., more restrictive access permissions or auditing requirements) … For example, the crypto decision logic 41 can recognize and index various different types of sensitive data, such as social security numbers, birth dates, credit card numbers, and other distinct types of sensitive data, and differentiate them from non-sensitive data, and classify data items accordingly. Content based indexing and classification offers several advantages: It does not require any a priori identification of directories, shares or disks where confidential data might be written in the future. Therefore, it minimizes the chances of missing confidential data, and at the same time limits the total amount of data that needs to be encrypted, therefore reducing negative performance impact. Finally, by tying the appropriate encryption key to the exact information content in a specific data set, this approach allows the correct access control enforcement policy to be matched to each data set being protected. For example, if a company policy is to secure access to insurance 

With respect to claim 6 Bojinov teaches the computer-implemented method of claim 1, wherein the security policy is selected only if the user associated with the creation of the container has a predetermined security authorization level (see Bojinov paragraph 0093-0094 i.e. The process then checks the ACLs in the xinode at 903 to determine whether to allow the write request). 

With respect to claim 7 Bojinov teaches the computer-implemented method of claim 1, wherein the security policy is associated with a predetermined type of encryption to be implemented for the container (see Bojinov paragraph 0081). 

With respect to claim 8 Bojinov teaches the computer-implemented method of claim 1, wherein the security policy includes a key label that is associated with a unique, predetermined data encryption key that is used to encrypt the container using one or more encryption procedures (see Bojinov paragraph 0082 i.e. example, encryption can be applied only at the volume level, meaning that all encrypted contents of a given volume are encrypted using the same key, but each volume has a different key. This is referred to as volume level encryption. In addition, or as an alternative, encryption can be applied below the volume level, such as at the directory level, meaning that all 

With respect to claim 9 Bojinov teaches the computer-implemented method of claim 1, wherein the key label is stored as metadata within the container and is cross-referenced at a key repository to obtain the data encryption key (see Bojinov paragraph 0089 i.e. the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file. Note, however, that cryptographic keys, permissions and/or other security information can be stored in any other convenient location, i.e., not necessarily in xinodes and 0101). 

With respect to claim 10 Bojinov teaches the computer-implemented method of claim 1, wherein the key label is linked to the security policy for the container and the one or more attributes of the user via one or more pointers (see Bojinov paragraph 0089 i.e. the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file. Note, however, that cryptographic keys, permissions and/or other security information can be stored in any other convenient location, i.e., not necessarily in xinodes and 0101). 

With respect to claim 11 Bojinov teaches the computer-implemented method of claim 10, wherein the key label is cross-referenced at a key repository to obtain the data 

With respect to claim 12 Bojinov teaches the computer-implemented method of claim 11, wherein retrieving the data encryption key includes sending a request including the key label to the key repository, and receiving the data encryption key from the key repository in response to the request (see Bojinov paragraph 0089 i.e. the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file. Note, however, that cryptographic keys, permissions and/or other security information can be stored in any other convenient location, i.e., not necessarily in xinodes and 0101). 

With respect to claim 13 Bojinov teaches a computer program product for implementing policy-based container-level encryption, the computer program product comprising a computer readable storage medium having program instructions embodied 
identifying a creation of a container within a system, utilizing the processor (see figure 9a step 901 and paragraph 0093 i.e. The storage server initially receives a write request at 901); 
selecting a security policy for the container, utilizing the processor (see Bojinov figure 9a step 903 and paragraph 0093 i.e. The process then checks the ACLs in the xinode at 903 to determine whether to allow the write request); 
identifying a key label associated with the security policy for the container, utilizing the processor (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file); 
retrieving, utilizing the processor, a data encryption key, utilizing the key label; and encrypting, utilizing the processor, the container, utilizing the data encryption key (see Bojinov paragraph 0101-0102 i.e. Among other information, the xinode indicates the selected granularity of encryption. For example, in the case of a file, the xinode of the file indicates whether a unique key is assigned to that particular file, as opposed to assigning a key only at the volume level. If granular encryption has not been specified 
Bojinov does not teaches selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container, utilizing the processor.
Shimoe teachers selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container, utilizing the processor (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 14 Bojinov teaches the computer program product of claim 13, wherein an environment manager manages the creation of the container within the system (see figure 9a step 901 and paragraph 0093 i.e. The storage server initially receives a write request at 901). 

