DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-22 are pending.
The claim objections except for the one(s) being repeated below have been withdrawn in view of the claim amendment. 

Response to Arguments
Applicant's arguments filed on 03/22/2022 have been fully considered. Although there might be differences between Applicant’s invention and the cited prior art, the current claims have not successfully captured these differences to render the claims clearly distinguishable from the cited prior art as explained in more detail below.
In response to Applicant’s argument that “claims 1, 17 and 20 are not directed to a judicial exception because they recite additional elements (the encryption key orchestration system) that integrate the exception into a practical application (improved cryptographic security). Even if the claims recite a judicial exception, the claims, as a whole, integrate the recited judicial exception into a practical application of the exception” (pages 8-11 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, Step 2A, Prong Two asks “Does the claim recite additional elements that integrate the judicial exception into a practical application?”  Note that “integration into a practical application” requires an additional element(s) or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception.  Moreover, limitations that are not indicative of integration into a practical application include (1) adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea (see MPEP 2106.05(f)) and (2) adding insignificant extra-solution activity to the judicial exception (see MPEP 2106.05(g)).
Secondly, the previous Office action has identified and evaluated the additional elements to determine whether they integrate the exception into a practical application.  As pointed out previously, claim 1 recites the additional limitation of receiving a user request for the policy operation, which as drafted, is recited at a high level of generality and amounts to mere data gathering which is an insignificant extra-solution activity and thus does not integrate the judicial exception into a practical application.  Moreover, claim 1 additionally recites a management request handler of a security object orchestration system.  However, “a management request handler of a security object orchestration system” is recited at a high-level of generality and is a generic computer component of a generic computer system such that it amounts to no more than mere instructions to apply the exception using a generic computer. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. 
Furthermore, there are no well-understood, routine, and conventional additional elements recited in the claim.
In addition, unlike the security profile generated in response to a virus can that identified a suspicious code in a downloadable in Finjan Inc. v. Blue Coat, the encryption key orchestration system or security object orchestration system is recited at a high level of generality and is a generic computer system to apply the exception such that it amounts to no more than mere instructions to apply the exception using a generic computer.  Mere instructions to apply an exception using a generic computer cannot provide an inventive concept.  Accordingly, the encryption key orchestration system or security object orchestration system does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The security profile in Finjan Inc. v. Blue Coat is specific and constitutes an improvement in computer functionality because it (a) identifies suspicious code in a received downloaded and (b) includes “details about the suspicious code in the received downloadable, such as . . . ‘all potentially hostile or suspicious code operations that may be attempted by the Downloadable’” and “the information about potentially hostile operations produced by a ‘behavior-based’ virus scan.”  Thus, the encryption key orchestration system is very different from the security profile in Finjan Inc. v. Blue Coat.  
Applicant has cited ¶3, 4, and 84 of the specification.  However, the current claims do not recite or reflect any improvement or limitations indicative of integration of the exception into a practical application.  Currently, the claims only recite the judicial exception, mere instructions to implement an abstract idea on a computer or mere usage of a computer as a tool to perform an abstract idea and insignificant extra-solution activity to the judicial exception.
It is suggested that the claims be amended to incorporate features that apply the exception in in a manner that imposes a meaningful limit on the judicial exception such as based on the evaluation of the acceptability of the cryptographic consideration, the encryption key or the security object is utilized in some manner (e.g. used to secure a communication transaction) assuming such features are supported by the specification.  


In response to Applicant’s remark that the double patenting rejection be held in abeyance until the claims are otherwise in condition for allowance (page 12 of Remarks), Examiner acknowledged Applicant’s perspective but since a Terminal Disclaimer has not been filed and approved, the nonstatutory double patenting rejection has been maintained.

