Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/11/2021 is in compliance with the
provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the
examiner.
The information disclosure statement (IDS) submitted on 03/21/2021 is in compliance with the
provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the
examiner.
The information disclosure statement (IDS) submitted on 09/14/2021 is in compliance with the
provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the
examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2,5,8-11,14,17-20 rejected under 35 U.S.C. 103 as being unpatentable over Beredimas (U.S 20210006596 A1) in view of Memon et al (U.S 20210342900 A1).
Regarding claim 1, Beredimas et al teach a method for secure policies-based information governance, the method comprising: displaying a Graphical User Interface (GUI) (see Paragraph [0025], receiving a business rule input from a business user (see Paragraph [0059], where receiving policy responsive to a user providing one or more input or selection at a client device); 
receiving a policy from a policy engine based on the business rule input, the policy engine generating a policy hierarchy (see Paragraph [0057], where receiving the domain-specific policy from the policy generation engine); defining a plurality of domain objects and a plurality of domain object representations in the Graphical User Interface (GUI) based on the policy and the policy hierarchy (see Paragraph [0006], where the namespaces provide for hierarchical policy domains with purpose-built vocabulary); 
defining an extensible hierarchical domain model definition using the policy hierarchy, the extensible hierarchical domain model definition being modified using the plurality of domain object representations (see Paragraph [0006], where namespaces over an extensible Attribute Based Access Control grammar and PDP system. The namespace provides for hierarchical policy domains with purpose-built vocabulary);
 defining a Policy Enforcement Point (PEP) in an application based on the extensible hierarchical domain model definition (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which extensible hierarchical policy domains); 
providing a mapping from the Policy Enforcement Point (PEP) in the application to the plurality of domain object representations in the Graphical User Interface (GUI) (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which hierarchical policy domains); 
- 25 -PA9390USreceiving, by the Policy Enforcement Point (PEP), a user request to access a resource on the application, the user request comprising attributes of the user (see Paragraph [0032], where the PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
sending, by the Policy Enforcement Point (PEP), the user request to access the resource on the application to a Policy Decision Point (PDP) (see Paragraph [0032], where the user requests access to a resource from a Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
evaluating, by the Policy Decision Point (PDP), the user request to access the resource on the application, the evaluating using the extensible hierarchical domain model definition (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
generating, by the Policy Decision Point (PDP), a decision regarding the user request to access the resource on the application based on the evaluating; and enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application (see Paragraph [0032] and [0037], where generate namespace to address arbitrary policy use cases through PDP. PDP evaluates the policy rule and sends a permit or deny response along with supplementary obligations back to the PDP so that the authorized access is enforced).
Beredimas et al do not teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user.
However, in an analogous art, Memon et al teach same field of provide rule engines. Memon et al teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user (see Paragraph [0027], where a graphical user interface (GUI) receive rule by user of the business analyst device and interacting with user).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Memon et al using GUI to receiving rule from user.
Motivation as recognized by one of ordinary skill in the art, to do so would GUI for a particular rule that is built on top of one of the reusable logical patterns selected by a user of the business analyst device (see Paragraph [0027]).
Regarding claim 2, Beredimas et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 1, wherein the evaluating, by the Policy Decision Point (PDP), the user request to access the resource further comprises: sending, by the Policy Decision Point (PDP), an attribute evaluation request regarding the attributes of the user to a Policy Information Point (PIP) (see Paragraph [0032], where the PEP communicate attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); - 26 -PA9390USevaluating, using the Policy Information Point (PIP), the attributes of the user, the evaluating using the extensible hierarchical domain model definition; and replying, by the Policy Information Point (PIP), to the attribute evaluation request based on the evaluating, using the Policy Information Point (PIP), of the attributes of the user (see Paragraph [0006] and [0032], where using namespace which is extensible Attribute Based access control grammar and PDP system. The namespaces provide for hierarchical policy domain with purpose-built vocabulary (e.g., objects/targets). PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced).
Regarding claim 5, Beredimas et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 2, further comprising generating a custom domain model; - 27 -PA9390USwherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises using the custom domain model (see Paragraph [0009], where the domain-specific policy grammar from the selected namespace includes a plurality of categories of policy grammar. In some embodiments, the method further includes receiving a user-defined (e.g., custom or third-party) namespace for incorporation into the set of namespaces).
