Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 2, 12 and 17 are objected to because of the following informalities: “any parent node of the child node” should be “a parent node of the child node”. Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Melchione et al. (hereafter referred to as Melchione US 20020091819 A1) in view of MAIDA-SMITH et al. (hereafter referred to as MAIDA-SMITH US 20110131275 A1).


As per claim 1:
Melchione discloses Non-transitory computer-readable media comprising computer-readable instructions such that, when executed, causes one or more processors to:
restructure a policy hierarchy comprising ([0012]: A policy orchestrator server in communication with the network directory, the policy orchestrator server being adapted to determine a hierarchical tree structure containing the nodes based upon location of each node in the network topology, determine a policy for each node in the hierarchical tree structure, and communicate said policy to the corresponding node, and an agent corresponding to each device in the network of devices. The agent is in communication with the policy orchestrator server and the resources corresponding to the device and is adapted to receive data from the policy orchestrator server and to enforce the policies corresponding to the resources. The policies corresponding to the resources of each device are selectively inherited along the hierarchical tree structure).
a plurality of nodes by switching a child node of the plurality of nodes from being a child of a first parent node of the plurality of nodes to being a child of a second parent node of the plurality of nodes ([0046]: By utilizing the network directory, the network managed by the policy orchestrator system 100 may be self-healing when modifications to the network are made. For example, if a local client device is moved from one site to another, the local client device searches up the network control directory tree for the closest administrator or administrative user. That closest administrator is typically the one most closely associated with 
each of the plurality of nodes is associated with one or more policies, wherein each of the one or more policies are used to evaluate whether one or more security objects ([0042]:  To ensure the security of the policy orchestrator system 100, each agent 108 preferably generates its public and private key pair at its first execution and sends the public key to the policy orchestrator server 102. The policy orchestrator server 102 stores the agent's public key in the LDAP server 104 and when the agent 108 sends a package to the policy orchestrator server 102, the policy orchestrator server 102 verifies the key signature of the packet using the public key stored in the LDAP, as is known in the art. [0072]: Policy Management Module; [0073]: The policy management module of the management 

determine a set of policies by including the one or more policies associated with the second parent node and the one or more policies associated with the child node ([0044] The policy orchestrator system 100 utilizes the network directory such as one provided by an NDS (Network Directory Services) or the LDAP server 104 to provide a tree structure for inheriting policies such as configuration or control settings and/or scheduled tasks. In other words, the network directory provides a tree structure for inheriting control settings down to the individual applications on local client devices. Inheritance generally refers to a hierarchy of properties and settings in which the setting closer to the object being managed but higher than the object itself in the hierarchy have a higher priority than those further away. Thus a task setting set high in the directory tree can be replaced by a closer/lower setting. This hierarchy may be utilized to implement management by exception on the network in which the administrator may set general rules and then set more specific rules on a case by case basis. [0045] Thus, by using inheritance and utilizing the actual network directory, any setting can be established at any level in the directory tree. By setting a new value at a lower level, a higher, more general policy can be overridden. By setting a policy higher in the tree, it applies to more of the network. At the same time, higher level policies can be easily changed without accidentally disturbing finer controls established closer to the point of applications because lower level policies overlay corresponding portions of high level policies.

Melchione does not explicitly disclose the evaluated objects are cryptographic attributes of the security object used to encrypt data is secure; and determine an acceptability of the 


As per claim 2:
MAIDA-SMITH discloses wherein the set of policies further comprises the one or more policies associated with any parent node of the child node (0060: Hierarchical class tree policy topology; 0064: A System Security Policy Site; 0067: A Client Security Policy Site).

