DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Furukawa US 2012/0054824 in view of Davis, II US 2019/0011891.
 
 	As per claim 1, Furukawa discloses one or more non-transitory machine-readable media storing instructions which, when executed by one or more processors, cause: 
 	obtaining, by a policy management service operating in a computer system, a policy statement including a set of elements (par 0046 the resource classifying means 120 acquires, i.e. obtaining, an access control policy from the policy storing means 110 (step A1). ); 

wherein generating the preliminary syntax graph comprises ( 0048, generates a template (step A4). Finally, the generated template is stored in the template, i.e. preliminary syntax, storing means 160 and): 
generating nodes corresponding respectively to the set of elements ( par 0049 generates a node set N (step B1).); 
 	storing the nodes in a particular hierarchy based on node type (0048,the generated template, i.e. particular hierarchy, is stored in the template storing means 160 and processing is finished (step A5). );  
 	generating, by the policy management service, a final syntax graph based on the preliminary syntax graph (  0052 update, i.e. generating, the node set, i.e. final syntax graph ); 
wherein generating the final syntax graph ( par 0052 the node set, i.e. final syntax graph) comprises: 
optimizing the preliminary syntax graph by at least one of (0063 the upper node generating processing .i.e. optimizing, the current node set, from the resource classification tree ):
 	 eliminating a duplicate node in the preliminary syntax graph (par 0052 the nodes A and B are removed from the node set N, and a node P is added to update the node set (step B5) ); and 
 	 transmitting, by the policy management service to one or more instances of an authorization service, the final syntax graph ( par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph ).  

 	Furukawa does not explicitly disclose eliminating a non-viable path from a graph.
	However, Davis discloses eliminating a non-viable path from a graph(par 0163 eliminate unreasonable or clearly incorrect paths, and claim 5,  determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration ).

  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of defining the resource classification tree of Furukawa, based on the teaching of determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration of Davis, because doing so would reduce computation burden by eliminating non-viable paths from consideration ( par 0163).

 	As per claim 2, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein the set of elements comprise at least one of: a requestor value; an action value; a resource value; and a location value ( Furukawa, par 0061 the resource classifying means 120 first extracts a set of nodes (hereinafter "upper nodes") which are root nodes of each subtree to separate the resource classification tree based on the inter-node distance (step D1)).  

 	As per claim 3, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein the policy statement includes at least one element that does not correspond to any of the nodes generated for the preliminary syntax graph (Furukawa, par 0061 root nodes of the resource classification tree as arguments. Next, a set of leaf nodes belonging to subtrees is generated using each upper node as a root node from the upper node set (step D2)).  

 	As per claim 4, Furukawa in view of Davis discloses the one or more media of Claim 1, further storing instructions which, when executed by the one or more processors cause: validating a syntax of the policy statement based on a human language in which the policy statement is written (Furukawa, par 0081 the ACL (i.e. validating) for network access control of the resources 320 connected to routers 320-1 to 320-n is set respectively in the routers. The policy collecting means 210 collects the ACL set in each of the routers 320-1 to 320-n according to a certain method, and stores the ACL in the policy storing means 110 of the policy template generating device 100 as a policy set which is currently set).  



 	As per claim 5, Furukawa in view of Davis discloses the one or more media of Claim 1, further storing instructions which, when executed by the one or more processors cause: validating semantics of the policy statement at least by verifying that the set of elements are valid (Furukawa, par 0081 the ACL (i.e. validating) for network access control of the resources 320 connected to routers 320-1 to 320-n is set respectively in the routers. The policy collecting means 210 collects the ACL set in each of the routers 320-1 to 320-n according to a certain method).  


 	As per claim 6, Furukawa in view of Davis discloses the one or more media of Claim 1, further storing instructions which, when executed by the one or more processors cause: validating semantics of the policy statement at least by mapping an entity referenced by at least one of the set of elements to a system-wide identifier (Furukawa, par 0081 the ACL(i.e. validating ) for network access control of the resources 320 connected to routers 320-1 to 320-n is set respectively in the routers. The policy collecting means 210 collects the ACL set in each of the routers 320-1 to 320-n according to a certain method).  



