DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/05/2021 has been entered.

Response to Amendment
This is in response to the amendments filed on 04/05/2021. Claims 1-10, and 12-20 have been amended. Claims 1-20 are currently pending and have been considered below.

Response to Arguments
Applicant’s arguments, see pages 8-15, filed 04/05/2021, with respect to the rejection of claims 1-20 under 35 U.S.C. 103 have been considered but are moot because the arguments do not apply to the references being used in the current rejection. However, Applicant's amendment necessitated the new ground(s) of rejection as will be discussed below. 

Claim Objections
Claims 5 and 17 is objected to because of the following informalities:  
Claim 5 recites the limitation “… at least one rule to reduce an intermediate set of policy subcomponents into the set of at least one policy subcomponent [into the set of at least one  appropriate correction is required.
Claim 17 recites the limitation “… at least one rule to 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  

Amended claims 1, 13 and 19 each recites “determining … by separately considering at least a key and a value …” which, however, does not appear to be described within the 
The value “prod” of the entity named policy association assignments 648 1 is then applied to the policy subcomponent attributes to select the policy subcomponents from the candidate policy subcomponents 672 1 to comprise a policy aggregate 674 1 for the computing entity 652 1. (See para. [0073] and FIG. 6A)

That is, the specification describes that the policy aggregate 674 is obtained by comparing a key and then a value sequentially (i.e., by considering “AND” logic). As such, the Examiner suggests Applicant to point to specific language within the Specification that fully discloses the above noted limitation of claims 1, 13 and 19, otherwise Applicant should amend the claims to recite limitations fully supported within Applicant’s Specification.

Amended claims 1, 13 and 19 each recites “… a first key assigned to the aggregate …” which, however, does not appear to be described within the Specification. In this regard, the specification describes that 
The embodiment shown in FIG. 6A depicts a policy association taxonomy 642 for a set of named policy associations 312 that comprises two keys: an “env” key corresponding to an entity environment characteristic, and an “acc” key corresponding to an entity access tier characteristic. The possible values for each key are also shown in the policy association taxonomy 642. (See para. [0071])

where the aggregate is formed based at least in part on the named policy association assignments of the computing entity and the mapping rules of the individual policies 114 (operation 4) (See para. [0034])

That is, in light of the specification, the aggregate does not appear to indicate the named policy associations or individual policy. In addition the specification does not explicitly describes that a key is assigned to the aggregate for itself. As such, the Examiner suggests Applicant to point to specific language within the Specification that fully discloses the above noted limitation 

Amended claim 2 recites “… assigning at least the first key and a first the key value for the at least one first key to the aggregate or the different aggregate…” which, however, does not appear to be described within the Specification as the same reason as stated above. As such, the Examiner suggests Applicant to point to specific language within the Specification that fully discloses the above noted limitation of claim 2, otherwise Applicant should amend the claims to recite limitations fully supported within Applicant’s Specification.

Claims 3-12, 14-18, and 20 are rejected under U.S.C 112(a) as being dependent from the rejected claims, respectively. 

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Amended claims 1, 13 and 19 each recites “determining … by separately considering at least a key and a value …” It is unclear as to what is meant by the term “separately”. In other 

Claims 3-12, 14-18, and 20 are rejected under U.S.C 112(b) as being dependent from the rejected claims, respectively. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6, 9-10, 13-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pearl et al. (US 2016/0065627 A1; hereinafter, “Pearl”) in view of Lee et al. (US 2017/0171245 A1; hereinafter, “Lee”). 

