DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's amendment dated 6/24/2020 and interview dated 3/3/2022.
EXAMINER’S AMENDMENT
3.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview with Greg Raburn (Reg. No. 65174) on 3/3/2022.

3.2.	This listing of claims will replace all prior versions and listings of claims in the application:
1.	(Currently Amended)	A computer-implemented method, comprising:
receiving a request to perform an action to a provisioned resource, the request including a verification mode token that indicates to evaluate the request in a verification mode; and
as a result of authenticating the verification mode token:
determining, from a set of stored policies, a subset of the set of stored policies applicable to the request;
, from a set of stored decision data, a subset of the set of stored decision data that is relevant to the subset of stored policies;
determining, based at least in part on the verification mode token, to replace the subset of the set of stored decision data with substitute decision data; and
evaluating the request based at least in part on the subset of stored policies and at least the substitute decision data in the subset of stored decision data to produce an evaluation result;
consequent to the verification mode, inhibiting fulfillment of the request;
generating a verification mode report based at least in part on the evaluation result, the verification mode report including a mapping of the subset of stored policies to a set of user-specified policies; and
providing the verification mode report in response to the request.
2-3.	(Cancelled) 
4.	(Original)	The computer-implemented method of claim 1, wherein the subset of stored decision data includes at least one of: 
a group memberships of a user
a geographic region associated with the request, or
a regulatory classification associated with the request.

the request further specifies an amount of detail for the evaluation result; and 
the verification mode report is generated in accordance with the amount of detail.
6.	(Original)	The computer-implemented method of claim 1, wherein: 
the computer-implemented method further comprising obtaining service provider operational information; and
evaluating the request is further based at least in part on the service provider operational information.
7.	(Original)	The computer-implemented method of claim 6, wherein the service provider operational information includes an identification of a set of policy enforcement components involved in evaluating the request.
8.	(Currently Amended)	A system, comprising: 
one or more processors; and
memory including executable instructions that, as a result of execution by the one or more processors, cause the system to:
obtain a request that, if fulfilled, is operable to access a computing resource, the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request;

determine a policy applicable to the request;
obtain decision data that is relevant to the policy;
determine whether the request includes substitute decision data;
produce an evaluation result by at least evaluating : 
the decision data, or[[;]]
the substitute decision data
inhibit fulfillment of the request;
generate, based at least in part on the evaluation result, a verification report that maps a user-specified to a stored policy of the set of stored policies; and
provide, in response to the request, a notification indicating that the verification report is generated.
9.	(Original)	The system of claim 8, wherein the executable instructions further include instructions that cause the system to:
receive an additional request to obtain the verification report; and
provide, in response to the additional request, the verification report.
10.	(Original)	The system of claim 8, wherein:
the request further indicates an amount of detail for the verification report; and

11.	(Original)	The system of claim 8, wherein the executable instructions that cause the system to provide the verification report further include instructions that cause the system to store the verification report in a location accessible to a user associated with the request.
12.	(Original)	The system of claim 8, wherein the decision data includes a name resolution map that resolves resource names to network locations. 
13.	(Currently Amended)	The system of claim 8, wherein: 
the request includes substitute decision data; and
the executable instructions further include instructions that cause the system to substitute the substitute decision data for at least a portion of the decision data

14.	(Currently Amended)	The system of claim [[13]]8, wherein: 
the indication is a verification mode token; and 
the substitute decision data is encoded in the verification mode token.

receive a request to perform an action to a computing resource, the request including: 
an indication to evaluate the request in a verification mode; and
a level of detail for a verification report;
on a condition that the level of detail is at least a first level, include a set of policies applicable to the request in a set of evaluation information;
on a condition that the level of detail is at least a second level[[, ]]: 
if the request includes substitute decision data, substitute the substitute decision data for at least a subset of a set of decision data in the set of evaluation information; and
include [[a ]]the set of decision data that is relevant to the set of policies in the set of evaluation information;
evaluate the request based at least in part on the set of evaluation information to produce an evaluation result;
as a result of the indication, inhibit fulfillment of the request;
generate a verification report based at least in part on the evaluation result, wherein the verification report maps a user-specified policy to a policy of the set of policies; and

16.	(Original)	The non-transitory computer-readable storage medium of claim 15, wherein: 
the indication is provided by a verification mode token included in the request; and
the executable instructions further include instructions that cause the computer system to authenticate the verification mode token.
17.	(Cancelled)	
18.	(Original)	The non-transitory computer-readable storage medium of claim 15, wherein the set of decision data includes at least:
a network source address of the request, or
a protocol utilized to transmit the request. 
19.	(Original)	The non-transitory computer-readable storage medium of claim 15, wherein the executable instructions further include instructions that cause the computer system to, on a condition that the level of detail is at least a third level, include service provider operation information in the set of evaluation information.
20.	(Original)	The non-transitory computer-readable storage medium of claim 19, wherein the service provider operation information includes an identification of a set of policy enforcement components in evaluation of the request.
 
22.	(New)	The system of claim 8, wherein the verification result further includes service provider operational information that is usable to diagnose anomalous behavior.
23.	(New)	The computer-implemented method of claim 15, wherein the level of detail for [[that]] the verification mode report is based at least in part on at least one of:
basic contextual information,
an identity of a policy that was determinative of the evaluation result, or
decision data that was determinative of the evaluation result.

Allowable Subject Matter
4.1.	Claims 1,4-16, 18-23 are allowed.
4.2.	a).  US patent application no: 20090100498 to Grossi et al., discloses a method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said 

b).  US patent application no: 20050021978 to Bhat et al., discloses methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.

 c).  US patent application no: 20090307742 to Forster et al., discloses in one embodiment, a computer implemented method for indexing security policies is provided. The computer implemented method determines a policy vocabulary to form a set of policy elements, and creates an index from the set of policy elements. The computer implemented method further receives a request to form requested policy elements, 

4.3.	The following is an examiner's statement of reasons for allowance: thecombination of Grossi, Forster, Morcani , Bhati whether alone or in combination with the other prior arts of record fail to teach or render obvious "…receiving a request to perform an action to a provisioned resource, the request including a verification mode token that indicates to evaluate the request in a verification mode; and as a result of authenticating the verification mode token: determining, from a set of stored policies, a subset of the set of stored policies applicable to the request; obtaining, from a set of stored decision data, a subset of the set of stored decision data that is relevant to the subset of stored policies; determining, based at least in part on the verification mode token, to replace the subset of the set of stored decision data with substitute decision data; and evaluating the request based at least in part on the subset of stored policies and at least the substitute decision data in the subset of stored decision data to produce an evaluation result; consequent to the verification mode, inhibiting fulfillment of the request; generating a verification mode report based at least in part on the evaluation result, the verification mode report including a mapping of the subset of stored policies to a set of user-specified policies; and providing the verification mode report in response to the request." as recited in claim 1.
Therefore, independent claim 1 is allowable over the prior arts of record.  The other independent claims 8, 15 recite similar subject matter. Consequently, independent claims 8, 15 are also allowable over the prior arts of record.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497