Regarding claim 8, Beredimas et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 1, wherein the decision regarding the user request to access the resource on the application is to deny access to the resource based on the policy (see Paragraph [0032], where PDP evaluates the policy rules and sends a deny response along with supplementary obligations back to the PEP); and - 28 -PA9390USwherein the enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource is denying access to the resource on the application (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Regarding claim 9, Beredimas et al teach secure policies-based information governance based on policy hierarchy domain model as claim 9, wherein the decision regarding the user request to access the resource on the application is to grant access to the resource based on the policy; and wherein the enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application is granting access to the resource on the application (see Paragraph [0032], where user request access to a resource from Policy Enforcement Point (PEP). PEP communicates attributes of the request to a Policy Decision Point (PDP) for evaluation against the policy. The PDP retrieves the policy that is applicable to this user from the Policy Retrieval Point and any other related user information from the Policy information Points (PIP)).
Regarding claim 10, Beredimas et al teach a system for secure policies-based information governance, the system comprising: a Graphical User Interface (GUI) (see Paragraph [0025], receiving a business rule input from a business user (see Paragraph [0059], where receiving policy responsive to a user providing one or more input or selection at a client device); 
a policy engine generating a policy based on the business rule input, the policy engine generating a policy hierarchy (see Paragraph [0057], where receiving the domain-specific policy from the policy generation engine); 
at least one processor; and a memory storing processor-executable instructions, wherein the at least one processor is configured to implement the following operations upon executing the processor-executable instructions: defining a plurality of domain objects and a plurality of domain object representations in the Graphical User Interface (GUI) based on the policy and the policy hierarchy (see Paragraph [0006], where the namespaces provide for hierarchical policy domains with purpose-built vocabulary); 
defining an extensible hierarchical domain model definition using the policy hierarchy, the extensible hierarchical domain model definition being modified using the plurality of domain object representations in the Graphical User Interface (GUI) (see Paragraph [0006], where namespaces over an extensible Attribute Based Access Control grammar and PDP system. The namespace provides for hierarchical policy domains with purpose-built vocabulary);
 defining a Policy Enforcement Point (PEP) in an application based on the extensible hierarchical domain model definition (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which extensible hierarchical policy domains); 
providing a mapping from the Policy Enforcement Point (PEP) in the application to the plurality of domain object representations in the Graphical User Interface (GUI) (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which hierarchical policy domains); 
- 30 -PA9390USreceiving, by the Policy Enforcement Point (PEP), a user request to access a resource on the application, the user request comprising attributes of the user (see Paragraph [0032], where the PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
sending, by the Policy Enforcement Point (PEP), the user request to access the resource on the application to a Policy Decision Point (PDP) (see Paragraph [0032], where the PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
evaluating, by the Policy Decision Point (PDP), the user request to access the resource on the application, the evaluating using the extensible hierarchical domain model definition (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
generating, by the Policy Decision Point (PDP), a decision regarding the user request to access the resource on the application based on the evaluating; and enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application (see Paragraph [0032] and [0037], where generate namespace to address arbitrary policy use cases through PDP. PDP evaluates the policy rule and sends a permit or deny response along with supplementary obligations back to the PDP so that the authorized access is enforced).
Beredimas et al do not teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user.
However, in an analogous art, Memon et al teach same field of provide rule engines. Memon et al teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user (see Paragraph [0027], where a graphical user interface (GUI) receive rule by user of the business analyst device and interacting with user).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Memon et al using GUI to receiving rule from user.