 
 	As per claim 7, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein storing the nodes in the particular hierarchy based on node type comprises: storing a first subset of the nodes associated with requestor values in a first set of one or more levels of the particular hierarchy( Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree); 
 	storing a second subset of the nodes associated with action values in a second set of one or more levels of the particular hierarchy (Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree).  


 	As per claim 8, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein each of the nodes represents a binary determination, and each of the nodes is associated with at most two child nodes (Davis, 0151 the decision tree , binary determination, may be a distributed algorithm. Due to the vast number of possible permutations the decision tree algorithm may be distributed in a cloud, such as a custom cloud that allows for distributed parallel processing. Branches within the decision tree algorithm may be broken up and distributed. Machine learning techniques may be used to identify recurring patterns and to pre-filter and evaluate branches to optimize the creation of impact profiles for consumers  ).  

 	As per claim 9, Furukawa in view of Davis discloses the one or more media of Claim 1, further storing instructions which, when executed by the one or more processors cause: generating a second policy statement based on at least one of the preliminary syntax graph and the final syntax graph (Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree ), wherein the policy statement and the second policy statement are associated with different localized syntaxes ( Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree).  


   	As per claim 10, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein generating the final syntax graph comprises further comprises: mapping an entity referenced by at least one of the set of elements to a system-wide identifier (Furukawa, 0095, resource classifying means 120 determines to include the node H in the upper node set (step E6). Further, when decision processing is performed using the node G as a current node).  

 	As per claim 11, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein generating the final syntax graph comprises further comprises: replacing a generic term in the policy statement with a predefined list of terms (Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph).  

 	As per claim 12, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein generating the final syntax graph comprises further comprises: reducing the policy statement to a logic statement comprising variables and logical operators ( Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph).  

 	As per claim 13, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein eliminating the non-viable path in the preliminary syntax graph is responsive to determining that logical conditions associated with the non-viable path cannot be satisfied (Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph).  

 	As per claim 14, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein transmitting, by the policy management service to the one or more instances of the authorization service ( Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph), the final syntax graph comprises: pushing the final syntax graph to the one or more instances of the authorization service (Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree).  

 	As per claim 15, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein: generating the preliminary syntax graph further comprises: generating a second set of nodes corresponding respectively to a second set of elements included in a second policy statement (Furukawa, par 0091 the resource classifying means 120 performs processing of creating a resource group from the structured resource classification tree); storing the second set of nodes in the particular hierarchy based on node type ( Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph); the final syntax graph is generated based on the policy statement and the second policy statement ( Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph).  

As per claim 16, Furukawa in view of Davis discloses the one or more media of Claim 1, wherein at least one of the one or more instances of the authorization service processes an authorization request based on the final syntax graph ( Furukawa, par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph).  


 	As per claim 18, Furukawa discloses a system, comprising: 
 	one or more hardware processors; one or more non-transitory machine-readable media storing instructions which (par 0046 the policy storing means 110  ), when executed by one or more processors, cause: 
 	obtaining, by a policy management service operating in a computer system, a policy statement including a set of elements (par 0046 the resource classifying means 120 acquires, i.e. obtaining, an access control policy from the policy storing means 110 (step A1). ); 
 	generating, by the policy management service, a preliminary syntax graph based on the policy statement (par 0047 a resource group is generated using the acquired policy (step A2) );  
wherein generating the preliminary syntax graph comprises ( 0048, generates a template (step A4). Finally, the generated template is stored in the template, i.e. preliminary syntax, storing means 160 and): 
generating nodes corresponding respectively to the set of elements ( par 0049 generates a node set N (step B1).); 
 	storing the nodes in a particular hierarchy based on node type (0048,the generated template, i.e. particular hierarchy, is stored in the template storing means 160 and processing is finished (step A5). );  
 	generating, by the policy management service, a final syntax graph based on the preliminary syntax graph (  0052 update, i.e. generating, the node set, i.e. final syntax graph ); 
wherein generating the final syntax graph ( par 0052 the node set, i.e. final syntax graph) comprises: 
optimizing the preliminary syntax graph by at least one of (0063 the upper node generating processing .i.e. optimizing, the current node set, from the resource classification tree ):
 	 eliminating a duplicate node in the preliminary syntax graph (par 0052 the nodes A and B are removed from the node set N, and a node P is added to update the node set (step B5) ); and 
 	 transmitting, by the policy management service to one or more instances of an authorization service, the final syntax graph ( par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph ).  

