DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is for office action for amendment filed on 12/9/21 including claims 1-20. Claims 8, 18-19 have been amended.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/9/21 was filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-2, 5, 9, 12-13 are rejected under 35 U.S.C. 102 a (1) as being anticipated by YOSHINO et al (US 20180310243), henceforth, ‘243.
For claim 1 ‘243 discloses following limitations:
A system, comprising: 
(‘243,  [0001]---a communication system including a terminal apparatus and a communication control 
apparatus, and a communication control method for determining a wireless access point to be used for communication from a terminal apparatus.) 

instructions that implement: 
([0099], computer apparatus (Reads on computing node) having the same function as the server apparatus can be use as the communication control apparatus 6. In some cases, the communication control apparatus 6 may perform wireless communication with the terminal apparatus 2, not via a telephone network, the Internet, or other network. [0125] the communication control apparatus 6 includes a processor for comprehensively executing various types of information processing and control of peripheral devices based on a preset control program, a RAM functioning as a work area for the processor or other elements, a ROM for storing data and control programs executable by the processor, a network interface for performing a communication process via a network, a monitor, an input device, an auxiliary storage device or the like. The functions of the sections 20 to 24 of the communication control apparatus 6 as described above are implemented by hardware and control programs executable by the processor.)
an access point manager configured to: 
( [0106] An access point selector 15 selects a wireless access point to be used for communication from the access point candidates included in the information on candidate wireless access points. In most cases, [0111] The access point management information is configured, for example, as an access point management data list as shown in FIG. 3)
receive a request to generate an access point for a data container; 
( [0109] The communication control apparatus 6 has functions of sections 20 to 24 shown in FIG. 2. The receiver 20 can receive requests relating to the wireless access point selection process from the terminal apparatus 2.  The transmitter 21 (see fig. 2,  The communication control apparatus 6 ) can transmit various types of information and instructions relating to the wireless access point selection process to the terminal apparatus 2. For example, the transmitter transmits to the terminal apparatus information on candidate wireless access points, which information includes information on access points available at the communication location included in terminal information. [0110] The information stored in the data storage 23 includes, for example, access point 
management information as well as communication record data associated with each access point.  )
generate, based on the request, access point data for the requested access point; 

receiver 20 can receive requests relating to the wireless access point selection process from the terminal apparatus 2 and various types of information such as information including terminal information transmitted from the terminal apparatus 2. The transmitter 21 can transmit various types of information and instructions relating to the wireless access point selection process to the terminal apparatus 2. For example, the transmitter transmits to the terminal apparatus information on candidate wireless access points, which information includes information on access points available at the communication location included in terminal information. [0128] After acquiring the terminal information from the terminal apparatus 2, the communication control apparatus 6 extracts access points which are connectable or available to the terminal apparatus 2 at the communication location of at the time of performing communication (in this case, the current position and the current time), thereby generating information on candidate wireless access points (candidate wireless access point list) associated with the extracted access points (S1002). Thereafter, the communication control apparatus 6 transmits the information on candidate wireless access points to the terminal apparatus 2 (S1003).
generate association data that associates the access point with the data container; and 
([0128] --- generating information on candidate wireless access points (candidate wireless access point list) associated with the extracted access points (S1002).fig. 6)
store the access point data and the association data to an access point data store; and 
( 0110] An information acquirer 22 (Part of Communication Control Apparatus), fig.2,  acquires various types of information, which are required for the wireless access point selection process, from the terminal apparatus 2 and also from multiple other terminal apparatuses (not shown), the base station 3, and each access point 4 via the receiver 20, and then stores those various types of information in a data storage 23. The information stored in the data storage 23 includes, for example, access point management information as well as communication record data associated with each access point. )
a data storage service configured to: 
receive a request directed to the data container, the request comprising an identifier of a particular 
access point of a plurality of access points associated with the container; 
(‘243: [0109]---The receiver 20 can receive requests relating to the wireless access point selection process 

