Systems, Methods and Architectures for Dynamic Re-Evaluation of Rights Management Rules for Policy Enforcement on Downloaded Content

DETAILED ACTION Status of Claims This Office Action is in response to claims filed on 11/10/2025. Claim 1 is cancelled while claims 2-17 are pending and are examined hereon. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments With respect to rejection of claims under 35 U.S.C. 103, Applicant is of the opinion that the rejections should be withdrawn since amended claims are allowable over the cited references including their depended claims since the cited portions of Geisert, Ginter, and Clifford fail to disclose or suggest the features of claim 2, responsive to a user making a second attempt to access the downloaded content on the client device, dynamically re-evaluating, by a server in communication with the content server that provided the content, a Rights Management Services (RMS) rule and a policy for the downloaded content existing at a time of the access request to determine whether to allow access to the downloaded content, as in claim 2. Geisert teaches evaluating the policy at the first access by a user (after the document download) but does not teach re-evaluating at subsequent access attempts. See Geisert, paragraph [0015]. In fact, Geisert expressly states that the approaches discussed through, Par. [0015] have drawbacks, including that the RMS rules "are not dynamically re-evaluated for policy enforcement whenever protected content is access on a client device." See Geisert, paragraph [0016]. The cited portions of Ginter and Clifford are both silent with regard to responsive to a user making a second attempt to access the downloaded content on the client device, dynamically reevaluating, by a server in communication with the content server that provided the content, a Rights Management Services (RMS) rule and a policy for the downloaded content existing at a time of the access request to determine whether to allow access to the downloaded content, as in claim 2. Therefore, claim 2 is allowable, as are claims 3-9 that depend therefrom. Claim 10 is thus allowable for at least the same reasons as explained in connection with claim 2. Claims 11-17 are allowable for at least by virtue of their dependence from claim 2. Examiner fully considers Applicant’s position, but respectfully disagree and considering Applicant’s prior admission that there is re-evaluation of the policy after the document is downloaded by the user upon an access attempts of the downloaded document which is after the original policy was created for the document and every time the user try to access the document the “re-evaluation” of the current policy is cheeked to access the document, but the Applicant on the other hand seems to contend that an RMS rule and policy is not re-evaluated. That is, Applicant’s admitted prior art discloses re-evaluating the RMS policy for downloaded content every time the user try to access the content before allowing access to the content (Fig. 2 ; Par. [0015]). Further, Although Geisert does not explicitly disclose a second, a third… etc… subsequent attempts. However, this only describes duplicating/repeating steps and the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply provide for duplicating/repeating steps of the same function which does not differentiate the claims from the prior art. (In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) On the other hand Ginter discloses checking, each and every time the user try to access the content, permission to access based on rules that are modified periodically. Therefore, Examiner sustains the rejection. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 2-6, 9-14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Applicant’s admitted prior art in the background of the specification (citations to PGPub of Specification, Geisert (US 2015/0220881) in view of Ginter (US 2003/0105721). With respect to claims 2 and 10, Geisert discloses a method comprising: receiving, by a content server, a request, the request received from a client device (“call RMS server… for opening”); (Figs. 1-2; Pars. [0015], “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.”) providing, by the content server, the content for download to the client device; (Fig. 2; Pars. [0012], [0014]-[0015], “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202.”) receiving request (“call RMS server… for opening”) from the client device to access the downloaded content comprising: (Figs. 1-2; Par. 9 “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.”) responsive to a user making a second attempt to access the downloaded content on the client device, dynamically evaluating, by a server in communication with the content server that provided the content, a Rights Management Services (RMS) (Pars. [0014]-[0015], “RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245. Policy enforcement agent 245, in turn, ensures that enterprise content usage policies 288 are appropriately applied to the document at issue.”) for the downloaded content existing at a time of the access request to determine whether to allow access to the downloaded content; (Fig. 2; Par. [0015], “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202.”) modifying the RMS (Pars. [0014] “Enterprise content usage policies 288 may be created and managed by administrators of enterprise RMS system 200 (e.g., using a policy editor provided by RMS server 285).” [0015], “For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy.”) and receiving request from the client device to access the downloaded content comprising: (Figs. 1-2; Par. 9 “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.”) re-evaluating the RMS (Fig. 2 ; Par. [0015], “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245. Policy enforcement agent 245, in turn, ensures that enterprise content usage policies 288 are appropriately applied to the document at issue. For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy. This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”), responsive to a user making a second attempt to access the downloaded content on the client device, dynamically re-evaluating, by a server in communication with the content server that provided the content, a Rights Management Services (RMS) (Fig. 2 ; Par. [0015]), wherein the RMS (Par. [0015] “However, it