With respect to claim 15 Bojinov teach teaches the computer program product of claim 13, but does not disclose wherein the security policy for the container is also selected based on one or more attributes of the container, including a name of the container, a size of the container, a type of the container, a date that the container was created, a location where the container was created, and a sensitivity level of the container. 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container 

With respect to claim 16 Bojinov teaches the computer program product of claim 13, but does not disclose wherein the one or more attributes of the user that requested the creation of the container include: a name of the user that requested the creation of the container, an authorization level of the user, an account number of the user, a department number of the user, and a physical location of the user. 
Shimoe teaches wherein the one or more attributes of the user that requested the creation of the container include: a name of the user that requested the creation of the container, an authorization level of the user, an account number of the user, a department number of the user, and a physical location of the user (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 17 Bojinov teaches the computer program product of claim 13, but does not disclose wherein the security policy for the container is also selected based on one or more attributes of an environment associated with the container, including: a current security level being implemented within the system, and one or more business requirements associated with the system.
 Shimoe teaches wherein the security policy for the container is also selected based on one or more attributes of an environment associated with the container, including: a current security level being implemented within the system, and one or more business requirements associated with the system (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 18 Bojinov teaches the computer program product of claim 13, wherein the security policy is selected only if the that requested the creation of the container has a predetermined security authorization level (see Bojinov paragraph 0030 i.e. The management station 7 is a computer or other processing system which includes management application software that is used by a network administrator to configure the storage server 2, to provision storage in the PPS subsystem for, and carry out other 

With respect to claim 19 Bojinov teaches the computer program product of claim 13, wherein the security policy is associated with a predetermined type of encryption to be implemented for the container (see Bojinov paragraph 0081). 

With respect to claim 20 Bojinov teaches a system, comprising: 
a hardware processor; and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor (see Bojinov paragraph 0032 i.e. The processor(s) 21 may include central processing units (CPUs) of the storage server 2 and, thus, control the overall operation of the storage server 2. In certain embodiments, the processor(s) 21 accomplish this by executing software or firmware stored in memory 22), the logic being configured to: 
identify a creation of a container within a system (see figure 9a step 901 and paragraph 0093 i.e. The storage server initially receives a write request at 901); 
select a security policy for the container (see Bojinov figure 9a step 903 and paragraph 0093 i.e. The process then checks the ACLs in the xinode at 903 to determine whether to allow the write request); 
identify a key label for the security policy for the container (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, 
retrieve a data encryption key, utilizing the key label; and encrypt the container, utilizing the data encryption key (see Bojinov paragraph 0101-0102 i.e. Among other information, the xinode indicates the selected granularity of encryption. For example, in the case of a file, the xinode of the file indicates whether a unique key is assigned to that particular file, as opposed to assigning a key only at the volume level. If granular encryption has not been specified for the target volume (963), then at 964 the process selects the appropriate key for the volume that contains the block to be written. If, on the other hand, granular encryption has been specified (e.g., directory level or file level encryption), then at 965 the process selects the appropriate sub-volume level cryptographic key (e.g., directory key or file key) based on the logical offset of the block within the file. The process then compresses the data block and encrypts the compressed data block at 966, and writes it to the PPS subsystem 4 at 967). 
Bojinov does not teach selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container.
Shimoe teachers selecting a security policy for the container, based on one or more attributes of a user that requested the creation of the container (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 21 Bojinov teaches a computer-implemented method, comprising: 
receiving a request to define a security policy within a system (see Bojonov paragraph 0049 i.e. Two types of management functionality are performed from the management station 7: configuration management and key management. Configuration management includes configuring storage areas for encryption e.g., associating 
receiving the security policy (see Bojinov figure 9a step 903 and paragraph 0093 i.e. The process then checks the ACLs in the xinode at 903 to determine whether to allow the write request. If the request is denied, an appropriate message to that effect is sent to the requesting client at 908, and the process ends. If the request is allowed, it is recorded); 
receiving a key label for the security policy; and storing the security policy in association with the one or more attributes and the key label (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file). 
Bojinov does not teach receiving one or more attributes of the security policy, the one or more attributes including one or more attributes of a user requesting a creation of the container.
Shimoe teachers receiving one or more attributes of the security policy, the one or more attributes including one or more attributes of a user requesting a creation of the container (see Shimoe paragraph 0058-0059 i.e. policy generating unit 612 generates 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container is also selected based on one or more attributes of a user that requested the creation of the container.