information transmitted from the terminal apparatus 2. [0111] The access point management information is configured, for example, as an access point management data list as shown in FIG. 3, which list includes pieces of information such as an ESSID (Extended Service Set IDentifier), a BSSID (Basic Service Set IDentifier), communication fees, an access point management company code, and an encryption method for each access point. The ESSID or BSSID is associated with information on the location of each access point.)
in addition to application of one or more other types of policies to the request, the other types of policies determined independently of the access point: 
 ([0107] In this case, the access point selector 15 uses a bandwidth prioritizing policy( types of policies determined independently of the access point:), which is a non-limiting example of wireless access point selection policy, in which the access point selector preferentially selects an access point with a larger bandwidth.)
determine, based on the identifier, an access point policy associated with the particular access point, 
([0106] The access point selector 15 can select a wireless access point to be used for communication based on a wireless access point selection policy preset by a user of the terminal apparatus 2.  [0111] The access point management information is configured, for example, as an access point management data list as shown in FIG. 3, which list includes pieces of information such as an ESSID (Extended Service Set IDentifier), a BSSID (Basic Service Set IDentifier), communication fees, an access point management company code, and an encryption method for each access point. The ESSID or BSSID is associated with information on the location of each access point.) 
	and fulfill the request based on the access point policy.
	(‘243: 0107] In this case, the access point selector 15 uses a bandwidth prioritizing policy, which is a non-limiting example of wireless access point selection policy, in which the access point selector preferentially selects an access point with a larger bandwidth. Further in [0109]. The receiver 20 can receive requests relating to the wireless access point selection process from the terminal apparatus 2 and various types of information such as information including terminal information transmitted from the terminal apparatus 2. The transmitter 21 can transmit various types of information  (including policy.) and instructions relating to the wireless access point 
selection process to the terminal apparatus 2.  (Reads on the limitation of fulfilling request based on policy.
	

apparatus of the third aspect enables more proper selection of a wireless access point to be used for 
communication because the terminal apparatus can take into consideration actually existing nearby access points (in particular, new access points not yet recognized by the communication control apparatus) when extracting candidate wireless access points.[0130] select, based on a connection selection policy, one or more wireless access points for connection from the candidate access points included in the information on candidate wireless access points. Rest of limitations are same as rest of those in claim 1.

	For claim 13, ‘243  discloses following limitations:
	One or more non-transitory computer-readable media comprising program instructions executable on or across one or more processors to perform: 
(‘243: [0125], the communication control apparatus 6 includes a processor for comprehensively executing various types of information processing and control of peripheral devices based on a preset control program, a RAM functioning as a work area for the processor or other elements, a ROM for storing data and control programs executable by the processor, a network interface for performing a communication process via a network, a monitor, an input device, an auxiliary storage device or the like. The functions of the sections 20 to 24 of the communication control apparatus 6 as described above are implemented by hardware and control programs executable by the processor.
applying a plurality of policies to the request, wherein the plurality of policies comprise: an access point policy that is associated with the identified access point and that specifies one or more filters to be applied to data from the data container, 
(‘243: [0107] a security prioritizing policy in which the selector preferentially selects an access point with higher security (more highly secure encryption method), or a data performance prioritizing policy (Reads on filters) in which access points are weighted based on the bandwidth included in information on candidate wireless access points from the communication control apparatus 6 (or the terminal apparatus 2 does not measure the current 
bandwidth).
Rest of limitations are same as those on claim 1 

For claim 2, ‘243 discloses all limitations of subject matter, as applied to preceding claim 1. In addition, ‘243 discloses following limitation
wherein: the identifier of the access point specifies a region, or the access point policy specifies one or more permissions in terms of a virtual private cloud of the distributed system. 
(‘243:  [0162] In other embodiments, in S1020, the terminal apparatus 2 can use MAC address information of each access point.)

For claim 9, ‘243 discloses all limitations of subject matter, as applied to preceding claim 1. In addition, ‘243 discloses following limitation
receiving said request to generate the additional access point for the data container via a control plane API; and receiving, via the control plane API, a request to update an access point policy, a request to delete an access point or a request to list access points for a particular data container.  
 (‘243:  [0106] ---access point selector may select multiple access points for connection. [0124] multiple access points stored in the data storage 23.  The information on candidate wireless access points are configured, for example, as a candidate wireless access point list associated with respective access points as shown in FIG. 5, which list includes an ESSID, a BSSID, a bandwidth, communication fees, an access point management company code, and an encryption method for each access point..)