has since been replaced with a read-only policy.”). Although Geisert does not explicitly disclose a second, a third… etc… subsequent attempts. However, this only describes duplicating/repeating steps and the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply provide for duplicating/repeating steps of the same function which does not differentiate the claims from the prior art. (In re Harza, 274 F.2d 669, 124 USPQ 378 (CCPA 1960) (Claims at issue were directed to a water-tight masonry structure wherein a water seal of flexible material fills the joints which form between adjacent pours of concrete. The claimed water seal has a "web" which lies in the joint, and a plurality of "ribs" projecting outwardly from each side of the web into one of the adjacent concrete slabs. The prior art disclosed a flexible water stop for preventing passage of water between masses of concrete in the shape of a plus sign (+). Although the reference did not disclose a plurality of ribs, the court held that mere duplication of parts has no patentable significance unless a new and unexpected result is produced.).) Geisert does not explicitly disclose: receiving, by a content server, a request for content, receiving another access request from the client device to access the content, and receiving, by a content server, a plurality of content access requests for content, the plurality of content access requests received from a client device, each of the plurality of content access requests received at a different time by the content server, evaluating an RMS rule, modifying the rule for the content, re-evaluating the rule for the content. Ginter discloses: receiving, by a content server, a request for content (“objects”) (Figs. 1, 2-3, 7-8, 12-12A, 20, 35, 45, 72B, 72D; Pars. [0221] “For example, smart objects may travel to and/or from remote information resource locations and fulfill requests for electronic information content.” [0215], [0474], [0899], [0911] “In one of its roles or instances, object submittal manager 774 provides a user interface 774a that allows the user to create an object configuration file 1240 specifying certain characteristics of a VDE object 300 to be created. This user interface 774a may, for example, allow the user to specify that she wants to create an object, allow the user to designate the content the object will contain, and allow the user to specify certain other aspects of the information to be contained within the object (e.g., rules and control information, identifying information, etc.)” [1881], [2241] “If an end user requests delivery of content that is not stored in content storage, the VDE repository may locate the actual storage site for the content using information stored in content references (e.g. the network address where the content may be located, a URL, a filesystem reference, etc.) After the content is located, the content may be transmitted across the network to the repository or it may be delivered directly from where it is stored to the requesting end user.”). receiving another access request from the client device to access the content, and receiving, by a content server, a plurality of content access requests for content, the plurality of content access requests received from a client device, each of the plurality of content access requests received at a different time by the content server (Pars. [0426], [1047], [0872], [1348] “the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300… Steps 1164-1168 may be repeated multiple times in the same or different communications session to provide further updates to the end user's secure database 610.” [2250] “As indicated above, end users 3310 in this example will periodically contact the VDE repository to transmit content usage information (e.g. related to consumption of budget, recording of other usage activities, etc.), replenish their budgets, modify their account profile, access usage analysis information, and perform other administrative and information exchange activities.”) evaluating a rule for the content, (Figs. 5A, 35; Pars. [0391], [0407], [0412] “The virtual distribution environment 100 prevents use of protected information except as permitted by the “rules and controls” (control information). For example, the “rules and controls” shown in FIG. 2 may grant specific individuals or classes of content users 112 “permission” to use certain content.” [0442], [1348] “During the same or different communications exchange, the same or different clearinghouse may handle the end user's request for additional budget and/or permission pertaining to VDE object 300. For example, the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300. The clearinghouse may upon receipt of such a request, check the end user's credit, financial records, business agreements and/or audit histories to determine whether the requested budgets and/or permissions should be given…” [2133]) modifying the rule for the content, (Fig. 2A; [0398], [0418] “FIG. 2A shows… “rules and controls” are modified or deleted by distributor 106; and still other “rules and controls” are added by the distributor.”) re-evaluating the rule for the content. (Figs. 5A, 35; Pars. [0442], [1348] “During the same or different communications exchange, the same or different clearinghouse may handle the end user's request for additional budget and/or permission pertaining to VDE object 300… updating might, for example, comprise replacing an expired PERC 808 with a fresh one, modifying a PERC to provide additional (or lesser) rights, etc. Steps 1164-1168 may be repeated multiple times in the same or different communications session…” [2133]) Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device of the user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository on a computing device associated with user to allow access to the content based on changed policy (Fig. 2; Pars. [0009] “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.” [0015]) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document for checking with AD server 170, if the user should have access to the selected document based on changed policy (Geisert, Fig. 2; Pars. [0009], [0015]) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). With respect to Claims 3 and 11, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses accessing an enterprise library where the RMS rule is stored (“enterprise content usage policies 288”) (Fig. 2; Par. [0015] “RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245.”). With respect to Claims 4 and 12, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses wherein the content server configured for performing the reevaluating (Fig. 2 ; Par. [0015], “ For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy. This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”) Geisert does not explicitly disclose wherein the content server comprises a dynamic re-evaluation control logic component. Ginter discloses wherein the content server comprises a dynamic re-evaluation control logic component (“VDE secure subsystem”) (Fig. 35; Par. [0011], [0017] “VDE can be used to create an adaptable environment that fulfills the needs of electronic information owners, distributors, and users; financial clearinghouses; and usage information analyzers and resellers.” [1348] “During the same or different communications exchange, the same or different clearinghouse may handle the end user's request for additional budget and/or permission pertaining to VDE object 300. For example, the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300. The clearinghouse may upon receipt of such a request, check the end user's credit, financial records, business agreements and/or audit histories to determine whether the requested budgets and/or permissions should be given. The clearinghouse may, based on this analysis, send one or more responsive administrative objects which cause the end user's electronic appliance 600 to update its secure database in response (Block 1166, 1168). This updating might, for example, comprise replacing an expired PERC 808 with a fresh one, modifying a PERC to provide additional (or lesser) rights, etc. Steps 1164-1168 may be repeated multiple times in the same or different communications session to provide further updates to the end user's secure database 610.” [2133] “In the preferred embodiment, each time a user registers a new object with her own VDE node, and/or alternatively, with a remote clearinghouse and/or distributor VDE node, one or more permissions records are provided to, at least in part, govern the use of said object. The permissions records may be provided dynamically during a secure UDE registration process (employing the VDE installation secure subsystem), and/or may be provided following an initial registration and received at some subsequent time, e.g. through one or more separate secure VDE communications, including, for example, the receipt of a physical arrangement containing or otherwise carrying said information.” [2347]) Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 2; Pars. [0009] “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.” [0015] “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245.”) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document and checking with AD server 170, if the user should have access to the selected document each time the user accesses the content (Geisert, Fig. 2; Pars. [0009], [0015] “This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). With respect to Claims 5 and 13, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses wherein the re-evaluating is performed each time an access request for the content (Fig. 2 ; Par. [0015], “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245. Policy enforcement agent 245, in turn, ensures that enterprise content usage policies 288 are appropriately applied to the document at issue. For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy. This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”). Geisert does not explicitly disclose an access request for the content is received by the content server. Ginter discloses an access request for the content is received by the content server (Pars. [0426], [1047], [0872], [1348] “the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300… Steps 1164-1168 may be repeated multiple times in the same or different communications session to provide further updates to the end user's secure database 610.” [2250] “As indicated above, end users 3310 in this example will periodically contact the VDE repository to transmit content usage information (e.g. related to consumption of budget, recording of other usage activities, etc.), replenish their budgets, modify their account profile, access usage analysis information, and perform other administrative and information exchange activities.”). Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 2; Pars. [0009] “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.” [0015] “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.”) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document and checking with AD server 170, if the user should have access to the selected document (Geisert, Fig. 2; Par. [0009]) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). With respect to Claims 6 and 14, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses determining whether to allow access to the downloaded content comprises determining one or more current policies applicable to the content (Par. [0015] “Policy enforcement agent 245, in turn, ensures that enterprise content usage policies 288 are appropriately applied to the document at issue. For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy. This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”) Geisert does not explicitly disclose utilizing a content identifier associated with the content in determining one or more current policies applicable to the content. Ginter discloses utilizing a content identifier associated with the content in determining one or more current policies applicable to the content (Figs. 5B, 22, 26A, 35; Pars. [1242]-[1251] “Detailed Example of a PERC 808… FIGS. 26A and 26B show one example of a preferred embodiment PERC 808. In this example, PERC header 900 includes:.. an expiration date/ time field 932 specifying the expiration date and/or time for the PERC,… a last modification date/ time field 934 specifying the last date and/or time the PERC 808 was modified,… an object ID field 940 identifying the corresponding VDE object 300,” [1348] “During the same or different communications exchange, the same or different clearinghouse may handle the end user's request for additional budget and/or permission pertaining to VDE object 300. For