DETAILED ACTION
Claims 1-5, 7-18 and 20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claim 13 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 7-9, 12 and 14-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Madhusudhana et al. (US Patent No. 7,136,489) in view of Newstadt (US Patent No. 7,383,568).

As per claim 1, Madhusudhana teaches a computer-implemented method, comprising: obtaining a request to modify a policy, wherein the request indicates a modification to a current state of the policy (Col. 4, lines 42-45, organization or stakeholders may initiate modification or deletion of policy if desired); obtaining a first number of approvals from a second number of entities of a set of entities authorized to approve modifications to the policy (Col. 6, lines 1-4, quorum of stakeholders sign and approve policy modification), wherein the first number of approvals is obtained as a result of at least one notification (Col. 5, lines 38-40, request to stakeholders is a “notification” to the stakeholders to obtain approval signatures); and transmitting an instruction to a policy management service to process the request as a result of obtaining the first number of approvals to implement the modified policy (Col. 6, lines 5-7, MAZS manager has power to modify after certain threshold of results returned of policy signatures).
Madhusudhana does not explicitly teach the request comprising a description indicating a modification to a current state of the policy; and a notification including the policy and the description that is provided to the second number of entities for approval. Newstadt teaches the request comprising a description indicating a modification to a current state of the policy (Col. 5, lines 2-8, proposed modification includes a description of reconfiguration to the “current” firewall policy); and a notification including the policy (Col. 5, lines 53-55, proposed modification will include a reference to the policy see Col. 5, lines 3-9, modification is to a policy – “reconfiguration of firewall policy”) and the description that is provided to the second number of entities for approval (Col. 5, lines 50-60, notifying stakeholders of proposed modification to policy, i.e. description).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana with the teachings of Newstadt, the request comprising a description indicating a modification to a current state of the policy; and a notification including the policy and the description that is provided to the second number of entities for approval, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 2, the combination of Madhusudhana and Newstadt teaches the computer-implemented method of claim 1, wherein transmitting the instruction to the policy management service is contingent on obtaining the first number of approvals from the second number of entities authorized to approve modifications to the policy, wherein the first number is less than the second number (Madhusudhana; Abstract, getting a quorum number of approvals, i.e. a threshold number of required approvals out of the total number possible approvals).

As per claim 3, the combination of Madhusudhana and Newstadt teaches the computer-implemented method of claim 1, wherein the set of entities authorized to approve modifications to the policy is different from a second entity responsible for the modification to the policy (Madhusudhana; Abstract, stakeholders vote on modifications – policy store and MAZS handles policy addition, removal and modification).

As per claim 4, the combination of Madhusudhana and Newstadt teaches the computer-implemented method of claim 1, wherein each approval of the first number of approvals is obtained from a different entity of the set of entities (Abstract, one or more shares can be allocated to a single stakeholder meaning that one share per stakeholder is one embodiment of Madhusudhana).

As per claim 7, Madhasudhana teaches a system, comprising: one or more processors; and memory with instructions that, as a result of being executed by the one or more processors, cause the system to: a request to modify a policy indicating a modification to a current state of the policy (Col. 4, lines 42-45, organization or stakeholders may initiate modification or deletion of policy if desired); obtain a first number of approvals from a second number of entities of a set of entities authorized to approve modifications to the policy (Col. 6, lines 1-4, quorum of stakeholders sign and approve policy modification), wherein the first number of approvals is obtained as a result of at least one notification (Col. 5, lines 38-40, request to stakeholders is a “notification” to the stakeholders to obtain approval signatures); and transmit an instruction to a policy management service to process the request as a result of obtaining the first number of approvals to implement the modified policy (Col. 6, lines 5-7, MAZS manager has power to modify after certain threshold of results returned of policy signatures).
Madhasudhana does not explicitly teach in response to a request to modify a policy, determine, from the request, a description indicating a modification to a current state of the policy and one notification including the policy and the description that is provided to the second number of entities for approval. Newstadt teaches in response to a request to modify a policy, determine, from the request, a description indicating a modification to a current state of the policy (Col. 5, lines 2-8, proposed modification includes a description of reconfiguration to the “current” firewall policy) and one notification including the policy (Col. 5, lines 53-55, proposed modification will include a reference to the policy see Col. 5, lines 3-9, modification is to a policy – “reconfiguration of firewall policy”) and the description that is provided to the second number of entities for approval (Col. 5, lines 50-60, notifying stakeholders of proposed modification to policy, i.e. description) see (Col. 5, lines 3-9, modification is to a policy – “reconfiguration of firewall policy”).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana with the teachings of Newstadt, in response to a request to modify a policy, determine, from the request, a description indicating a modification to a current state of the policy and one notification including the policy and the description that is provided to the second number of entities for approval, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 8, the combination of Madhusudhana and Newstadt teaches the system of claim 7, wherein the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to store, in a repository, a current state of the policy prior to the modification to the policy (Madhusudhana; Col. 4, lines 1-10, system stores in a policy store the state of the policy prior the policy modification – then if a policy modification request is received that will be processed) see also (Madhusudhana; Col. 5 line 63 – Col. 6 line 5, approved policy is stored after quorum reached and then a policy modification can be made after which may also require a quorum approval).