Regarding claim 11, Beredimas et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 10, wherein the evaluating, by the Policy Decision Point (PDP), the user request to access the resource further comprises: sending, by the Policy Decision Point (PDP), an attribute evaluation request regarding the attributes of the user to a Policy Information Point (PIP) (see Paragraph [0032], where the PEP communicate attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); - 31 -PA9390USevaluating, using the Policy Information Point (PIP), the attributes of the user, the evaluating using the extensible hierarchical domain model definition (see Paragraph [0006] and [0032], where using namespace which is extensible Attribute Based access control grammar and PDP system. The namespaces provide for hierarchical policy domain with purpose-built vocabulary (e.g., objects/targets). PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced); and replying, by the Policy Information Point (PIP), to the attribute evaluation request based on the evaluating, using the Policy Information Point (PIP), of the attributes of the user (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Regarding claim 14, Beredimas et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 11, wherein the at least one processor is further configured to implement the following operations upon executing the processor-executable instructions: comprising generating a custom domain model; wherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises using the custom domain model (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Regarding claim 17, Beredimas et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 10, wherein the decision regarding the user request to access the resource on the application is to deny access to the resource based on the policy (see Paragraph [0032], where PDP evaluates the policy rules and sends a deny response along with supplementary obligations back to the PEP); and wherein the enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource is denying access to the resource on the application (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Regarding claim 18, Beredimas et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 10, wherein the decision regarding the user request to access the resource on the application is to grant access to the resource based on the policy (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit response along with supplementary obligations back to the PEP); and wherein the enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application is granting access to the resource on the application (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Regarding claim 19, Beredimas et al teach a non-transitory computer readable medium having embodied thereon instructions being executable by at least one processor to perform operations for secure policies-based information governance, the operations comprising: displaying a Graphical User Interface (GUI) (see Paragraph [0025], where user interface may include graphical user interface (GUI)), receiving a business rule input from a business user (see Paragraph [0059], where receiving policy responsive to a user providing one or more input or selection at a client device); 
receiving a policy from a policy engine based on the business rule input, the policy engine generating a policy hierarchy (see Paragraph [0057], where receiving the domain-specific policy from the policy generation engine);
 defining a plurality of domain objects and a plurality of domain object representations in the Graphical User Interface (GUI) based on the policy and the policy hierarchy (see Paragraph [0006], where the namespaces provide for hierarchical policy domains with purpose-built vocabulary); 
defining an extensible hierarchical domain model definition using the policy hierarchy, the extensible hierarchical domain model definition being modified using the plurality of domain object representations in the Graphical User Interface (GUI) (see Paragraph [0006], where namespaces over an extensible Attribute Based Access Control grammar and PDP system. The namespace provides for hierarchical policy domains with purpose-built vocabulary); 
defining a Policy Enforcement Point (PEP) in an application based on the extensible hierarchical domain model definition (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which extensible hierarchical policy domains); 
providing a mapping from the Policy Enforcement Point (PEP) in the application to the plurality of domain object representations in the Graphical User Interface (GUI) (see Paragraph [0006-0009], where PDPs are tightly couple with respective Policy Enforcement Points (PEPS). PDPS include namespaces which hierarchical policy domains); 
- 35 -PA9390USreceiving, by the Policy Enforcement Point (PEP), a user request to access a resource on the application, the user request comprising attributes of the user (see Paragraph [0032], where the PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
sending, by the Policy Enforcement Point (PEP), the user request to access the resource on the application to a Policy Decision Point (PDP) (see Paragraph [0032], where the PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
evaluating, by the Policy Decision Point (PDP), the user request to access the resource on the application, the evaluating using the extensible hierarchical domain model definition (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy); 
generating, by the Policy Decision Point (PDP), a decision regarding the user request to access the resource on the application based on the evaluating; and enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource on the application (see Paragraph [0032] and [0037], where generate namespace to address arbitrary policy use cases through PDP. PDP evaluates the policy rule and sends a permit or deny response along with supplementary obligations back to the PDP so that the authorized access is enforced).
Beredimas et al do not teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user.
However, in an analogous art, Memon et al teach same field of provide rule engines. Memon et al teach Graphical User Interface (GUI), the graphical user interface receiving a business rule input from a business user (see Paragraph [0027], where a graphical user interface (GUI) receive rule by user of the business analyst device and interacting with user).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Memon et al using GUI to receiving rule from user.
Regarding claim 20, Beredimas et al teach a non-transitory computer readable medium of secure policies-based information governance based on policy hierarchy domain model as claim 19, wherein the decision regarding the user request to access the resource on the application is to deny access to the resource based on the policy (see Paragraph [0032], where PDP evaluates the policy rules and sends a deny response along with supplementary obligations back to the PEP); and wherein the enforcing, by the Policy Enforcement Point (PEP), the decision regarding the user request to access the resource is denying access to the resource on the application (see Paragraph [0032], where PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligations back to the PEP so that the authorized access is enforced).