In response to Applicant’s argument that that Gaspar fails to disclose at least evaluating an acceptability of a cryptographic consideration of an object attribute of a security object (pages 12-13 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, it should be note that the claims only recite “a cryptographic consideration” and does not further recite the specifics (e.g. the type) of this term.  Thus, “a cryptographic consideration” broadly covers any type of analysis or review associated with any cryptographic aspect.  Moreover, ¶52 of the specification states “In particular examples, a policy may dictate whether the particular encryption key is an acceptable encryption key. Such acceptability may be based on the security and cryptographic considerations as to whether the encryption key (e.g., as shown from the key attributes associated with the encryption key) may be secure enough. In other words, the encryption key generated for a particular communication transaction may be presented for inspection by the policy to be evaluated as to whether the encryption key is to be allowed or denied for that communication transaction.”  
Secondly, Gaspar discloses determining whether the use of the cryptographic key associated with a request of a cryptographic operation is allowed or permitted based on priority determination of the context of use rules includes determining that a user profile = UP1 is within a user profile UP1 of context of use rule with priority 10 and context of use rule with priority 20 and the time ‘13:31 h’ is within the time range ‘13:00 h and 18:00 h’ of the context of use rule with priority 10 and within the time range ‘09:00 h and 18:00 h’ of the context of use rule with priority 20) (e.g. Table 3, ¶110-114). 
	For at least the above reasons, Gaspar does disclose or suggest evaluating an acceptability of a cryptographic consideration of an object attribute of a security object.

In response to Applicant’s argument that "aggregating, by the management request handler, the determined policies based on priority, wherein the priority corresponds to a sequential order in which the determined policies are determined" as recited in claim 7 because Gaspar discloses that only one rule being applied (pages 13-14 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, because the specification does not provide a special definition for the term “aggregating”, the term “aggregating” broadly covers any type of accumulating, grouping, gathering, or collecting.  Moreover, the claim does not further specify how the priority “corresponds” or relates to the sequential order and broadly covers any type of correspondence or relationship to the sequential order.
Secondly, Gaspar discloses retrieving the determined context of use rules from a repository and accumulating/grouping/gathering/collecting the retrieved context of use rules into a set of existing context of use rules (aggregating) stored in a cache memory based on a sequential order of the priorities indicated by the sequential number associated with each of the context of use rules (i.e. 10, 20, …) (e.g. Table 3, ¶42, 99, 107-108, 110-111).  
For at least the above reasons, Gaspar does disclose or suggest “aggregating, by the management request handler, the determined policies based on priority, wherein the priority corresponds to a sequential order in which the determined policies are determined”.

In response to Applicant’s argument that Gaspar does not describe "the sequential order in which the determined policies are determined [being] the sequential order in which the determined polices are retrieved from a policy database and loaded to a cache memory" as recited by claim 9 (page 15 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
As explained above, Gaspar discloses retrieving the determined context of use rules from a repository and accumulating/grouping/gathering/collecting the retrieved context of use rules into a set of existing context of use rules (aggregating) stored in a cache memory based on a sequential order of the priorities indicated by the sequential number associated with each of the context of use rules (i.e. 10, 20, …) (e.g. Table 3, ¶42, 99, 107-108, 110-111).  
For at least the above reasons, Gaspar does disclose or suggest “aggregating, by the management request handler, the determined policies based on priority, wherein the priority corresponds to a sequential order in which the policies are retrieved from a policy database and loaded to a cache memory”.

In response to Applicant’s argument that as described herein, Gaspar fails to describe evaluating an acceptability of a cryptographic consideration of an object attribute of a security object as recited in amended claim 1. Therefore, Gaspar could not have much less described "checking a value corresponding to the at least one object attribute to determine whether the value is within an acceptable range" as described in claims 21 and 22 (pages 15-16 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for reasons explained in section 7 above.

