DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/808,757 filed on 03/04/2020.
Claims 1-20 have been examined and are pending in this application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brown et al. (US 2012/0130936; Hereinafter “Brown”) in view of Lyle et al. (11,050,763; Hereinafter “Lyle”).
Regarding claim 1, Brown teaches a method for managing data, the method comprising: 
obtaining a workload generation request, wherein the workload generation request specifies generating a workload that complies with a data compliance rule (Brown: Para. [0078], For example, in one implementation, an approval workload 130 may include a request to provision a particular service to a particular user in accordance with particular constraints, wherein the approval workload 130 may include a sequence of activities that includes a suitable management entity reviewing the constraints defined for the service, determining whether any applicable policies permit or prohibit provisioning the service for the user, and deploying the service in response to determining that the service can be provisioned, among other things.); 
in response to the workload generation request: obtaining, from a management module, data compliance information associated with a plurality of resource devices (Brown: Para. [0042], The workload engine 180a and/or the workload service 135b may therefore execute the compliance management service to measure and report on whether workloads comply with relevant policies, and further to remediate any non-compliant workloads. Para. [0039], For example, certain infrastructure workloads may execute under multiple constraints defined by users, the infrastructure 110, sponsoring organizations, or other entities, wherein compliance assurance may provide users with certification that the workloads were properly assigned and executed according to the constraints.); 
selecting, from the plurality of resource devices (Brown: Fig. 1A, IT Infrastructure with Physical Resources 114a, Virtualized Resources 114b, and Configuration Resources 114c), a second plurality of resource devices based on the data compliance information and the data compliance rule (Brown: Para. [0041], Thus, the compliance management service may integrate the identity management services and the policy definition service described above to provide the workload management system with control over configurations, compliance event coverage, and remediation services in the information technology infrastructure 110. [compliance coverage and configuration control integrated with the policy definitions meets the data compliance information and data compliance rule limitation] Para. [0042], The workload engine 180a and/or the workload service 135b may therefore execute the compliance management service to measure and report on whether workloads comply with relevant policies, and further to remediate any non-compliant workloads.); 
initiating a storage of a data compliance certificate in the management module (Brown: Para. [0006], . For example, the workload management system may manage workloads that can provision tuned appliances configured to perform particular functions or host particular applications, wherein to manage the workloads, the workload management system may create resource stores that point to storage locations for the appliances, declare service level agreements and runtime requirements that constrain the appliances, obtain certificates or attestation tokens that certify compliance with the service level agreements or other runtime requirements,).
Brown does not explicitly teach generating a ledger entry based on the data compliance certificate and the second plurality of resource devices. 
In an analogous art, Lyle teaches generating a ledger entry based on the data compliance certificate and the second plurality of resource devices (Lyle: Fig. 1A-1C, Fig. 2, Col. 11, Lines 23-27, The digital certificate 108 may be stored (206) on the security device 102 or elsewhere. As described above, in some implementations the digital certificate 108 may be stored on a blockchain that is on the security device 102 or accessible by the security device 102. Col. 13, Lines 50-55, The security platform 406 may access and/or be a part of a blockchain network 418, as described above. The blockchain network 418 may store information regarding IoT device(s), their configuration, permissions to access external service(s), and/or a digital certificate to provide secure communications between IoT device(s) and other service(s).).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Lyle with the system and method of Brown to include generating a ledger entry based on the data compliance certificate and the second plurality of resource devices because this functionality provides for a secure platform for controlling IoT devices (Lyle: Col. 2, Lines 31-43).
Regarding claim 2, Brown, in combination with Lyle, teaches the method of claim 1, wherein the data compliance rule specifies a geographic region in which resource devices of the workload are to be located (Lyle: Col. 6, Lines 60-67 to Col. 7, Lines 1-6, In some implementations, the security device may maintain a list (e.g., map) of the IoT devices present in the home, and that list may be used to confirm the identity and/or current location of a user or their user device (e.g., smartphone). Such confirmation may be used for fraud prevention, to authenticate the user, and/or for other purposes. For example, when a new IoT device is added to the home network, a service may require additional authenticate from the user to confirm that they are who they purport to be, given the change in their current environment. Moreover, the security device may confirm a user's location in the home based on sensor data and/or the current network presence of the user device (e.g., smartphone), as an additional check that the user is who they claim to be during authentication.).