Regarding claim 1:
Pearl teaches:
A method (for example, claim 1), comprising: 
(para. [0113]: To begin, in process 1010, the rule manager receives a metadata event and, in process 1012, processes the metadata event to identify or capture an associated key-value pair. As discussed above, the metadata event can be an event that is initiated by a metadata service engine responsive to monitoring changes in metadata in content items in the collaborative cloud-based environment; para. [0087]: The metadata events can identify a change in a metadata key-value pair associated with a particular work item in the collaborative cloud-based environment; para. [0078]: The rule manager 620 can include any system and/or service that is configured to receive incoming ALF events and/or metadata events and apply rules (or metadata rules) to the events to automatically generate corresponding job requests and send the job requests to the jobs manager 640; para. [0025]: Scalable architectures, systems, and services are provided herein for generating jobs by applying user-specified rules to various metadata events. More specifically, the scalable architecture described herein uses metadata to drive automations and/or polices in a cloud-based environment. --- It is noted that monitoring changes in metadata in content items in the collaborative cloud-based environment teaches detecting a change event corresponding to one or more policy subcomponents in a virtualization environment; metadata events and apply rules (or metadata rules) to the events teaches event corresponding to one or more policy subcomponents; applied rules (or metadata rules) collectively suggests aggregate; rules teaches one or more policy subcomponents);
determining a set of at least one policy subcomponent (para. [0090]: One embodiment of the rule manager 700 includes the rule matching/selection engine 730. The rule matching/selection engine 730 is configured to access pre-defined rules from the rules database 750, and scan the pre-defined rules to select pre-defined rules that match particular event criteria. For example, the rule manger 700 can utilize filters (or criteria) to select or match ALF events with rules. Example filters include, but are not limited to, enterprise_id, all_enterprises, all_users, and event type. Additionally, the rule matching/selection engine 730 can parse the metadata rules to select pre-defined rules that match a particular key and/or value of a key value pair associated with a particular metadata event; para. [0114]: In process 1014, the rule manager scans the metadata rules based on the metadata key and, at decision process 1016, determines if the metadata key matches a metadata rule. In one embodiment, the rule manger can also scan the metadata rules for other conditions or values that are compared to the value of the key-value to make a determination about whether a metadata rule is triggered or if a metadata event matches a rule; para. [0092]: The metadata rule parser 734 is configured to parse the metadata rules to identify one or more keys and or values. --- It is noted that select pre-defined rules that match particular event criteria teaches determining a set of at least one policy subcomponent; scans the metadata rules based on the metadata key and, … also scan the metadata rules for other conditions or values teaches by separately considering at least a key and a value, here it is unclear what is meant by the term “separately”, thus it is interpreted as “sequentially”; parse the metadata rules to identify one or more keys and or values teaches at least a key and a value assigned to a policy subcomponent of multiple policy subcomponents); at least by
reducing the multiple policy subcomponents into candidate policy subcomponents by comparing a first key assigned to the aggregate to a corresponding key assigned to a corresponding policy subcomponent (para. [0090]: … The rule matching/selection engine 730 is configured to access pre-defined rules from the rules database 750, and scan the pre-defined rules to select pre-defined rules that match particular event criteria. For example, the rule manger 700 can utilize filters (or criteria) to select or match ALF events with rules. Example filters include, but are not limited to, enterprise_id, all_enterprises, all_users, and event type. Additionally, the rule matching/selection engine 730 can parse the metadata rules to select pre-defined rules that match a particular key and/or value of a key value pair associated with a particular metadata event; para. [0114]: In process 1014, the rule manager scans the metadata rules based on the metadata key and, at decision process 1016, determines if the metadata key matches a metadata rule. In one embodiment, the rule manger can also scan the metadata rules for other conditions or values that are compared to the value of the key-value to make a determination about whether a metadata rule is triggered or if a metadata event matches a rule; para. [0092]: The metadata rule parser 734 is configured to parse the metadata rules to identify one or more keys and or values. --- It is noted that select pre-defined rules that match particular event criteria (based on the metadata key) teaches reducing the multiple policy subcomponents into candidate policy subcomponents by comparing a first key assigned to the aggregate to a corresponding key assigned to a corresponding policy subcomponent. Further noted that a first key assigned to the aggregate is not supported by the specification, thus, the limitation “a first key assigned to the aggregate to a corresponding key assigned to a corresponding policy subcomponent” is interpreted as “a first key … assigned to a corresponding policy subcomponent”); 
reducing the candidate policy subcomponents into the set of at least one policy subcomponent by comparing a key value for the first key with a corresponding key value of the corresponding key (para. [0090]: … Additionally, the rule matching/selection engine 730 can parse the metadata rules to select pre-defined rules that match a particular key and/or value of a key value pair associated with a particular metadata event; para. [0114]: In process 1014, the rule manager scans the metadata rules based on the metadata key and, at decision process 1016, determines if the metadata key matches a metadata rule. In one embodiment, the rule manger can also scan the metadata rules for other conditions or values that are compared to the value of the key-value to make a determination about whether a metadata rule is triggered or if a metadata event matches a rule; para. [0092]: The metadata rule parser 734 is configured to parse the metadata rules to identify one or more keys and or values; para. [0093]: For example, the job request generation engine 740 can determine a value of the metadata key-value pair associated with a particular work item, process the first pre-defined metadata rule that matches the key of the key-value pair, identify a threshold value associated with the first pre-defined metadata rule and compare the value of the metadata key-value pair with the threshold value. The job request can then be generated if the rule is triggered. --- It is noted that also scan the metadata rules for values to make a determination about whether a metadata rule is triggered teaches comparing a key value for the first key with a corresponding key value of the corresponding key; identify a threshold value associated with the first pre-defined metadata rule and compare the value of the metadata key-value pair with the threshold value teaches reducing the candidate policy subcomponents into the set of at least one policy subcomponent, here, the first pre-defined metadata rule teaches the candidate policy subcomponents, a triggered (i.e., applied) metadata rule teaches the set of at least one policy subcomponent, the rules that match a key are inherently reduced to the rules that match a key and value (i.e., key-value pair)); and
aggregating the set of at least one policy subcomponent … (para. [0092]: For example, the metadata rule parser 734 can determine a pre-defined metadata rule that matches the key of the key-value pair; para. [0093]: For example, the job request generation engine 740 can determine a value of the metadata key-value pair associated with a particular work item, process the first pre-defined metadata rule that matches the key of the key-value pair, identify a threshold value associated with the first pre-defined metadata rule and compare the value of the metadata key-value pair with the threshold value. The job request can then be generated if the rule is triggered; para. [0030]: Rule: A rule defines what jobs are generated given a particular action. More than one rule can be triggered given an action and multiple jobs can be generated from a single rule. --- It is noted that a pre-defined metadata rule that matches the key-value pair (i.e., triggered rule or applied rule) teaches the set of at least one policy subcomponent; More than one rule teaches at least one policy subcomponent); 
(para. [0093]: The job request generation engine 740 is configured to generate one or more job requests for each rule. --- It is noted that job requests teaches executing at least one policy action; for each rule teaches to enforce the aggregate).  

