DETAILED ACTION
This is a response to the discussion of proposed amendment during the interview on 08/13/2021.  Claims 1-20 are pending for examination.  Claims 1, 10, and 17 are of independent form. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for Examiner’s Amendment was given after a telephone interview with Applicant Representative Naren Thappeta on 08/13/2021.
The application has been amended by the Examiner’s Amendment as follows. The following listing of claims will replace all prior versions, and listings, of claims in the application.

Listing of Claims
Claim 1 (Currently Amended): A method a cloud infrastructure, said method comprising:
accepting a content item in encrypted form and a respective value of each attribute of an associated first set of attributes for controlling access to said content item 
said encrypted form in said cloud infrastructure;
receiving a request from a user to access said content item hosted in said cloud infrastructure;
determining a respective value of each attribute of a second set of attributes associated with said request, a second value of a second [[an]] attribute of said second set of attributes originating at another , wherein said another node implements one or more access policies controlling access of said content item hosted in said cloud infrastructure;
if respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes:
decrypting said content item in said encrypted form to generate said content item in decrypted form; and
providing access to said content item in said decrypted form to said user as a response to said request.

Claim 2 (Original): The method of claim 1, wherein said determining, said decrypting and said providing are performed automatically, without requiring human intervention between said receiving and said providing, in response to said request.

Claim 3 (Currently Amended): The method of claim 2, wherein said content item and said respective value of each attribute of said first set of attributes is accepted from a tenant, 
wherein said tenant also provides an access criteria qualifying the access to said content item, 

wherein said decrypting and said providing are performed if said user is determined to satisfy said access criteria and respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes.

Claim 4 (Currently Amended):  The method of claim 3, wherein said another of said cloud infrastructure comprises [[is]] an access manager
wherein said second value of said second attribute of said second set of attributes originates at said access manager, and
wherein said host node receives said second value of said second attribute of said second set of attributes from said access manager.

Claim 5 (Currently Amended): The method of claim 4, wherein said second value of said second attribute is internally maintained by said tenant for said user in said access manager.

Claim 6 (Currently Amended): The method of claim 4, wherein said tenant provides the respective value of each attribute of said first set of attributes as dependent attributes of a decryption key according to attribute based encryption (ABE), 
wherein said decrypting is performed using said decryption key according to said ABE, wherein the match of respective values, including said second value, of said second set of  corresponding values of said first set of attributes is enforced by said ABE prior to said decrypting.

Claim 7 (Currently Amended):  The method of claim 6, further comprising:
generating an audit log specifying the details of access of said content item; 
encrypting said audit log using an encryption key according to said ABE to create [[an]] said audit log in encrypted form; and 
storing said audit log in said encrypted form to be thereafter accessible only by said tenant.

Claim 8 (Currently Amended):  The method of claim 7, wherein an access checker module performs said checking, wherein an audit module performs said generating said audit log, said encrypting and said storing, 
wherein said content item in said encrypted form, said access criteria, said decryption key, said encryption key, said access checker module and said audit module are together provided in a single file by said tenant.

Claim 9 (Original): The method of claim 8, wherein said single file is a Java Archive (JAR) file.

	Claim 10 (Currently Amended): A non-transitory machine readable medium storing one or more sequences of instructions which upon execution a cloud infrastructure causes said host node to perform [[the]] actions of:
accepting a content item in encrypted form and a respective value of each attribute of an associated first set of attributes for controlling access to said content item 
hosting said content item in said encrypted form in said cloud infrastructure;
receiving a request from a user to access said content item hosted in said cloud infrastructure;
determining a respective value of each attribute of a second set of attributes associated with said request, a second value of a second , wherein said another node implements one or more access policies controlling access of said content item hosted in said cloud infrastructure;
if respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes:
decrypting said content item in said encrypted form to generate said content item in decrypted form; and
providing access to said content item in said decrypted form to said user as a response to said request.

Claim 11 (Original): The non-transitory machine readable medium of claim 10, wherein said determining, said decrypting and said providing are performed automatically, without requiring human intervention between said receiving and said providing, in response to said request.