Claim Objections
Claims --2, 11, 12, and 16 are objected to because of the following informalities:  
“determining the policies” in claim 2 should read “determining the plurality of policies”.
“determining the policies” in lines 2, 3 of claims 11 and 12 should read “determining the plurality of policies associated with the two or more of the node, the group, the client or the user”.
“the policies” in last line of claim 16 should read “policies”.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.  Claim 1 recites  determining a plurality of policies associated with one or more of a node, a group, a client, or a user associated with the user request, where the determined plurality of policies associated with the one or more of the node, the group, the client, or the user, include at least two conflicting policies; determining whether one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies; and evaluating an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on the one of the at least two conflicting policies upon determining that the one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies, or evaluating an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on each of the at least two conflicting policies upon determining that none of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies. 
The limitation of determining a plurality of policies associated with one or more of a node, a group, a client, or a user associated with the user request as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “determining” in the context of this claim encompasses the user manually identifies a plurality of policies including at least two conflicting policies based on information about the plurality of policies.
The limitation of determining whether one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “determining” in the context of this claim encompasses the user manually comparing the scopes of the two conflicting policies to determine which one has a narrower scope. 
The limitation of evaluating an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on the one of the at least two conflicting policies upon determining that the one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “evaluating” in the context of this claim encompasses the user manually making an evaluation of an acceptability of a cryptographic consideration of at least one object attribute of the security object based on one of the two conflicting policies upon determining that the one of the two conflicting policies has a narrower scope than the other policy.
The limitation of evaluating an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on each of the at least two conflicting policies upon determining that none of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “evaluating” in the context of this claim encompasses the user manually making an evaluation of an acceptability of a cryptographic consideration of at least one object attribute of the security object based on each of the two conflicting policies upon determining that none of the two conflicting policies has a narrower scope than the other policy.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application because the claim does not recite additional elements that integrate the judicial exception into a practical application. 
Claim 1 recites the additional limitation of receiving a user request for the policy operation, which as drafted, is recited at a high level of generality and amounts to mere data gathering which is an insignificant extra-solution activity and thus does not integrate the judicial exception into a practical application.  
 Moreover, claim 1 additionally recites a management request handler of a security object orchestration system.  However, “a management request handler of a security object orchestration system” is recited at a high-level of generality and is a generic computer component of a generic computer system such that it amounts to no more than mere instructions to apply the exception using a generic computer. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. 
Considering the claim as a whole, looking at the elements individually and in an ordered combination, does not integrate the abstract idea into a practical application using the considerations set forth above.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above with respect to integration of the abstract idea into a practical application, the additional element of receiving a user request for the policy operation, as drafted, is recited at a high level of generality and amounts to mere data gathering which is an insignificant extra-solution activity and thus does not integrate the judicial exception into a practical application.  The additional element of “a management request handler of a security object orchestration system” is recited at a high-level of generality and is a generic computer component of a generic computer system such that it amounts to no more than mere instructions to apply the exception using a generic computer. Mere instructions to apply an exception using a generic computer cannot provide an inventive concept.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. 
There are no well-understood, routine, and conventional additional elements recited in the claim.
	Thus, the claimed elements, either individually, or in the ordered combination do not add significantly more to the abstract idea.
Dependent claims 2-16 and 21-22 further clarify the concept recited in claim 1 however this clarification still falls under the concept recited in claim 1 and does not amount to significantly more than the judicial exception.
Claim 17 although not using the exact claim language, contain similar elements as recited in claim 1 and is also rejected for similar reasons. Claim 17 additionally recites “an encryption key orchestration system”, “a memory”, “a processor” to perform operations.  However, “an encryption key orchestration system” is recited at a high-level of generality and is a generic computer system such that it amounts to no more than mere instructions to apply the exception using a generic computer.  The memory and the processor are recited at a high-level of generality and are generic computers or computer components such that they amount to no more than mere instructions to apply the exception using generic computers or computer components. Mere instructions to apply an exception using generic computers or computer components cannot provide an inventive concept.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  
Dependent claims 18-19 further clarify the concept recited in claim 17 however this clarification still falls under the concept recited in claim 17 and does not amount to significantly more than the judicial exception.
Claim 20 although not using the exact claim language, contain similar elements as recited in claim 1 and is also rejected for similar reasons. Claim 20 additionally recites a non-transitory computer-readable medium storing instructions and an encryption key orchestration system to perform operations.  However, “an encryption key orchestration system” is recited at a high-level of generality and is a generic computer system such that it amounts to no more than mere instructions to apply the exception using a generic computer.  The non-transitory computer-readable medium is recited at a high-level of generality and is generic computer component such that it amounts to no more than mere instructions to apply the exception using generic computer component. Mere instructions to apply an exception using generic computer component cannot provide an inventive concept.  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-4, 7, 9-10, 13, and 17-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 13 of U.S. Patent No. 10880281 in view of Gaspar (US 20150082041).
Claim 13 of U.S. Patent No. 10880281 discloses most of the limitations recited in claims 1-4, 7, 9-10, 13, and 17-20 of the instant application except for the limitations of “the determined plurality of policies associated with the one or more of the node, the group, the client, or the user, include at least two conflict policies”, “determining, by the management request handler, whether one of the at least two conflicting policies has a narrower scope than the other policy”, “evaluating, by the management request handler, an acceptability of a cryptographic consideration of at least one object attribute of the security object” (recited in claim 1), “the determined plurality of policies associated with the one or more of the node, the group, the client, or the user, include at least two conflict policies”, “evaluate an acceptability of a cryptographic consideration of at least one object attribute of a security object” and “a memory; and a processor” configured to perform the operations (recited in claim 17), and “evaluate an acceptability of a cryptographic consideration of at least one object attribute of a security object” and “A non-transitory computer-readable medium” comprising instructions to cause “a processor” to perform the operations (recited in claim 20).
Gaspar discloses the above missing limitations as seen in the below rejections of claims 1, 17, and 20.
	It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Gaspar into the method, system and medium of the patent claims for the purpose of performing cryptographic operations under a centralized basis but offering a better equilibrium between centralizing capabilities and security capabilities (Gaspar, ¶10).