For claim 12, ‘243 discloses all limitations of subject matter, as applied to preceding claim 1. In addition, ‘243 discloses following limitation
processing, in accordance with one or more encryption techniques specified in a configuration setting associated with the existing access point, requests directed to the existing access point.  
(‘243: [0124], The information on candidate wireless access points are configured, for example, as a 
candidate wireless access point list associated with respective access points as shown in FIG. 5, which list includes 
an ESSID, a BSSID, a bandwidth, communication fees, an access point management company code, and an 
encryption method for each access point. )
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, is rejected under 35 U.S.C. 103 as being unpatentable over ‘243 in view of Pham  et al (US 20040107342), henceforth, ‘342.
For claim 3, ‘243 discloses all limitations of subject matter, as applied to preceding claim1, with the exception of following limitations, which are disclosed by ‘342, as follows:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
wherein the data storage service is further configured to: perform said application of the one or more other types of policies to the request, the other types of policies comprising at least one selected from a group comprising: identity-based policies, resource-based policies, and access control list policies.  
(‘342: [0016] and [0057] Preferably, the authentication and access control process 120 includes a policy store representing the administratively determined, functionally supported operations of the secure network file access appliance 12.  The polices are preferably stored in a high-performance hash table permitting a policy lookup against the information 114, 122 as presented to the authentication and access control process 120.  Audit logs of the file requests, as well as error logs and logs of refused operations are produced by the authentication and access control process 120. )
It would have been obvious to a person of ordinary skill in the art , before the effective date, to have 
combined the limitations of ‘342 with those of ‘243  for the advantage of associating subscribers and campaigns to 
various owners /lists
Claims 4 is rejected under 35 U.S.C. 103 as being unpatentable over ‘243 in view of Sharma  et al (US 20120254825), henceforth, ‘825.
For claim 4, ‘243 discloses all limitations of subject matter, as applied to preceding claim1, with the exception of following limitations, which are disclosed by ‘825, as follows:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
wherein the data storage service is further configured to: perform said application of the one or more other types of policies to the request, the other types of policies comprising at least one selected from a group comprising: identity-based policies, resource-based policies, and access control list policies.  
(‘825: [0045]  [0045] The API-related part of the partner/API portal allows operators to centrally and automatically manage the APIs that are exposed through the AES. Based upon the changing technical/business needs, this component will automatically govern, control, and dynamically update the lifecycle of the APIs of AES, deletion of final image for the associated API. --- policy settings for selected policies using policy-specific forms generated from policy.  [0134] API is dependent on the policy requested for deletion, the deletion request gets automatically rejected with an appropriate warning message; and iii) related policy settings are removed for any service, enabler, partner, application, or campaign using the policy.
It would have been obvious to a person of ordinary skill in the art , before the effective date, to have combined the limitations of ‘825 with those of ‘243  for the advantage of associating subscribers and campaigns to various MVNO owners /lists.

Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over ‘243 in view of Hurtiz  (US 7944914), henceforth, ‘914.
For claim 6, ‘243 discloses all limitations of subject matter, as applied to preceding claim1, with the exception of following limitations, which are disclosed by ‘914, as follows:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
wherein the existing access point is a default access point generated in concert with generation of the data container.   
(‘914: see claim 23,wherein said default subscription profile storage is further configured to generate 
default subscription data comprising at least one of allowed access points, allowed services within each allowed 
access point,)
 /lists.