Pearl is silent about:
detecting a change event corresponding to an assignment of an aggregate of … subcomponents to a computing entity …;
… subcomponent for the aggregate …; aggregating … subcomponent into the aggregate.
Lee, in the same field of endeavor, teaches: 
detecting a change event corresponding to an assignment of an aggregate of … subcomponents to a computing entity … (para. [0010]: An event relevant to the first tenant specific policy is detected. The first tenant specific policy is reconfigured according to the detected event; para. [0023]: A “tenant specific policy” is a detailed set of rules of how the cloud service will accomplish services for a particular tenant; para. [0079]: An event detection engine 411 detects changes in the configuration of the cloud environment due to tenant or administrator requests; para. [0068]: when a tenant changes from one container environment to another, the cloud resources assigned to the tenant may be changed as well; para. [0069]: The invention provides support for dynamic reconfiguration of cloud resources to respective tenants with dynamic discovery of environment changes and a consequential reconfiguration of a tenant specific policy to the appropriate service instance in a way that can accommodate different provider services and tenant application types. --- It is noted that An event relevant to the first tenant specific policy is detected, which teaches detecting a change event corresponding to an assignment of an aggregate of subcomponents, here policy teaches an aggregate of subcomponents (i.e., rules); detects changes in the configuration of the cloud environment and a tenant changes from one container environment teaches detecting a change event corresponding to a computing entity);
… subcomponent for the aggregate …; aggregating … subcomponent into the aggregate (para. [0023]: A “tenant specific policy” is a detailed set of rules of how the cloud service will accomplish services for a particular tenant; para. [0098]: … the PCA 415 will reference service provider R's high level policy 811 to produce the new tenant specific policies 813 … The new set of policies are shown in box 813, showing a new rule 3 for the new VM 03. --- It is noted that a “tenant specific policy” corresponds to the aggregate; a detailed set of rules teaches subcomponent; produce the new tenant specific policies 813 teaches aggregating subcomponent (i.e., rules) into the aggregate).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pearl’s system by enhancing Pearl’s system to be applied to a computing entity, as taught by Lee, in order to automatically reconfigure policies of computing entities. 
The motivation is to cope with the dynamic nature of the cloud computing environment dynamically changing the assignment of tenants to cloud resources, thereby improving security in a cloud environment.

