DETAILED ACTION
Applicant’s preliminary amendment filed 6/16/2021 has been fully considered. 
Claims 2-21 are pending and have been examined. Claim 1 has been canceled.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
Claims 2-21 are provisionally rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims of Patent No. 10868836.  Although the conflicting claims are not identical, they are not patentably distinct from each other because 
“A computer-implemented method, comprising: detecting, by a poller, a change in network endpoints associated with a sub-network, the network endpoints related to a subscription with respect to a network endpoint topic, the subscription associated with a security policy for a resource, the security policy including an indication from an entity associated with the sub-network to automatically update policy information responsive to a change in the network endpoints; publishing, on the network endpoint topic, new policy information associated with the change in the network endpoints; determining, based at least in part on the security policy, that the new policy information should be applied; and causing the new policy information to be applied for the security policy, wherein the security policy including the new policy information will be enforced for a subsequent access request relating to the resource” (claim 1, instant application) is analogous to 
“A computer-implemented method, comprising: determining an access policy to be enforced for a customer resource, the customer resource allocated to a customer from a plurality of resources in a resource provider environment; receiving indication of a range of Internet protocol (IP) addresses from which requests for access to the customer resource are to be permitted, the range of IP addresses associated with a sub-network; receiving indication from the customer to automatically update at least one policy definition of the access policy responsive to a change in the range of IP addresses; causing a policy manager, associated with the customer resource, to be subscribed to receive updates for the sub-network; detecting, by a poller, a first change in the range of IP addresses; generating a new policy definition for the access policy based at least in part upon the first change in the range of IP addresses; publishing the new policy definition, wherein the policy manager being subscribed to receive updates will receive the new policy definition; determining, based at least in part on the access policy, that the new policy definition should be applied; and causing the new policy definition to be applied for determining whether to grant access to the customer resources for a subsequently received access request” (claim 1, patent 10868836).
This is a provisional obviousness-type double patenting rejection because the conflicting claims of the instant application have not in fact been patented.
The claims of the conflicting patents and/or applications contain every element of claims 2-21 of the instant application and thus anticipate the claims of the instant application. Claims 2-21 of the instant application therefore are not patently distinct from the copending application claims and as such are unpatentable for obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species with that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
“Claim 12 and Claim 13 are generic to the species of invention covered by claim 3 of the patent. Thus, the generic invention is “anticipated” by the species of the patented invention. Cf., Titanium Metals Corp. v. Banner, 778 F.2d 775, 227 USPQ 773 (Fed. Cir. 1985) (holding that an earlier species disclosure in the prior art defeats any generic claim) 4. This court’s predecessor has held that, without a terminal disclaimer, the species claims preclude issuance of the generic claim. In re Van Ornum, 686 F.2d 937, 944, 214 USPQ 761, 767 (CCPA 1982); Schneller, 397 F.2d at 354. Accordingly, absent a terminal disclaimer, claims 12 and 13 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 2, 13, 19 recite multiple instances of the limitation "a change" in “(the) network points”, making it unclear if it is the same “change” or a different change.  There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 2-3, 5-8, 10-11, 13-14, and 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dale (20170099187).
Regarding claims 2 and 13, Dale teaches A computer-implemented method, comprising: / A system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to (abstract): 
detecting, by a poller, a change in network endpoints associated with a sub-network, the network endpoints related to a subscription with respect to a network endpoint topic, the subscription associated with a security policy for a resource (par.33-40, 49-51, 63-67), 
the security policy including an indication from an entity associated with the sub-network to automatically update policy information responsive to a change in the network endpoints (par.33-34, 56-58, 96-100);
publishing, on the network endpoint topic, new policy information associated with the change in the network endpoints (par.97-100);
determining, based at least in part on the security policy, that the new policy information should be applied; and causing the new policy information to be applied for the security policy, wherein the security policy including the new policy information will be enforced for a subsequent access request relating to the resource (par.78-83, 96-99).
Regarding claims 3 and 14, Dale teaches causing the new policy information to be applied for the security policy using a policy manager of a resource provider environment, the resource being at least one of a physical computing resource or a virtual computing resource provided using resources of the resource provider environment (par.30-35, 42-44, 57-61).
Regarding claims 5 and 16, Dale teaches detecting the change in the network endpoints using a task-based resource; generating the new policy information based at least in part upon the change in the network endpoints; and providing the new policy information for publication by the notification service (par.31-35, 69-77, 98-105).