Claim(s) 3-4, 12-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Beredimas et al in view of Memon et al and further view of  Reiner et al(US 10990689 B1).
Regarding claim 3, modified Beredimas et al and Memon et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 2, wherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy).
Beredimas et al and Memon et al do not teach using at least one of a decision model template, a decision table template, and a domain.
However, in an analogous art, Reiner et al teach same field of accessing to asset is controlled with policies that reference attributes. Reiner et al teach using at least one of a decision model template, a decision table template, and a domain (Column 7 Lin 61- Column 8 Line 5, where policy information point attributes associated with the context of the access request and a decision is made regarding access request).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Reiner et al using information point attributes associated with the context of the access request and a decision is made regarding access request.
Motivation as recognized by one of ordinary skill in the art, to do so would the policy decision point may look at one or more of the requestor's role, the requested operation, the asset for which the operation is being requested, and the context of the access request (Column 7 Lin 61- Column 8 Line 5).
Regarding claim 4, modified Beredimas et al and Memon et al teach a method of secure policies-based information. governance based on policy hierarchy domain model as claim 3, wherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy): information for presenting to the business user using the Graphical User Interface (GUI) (see Paragraph [0025], where user interface may include graphical user interface (GUI)); attributes of the plurality of domain objects; and formatting of the attributes of the plurality of domain objects for displaying on the Graphical User Interface (see Paragraph [0006], where the namespaces provide for hierarchical policy domains with purpose-built vocabulary).
Beredimas et al and Memon et al do not teach using at least one of a decision model template, a decision table template, and a domain.
However, in an analogous art, Reiner et al teach same field of accessing to asset is controlled with policies that reference attributes. Reiner et al teach using at least one of a decision model template, a decision table template, and a domain (Column 7 Lin 61- Column 8 Line 5, where policy information point attributes associated with the context of the access request and a decision is made regarding access request).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Reiner et al using information point attributes associated with the context of the access request and a decision is made regarding access request (Column 7 Lin 61- Column 8 Line 5).
Regarding claim 12, modified Beredimas et al and Memon et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 11, wherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy).
Beredimas et al and Memon et al do not teach using at least one of a decision model template, a decision table template, and a domain.
However, in an analogous art, Reiner et al teach same field of accessing to asset is controlled with policies that reference attributes. Reiner et al teach using at least one of a decision model template, a decision table template, and a domain (Column 7 Lin 61- Column 8 Line 5, where policy information point attributes associated with the context of the access request and a decision is made regarding access request).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Reiner et al using information point attributes associated with the context of the access request and a decision is made regarding access request (Column 7 Lin 61- Column 8 Line 5).
Regarding claim 13, modified Beredimas et al and Memon et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 12, wherein the evaluating, using the Policy Information Point (PIP), the attributes of the user comprises (see Paragraph [0032], where evaluate the policy rules as applied to the resource. The user request access to a resource from Policy Enforcement Point (PEP). The PEP communicates attributes of the request (e.g., to access a resource) and user identification information to a Policy Decision Point (PDP) for evaluation against the policy): information for presenting to the business user using the Graphical User Interface (GUI) (see Paragraph [0025], where user interface may include graphical user interface (GUI)); attributes of the plurality of domain objects; and formatting of the attributes of the plurality of domain objects for displaying on the Graphical User Interface (see Paragraph [0006], where the namespaces provide for hierarchical policy domains with purpose-built vocabulary).
Beredimas et al and Memon et al do not teach using at least one of a decision model template, a decision table template, and a domain.
However, in an analogous art, Reiner et al teach same field of accessing to asset is controlled with policies that reference attributes. Reiner et al teach using at least one of a decision model template, a decision table template, and a domain (Column 7 Lin 61- Column 8 Line 5, where policy information point attributes associated with the context of the access request and a decision is made regarding access request).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Reiner et al using information point attributes associated with the context of the access request and a decision is made regarding access request (Column 7 Lin 61- Column 8 Line 5).
Claim(s) 6-7,15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Beredimas et al in view of Memon et al and further view of  Dutta et al (US 20100030890 A1).