 	Furukawa does not explicitly disclose eliminating a non-viable path from a graph.
	However, Davis discloses eliminating a non-viable path from a graph(par 0163 eliminate unreasonable or clearly incorrect paths, and claim 5,  determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration ).

  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of defining the resource classification tree of Furukawa, based on the teaching of determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration of Davis, because doing so would reduce computation burden by eliminating non-viable paths from consideration ( par 0163).


 	As per claim 19, Furukawa in view of Davis discloses the system of Claim 18, wherein: generating the preliminary syntax graph further comprises: generating a second set of nodes corresponding respectively to a second set of elements included in a second policy statement ( Furukawa, par 0106 resource group ID for identifying an associated resource group and information showing a permission set included in the template may be associated as information showing a policy template, and stored in the template storing means 160. In addition, the resource group ID is information used to refer to information of resources included in the resource group, and utilized as index information for the group storing means 140. In addition, instead of the resource group ID,); storing the second set of nodes in the particular hierarchy based on node type (Furukawa, pa r0106 utilized as index information for the group storing means 140 ); the final syntax graph is generated based on the policy statement and the second policy statement ( Furukawa, par 0106 the resource group ID is information used to refer to information of resources included in the resource group).  

 
 	As per claim 20, Furukawa discloses a method comprising: 
 	obtaining, by a policy management service operating in a computer system, a policy statement including a set of elements (par 0046 the resource classifying means 120 acquires, i.e. obtaining, an access control policy from the policy storing means 110 (step A1). ); 
 	generating, by the policy management service, a preliminary syntax graph based on the policy statement (par 0047 a resource group is generated using the acquired policy (step A2) );  
wherein generating the preliminary syntax graph comprises ( 0048, generates a template (step A4). Finally, the generated template is stored in the template, i.e. preliminary syntax, storing means 160 and): 
generating nodes corresponding respectively to the set of elements ( par 0049 generates a node set N (step B1).); 
 	storing the nodes in a particular hierarchy based on node type (0048,the generated template, i.e. particular hierarchy, is stored in the template storing means 160 and processing is finished (step A5). );  
 	generating, by the policy management service, a final syntax graph based on the preliminary syntax graph (  0052 update, i.e. generating, the node set, i.e. final syntax graph ); 
wherein generating the final syntax graph ( par 0052 the node set, i.e. final syntax graph) comprises: 
optimizing the preliminary syntax graph by at least one of (0063 the upper node generating processing .i.e. optimizing, the current node set, from the resource classification tree ):
 	 eliminating a duplicate node in the preliminary syntax graph (par 0052 the nodes A and B are removed from the node set N, and a node P is added to update the node set (step B5) ); and 
 	 transmitting, by the policy management service to one or more instances of an authorization service, the final syntax graph ( par 0080 transmit to each router an ACL, final syntax graph, setting request according to a predetermined protocol to apply an additional policy, par 0054 a root node of the resource classification tree, i.e. the final syntax graph ).  

 	Furukawa does not explicitly disclose eliminating a non-viable path from a graph.
	However, Davis discloses eliminating a non-viable path from a graph(par 0163 eliminate unreasonable or clearly incorrect paths, and claim 5,  determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration ).

  	Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of defining the resource classification tree of Furukawa, based on the teaching of determining viable paths by applying heuristics to reduce computation burden by eliminating non-viable paths from consideration of Davis, because doing so would reduce computation burden by eliminating non-viable paths from consideration ( par 0163).



 				Allowable Subject Matter
Claim 17 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims( the claim 17 into all the independent claims).



Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. CALL et al US 2013/0219492 [0019] FIG. 4 is a flow chart illustrating logic processes executed by a system scanning a data flow to detect code sequences that satisfy a syntax graph for a computer programming language. 
[0020] FIG. 5 is a block diagram of a system for creating syntax graphs for computer programming languages. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495