Regarding claim 6, Dale teaches wherein the new policy information is provided by at least one of storing the new policy information to an information queue or transmitting the new policy information using a data streaming service (par.57-59, 93-102).
Regarding claim 7, Dale teaches periodically polling, by the poller, the information queue for the new policy information wherein the new policy information includes at least one of a new policy definition or a new access control list (par.33-40, 97-110).
Regarding claim 8, Dale teaches wherein the new policy information specifies at least one of endpoints for which access to the resource is to be granted or endpoints for which access is to be denied to the resource (par.63-65, 102-105, 129-132).
Regarding claim 10, Dale teaches wherein the security policy is one of an access policy or a credential management policy (par.32-35, 39-42, 63-67).
Regarding claim 11, Dale teaches wherein the network endpoints correspond to IP addresses or geo-locations of at least one of a sub- network or region of computing resources (par.30-35, 85-87, 101-110, 138-141).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 9, 12, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dale, and further in view of Saida (20160277448).
Regarding claim 19, Dale teaches A computer-implemented method, comprising (abstract):
detecting, by a poller, a change in network endpoints associated with a sub-network, the network endpoints related to a subscription with respect to a network endpoint topic, the subscription associated with a security policy for a resource (par.33-40, 49-51, 63-67),  
the security policy including an indication from an entity associated with the sub-network to automatically update policy information responsive to a change in the network endpoints (par.33-34, 56-58, 96-100);
publishing, on the network endpoint topic, new policy information associated with the change in the network endpoints to at least one subscriber (par.97-100);
determining, based at least in part on the security policy, that the new policy information should be applied; causing the new policy information to be applied for the security policy, wherein the security policy including the new policy information will be enforced for a subsequent access request relating to the resource (par.78-83, 96-99).
Dale does not expressly disclose, however, Saida teaches publishing new policy information associated with endpoints using at least one of email messaging, instant messaging, short message service messaging, or text messaging (par.53-57, 198-215);
validating a customer access credential, received with the subsequent access request, before granting access to the resource in response to an endpoint of the subsequent access request falling within permissible network endpoints specified by the new policy information (par.53-57, 138-165).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Dale to use other means of transmitting policy updates and to authenticate access to resources as taught by Saida.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Saida, par.50-60, 190-220).
Regarding claim 20, Dale/Saida teaches causing the new policy information to be applied for the security policy using a policy manager of a resource provider environment, the resource being at least one of a physical computing resource or a virtual computing resource provided using resources of the resource provider environment (Dale, 40-45, 57-65, Saida, 97-102).
Regarding claims 9 and 17, Dale does not expressly disclose, however, Saida teaches wherein the new policy information is published to at least one subscriber using at least one of email messaging, instant messaging, short message service messaging, or text messaging (par.53-57, 198-215);
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Dale to use other means of transmitting policy updates as taught by Saida.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Saida, par.50-60, 190-220).
Regarding claims 12 and 18, Dale does not expressly disclose, however, Saida teaches validating a customer access credential, received with the subsequent access request, before granting access to the resource in response to an endpoint of the subsequent access request falling within permissible network endpoints specified by the new policy information (par.53-57, 138-165).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Dale to authenticate access to resources as taught by Saida.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to resources (Saida, par.50-60, 190-220).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Dale/Saida, and further in view of Yang (20140379915).
Regarding claim 21, Dale/Saida does not expressly disclose, however, Yang teaches receiving the new policy information to a customer policy manager; generating a notification to a customer resource administrator regarding the new policy information; and causing the new policy information to be applied for the security policy by enabling the customer resource administrator to manually review and apply the new policy information for the security policy (par.20-31).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Dale/Saida to provide an administrator interface to manage policies as taught by Yang.
One of ordinary skill in the art would have been motivated to perform such a modification to further validate system generated policies (Yang, par.20-31).
Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Dale, and further in view of Yang.
Regarding claims 4 and 15, Dale does not expressly disclose, however, Yang teaches receiving the new policy information to a customer policy manager; generating a notification to a customer resource administrator regarding the new policy information; and causing the new policy information to be applied for the security policy by enabling the customer resource administrator to manually review and apply the new policy information for the security policy (par.20-31).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Dale to provide an administrator interface to manage policies as taught by Yang.
One of ordinary skill in the art would have been motivated to perform such a modification to further validate system generated policies (Yang, par.20-31).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David Garcia Cervetti whose telephone number is (571)272-5861. The examiner can normally be reached Monday-Friday 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI ARMOUCHE can be reached on (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/David Garcia Cervetti/             Primary Examiner, Art Unit 2419