As per claim 9, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 12, the combination of Madhusudhana and Newstadt teaches the system of claim 7, wherein the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to obtain, from the second number of entities of a set of entities, feedback information corresponding to the modification (Madhusudhana; Col. 5 line 63 – Col. 6 line 5, getting a policy signature from stakeholders for a policy modification, i.e. feedback).

As per claim 14, Madhasudhana teaches a non-transitory computer-readable storage medium comprising instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: a modification to a current state of the policy indicated in a request (Col. 4, lines 42-45, organization or stakeholders may initiate modification or deletion of policy if desired); obtain a first number of approvals from a second number of entities of a set of entities authorized to approve modifications to the policy (Col. 6, lines 1-4, quorum of stakeholders sign and approve policy modification), wherein the first number of approvals is obtained as a result of at least one notification (Col. 5, lines 38-40, request to stakeholders is a “notification” to the stakeholders to obtain approval signatures); and instruct a policy management service to process the request as a result of obtaining the first number of approvals to implement the modified policy (Col. 6, lines 5-7, MAZS manager has power to modify after certain threshold of results returned of policy signatures).
Madhasudhana does not explicitly teach determine a description to modify a policy from a request based at least in part on a modification to a current state of the policy indicated in the request and one notification including the policy and the description that is provided to the second number of entities for approval. Newstadt teaches determine a description to modify a policy from a request based at least in part on a modification to a current state of the policy indicated in the request (Col. 5, lines 2-8, proposed modification includes a description of reconfiguration to the “current” firewall policy) and one notification including the policy (Col. 5, lines 53-55, proposed modification will include a reference to the policy see Col. 5, lines 3-9, modification is to a policy – “reconfiguration of firewall policy”) and the description that is provided to the second number of entities for approval (Col. 5, lines 50-60, notifying stakeholders of proposed modification to policy, i.e. description) see (Col. 5, lines 3-9, modification is to a policy – “reconfiguration of firewall policy”).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana with the teachings of Newstadt, a description to modify a policy from a request based at least in part on a modification to a current state of the policy indicated in the request and one notification including the policy and the description that is provided to the second number of entities for approval, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 15, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 16, the substance of the claimed invention is identical or substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale.

As per claim 17, the substance of the claimed invention is identical or substantially similar to that of claim 4. Accordingly, this claim is rejected under the same rationale.

As per claim 20, the substance of the claimed invention is identical or substantially similar to that of claim 12. Accordingly, this claim is rejected under the same rationale.

Claims 5, 10, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Madhusudhana in view of Newstadt in further view of Roth (US PGPUB No. 2014/0380402).

As per claim 5, the combination of Madhusudhana and Newstadt teaches the computer-implemented method of claim 1.
The combination of Madhusudhana and Newstadt does not explicitly teach wherein the description comprises a set of application programming interface calls to modify the policy. Roth teaches wherein the description comprises a set of application programming interface calls to modify the policy ([0035], request for a policy change is “described” as API calls).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana and Newstadt with the teachings of Roth, wherein the description comprises a set of application programming interface calls to modify the policy, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 10, the combination of Madhusudhana and Newstadt teaches the system of claim 7.
The combination of Madhusudhana and Newstadt does not explicitly teach wherein the instruction is an application programming interface call configured to cause a policy management service to enforce the modification. Roth teaches wherein the instruction is an application programming interface call configured to cause a policy management service to enforce the modification ([0017], API call which triggers policy enforcement with possible delay parameter).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana and Newstadt with the teachings of Roth, wherein the instruction is an application programming interface call configured to cause a policy management service to enforce the modification, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 11, the combination of Madhusudhana and Newstadt teaches the system of claim 10.
The combination of Madhusudhana and Newstadt does not explicitly teach wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to serialize the modification into a structured format suitable for enforcement by the policy management service. Roth teaches wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to serialize the modification into a structured format suitable for enforcement by the policy management service ([0042], encoding policies into statements with various formats and languages).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhusudhana and Newstadt with the teachings of Roth, wherein the memory further includes instructions that, when executed by the one or more processors, cause the system to serialize the modification into a structured format suitable for enforcement by the policy management service, to ensure that the stakeholders are fully informed of potential modifications to a relevant policy.

