DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Vanishth et al. (US 2006/0143685 A1, hereinafter refers Vanishth).

Regarding claim 1, Vanishth discloses A computer-implemented method comprising:
receiving one or more configurations for governance requirement rules (para. 59, para. 14, the policy is generated);
receiving an indication of an update to one or more of code, a policy, a network
configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules by an intent-based governance service (para. 31-32, para. 59, para. 69, policy change request has been received, such as changing access right to the network based resource);
determining one or more governance requirement rules to evaluate for compliance after
the update of the resource based on at least the resource type; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to two or 
displaying a result of the evaluating to a user (para. 63-64, the policy changes is not approved and it is to notify the requesting client).

Regarding claim 2, Vanishth discloses wherein a governance requirement rule includes information about one or more of what organization or accounts the rule is to apply to including one or more of values for principals, accounts, resource names, source address, source virtual networks, tags, classless inter-domain routing information, and policy information (para. 28-33).

Regarding claim 3, Vanishth discloses wherein the determined one or more
governance requirement rules relates to code verification for a code segment and evaluating the
determined one or more governance requirement rules comprises: generating one or more control flow graphs for the code segment are generated; and evaluating all paths of these graphs to see if the determined one or more governance requirement rules are not followed for a given application programming interface call in the code segment (para. 28-33, para. 58-62).

	Regarding claim 4, the instant claim is met by rejection of claim 1.

Regarding claim 5, Vanishth discloses wherein the one or more governance
requirement rules are mapped to one or more compliance, security, or business requirements (para. 28-33, para. 58-62).

Regarding claim 6, Vanishth discloses wherein a governance requirement rule
includes information about one or more of what organization or accounts the rule is to apply to
including one or more of values for principals, accounts, resource names, source address, source
virtual networks, tags, classless inter-domain routing information, and policy information (para. 28-33, para. 58-62).

Regarding claim 7, Vanishth discloses wherein the determined one or more
governance requirement rules relates to code verification for a code segment and evaluating the
determined one or more governance requirement rules comprises: generating one or more control flow graphs for the code segment are generated; symbolically evaluating all paths of these graphs to see if the determined one or more governance requirement rules are not followed for a given application
programming interface call in the code segment; and blocking deployment of the code segment when at least one of the determined one or more governance requirement rules is not followed (para. 28-33, para. 15-23).

Regarding claim 8, Vanishth discloses wherein a type of resource is one or more
of a compute resource, data/storage resource, network-related resource, application resource,
access policy or role, identity policy or role, or machine image (para. 50-51).

Regarding claim 9, Vanishth discloses wherein the determined one or more
governance requirement rules relates to a resource create, read, update, or delete and evaluating
the determined one or more governance requirement rules comprises:

the first set of configuration parameters passes the security check; and blocking the resource create, read, update, or delete when there is a violation (Fig. 2-3, para. 15-23, para. 28-33).

Regarding claim 10, Vanishth discloses wherein determined one or more
governance requirement rules relates to data privacy and evaluating the determined one or more
governance requirement rules comprises: determining a first propositional logic based at least in part on a first set of security permissions; determining a second propositional logic based at least in part on a second set of security permissions; determining the first propositional logic and the second propositional logic lack equivalency using the first propositional logic and the second propositional logic;
and providing an indication that the first set of security permissions and the second set of security permissions lack equivalency (Fig. 2, para. 28-33, para. 59-62).

Regarding claim 11, Vanishth discloses wherein determined one or more
governance requirement rules relates to networking information and evaluating the determined
one or more governance requirement rules comprises: receiving a query about a client's virtual network on the provider network, wherein the query expresses a constraint problem;
obtaining descriptive information for the virtual network; encoding the descriptive information according to a declarative logic programming language to generate an encoded description of the virtual network; resolving the query for the encoded description according to encoded virtual networking


Regarding claim 12, Vanishth discloses for a violation of the determined one or more governance requirements rules, tracking information about an actor that made the change (para. 58-64).

Regarding claim 13, Vanishth discloses wherein the indication of an update of a
resource in a provider network is provided by a configuration service that is to monitor for code
changes, networking changes, policy changes, and governance requirement rule changes (Fig. 2, para. 58-64).

Regarding claim 14, Vanishth discloses wherein a governance requirement rule
may be of an audit type or a preventative type (para. 18-23, para. 28-33).

	Regarding claim 15, the instant claim is met by rejection of claim 1.
	Regarding claim 16, the instant claim is met by rejection of claim 5.
	Regarding claim 17, the instant claim is met by rejection of claim 6.
	Regarding claim 18, the instant claim is met by rejection of claim 8.
Regarding claim 19, the instant claim is met by rejection of claim 12 and 13. 
Regarding claim 20, the instant claim is met by rejection of claim 14.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAI Y CHEN/               Primary Examiner, Art Unit 2425