Instant application 17112596
Patent No. 10880281
1
13 
2-4, 7, 9-10, 13
13
17
13 
18-19
13
20
13 


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-7, 9-10, 13-14, and 17-22 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Gaspar (US 20150082041).

Claim 1, Gaspar discloses A method for evaluating a security object based on policies for a policy operation, (e.g. fig. 1, ¶36, 116-117) the method comprising: 
receiving, by a management request handler of a security object orchestration system, a user request for the policy operation; (e.g. Table 3, ¶47, 57: receiving a user request made by a user U1 belonging to a user profile UP1 made at 13:31 h)
determining, by the management request handler, a plurality of policies associated with one or more of a node, a group, a client, or a user associated with the user request, where the determined plurality of policies associated with the one or more of the node, the group, the client or the user, include at least two conflicting policies; (e.g. Table 3, ¶99, 107-108, 110-113: determining context of use rules associated with at least the user U1, the user profile UP1, profile of the client computer system, profile of the application through which the user request has been performed associated with the user request where the determined context of use rules include a rule with priority 20 permitting the use of the cryptographic key between 9:00 h and 18:00 h and a rule with priority 10 not permitting the use of the cryptographic key between 13:00 h and 18:00 h)
determining, by the management request handler, whether one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies; and (e.g. Table 3, ¶112-114: determining that priority (e.g. priority 10) of the rule not permitting the use of the cryptographic key between 13:00 h and 18:00 h is lower (narrower) than priority (e.g. priority 20) of the rule permitting the use of the cryptographic key between 9:00 h and 18:00 h.  Note that a scope of a policy broadly covers any breadth, magnitude, significance, weight, degree, coverage, level, effect, influence, extent, range, limit, width, all aspects of a policy or rule)
evaluating, by the management request handler, an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on one of the at least two conflicting policies upon determining that the one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies, or evaluating, by the management request handler, an acceptability of a cryptographic consideration of at least one object attribute of the security object based, at least in part, on each of the at least two conflicting policies upon determining that none of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies. (e.g. Table 3, ¶110-114): determining whether the use of the cryptographic key associated with a request of a cryptographic operation is allowed or permitted based on priority determination of the context of use rules includes determining that a user profile = UP1 is within a user profile UP1 of context of use rule with priority 10 and context of use rule with priority 20 and the time ‘13:31 h’ is within the time range ‘13:00 h and 18:00 h’ of the context of use rule with priority 10 and within the time range ‘09:00 h and 18:00 h’ of the context of use rule with priority 20))

Claim 2, Gaspar discloses The method of claim 1, wherein determining the policies comprises determining that the at least two conflicting polices are conflicting with one another in response to determining that a scope of the one of the at least two conflicting policies is different from a scope of the other policy of the at least two conflicting policies, wherein the at least two conflicting policies are related to a same security object attribute. (e.g. Table 3, ¶111-114)