Regarding claim 2: 
Pearl in view of Lee teaches:
	The method of claim 1, detecting the change event comprising…
Pearl further teaches:
identifying a change to … at least one policy subcomponent (para. [0087]: The metadata events can identify a change in a metadata key-value pair associated with a particular work item in the collaborative cloud-based environment; para. [0078]: The rule manager 620 can include any system and/or service that is configured to receive incoming ALF events and/or metadata events and apply rules (or metadata rules) to the events to automatically generate corresponding job requests and send the job requests to the jobs manager 640. --- It is noted that identify a change in a metadata key-value pair associated with a particular work item teaches identifying a change to one or more policy subcomponents); and
 the assignment or the different assignment includes assigning at least the first key and the key value to the aggregate or the different aggregate, both of the first key and the key value are codified in the aggregate or the different aggregate (FIG. 8 & para. [0085]: … Alternatively or additionally, metadata rules can be defined based on keys of key value pairs. In some embodiments, threshold or defined values for the metadata key-value pairs can be set that trigger the rule. --- It is noted that metadata rules can be defined based on keys of key value pairs, which teaches the assignment includes assigning at least the first key and the key value to the aggregate, both of the first key and the key value are codified in the aggregate. Further noted that, in this regard, the specification describes, for example, that a set of candidate policy subcomponents are identified based at least in part on the keys of the key-value pairs (step 506). (See para. [0067]), but does not describe that the at least the first key and the key value are assigned directly to the aggregate itself (or the different aggregate), thus for the sake of examination, the limitation is interpreted as the at least the first key and the key value are assigned to at least one policy subcomponent included in the aggregate).
Pearl is silent about:
... the assignment of the aggregate or to a different assignment of the aggregate or a different aggregate of … subcomponent.
Lee teaches:
... the assignment of the aggregate or to a different assignment of the aggregate or a different aggregate of … subcomponent (para. [0079]: An event detection engine 411 detects changes in the configuration of the cloud environment due to tenant or administrator requests; para. [0068]: when a tenant changes from one container environment to another, the cloud resources assigned to the tenant may be changed as well; para. [0024]: Since the cloud resources assigned to each tenant will be unique, the tenant specific policy for each tenant will be unique with respect to the specific resources for which the policy applies. --- It is noted that the tenant specific policy teaches the assignment of the aggregate; detects changes in the configuration of the cloud environment teaches identifying a change to the assignment of the aggregate of at least one policy subcomponent).
The motivation for claim 1 is applicable for claim 2.

Regarding claim 3: 
Pearl in view of Lee teaches:
The method of claim 2, wherein the change event comprises…
Pearl is silent about:
creating or deploying the computing entity or updating the computing entity in the virtualization environment with the assignment of the aggregation.
Lee teaches:
creating or deploying the computing entity or updating the computing entity in the virtualization environment with the assignment of the aggregation (para. [0079]: An event detection engine 411 detects changes in the configuration of the cloud environment due to tenant or administrator requests; para. [0068]: when a tenant changes from one container environment to another, the cloud resources assigned to the tenant may be changed as well; para. [0087]: In step 507, the tenant specific policy on the enforcement point is reconfigured to agree with the new network configuration for the tenant application to produce a new tenant specific policy. --- It is noted that the new network configuration for the tenant application to produce a new tenant specific policy teaches creating or deploying the computing entity with the assignment of the aggregation).  
The motivation for claim 1 is applicable for claim 3.

Regarding claim 6:
Pearl in view of Lee teaches:
The method of claim 1.
Pearl further teaches:
wherein a policy subcomponent of the candidate policy subcomponents is codified to include at least one key and a value corresponding to the at least one key, the at least one key indicates an operating environment into which computing entities with which the policy subcomponent is associated are to be deployed (FIG. 8 & para. [0085]: Each rule can include one or more conditions that can be determined by the user and/or automatically by the system. Each condition is associated with a job. In operation, when a condition is evaluated to be true, the associated job is triggered and/or otherwise generated. Metadata rules can be defined in a similar fashion. Alternatively or additionally, metadata rules can be defined based on keys of key value pairs. In some embodiments, threshold or defined values for the metadata key-value pairs can be set that trigger the rule. For example, if the metadata template defines a contract, then one metadata attribute may be the value of the contract. A rule can be set that triggered a particular action or job in the event that the value of the contract exceeds a particular preset value. For instance, one or more notifications may be sent to particular individuals for review. Similarly, a metadata attribute of a contract template could include a status attribute that causes a particular action or job to be performed when the value of the key-value pair change from ‘PENDING’ to ‘APPROVED’. In this manner, metadata or changes to metadata can trigger job requests (e.g., events or actions); para. [0087]: The metadata events can identify a change in a metadata key-value pair associated with a particular work item in the collaborative cloud-based environment. For example, a contract (work item) can include a metadata key-value pair including a key: value of contract and a value of that key: monetary value. --- It is noted that metadata rules can be defined based on keys of key value pairs, which teaches a policy subcomponent of the candidate policy subcomponents is codified to include at least one key and a value corresponding to the at least one key; a contract (work item) in the collaborative cloud-based environment teaches the at least one key indicates an operating environment into which computing entities with which the policy subcomponent is associated are to be deployed).  