As per claim 18, the substance of the claimed invention is identical or substantially similar to that of claim 5. Accordingly, this claim is rejected under the same rationale.

Response to Arguments
Applicant's arguments filed 5/4/2022 with respect to the rejection of claims 1-5, 7-18 and 20 under 35 U.S.C. 103 have been fully considered but they are not persuasive. 
Examiner first notes with respect to the indicated allowable subject matter and previous agreement for allowable subject matter, this was for the inclusion of claim 6 into claim 1 with all other independent claims needing to mirror this amended claim 1. The claim language from now canceled claim 6 reads, “wherein the policy and the description are included in the at least one notification that is provided to the second number of entities of the set of entities for approval”. This is different from the language included in the current amended claim 1 and other independent claims which reads “ wherein….one notification including the policy and the description that is provided to the second number of entities for approval”. As stated in the previous office action, the new amendments do not show that the notification itself can be and needs to be approved. To expedite prosecution, Examiner suggest including the entirety of canceled claim 6 or including the language of claim 13 into the independent claims.
	As per independent claim 1, Applicant argues that the newly cited reference, Newstadt, does not disclose “wherein the first number of approvals is obtained as a result of at least one notification including the policy and the description that is provided to the second number of entities for approval”. Applicant reasons that providing a “proposed modification” as taught in Newstadt is different from providing a notification with a policy and a description for approval. Examiner submits that Newstadt discloses notifications made to stakeholders notifying of a proposed modification with the policy and description. See Newstadt at Col. 5, lines 53-55 and Col. 5, lines 3-9. Examiner points out that a proposed modification has two parts, a policy along with its modification. A description, as defined in the claim language, really just refers to the modification, i.e. “a description of the modification…” see claim 1. Therefore, Examiner submits that a proposed modification satisfies a policy and a description. 
Therefore, the rejection is maintained. To further prosecution, Examiner suggests that the definition of description be expanded on.
	As per independent claims 7 and 14, Applicant repeats the argument presented above for claim 1. Accordingly, these arguments are addressed under the same rationale.
 	As per dependent claims 2-5, 8-12, 15-18 and 20, Applicant notes that these are allowable based on the same arguments presented above due dependency on the independent claims. Accordingly, these arguments are addressed under the same rationale.
	Examiner notes Applicant’s acknowledgement of indicated allowable subject matter, claim 13. Examiner further notes Applicant’s recession of any disclaimers of claim scope.

To expedite prosecution, Examiner is open to conducting an interview to discuss other amendments that can overcome the current rejection or place the application in condition for allowance.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Lockett et al. (US PGPUB No. 2014/0380425), Wu (US PGPUB No. 2008/0027792) and Uziel et al. (US PGPUB No. 2013/0340035) disclose policy modification with various forms of approval.  Baldwin et al. ("Using Modelling and Simulation for Policy Decision Support in Identity Management", doi: 10.1109/POLICY.2009.16, 2009, pp. 17-24) discloses using policy simulation and modelling to make policy decisions by stakeholders. Porter et al. (US PGPUB No. 2004/0225541) and Dunn (US Patent No. 7,269,853) discloses privacy policy change notification. Kumar et al. (US PGPUB No. 2009/0276204) and Joshi discloses (US PGPUB No. 2016/0294691) discloses simulating proposed policy changes. Singh et al. (US PGPUB No. 2007/0157286) and Tarui et al. (US PGPUB No. 2005/0154576) also disclose policy simulation. Saraswathy et al. (US PGPUB No. 2007/0245013) discloses policy change approval.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179.  The examiner can normally be reached on Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        July 20, 2022