Claim 3, Gaspar discloses The method of claim 1, wherein determining that the one of the at least two conflicting policies has a narrower scope than the other policy of the at least two conflicting policies comprising determining that the one of the at least two conflicting policies has a scope that is entirely within a scope of the other policy of the at least two conflicting policies. (e.g. Table 3, ¶111-114)

Claim 4, Gaspar discloses The method of claim 1, wherein the security object comprises at least one cryptographic key and the at least one object attribute comprises at least one attribute of the at least one cryptographic key. (e.g. Table 3, ¶99, 107-108, 110-113)

Claim 5, Gaspar discloses The method of claim 4, wherein the policy operation comprises evaluating the at least one cryptographic key for acceptability for a cryptographic operation. (e.g. ¶47, 110-114)

Claim 6, Gaspar discloses The method of claim 1, wherein the policy operation comprises evaluating the security object for acceptability as a cryptographic key for a cryptographic operation. (e.g. ¶47, 110-114)

Claim 7, Gaspar discloses The method of claim 1, further comprising aggregating, by the management request handler, the determined policies based on priority, wherein the priority corresponds to a sequential order in which the determined policies are determined. (e.g. Table 3, ¶42, 99, 107-108, 110-114)

Claim 9, Gaspar discloses The method of claim 7, wherein the sequential order in which the determined policies are determined is the sequential order in which the determined policies are retrieved from a policy database and loaded to a cache memory. (e.g. Table 3, ¶42, 99, 107-108, 110-114)

Claim 10, Gaspar discloses The method of claim 1, wherein determining the plurality of policies associated with the one or more of the node, the group, the client, or the user comprises determining a plurality of policies associated with two or more of the node, the group, the client, or the user associated with the user request, where the determined plurality of policies associated with the two or more of the node, the group, the client, or the user include at least two conflicting policies; (e.g. Table 3, ¶99, 107-108, 110-113)

Claim 13, Gaspar discloses The method of claim 1, wherein the plurality of policies associated with the one or more of the node, the group, the client, or the user, include at least one ephemeral policy that replaces at least one other policy of the plurality of policies associated with the one or more of the node, the group, the client, or the user. (e.g. ¶111-114)

Claim 14, Gaspar discloses The method of claim 1, wherein the at least two conflicting policies include at least one policy associated with one of the node, the group, the client or the user, and at least one other policy associated with another one of the node, the group, the client or the user. (e.g. Table 3, ¶99, 107-108, 110-113)

Claim 17, this claim is rejected for similar reasons as in claim 1.

Claim 18, this claim is rejected for similar reasons as in claim 2.

Claim 19, this claim is rejected for similar reasons as in claim 3.

Claim 20, this claim is rejected for similar reasons as in claim 1.

Claim 21, Gaspar discloses The method of claim 1, wherein evaluating, by the management request handler, the acceptability of the cryptographic consideration of the at least one object attribute of the security object comprises checking a value corresponding to the at least one object attribute to determine whether the value is within an acceptable range of the one of the at least two conflicting policies. (e.g. Table 3, ¶110-114)

Claim 22, Gaspar discloses The method of claim 1, wherein evaluating, by the management request handler, the acceptability of the cryptographic consideration of the at least one object attribute of the security object comprises checking a value corresponding to the at least one object attribute to determine whether the value is within an acceptable range of each of the at least two conflicting policies. (e.g. Table 3, ¶110-114)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Gaspar (US 20150082041) in view of Avesand (US 20160226915).

Claim 8, Gaspar discloses The method of claim 7, wherein aggregating the determined polices based on the priority (e.g. Table 3, ¶42, 99, 107-108, 110-111) and does not appear to explicitly disclose but Avesand discloses determining at least one node-specific policy before determining at least one group-specific policy; determining at least one group-specific policy before determining at least one client-specific policy; and determining at least one client-specific policy before determining at least one user-specific policy. (e.g. ¶27).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Avesand into the invention of Gaspar for the purpose of ensuring that no single rule conflicts with any other rule in the integrated policy (Avesand, ¶27).