Regarding claim 9:
Pearl in view of Lee teaches:
The method of claim 1.
Pearl further teaches:
wherein the aggregate corresponds to at least one entity operational characteristic to be enforced (para. [0030]: … More than one rule can be triggered given an action and multiple jobs can be generated from a single rule; para. [0093]: The job request generation engine 740 is configured to generate one or more job requests for each rule; para. [0085]: … A rule can be set that triggered a particular action or job in the event that the value of the contract exceeds a particular preset value. … In this manner, metadata or changes to metadata can trigger job requests (e.g., events or actions); para. [0087]: The metadata events can identify a change in a metadata key-value pair associated with a particular work item in the collaborative cloud-based environment. For example, a contract (work item) can include a metadata key-value pair including a key: value of contract and a value of that key: monetary value. --- It is noted that the rule triggers job requests (e.g., events or actions), which teaches the aggregate corresponds to at least one characteristic to be enforced; a contract (work item) teaches at least one entity operational characteristic; a triggered rule corresponds to the aggregate is taught by Lee as stated in claim 1 rejection), and 
the at least one entity 3NUT-PAT-491-081920-reviewAtty. Dkt. No.: NUT-PAT-491operational characteristic comprise at least one of a quota on a computing resource for the computing entity, access permission for the computing entity, an (para. [0085]: … A rule can be set that triggered a particular action or job in the event that the value of the contract exceeds a particular preset value. … In this manner, metadata or changes to metadata can trigger job requests (e.g., events or actions; para. [0047]: In one embodiment, actions performed on work items or other activities that occur in a workspace can be detected in real time or in near real time; para. [0039]: A work item can generally include any type of digital or electronic content that can be viewed or accessed via an electronic device (e.g., device 102). --- It is noted that accessed via an electronic device teaches at least one entity 3NUT-PAT-491-081920-reviewAtty. Dkt. No.: NUT-PAT-491operational characteristic comprise access permission for the computing entity); 

Regarding claim 10:
Pearl in view of Lee teaches:
The method of claim 1.
Lee teaches:
wherein the aggregate is defined at least in part by a taxonomy structure comprising at least one key-value pair, wherein a key in the key-value pair corresponds to an operational characteristic to be enforced …, a value for the key in the key-value pair corresponds to a characteristic value for the operational characteristic, and a policy subcomponent in the set of at least one policy subcomponent comprises both the key and the value for the key (para. [0085]: Each rule can include one or more conditions that can be determined by the user and/or automatically by the system. Each condition is associated with a job. In operation, when a condition is evaluated to be true, the associated job is triggered and/or otherwise generated. Metadata rules can be defined in a similar fashion. Alternatively or additionally, metadata rules can be defined based on keys of key value pairs. In some embodiments, threshold or defined values for the metadata key-value pairs can be set that trigger the rule. For example, if the metadata template defines a contract, then one metadata attribute may be the value of the contract. A rule can be set that triggered a particular action or job in the event that the value of the contract exceeds a particular preset value. --- It is noted that metadata rules can be defined based on keys of key value pairs, which teaches a policy subcomponent in the set of at least one policy subcomponent comprises both the key and the value for the key; the triggered metadata rule teaches the aggregate is defined at least in part by a taxonomy structure comprising at least one key-value pair; contract teaches the key; the value of the contract teaches a value).  
Pearl is silent about:
an operational characteristic to be enforced for the computing entity …
Lee, in the same field of endeavor, teaches: 
an operational characteristic to be enforced for the computing entity … (para. [0069]: The invention provides support for dynamic reconfiguration of cloud resources to respective tenants with dynamic discovery of environment changes and a consequential reconfiguration of a tenant specific policy to the appropriate service instance in a way that can accommodate different provider services and tenant application types. --- It is noted that a tenant specific policy to the appropriate service instance teaches an operational characteristic to be enforced for the computing entity).
The motivation for claim 1 is applicable for claim 10.

Regarding claim 13:
Claim 13 recites a non-transitory computer readable medium which corresponds to a method of claim 1, and additionally contain “a sequence of instructions which, when stored in memory and executed by a processor, causes the processor to perform a set of acts.” However, Pearl further teaches “a sequence of instructions which, when stored in memory and executed claim 23: A computer readable storage medium having instructions stored thereon that when executed by one or more processors of a collaboration system). Therefore, claim 13 is rejected by applying the same rationale used to reject claim 1 above.

Regarding claim 14:
Claim 14 recites the non-transitory computer readable medium which corresponds to the method of claim 2, and contains no additional limitation. Therefore, claim 14 is rejected by applying the same rationale used to reject claim 2 and claim 13 above.

Regarding claim 15:
Claim 15 recites the non-transitory computer readable medium which corresponds to the method of claim 3, and contains no additional limitation. Therefore, claim 15 is rejected by applying the same rationale used to reject claim 3 and claim 13 above.

Regarding claim 19:
Claim 19 recites a system which corresponds to a method of claim 1, and additionally contain “a non-transitory storage medium having stored thereon a sequence of instructions; and a processor that executes the sequence instructions, execution of the sequence of instructions causing the processor to perform a set of acts.” However, Pearl further teaches “a non-transitory storage medium having stored thereon a sequence of instructions; and a processor that executes the sequence instructions, execution of the sequence of instructions causing the processor to perform a set of acts” (claim 23: A computer readable storage medium having instructions stored thereon that when executed by one or more processors of a collaboration system). Therefore, claim 19 is rejected by applying the same rationale used to reject claim 1 above.