Claim 12 (Currently Amended): The non-transitory machine readable medium of claim 11, wherein said content item and said respective value of each attribute of said first set of attributes is accepted from a tenant, 
wherein said tenant also provides an access criteria qualifying the access to said content item, 
further comprising one or more instructions for checking in response to said request, whether said user satisfies said access criteria, 
wherein said decrypting and said providing are performed if said user is determined to satisfy said access criteria and respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes.

Claim 13 (Currently Amended): The non-transitory machine readable medium of claim 12, wherein said another of said cloud infrastructure comprises [[is]] an access manager
wherein said second value of said second and
wherein said host node receives said second value of said second 

Claim 14 (Currently Amended): The non-transitory machine readable medium of claim 13, wherein said second value of said second internally maintained by said tenant for said user in said access manager.

Claim 15 (Currently Amended):  The non-transitory machine readable medium of claim 13, wherein said tenant provides the respective value of each attribute of said first set of attributes as dependent attributes of a decryption key according to attribute based encryption (ABE), 
wherein said decrypting is performed using said decryption key according to said ABE, wherein the match of respective values, including said second value, of said second set of attributes with corresponding values of said first set of attributes is enforced by said ABE prior to said decrypting.

Claim 16 (Currently Amended):  The non-transitory machine readable medium of claim 15, further comprising one or more instructions for:
generating an audit log specifying the details of access of said content item; 
encrypting said audit log using an encryption key according to said ABE to create [[an]] said audit log in encrypted form; and 
storing said audit log in said encrypted form to be thereafter accessible only by said tenant.

Claim 17 (Currently Amended):  A digital processing system comprising:
	a random access memory (RAM) to store instructions; and
	one or more processors to retrieve and execute said instructions, wherein execution of said instructions causes said digital processing system to perform [[the]] actions of:
a respective value of each attribute of an associated first set of attributes for controlling access to said content item 
hosting said content item in said encrypted form in said cloud infrastructure;
receiving a request from a user to access said content item hosted in said cloud infrastructure;
determining a respective value of each attribute of a second set of attributes associated with said request, a second value of a second , wherein said another node implements one or more access policies controlling access of said content item hosted in said cloud infrastructure;
if respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes:
decrypting said content item in said encrypted form to generate said content item in decrypted form; and
providing access to said content item in said decrypted form to said user as a response to said request.

Claim 18 (Original): The digital processing system of claim 17, wherein said determining, said decrypting and said providing are performed automatically, without requiring human intervention between said receiving and said providing, in response to said request.

said content item and said respective value of each attribute of said first set of attributes is accepted from a tenant, 
wherein said tenant also provides an access criteria qualifying the access to said content item, 
said digital processing system further actions of checking in response to said request, whether said user satisfies said access criteria, 
wherein said decrypting and said providing are performed if said user is determined to satisfy said access criteria and respective values, including said second value, of said second set of attributes match corresponding values of said first set of attributes.

Claim 20 (Currently Amended): The digital processing system of claim 19, wherein said digital processing system [[is]] comprises a host node in a cloud infrastructure, wherein said another system [[is]] comprises an access manager
wherein said second value of said second and
wherein said host node receives said second value of said second 
wherein said tenant provides the respective value of each attribute of said first set of attributes as dependent attributes of a decryption key according to attribute based encryption (ABE), 
respective values, including said second value, of said second set of attributes with corresponding values of said first set of attributes is enforced by said ABE prior to said decrypting.

Allowable Subject Matter
Claims 1-20 are allowed.  
All previous rejections and objections are withdrawn.
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). In this case, the substance of applicant's remarks in the Amendment/Remarks filed on 07/27/2021 and the clarification of claim language entered by Examiner's Amendment on 09/04/2021 point out the reason claims are patentable and non-obvious over the prior art of record. See also the summary of the interview on 08/13/2021 for issues discussed.  Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 1302.14).
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272-9953.  The examiner can normally be reached on Monday ~ Friday, 7:30 A.M ~ 5:00 P.M EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on (571) 272â€3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        09/04/2021