As per claim 3:
Melchione discloses wherein the one or more processors are further configured to: build a policy cache comprising the one or more policies associated with the first parent node and the one or more policies associated with the child node; and in response to restructuring the policy hierarchy, rebuild the policy cache to comprise the set of policies ([0106]: software architecture of the policy orchestrator server 102. The policy orchestrator server 102 generally comprises a main server module 150, a server event log 152, an initialize and import LDAP data module 154, 

As per claim 4:
Melchione discloses wherein restructuring the policy hierarchy comprises deleting the first parent node ([0063]: Modifying the LDAP directory by adding and/or deleting groups, users, and/or computers from the network, configuring the LDAP, managing software, configuring point products by setting and enforcing policies and properties, scheduling tasks to be performed, setting up software or silent installations, monitoring events and setting tasks over the network. [0094] The administrator configuration module of the management console 106 allows the policy orchestrator administrator to add, modify, and/or remove users from the system. The agent rollout module of the management console 106 allows the administrator to select one or more users, computer, or groups via the management console 106 for agent rollout).

As per claim 5:


As per claim 6:
Melchione discloses wherein restructuring the policy hierarchy comprises inserting the second parent node as a parent of the child node ([0063]: Modifying the LDAP directory by adding and/or deleting groups, users, and/or computers from the network, configuring the LDAP, managing software, configuring point products by setting and enforcing policies and properties, scheduling tasks to be performed, setting up software or silent installations, monitoring events and setting tasks over the network. [0094]).

As per claim 7:
Melchione discloses wherein restructuring the policy hierarchy comprises moving the child node away from being a child of the first parent node to being a child of the second parent node (([0046]: By utilizing the network directory/Hierarchy, the network managed by the policy orchestrator system 100 may be self-healing when modifications to the network are made. For 

As per claim 8:
Melchione discloses wherein the security object is allowed to encrypt the data in response to determining the acceptability of the security object based on the set of policies ([0040]: The policy orchestrator server 102 preferably communicates with the LDAP server 104 using LDAP v3 APIs, the console or user interface 106 using HTTP, and the agents 108 using SPIPE (secure pipes) based on HTTP.  [0041] SPIPE is a proprietary method for transmitting information in a secure manner using PGP (pretty good privacy) digital authentication methodology. It is to be understood that any other suitable method for transmitting information, preferably in a secure manner, may be utilized)

As per claim 9:
Melchione discloses wherein one of the set of policies is used to evaluated a size of the security object or a string length of the security object ([0047]: A single set of entries at the top of the management structure effects protection for the entire network tree. A local administrator can make adjustments to the policy set by the network administrator or by any administrator higher up in the directory tree as necessary and/or allowable by the network security limits. Typically, network security is managed within the network rather than within the user or management console of the product being managed).


Melchione discloses one or more processors are further configured to: determine that a first policy of the set of policies is in conflict with a second policy of the set of policies, wherein the first policy is associated with the child node, and the second policy is associated with the second parent node; and removing both the first policy and the second policy from the set of policies (([0063]: Modifying the LDAP directory by adding and/or deleting groups, users, and/or computers from the network, configuring the LDAP, managing software, configuring point products by setting and enforcing policies and properties, scheduling tasks to be performed, setting up software or silent installations, monitoring events and setting tasks over the network. [0109-0010]: An inheritance determination method, the determination result (i.e., the control store) is first initialized to null. The control values or settings of the network tree are then read starting at the root and ending at the node being managed. At each node where control entries are found, these control values are written into the control store. In writing the most recently found control values, previously written conflicting control values in the control store are typically overwritten. After the determination is complete, the result is a cumulative inheritance of the object. This method of determining the inheritance is relatively simple to implement).

As per claims 11-15:
Claims 11-15 are directed to a method having substantially similar claimed limitation corresponding to claims 1-3, 8 and 9 respectively and therefore claims 11-15 are rejected with the same rationale given above to reject corresponding limitations of claims 1-3, 8 and 9 respectively.

As per claims 16-20:
Claims 16-20 are directed to a system, comprising: a memory; and a processor configured to have substantially similar claimed limitation corresponding to claims 1-3, 8 and 9 respectively and therefore claims 16-20 are rejected with the same rationale given above to reject corresponding limitations of claims 1-3, 8 and 9 respectively.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/TECHANE GERGISO/Primary Examiner, Art Unit 2494