Claim 12, Gaspar discloses The method of claim 10, wherein determining the plurality of policies associated with the two or more of the node, the group, the client or the user comprises determining the policies based on priority (e.g. Table 3, ¶99-108, 110, 114).
Gaspar does not appear to explicitly disclose but Avesand discloses the priority for each policy associated with the node is higher than each policy associated with the group; the priority for each policy associated with the group is higher than each policy associated with the client; and the priority for each policy associated with the client is higher than each policy associated with the user. (e.g. ¶27).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Avesand into the invention of Gaspar for the purpose of ensuring that no single rule conflicts with any other rule in the integrated policy (Avesand, ¶27).

Claims 11, 15, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Gaspar (US 20150082041) in view of Attfield (US 10169571).

Claim 11, Gaspar discloses The method of claim 10, wherein determining the plurality of policies associated with the two or more of the node, the group, the client or the user comprises determining the policies based on priority (e.g. Table 3, ¶99-108, 110, 114).
Gaspar does not appear to explicitly disclose but Attfield discloses wherein the priority for determining the plurality of policies associated with the two or more of the node, the group, the client, or the user comprises determining policies of one or more parent nodes before policies of a node associated with the user. (e.g. col. 5, ll. 32-42, col. 6, ll. 6-29)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Attfield into the invention of Gaspar for the purpose of conflict resolution and for other reasons such as efficiency and tractability in processing (Attfield, col. 6, ll. 13-15).

Claim 15, Gaspar discloses The method of claim 1, wherein determining the plurality of policies associated with the one or more of the node, the group, the client or the user comprises determining the plurality of policies associated with the one or more of the node, the group, the client or the user based on priority (e.g. Table 3, ¶99-108, 110, 114).
Gaspar does not appear to explicitly disclose but Attfield discloses wherein the priority for determining the plurality of policies associated with the one or more of the node, the group, the client or the user comprises determining policies of one or more parent nodes before policies of a node associated with the user. (e.g. col. 5, ll. 32-42, col. 6, ll. 6-29)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Attfield into the invention of Gaspar for the purpose of conflict resolution and for other reasons such as efficiency and tractability in processing (Attfield, col. 6, ll. 13-15)

Claim 16, Gaspar discloses The method of claim 1, wherein: the user request is received from a user on a multi-node network having at least one node associated with the user (e.g. fig. 1, ¶36, 47) and determining the plurality of policies associated with one or more of the node, the group, the client, or the user comprises determining policies associated with the at least one node associated with the user (e.g. Table 3, ¶99, 107-108, 110-113).
Gaspar does not appear to explicitly disclose but Attfield discloses at least one parent node of the at least one node associated with the user; determining policies associated with the at least one parent node of the at least one node associated with the user based on priority, wherein the priority for policies of the at least one parent node is higher than the policies of the at least one node associated with the user. (e.g. col. 5, ll. 32-42, col. 6, ll. 6-29)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Attfield into the invention of Gaspar for the purpose of conflict resolution and for other reasons such as efficiency and tractability in processing (Attfield, col. 6, ll. 13-15).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 9390285 discloses identifying inconsistent security policies including determining, for each entity pair, a respective directed relationship from a first entity in the entity pair to a second entity in the entity pair, wherein the first entity is a component, and wherein the directed relationship represents the first entity executing a type of interaction with the second entity; identifying one or more security policies affecting each entity, where each security policy limits user access to a respective type of interaction by another entity with the entity; and analyzing, for each entity, entity pairs including the entity and one or more security policies affecting the entity to identify inconsistent security policies from the one or more security policies, wherein the inconsistent security policies are policies that allow different scopes of user access to the respective types of interaction…The analyzing includes, for each entity and for each type of interaction with the entity, identifying, from the entity pairs including the entity, directed relationships to the entity having the type of interaction; identifying, from the one or more security policies, first security policies affecting entities connected to the directed relationships, wherein each first security policy limits user access to the type of interaction with the entity; determining which of the first security policies are less restrictive compared to the others, wherein the determining includes (i) identifying a most restrictive security policy from the first security policies, the most restrictive security policy limiting a scope of user access to a least number of user accounts, and (ii) identifying, from the first security policies, security policies limiting scopes of user access to more than the least number of user accounts to be less restrictive; and identifying the most restrictive security policy and the less restrictive security policies as inconsistent policies….The method includes generating a recommendation of changes for the inconsistent security policies that cause the one or more security policies to allow identical scopes of user access to the respective types of interaction.