Regarding claim 3, Brown, in combination with Lyle, teaches the method of claim 1, wherein the ledger entry comprises the data compliance certificate, the data compliance rule, and specifies the second plurality of resource devices (Lyle: Fig. 1A-1C, Fig. 2, Col. 11, Lines 23-27, The digital certificate 108 may be stored (206) on the security device 102 or elsewhere. As described above, in some implementations the digital certificate 108 may be stored on a blockchain that is on the security device 102 or accessible by the security device 102. Col. 13, Lines 50-55, The security platform 406 may access and/or be a part of a blockchain network 418, as described above. The blockchain network 418 may store information regarding IoT device(s), their configuration, permissions to access external service(s), and/or a digital certificate to provide secure communications between IoT device(s) and other service(s).).
Regarding claim 4, Brown, in combination with Lyle, teaches the method of claim 1, wherein the ledger entry is associated with a previous ledger entry that is associated with a previous iteration of the data compliance rule associated with the workload (Lyle: Col. 7, Lines 7-44, A blockchain, which may also be referred to as a distributed ledger, is a (e.g., public) ledger of all transactions that have been executed in one or more contexts (e.g., negotiable instrument transactions, digital currency transactions, etc.). A blockchain may grow as completed blocks are added with a new set of transactions. In some examples, a single block is provided from multiple transactions (e.g., multiple deposits of different checks by different people). In general, blocks are added to the blockchain in a linear, chronological order by one or more computing devices in a peer-to-peer network of interconnected computing devices that execute a blockchain protocol. Each node maintains a copy of the blockchain, which is automatically downloaded to the node upon joining the peer-to-peer network. The blockchain protocol provides a secure and reliable method of updating the blockchain, copies of which are distributed across the peer-to-peer network, without use of a central authority. Because all entities on the blockchain network may need to know all previous transactions (e.g., deposits, withdrawals, etc.) to validate a requested transaction, all entities must agree on which transactions have actually occurred, and in which order.).
Regarding claim 5, Brown, in combination with Lyle, teaches the method of claim 1, wherein a resource device of the second plurality of resource devices is a processing device (Lyle: Col. 13, Lines 50-55, The security platform 406 may access and/or be a part of a blockchain network 418, as described above. The blockchain network 418 may store information regarding IoT device(s), their configuration, permissions to access external service(s), and/or a digital certificate to provide secure communications between IoT device(s) and other service(s).) [IoT Device meets processing device limitation]).
Regarding claim 6, Brown, in combination with Lyle, teaches the method of claim 1, wherein a resource device of the second plurality of resource devices is a network device (Brown: Para. [0033], In one implementation, the workload management system may invoke various cooperating policy services to determine suitable physical resources 114a (e.g., physical servers, hardware devices, etc.), virtualized resources 114b (e.g., virtual machine images, virtualized servers, etc.), configuration resources 114c (e.g., management agents, translation services, etc.), storage resources (e.g., the clustered file system 195, one or more databases 155, etc.), or other resources 114 for a particular workload. [Server meets network device limitation]).
Regarding claim 7, Brown, in combination with Lyle, teaches the method of claim 1, wherein a resource device of the second plurality of resource devices is a storage device (Brown: Para. [0033], In one implementation, the workload management system may invoke various cooperating policy services to determine suitable physical resources 114a (e.g., physical servers, hardware devices, etc.), virtualized resources 114b (e.g., virtual machine images, virtualized servers, etc.), configuration resources 114c (e.g., management agents, translation services, etc.), storage resources (e.g., the clustered file system 195, one or more databases 155, etc.), or other resources 114 for a particular workload. [storage resources meets storage device limitation]).
Regarding claims 8-12, claims 8-12 are rejected under the same rational as claims 1-5, respectively.
Regarding claim 13, claim 13 is rejected under the same rational as claim 7.
Regarding claim 14, claim 14 is rejected under the same rational as claim 6.
Regarding claim 15-20, claims 15-20 are rejected under the same rational as claims 1-6, respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993.  The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached at (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/NELSON S. GIDDINS/Primary Examiner, Art Unit 2437