Claims 16 is rejected under 35 U.S.C. 103 as being unpatentable over ‘243 in view of Robison et al  (US 20210037060), henceforth, ‘060.
For claim 16, ‘243 discloses all limitations of subject matter, as applied to preceding claim1, with the exception of following limitations, which are disclosed by ‘060, as follows:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
wherein the access point policy associated with the identified access point restricts access to one or more particular uses of data in the data container; wherein to perform said granting the request, the media comprises program instructions executable on or across one or more processors to perform: processing the request in accordance with the one or more particular uses specified in the access point policy.  
(‘060: [0085] In addition, computer readable storage device 180 may be configured to store policy decision point program instructions (i.e., policy decision point instructions 286), which may be executed by a processing device (i.e., a transaction processor, such as host processor 210 or EC 270) to select a policy decision point leader and determine whether or not a client device requesting network access should be granted access to an internal network or network resource.  As noted above, policy decision point instructions 286 may generally include a smart contract 287 and a consensus algorithm 288.  The smart contract 287 includes a predefined set of rules that must be satisfied before network access is granted to a client device requesting network access.  The predefined set of rules define good/bad behavior of client devices (based on client policy), along with actions taken (e.g., grant network access, deny network access or restrict network access to certain network resources) when such behavior is observed.  The policy decision point receives network access requests and client information from client devices attempting to access the internal network, and executes the smart contract 287 and consensus algorithm 288 to determine if client devices should be granted/denied/restricted access to the internal network.)
It would have been obvious to a person of ordinary skill in the art , before the effective date, to have 
combined the limitations of ‘’060 with those of ‘243  for the advantage of associating subscribers and campaigns to various owners /lists.
Allowable Subject Matter
Claims 7-8, 10-11, 14-15, 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
As recited by claim 7;
wherein said access point data comprises an identifier for the additional access point and an access point policy that specifies permissions for accessing the data container.  

As recited by claim 8;
associating an access point policy with the additional access point, wherein the access point policy specifies a permission associated with a virtual private cloud VPC path; receiving, via the additional access point, a data plane request; granting, based on determining that a VPC path associated with the data plane request matches the VPC path specified in the corresponding access point policy, the data plane request.  

As recited by claim 10;
receiving, via an API: a request to generate a container access point policy, a request to retrieve a container access point policy, and a request to delete a container access point policy. 
As recited by claim 11;
 over a same period of time: blocking, for requests directed to the existing access point and in accordance with a public access setting specified in an access point policy associated with the existing access point, public access to the data container; and granting, for requests directed to the additional access point and in accordance with a setting specified in an access point policy associated with the additional access point, public access to the data container.  
As recited by claim 14;
wherein a configuration setting associated with the identified access point specifies a key or encryption 
technique associated with data that is the target of the request; the media comprising program instructions executable on or across one or more processors to perform: processing the request comprising the identifier of the 

As recited by claim 15;
  wherein the access point policy associated with the identified access point restricts access to the data container to requests originating from a particular network; wherein to perform said applying the plurality of policies to determine whether to grant the request, the media comprises program instructions executable on or across one or more processors to perform: granting, based on a determination that the request originated from the particular network specified in the access point policy, the request; the media comprising program instructions executable on or across one or more processors to perform: receiving another request comprising the identifier of the particular access point for the data container; and denying, based on a determination that the other request did not originate from the particular network specified in the access point policy, the other request.  
As recited by claim 17;
wherein the one or more particular uses of the data in the container comprise: calling a transformation on data in the data container, encrypting data in a data container, applying an artificial intelligence technique, or redaction processing; wherein to perform said granting the request, the media comprises program instructions executable on or across one or more processors to perform: calling the transformation on the data in the data container, encrypting the data in the data container, applying the artificial intelligence technique to data in the data container, or redaction processing of data associated with the container.  
As recited by claim 18;
wherein the one or more policies determined independently of the identified access point comprise a 
user-based policy; and wherein to perform said applying the plurality of policies to determine whether to grant the 
request, media comprises program instructions executable on or across one or more processors to perform:


As recited by claim 19;
wherein the access point policy associated with the identified access point specifies a permission associated with a virtual private cloud VPC path, and wherein the media comprises program instructions executable on or across one or more processors to perform: receiving, via the identified access point, a data plane request; and granting, based on determining that a VPC path associated with the data plane request matches the VPC path specified in the corresponding access point policy, the data plane request.  
	As recited by claim 20;
program instructions executable on or across one or more processors to perform: implementing a data plane API and a control plane API, wherein said receiving said request comprising the identifier of the particular access point for the data container comprises receiving the request via the data plane API; and receiving, via the control plane API, a request to modify an access point policy, a request to delete an access point or a request to list access points for a data container. 
Response to Arguments
Applicant's arguments filed 12/9/2021 have been fully considered but they are not persuasive, as explained below:
Applicant’s argument
Applicant argues that the cited reference does not teach or suggest the claim elements "receive a request to generate an access point for a data container," The Office Action cites to Yoshino for these elements of claim 1. Office Action at 3-4. Yoshino generally describes an "access point selector" that selects a "wireless access point" from a list of "candidate wireless access points" for connecting a "terminal apparatus" to a wireless network. Yoshino at Abstract. However, these "wireless access points" are referring to physical access points such as "base stations" in a cellular network. Id at [0002], [0007]. Although Yoshino describes selecting a wireless access point from a list of wireless access points, it does not describe receiving a request to "generate" a wireless access point, as recited. Moreover, the reference does not teach or suggest the claim elements "in addition to application of one or more other types of policies to the request, the other types of policies determined independently of the access point," as recited in amended claim 1. The Office Action cites to several passages in Yoshino ([0106], [0107], [0111]) for these elements. Office Action at 5. However, these passages do not describe applying a policy that is "determined independently of the access point." In particular, paragraph [0107] states that the "access point selector" uses a "bandwidth prioritizing policy" to select a wireless access point. Yoshino at [0107]. This selection policy may, for example, "preferentially select[1 an access point with a larger bandwidth" or "smaller delay time." 
Id. Thus, the selection is not "determined independently of the access point." Moreover, this selection policy is used to "select" a wireless access point for accessing the wireless network; it is not applied to a request "directed to the data container," as recited. 
Examiner’s response
In response, Examiner respectfully states that (‘243: [0109]---The receiver 20 can receive requests relating to the wireless access point selection process from the terminal apparatus 2 and various types of information such as information including terminal information transmitted from the terminal apparatus 2. [0111]), The access point management information is configured, for example, as an access point management data list as shown in FIG. 3, which list includes pieces of information such as an ESSID (Extended Service Set IDentifier), a BSSID (Basic Service Set IDentifiercommunication fees, an access point management company code, and an encryption method for each access point. The ESSID or BSSID is associated with information on the location of each access point.)

Applicant’s argument
Applicant argues for independent Claim 5 thatThe cited reference does not teach or suggest the claim elements "receiving a request to generate an additional access point for a data container that is associated with an existing access point," as recited in claim 5. 
Examiner’s response
In response, Examiner  respectfully states that For claim 5, ‘243 discloses following limitation: “---additional access point---“ ( [0047] The terminal apparatus of the third aspect enables more proper selection of a wireless access point to be used for communication because the terminal apparatus can take into consideration actually existing nearby access points (in particular, new access points not yet recognized by the communication control apparatus) when extracting candidate wireless access points.[0130] select, based on a connection selection policy, one or more wireless access points for connection from the candidate access points included in the information on candidate wireless access points.
Applicant’s argument
Applicant argues that The cited reference does not teach or suggest the claim elements "applying a plurality of policies to the request [including] one or more policies determined independently of the identified access point," as recited in claim 13. As discussed, Yoshino does not describe applying a policy that is "determined independently of the access point." In particular, cited paragraph [0107] states that the "access point selector" uses a "bandwidth prioritizing policy" to select a wireless access point. This selection policy may, for example, "preferentially select[1 an access point with a larger bandwidth" or "smaller delay time." Thus, the selection is not "determined independently of the identified access point." Moreover, this selection policy is used to "select" a wireless access point for accessing the wireless network; it is not applied to a request "for a data container," as recited.
Examiner’s response
In response, Examiner respectfully states that ‘243: [0107] a security prioritizing policy in which the selector preferentially selects an access point with higher security (more highly secure encryption method), or a data performance prioritizing policy (Reads on filters) in which access points are weighted based on the bandwidth included in information on candidate wireless access points from the communication control apparatus 6 (or the terminal apparatus 2 does not measure the current bandwidth).
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to INDER P MEHRA whose telephone number is (571)272-3170. The examiner can normally be reached on Monday through Friday from 9 to  5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sri Lakshmi Kumarcan be reached at telephone number (571) 272-7769. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
/INDER P MEHRA/                Primary Examiner, Art Unit 2647