With respect to claim 22 Bojinov teaches the computer-implemented method of claim 21, but does not disclose wherein the one or more attributes further include 
Shimoe teaches wherein the one or more attributes include attributes associated with a container and attributes associated with an environment associated with the container (see Shimoe figure 6A-6C paragraph 0058-0059 i.e. policy generating unit 612 generates an access control policy on the basis of the security policies A to F illustrated in FIG. 6A and FIG. 6B…Next, an access-control-policy management table will be described. FIG. 7 illustrates an access-control-policy management table. As illustrated, the access-control-policy management table includes the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pawgi in view of Shimoe to include in the security policy the following items: access-control-policy identifier, data name, data type or disclosure range, user ID of data owner (data owner UID), accessible hours, accessible address range, required authentication level, user age requirement, authorized organization range, authorized role, and authorized job title as a way to help make a complex determination of whether access is permitted on the basis of a plurality of conditions such as a data (object) attribute, information about a specified authentication method, and an operational rule (see Shimoe paragraphs 0003-0005). Therefore one would have been motivated to have the security policy for the container 

With respect to claim 23 Bojinov teaches the computer-implemented method of claim 21, wherein the one or more attributes include an indication of one or more containers to which the security policy applies, and identify a plurality of containers associated with a predetermined application (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to by the inode 56 of the directory or file and contains access control lists (ACLs)(permissions) as well as any cryptographic key (or a pointer to it) that applies specifically to that directory or file)) and identify a plurality of containers associated with a predetermined application (see Bojinov paragraph 0043-0044). 

With respect to claim 24 Bojinov teaches the computer-implemented method of claim 21, further comprising adding the key label to all containers that have the one or more attributes of the security policy (see Bojinov paragraph 0089 i.e. for each directory or file managed by the storage server 2, the storage manager 21 maintains a separate metadata container called an xinode, which is used to store security related information for that directory or file. In one embodiment, as shown in FIG. 8, the xinode 81 is pointed to by the inode 56 (i.e. key label) of the directory or file and contains access .

Allowable Subject Matter
Claim 25 is allowed.
With respect to claim 25 the prior art does not teach “selecting a security policy for the container, based on: a date that the container was created, a location where the container was created, a sensitivity level of the container, a name of a user requesting the creation of the container, an authorization level of the user, an amount of available storage space within the system, a current security level being implemented within the system, and business requirements associated with the system” in combination with the other limitations of the claim 25.

Prior Art References not Applied
	Humphries et al. (US 2017/0359370) “KEY THROTTLING TO MITIGATE UNAUTHORIZED FILE ACCESS” teaches receiving a selection of a file for encryption from a user. This may include a manual step within a user interface of specifying a file for encryption as described herein, or this may include automatic encryption for any file that is outbound from an endpoint, e.g., via electronic mail, text message, ftp file transfer, upload to a remote location, and so forth. In another aspect, the creation of a container with the encrypted file may occur automatically under predetermined 
Lockhart et al. (US 20160142387) “STORAGE FOR ENCRYPTED DATA WITH ENHANCED SECURITY” teaches enhanced security for encrypted data. In some configurations, encrypted data may be generated at a client computing device by encrypting data with an encryption key. The encrypted data may be communicated from the client computing device to a secret store managed by a first entity for storage of the encrypted data in the secret store. The encryption key may be communicated from the client computing device to a key store managed by a second entity for storage of the encryption key in the key store.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  

/DEVIN E ALMEIDA/           Examiner, Art Unit 2492                                                                                                                                                                                             
/SALEH NAJJAR/           Supervisory Patent Examiner, Art Unit 2492