Regarding claim 20:
Claim 20 recites the system which corresponds to the method of claim 9, and contains no additional limitation. Therefore, claim 20 is rejected by applying the same rationale used to reject claim 9 and claim 19 above.

Claims 4-5, 7-8 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Pearl et al. (US 2016/0065627 A1; hereinafter, “Pearl”) in view of Lee et al. (US 2017/0171245 A1; hereinafter, “Lee”), and further in view of Burns et al. (US 2008/0184277 A1; hereinafter, “Burns”). 

Regarding claim 4:
Pearl in view of Lee teaches:
The method of claim 1, further comprising…
Pearl in view of Lee is silent about:
applying, by the virtualization environment, at least one rule to resolve a conflict in an intermediate set of policy subcomponents to further reduce the intermediate set of policy subcomponents into the set of at least one policy subcomponent.
Burns teaches:
applying, by the virtualization environment, at least one rule to resolve a conflict in an intermediate set of policy subcomponents to further reduce the intermediate set of policy subcomponents into the set of at least one policy subcomponent (para. [0024]: aspects of the invention provide conflict resolution and/or detection capabilities to resolve conflicts between rules in a policy document and permit adequate report or feedback from the target devices with respect to the status or state of the target devices before and after the policy rules are applied; para. [0029]: FIG. 3 illustrates that the policy authority 104 or components of the policy authority 104 detected a conflict between the created policy document and an existing rule “Rule 120” created by an administrator with an ID “AA” on Dec. 14, 2006; para. [0030]: The user 114 may also select one or more exemplary conflict resolution preferences as listed in section 314: overriding the previously created rule, yielding to the previously created rule, or executing a customized rule. --- It is noted that the policy authority 104 corresponds to the virtualization environment; conflict resolution preferences teaches at least one rule; provide conflict resolution capabilities to resolve conflicts between rules in a policy document teaches applying at least one rule to resolve a conflict in an intermediate set of policy subcomponents; after the policy rules are applied teaches reduce the intermediate set of policy subcomponents into the set of at least one policy subcomponent).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pearl in view of Lee’s system by enhancing Pearl in view of Lee’s system to apply a rule to resolve a conflict, as taught by Burns, in other to resolve the conflicts using user’s conflict resolution preferences.
The motivation is to provide administrators with some flexibility in resolving and detecting the conflicts and in determining if and how conflicts are automatically resolved by the system. (See Burns, para. [0030]) 

Regarding claim 5:
Pearl in view of Lee teaches:
The method of claim 1, further comprising…
Pearl in view of Lee is silent about:
applying, by the virtualization environment, at least one rule to reduce an intermediate set of policy subcomponents into the set of at least one policy subcomponent into the set of at least one policy subcomponent, wherein application of the at least one rule removes a redundancy in the intermediate set of policy subcomponents.  
Burns teaches:
applying, by the virtualization environment, at least one rule to reduce an intermediate set of policy subcomponents into the set of at least one policy subcomponent into the set of at least one policy subcomponent (para. [0024]: aspects of the invention provide conflict resolution and/or detection capabilities to resolve conflicts between rules in a policy document and permit adequate report or feedback from the target devices with respect to the status or state of the target devices before and after the policy rules are applied; para. [0029]: FIG. 3 illustrates that the policy authority 104 or components of the policy authority 104 detected a conflict between the created policy document and an existing rule “Rule 120” created by an administrator with an ID “AA” on Dec. 14, 2006; para. [0030]: The user 114 may also select one or more exemplary conflict resolution preferences as listed in section 314: overriding the previously created rule, yielding to the previously created rule, or executing a customized rule. --- It is noted that the policy authority 104 corresponds to the virtualization environment; conflict resolution preferences teaches at least one rule; provide conflict resolution capabilities to resolve conflicts between rules in a policy document teaches applying at least one rule to reduce an intermediate set of policy subcomponents; the policy rules are applied teaches apply at least one rule), , 
wherein application of the at least one rule removes a redundancy in the intermediate set of policy subcomponents (para. [0006]: For example, suppose an IT management staff A creates a policy for configuring the screen saver program to be activated after 15 minutes while, at the same time, another IT management staff B attempts to create a different policy for 20 minutes for the screen saver activation time. … For the target device, the software would just adopt the policy from both and keeps on changing the configuration. Alternatively, a hardcoded rule, such as based on the time when the rules are received, may choose that the policy created by the IT management staff A overrides the policy by the IT management staff B; para. [0030]: The user 114 may also select one or more exemplary conflict resolution preferences as listed in section 314: overriding the previously created rule, yielding to the previously created rule, or executing a customized rule; see also Appendix D. --- It is noted that overriding the previously created rule teaches applying at least one rule to reduce an intermediate set of policy subcomponents and remove a redundant subcomponents).  
The motivation for claim 4 is applicable for claim 5. 

