DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 01/15/21.  Claims 1-20 are still pending and have been considered below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 3 and 11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 3 and 11 recite the limitation "the computing resource" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language appears to establish at least two separate and distinct instances of a “computing resource” (see line 3 of Claim 1 and line 3 of Claim 3; and line 3 of Claim 8 and line 3 of Claim 11); thus, render the claims indefinite in that it is unclear as to which one the limitation in question should be in reference to.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Forsberg et al. (2014/0380405).
Claim 1:  Forsberg et al. discloses a computer-implemented method for providing controlled access to a system by a user device, the method comprising:
receiving a request for access to a computing resource, the request including a current context, the current context defining a user space and a resource space(triggering events, such as events triggered by user-level software executing in a domain requesting access to a system resource) [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080];
evaluating, by the user device, the current context against a security policy(enforce a policy in response to an event) [page 16, paragraph 0116];
determining that the user device is permitted to access the computing resource based on the request in response to the evaluating the current context against the security policy(policy defines permitted accesses/uses of resources) [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102]; and
in response to determining that the user device is permitted to access the computing resource, accessing the computing resource as requested [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102].
Claim 2:  Forsberg et al. discloses the computer-implemented method of claim 1, wherein the determining that the user device is permitted to access the computing device based on the request in response to the evaluating the current context against the security policy is performed by the user device [pages 9-10, paragraphs 0076-0077].
Claim 3:  Forsberg et al. discloses the computer-implemented method of claim 1, wherein the request is a first request, the method further comprising: receiving, from the user device, a second request for access to a computing resource, the second request including a second context, the second context defining a user space and a resource space [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080]; evaluating, by the user device, the second context against a security policy [page 16, paragraph 0116]; determining that the user device is not permitted to access the computing resource based on the second request in response to the evaluating the second context against the security policy(deny access to an anti-purpose defined in the policy) [page 16, paragraphs 0113-0114]; and in response to determining that the user device is not permitted to access the computing resource, displaying an error message on the user device [pages 10-11, paragraph 0081].
Claim 4:  Forsberg et al. discloses the computer-implemented method of claim 1, wherein the user space and the resource space are respective of the user device [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080].
Claim 5:  Forsberg et al. discloses the computer-implemented method of claim 1, wherein the security policy is received by the user device from a policy database [page 9, paragraphs 0071-0072].
Claim 6:  Forsberg et al. discloses the computer-implemented method of claim 5, wherein the security policy received from the policy database includes one or more custom security policies corresponding to the current context of the request and a default security policy(active device policy and domain specific policies) [page 14, paragraphs 0103-0105].
Claim 7:  Forsberg et al. discloses the computer-implemented method of claim 1, wherein the security policy comprises a default security policy and one or more custom security policies, the method further comprising merging, by the user device, the default security policy and the one or more custom security policies(merging of artifacts into least restrictive conforming policy) [page 14, paragraphs 0104-0105].
Claim 8:  Forsberg et al. discloses a computer-implemented method for providing controlled access to a system by a user device, comprising:
receiving, by a server device, a request to access a computing resource made available by the server device and including a current context, the current context defining a user space and a resource space [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080];
in response to receiving the request, retrieving a default security policy from a database and a custom security policy from the database(policy pool) [page 14, paragraphs 0103-0105];
merging the default security policy as retrieved and the custom security policy as retrieved into a merged security policy(active device policy) [page 14, paragraphs 0103-0105];
evaluating, by the server device, the current context against the merged security policy [page 16, paragraph 0116];
determining that the request is permissible based on the evaluating the current context against the merged security policy [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102]; and
enabling access to the computing resource [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102].
Claim 9:  Forsberg et al. discloses the computer-implemented method of claim 8, wherein the merging comprises one or more of removing an entry from the default security policy, adding an entry to the default security policy, or updating an entry in the default security policy [page 14, paragraphs 0104-0105].
Claim 10:  Forsberg et al. discloses the computer-implemented method of claim 8, wherein the retrieving a default security policy from a database, the retrieving a custom security policy from the database, and the merging the default security policy as retrieved, and the custom security policy as retrieved into a merged security policy are completed by the server device in communication with the database [page 14, paragraphs 0103-0105].
Claim 11:  Forsberg et al. discloses the computer-implemented method of claim 8, wherein the request is a first request, further comprising: receiving, by the server device, a second request to access a computing resource made available by the server device and including a second context, the second context defining a user space and a resource space [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080]; in response to receiving the second request, retrieving the default security policy from the database and the custom security policy from the database [page 14, paragraphs 0103-0105]; merging the default security policy as retrieved and the custom security policy as retrieved into the merged security policy [page 14, paragraphs 0103-0105]; evaluating, by the server device, the second context against the merged security policy [page 16, paragraph 0116]; determining that the second request is not permissible based on the evaluating the second context against the merged security policy [page 16, paragraphs 0113-0114]; and disabling access to the computing resource in response to determining that the second request is not permissible [pages 10-11, paragraph 0081].
Claim 12:  Forsberg et al. discloses a computer-implemented method, comprising:
receiving a request for access to a computing resource, the request including a current context, the current context defining a user space and a resource space [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080];
evaluating the current context against a security policy [page 16, paragraph 0116];
determining that a user device that is a source of the request is permitted to access the computing resource based on the evaluating the current context against the security policy [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102]; and
accessing the computing resource as requested [page 10, paragraph 0078 | page 11, paragraph 0084 | page 14, paragraph 0102].
Claim 13:  Forsberg et al. discloses the computer-implemented method of claim 12, wherein the evaluating the current context against a security policy is performed by a user device [pages 9-10, paragraphs 0076-0077].
Claim 14:  Forsberg et al. discloses the computer-implemented method of claim 12, wherein the evaluating the current context against a security policy is performed by a server device [page 16, paragraph 0116].
Claim 15:  Forsberg et al. discloses the computer-implemented method of claim 12, further comprising: evaluating a second context against a security policy [page 16, paragraph 0116]; determining that the user device is not permitted to access the computing resource based on the evaluating the second context against the security policy [page 16, paragraphs 0113-0114]; and denying access to the computer resource as requested [pages 10-11, paragraph 0081].
Claim 16:  Forsberg et al. discloses the computer-implemented method of claim 12, wherein the security policy comprises a merged security policy, the merged security policy comprising a combination including a default security policy merged with one or more custom security policies [page 14, paragraphs 0103-0105].
Claim 17:  Forsberg et al. discloses the computer-implemented method of claim 16, wherein the merged security policy comprises one or more of an entry removed from the default security policy, an entry added to the default security policy, or an entry updated in the default security policy [page 14, paragraphs 0104-0105].
Claim 18:  Forsberg et al. discloses the computer-implemented method of claim 12, wherein the current context comprises a user space or a resource space [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080].
Claim 19:  Forsberg et al. discloses the computer-implemented method of claim 12, further comprising receiving a request to access a computing resource [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080].
Claim 20:  Forsberg et al. discloses the computer-implemented method of claim 19, wherein the request to access the computing resource is received by the user device [pages 7-8, paragraph 0064 | page 10, paragraphs 0079-0080].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Biegala et al. (8,955,148).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EDWARD ZEE/Primary Examiner, Art Unit 2435