US 20120131164 discloses if the two matching policies are in the same category, then one of the policies will be selected based on their scopes. The scopes of the two matching policies are compared, and if the two policies have different scopes, then the policy with the "narrower", i.e., more specific and farther from the top-level (domain) scope, is selected and included in the set of effective policies. In another aspect, if the two matching policies have the same scope, e.g., both have the scope "application", then one can be selected based upon other criteria.

US 9712331 discloses FIG. 7 schematically illustrates a method 700 for operating a policy intelligence rules system…The method 700 begins, and flow proceeds to block 702, wherein a PIRS 126 retrieves and/or receives policies. As explained above, the PIRS 126 can receive operator policies 104, global subscriber policies 106…from the MPR 102, the ESPR 120, and/or other network elements. In some embodiments, the MPR 102 stores and/or retrieves all policies, and the PIRS 126 receives the policies from the MPR 102. As explained above, the sending of policies to the PIRS 126 can be triggered by occurrence of an event, for example, the request of a network resource by a subscriber…As illustrated at block 704, the PIRS 126 can analyze the policies to search for policy conflicts. Several types of policy conflicts can exist in the received policies. For example, an operator policy 104 can create a conflict with a global subscriber policy 106 and/or a subscriber policy 122, 124. Additionally, or alternatively, a global subscriber policy 106 can create a conflict with a subscriber policy 122, 124 and/or an operator policy 104. Additionally, or alternatively, a subscriber policy 122, 124 can conflict with an operator policy 104 and/or a global subscriber policy 106. Other policy conflicts are possible. At block 706, the PIRS 126 can determine if any policy conflicts exist in the policies. If the PIRS 126 determines that one or more policy conflicts exist, the PIRS 126 can identify the conflicts, as shown at block 708…As illustrated at block 710, the PIRS 126 can resolve any identified policy conflicts. A network operator can specify policy conflict resolution rules and/or the conflicts can be resolved by a policy resolution application including, but not limited to, policy reconciliation instructions 206. For example, the PIRS 126 can be configured to resolve conflicts with operator policies 104 by giving the operator policies 104 precedence. For example, if a network operator determines that certain services should be denied on the basis of privacy, safety, and/or liability concerns, then the network operator can specify an operator policy 104 to deny such services. As such, the PIRS 126 can be configured to address any requests for services addressed by the operator policy 104 by giving the operator policy 104 precedence in policy conflict resolution, thereby determining to deny the service, even if a subscriber policy 122, 124 allows such services. Similarly, the PIRS 126 can be configured to give subscriber policies 122, 124 precedence over operator policies 104 and/or global subscriber policies 106. For example, an operator policy 104 and/or a global subscriber policy 106 may grant access to a particular resource, while a subscriber policy 122, 124 denies the subscriber access to the same resource that the operator policy 104 and/or the global subscriber policy 106 allow. In such a case, the PIRS 126 can be configured to respect the subscriber's policy over the global subscriber policies 106 and/or operator policies 104 by denying the resource to which all subscribers have access…When the PIRS 126 receives these conflicting policies, the PIRS 126 can resolve the conflict by giving the subscriber's policies 122, 124 precedence over the operator policies 104 and/or the global subscriber policies 106. As such, though an SMS resource may be granted by default to all subscribers, this particular subscriber can be denied the SMS resource to enforce the subscriber's policies 122, 124. Other conflict scenarios and resolution methods are possible and contemplated.  At block 712, the PIRS 126 determines rules based upon the policies. The PIRS 126 can analyze the policies to determine how the network should handle the request for resources. Determination of the rules can include reconciliation of the policies, to determine which policies should be given precedence, and/or additional operations to determine how the network or application or service should be instructed to implement and/or enforce the determined policy.


Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:30 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436