Regarding claim 7:
Pearl in view of Lee teaches:
The method of claim 1, further comprising…
Pearl further teaches:
… wherein multiple policy actions are codified in at least one policy subcomponent (para. [0030]: More than one rule can be triggered given an action and multiple jobs can be generated from a single rule. --- It is noted that multiple jobs can be generated from a single rule, which teaches multiple policy actions are codified in at least one policy subcomponent).  
Pearl in view of Lee is silent about:
removing a redundant policy action from multiple policy actions that are to be enforced on the computing entity when the aggregate is applied to the computing entity, based at least in part upon a state of the computing entity monitored by the virtualization environment … 
Burns teaches:
removing a redundant policy action from multiple policy actions that are to be enforced on the computing entity when the aggregate is applied to the computing entity, based at least in part upon a state of the computing entity monitored by the virtualization environment … (para. [0006]: For example, suppose an IT management staff A creates a policy for configuring the screen saver program to be activated after 15 minutes while, at the same time, another IT management staff B attempts to create a different policy for 20 minutes for the screen saver activation time. … For the target device, the software would just adopt the policy from both and keeps on changing the configuration. Alternatively, a hardcoded rule, such as based on the time when the rules are received, may choose that the policy created by the IT management staff A overrides the policy by the IT management staff B; para. [0030]: The user 114 may also select one or more exemplary conflict resolution preferences as listed in section 314: overriding the previously created rule, yielding to the previously created rule, or executing a customized rule; see also Appendix D; para. [0024]: aspects of the invention provide conflict resolution and/or detection capabilities to resolve conflicts between rules in a policy document and permit adequate report or feedback from the target devices with respect to the status or state of the target devices before and after the policy rules are applied; para. [0038]: the target device 106 also includes a reporter 204 for reporting to the policy authority 104 or the proxy server 126 information associated with the status of the implementation or application of policy rules included in the policy document 102. Embodiments of the invention overcome shortcomings of existing technologies by establishing a common reporting system enabling an easy auditing of the compliance status (e.g., via a change notifier 216) of the software installed on the target device 106 within a distributed computer network. --- It is noted that overriding the previously created rule teaches remove a redundant policy action from multiple policy actions; before the policy rules are applied teaches to be enforced on the computing entity; the policy authority 104 corresponds to the virtualization environment; reporter 204 for reporting to the policy authority 104 about the compliance status of the software installed on the target device 106 teaches based on a state of the computing entity monitored by the virtualization environment).  
The motivation for claim 4 is applicable for claim 7. 
  
Regarding claim 8:
Pearl in view of Lee teaches:
The method of claim 7, further comprising…
Pearl further teaches:
… wherein a policy subcomponent in the set of at least one policy subcomponent comprises multiple keys and an operator that is used to determine how the multiple keys are to be enforced in reducing the multiple policy subcomponents into candidate policy subcomponents (para. [0085]: Alternatively or additionally, metadata rules can be defined based on keys of key value pairs; para. [0092]: The metadata rule parser 734 is configured to parse the metadata rules to identify one or more keys and or values that match the key-value pair associated with the metadata event; para [0085]: Each rule can include one or more conditions that can be determined by the user and/or automatically by the system. Each condition is associated with a job. In operation, when a condition is evaluated to be true, the associated job is triggered and/or otherwise generated; para. [0100]: Rule 1: Condition/Job. If a file is uploaded/moved to folder A/move file to folder B. --- It is noted that identify one or more keys and or values teaches a policy subcomponent in the set of at least one policy subcomponent comprises multiple keys; Each rule can include one or more conditions and If a file is uploaded/moved to folder A/move file to folder B teaches an operator that is used to determine how the multiple keys are to be enforced in reducing the multiple policy subcomponents into candidate policy subcomponents).
Pearl in view of Lee is silent about:
removing the redundant policy action from the multiple policy actions prior to executing the multiple policy actions on the computing entity.
Burns teaches:
removing the redundant policy action from the multiple policy actions prior to executing the multiple policy actions on the computing entity (para. [0006]: For example, suppose an IT management staff A creates a policy for configuring the screen saver program to be activated after 15 minutes while, at the same time, another IT management staff B attempts to create a different policy for 20 minutes for the screen saver activation time. … For the target device, the software would just adopt the policy from both and keeps on changing the configuration. Alternatively, a hardcoded rule, such as based on the time when the rules are received, may choose that the policy created by the IT management staff A overrides the policy by the IT management staff B; para. [0030]: The user 114 may also select one or more exemplary conflict resolution preferences as listed in section 314: overriding the previously created rule, yielding to the previously created rule, or executing a customized rule; see also Appendix D; para. [0024]: aspects of the invention provide conflict resolution and/or detection capabilities to resolve conflicts between rules in a policy document and permit adequate report or feedback from the target devices with respect to the status or state of the target devices before and after the policy rules are applied. --- It is noted that overriding the previously created rule teaches removing the redundant policy action from the multiple policy actions; and before the policy rules are applied teaches prior to executing the multiple policy actions on the computing entity). 
The motivation for claim 4 is applicable for claim 8. 