Regarding claim 6, modified Beredimas et al and Memon et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 1. wherein the graphical user interface further comprises a policy designer screen for the business user, Enforcement Point (PEP) preventing the Policy Enforcement Point (PEP) from enforcing the policy (see Paragraph [0032], where all the information is available the PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced).
Beredimas et al and Memon et al do not teach the policy designer screen receiving a disable policy enforcement point input, the disable policy enforcement point input disabling the Policy Enforcement Point.
However, in an analogous art, Dutta et al teach same field of managing policy under Policy enforcement points. Dutta et al teach the policy designer screen receiving a disable policy enforcement point input, the disable policy enforcement point input disabling the Policy Enforcement Point (see Paragraph [0040], where use enable/disable to select enforcement point).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Dutta et al using user enable/disable to select enforcement point
Motivation as recognized by one of ordinary skill in the art, to do so would enabling addition and/or adjustment of technical policies (see Paragraph [0041]).
Regarding claim 7, modified Beredimas et al and Memon et al teach a method of secure policies-based information governance based on policy hierarchy domain model as claim 1, wherein the graphical user interface further comprises a policy designer screen for the business user, allowing the Policy Enforcement Point (PEP) to enforce the policy (see Paragraph [0032], where all the information is available the PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced).
Beredimas et al and Memon et al do not teach the policy designer screen receiving an enable policy enforcement point input, the enable policy enforcement point input enabling the Policy Enforcement Point
However, in an analogous art, Dutta et al teach same field of managing policy under Policy enforcement points. Dutta et al teach the policy designer screen receiving an enable policy enforcement point input, the enable policy enforcement point input enabling the Policy Enforcement Point (see Paragraph [0040], where use enable/disable to select enforcement point).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Dutta et al using user enable/disable to select enforcement point
Motivation as recognized by one of ordinary skill in the art, to do so would enabling addition and/or adjustment of technical policies (see Paragraph [0041]).
Regarding claim 15, modified Beredimas et al and Memon et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 10, wherein the graphical user interface further comprises a policy designer screen for the business user, Enforcement Point (PEP) preventing the Policy Enforcement Point (PEP) from enforcing the policy (see Paragraph [0032], where all the information is available the PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced).
Beredimas et al and Memon et al do not teach the policy designer screen receiving a disable policy enforcement point input, the disable policy enforcement point input disabling the Policy Enforcement Point.
However, in an analogous art, Dutta et al teach same field of managing policy under Policy enforcement points. Dutta et al teach the policy designer screen receiving a disable policy enforcement point input, the disable policy enforcement point input disabling the Policy Enforcement Point (see Paragraph [0040], where use enable/disable to select enforcement point).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Dutta et al using user enable/disable to select enforcement point
Motivation as recognized by one of ordinary skill in the art, to do so would enabling addition and/or adjustment of technical policies (see Paragraph [0041]).
Regarding claim 16, modified Beredimas et al and Memon et al teach a system of secure policies-based information governance based on policy hierarchy domain model as claim 10, wherein the graphical user interface further comprises a policy designer screen for the business user, allowing the Policy Enforcement Point (PEP) to enforce the policy (see Paragraph [0032], where all the information is available the PDP evaluates the policy rules and sends a permit or deny response along with supplementary obligation back to the PEP so that the authorized access is enforced).
Beredimas et al and Memon et al do not teach the policy designer screen receiving an enable policy enforcement point input, the enable policy enforcement point input enabling the Policy Enforcement Point
However, in an analogous art, Dutta et al teach same field of managing policy under Policy enforcement points. Dutta et al teach the policy designer screen receiving an enable policy enforcement point input, the enable policy enforcement point input enabling the Policy Enforcement Point (see Paragraph [0040], where use enable/disable to select enforcement point).
It would have been obvious to one of ordinary skills in art before the effective filling data of the
claimed invention to modify the system of Beredimas et al to incorporate the teaching of Dutta et al using user enable/disable to select enforcement point
Motivation as recognized by one of ordinary skill in the art, to do so would enabling addition and/or adjustment of technical policies (see Paragraph [0041]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hussain et al (US 20190205403) disclosed display criteria associated with a user interface pages, into a hierarchy of rules of displaying multiple user interface pages
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID HYUNGYU KIM whose telephone number is (571)272-0460. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571)-273-8300. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/DAVID HYUNGYU KIM/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499