Regarding claim 16:
Claim 16 recites the non-transitory computer readable medium which corresponds to the method of claim 4, and contains no additional limitation. Therefore, claim 16 is rejected by applying the same rationale used to reject claim 4 and claim 13 above.

Regarding claim 17:
Claim 17 recites the non-transitory computer readable medium which corresponds to the method of claim 5, and contains no additional limitation. Therefore, claim 17 is rejected by applying the same rationale used to reject claim 5 and claim 13 above.

Regarding claim 18:
.
 
Claims 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Pearl et al. (US 2016/0065627 A1; hereinafter, “Pearl”) in view of Lee et al. (US 2017/0171245 A1; hereinafter, “Lee”), and further in view of Yin et al. (US 2013/0111541 A1; hereinafter, “Yin”). 

Regarding claim 11: 
Pearl in view of Lee teaches:
The method of claim 1, further comprising…
Pearl in view of Lee is silent about:
updating a state of the computing entity with a compliance indication stored in a status object in the virtualization environment.
Yin teaches:
updating a state of the computing entity with a compliance indication stored in a status object in the virtualization environment (para. [0030]: In an embodiment, the authentication server may verify 302 whether the client device is subject to an administrative policy by analyzing the client registry. The client registry may include a list of clients and a status associated with each. For example, the client registry may include a unique identifier associated with each client in the registry, and a status for each client as to whether the client device is compliant with an administrative policy; para. [0049]: In an embodiment, the management server device may change 410 a status of a client device in the client registry to non-compliant with the administrative policy if the management server device fails to receive one or more communications from the client device by a response time or within a time period after the response time. --- It is noted that change 410 a status of a client device updating a state of the computing entity; a status for each client as to whether the client device is compliant with an administrative policy teaches with a compliance indication; client registry teaches stored in a status object in the virtualization environment).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pearl in view of Lee’s system by enhancing Pearl in view of Lee’s system to update a state of tenant with a compliant indication, as taught by Yin, in order to verify whether the tenant is subject to a policy.
In this regard, Yin describes that if an employee's mobile device does not adhere to a data security policy or access policy at least as stringent as an employer's policies, sensitive corporate information may be susceptible to unauthorized access.
Thus, the motivation is to protect sensitive information of the tenants from an unauthorized access by verifying whether the tenant is subject to a policy. 
 
Regarding claim 12: 
Pearl in view of Lee teaches:
The method of claim 11.
Pearl in view of Lee is silent about:
wherein the compliance indication in the status object comprises information that indicates whether the computing entity is compliant with the aggregate applied to the computing entity, and the aggregate is stored as a policy object in the virtualization environment.
Yin teaches:
wherein the compliance indication in the status object comprises information that indicates whether the computing entity is compliant with the aggregate applied to the computing entity, and the aggregate is stored as a policy object in the virtualization environment (para. [0030]: In an embodiment, the authentication server may verify 302 whether the client device is subject to an administrative policy by analyzing the client registry. The client registry may include a list of clients and a status associated with each. For example, the client registry may include a unique identifier associated with each client in the registry, and a status for each client as to whether the client device is compliant with an administrative policy; para. [0049]: In an embodiment, the management server device may change 410 a status of a client device in the client registry to non-compliant with the administrative policy if the management server device fails to receive one or more communications from the client device by a response time or within a time period after the response time. . --- It is noted that a status for each client as to whether the client device is compliant with an administrative policy teaches the compliance indication in the status object comprises information that indicates whether the computing entity is compliant with the aggregate applied to the computing entity; client registry may include a list of clients and a status associated with each teaches the aggregate is stored as a policy object in the virtualization environment).  
	The motivation for claim 11 is applicable for claim 12.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR PATEL can be reached on (571)-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/W.Y./Examiner, Art Unit 2491                                                                                                                                                                                                        




/ASHOKKUMAR B PATEL/            Supervisory Patent Examiner, Art Unit 2491