example, the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300. The clearinghouse may upon receipt of such a request, check the end user's credit, financial records, business agreements and/or audit histories to determine whether the requested budgets and/or permissions should be given. The clearinghouse may, based on this analysis, send one or more responsive administrative objects which cause the end user's electronic appliance 600 to update its secure database in response (Block 1166, 1168). This updating might, for example, comprise replacing an expired PERC 808 with a fresh one, modifying a PERC to provide additional (or lesser) rights, etc. Steps 1164-1168 may be repeated multiple times in the same or different communications session to provide further updates to the end user's secure database 610.” [2133] “In the preferred embodiment, each time a user registers a new object with her own VDE node, and/or alternatively, with a remote clearinghouse and/or distributor VDE node, one or more permissions records are provided to, at least in part, govern the use of said object.) Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 2; Pars. [0009] “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.” [0015] “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245.”) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document and checking with AD server 170, if the user should have access to the selected document each time the user accesses the content (Geisert, Fig. 2; Pars. [0009], [0015] “This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). With respect to Claims 9 and 17, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses wherein the content server is part of a document management system (Figs. 1-2; Pars. [0013] “FIG. 2 depicts a diagrammatic representation of an infrastructure and operation of enterprise RMS system 200 with content server 280, enterprise content repository 290, RMS server 285, centrally managed enterprise content usage policies 288, and policy enforcement agent 245.”). Claims 7-8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Applicant’s admitted prior art in the background of the specification (citations to PGPub of Specification, Geisert (US 2015/0220881) in view of Ginter (US 2003/0105721) in view of Clifford (US 8,977,849 B1). With respect to Claims 7 and 15, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Geisert discloses: performing, by the content server: receiving a request from the client device to download the document of the first type; (Fig. 2; Par. [0015] “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202.”) sending the encrypted document to the client device in response to the request from the client device to download the document of the first type (Fig. 2; Par. [0015]). Geisert does not explicitly disclose: performing, by the content server: applying a rights management rule to items in an enterprise library, the items including a document of a first type, the rights management rule referencing a first policy; generating a content key for the document of the first type; encrypting the document of the first type with the content key; document of the first type. Ginter disclose: performing, by the content server: applying a rights management rule to items in an enterprise library, the items including a document of a first type, the rights management rule referencing a first policy; (Figs. 73-74; Pars. [1906], [1907] “In this example, a dispatching VDE electronic appliance 3010 constructs a smart object 3000 like the one shown in FIG. 73. The rule set in 806 a is specified as a control set that contains the following elements:” [1922] “Container 300 y is specified as a content object with two types of content. Content type A is routing information and is read/write in nature. Content type A is associated with a rules set that specifies:” [1923] “1. A use event that specifies no operation for the release of the content. This has the effect of not charging for the use of the content.” [1926] “Content type B is information that is used by the software agent to specify parameters for the agent. This content is specified as the string “fire fly” or “fire flies”. Content type B is associated with the following rule set:” [1927] “1. A use event that specifies that the use may only be by the software agent or a routing agent. The software agent has read only permission, the routing agent has read/write access to the information. There are no charges associated with using the information, but two meters; one by read and one by write are kept to track use of the information by various steps in the process.” [1943] “The remote site 3020 returns the now “full” smart object 3000 back to the original sender (the user) at their VDE node 3010 via path 3024. Upon arrival, the smart object 3000 is registered and the database records are available.”) generating a content key for the document of the first type; (Pars. [1622] “Meanwhile, the creator site may use the convolution step 2871(z) based on his RTC 528 value (adjusted to correspond to the intended validity time for the key) to generate a convoluted key 2862(z), which may then be used to generate the content key 2863 in the object's PERC 808.” [1709] “Content Keys are unique to an object 300, and are not dependent on key information shared between PPEs 650. They are preferably generated by the PPE 650 at the time the content is encrypted.”) encrypting the document of the first type with the content key; (Pars. [0197], [1110] “The data blocks 812 contain content (information or administrative) that may be encrypted using one or more content keys also provided in permissions record 808.” [1504] “Looking at FIG. 51 f, once the EVENT, METER, BILLING and BUDGET methods have returned successfully to WRITE control method 1782, the WRITE control method writes audit information to Audit UDE (blocks 1890, 1892), and then determines (based on the PERC for the object and user and an optional algorithm) which key should be used to encrypt the content before it is written to the container (blocks 1894, 1896). CONTROL method 1782 then encrypts the content (block 1898) possibly by calling an ENCRYPT method, and writes the encrypted content to the object (block 1900).” [1523] “FIG. 55 b is a flowchart of an example of process control steps performed by a representative example of an ENCRYPT method 2050. ENCRYPT method 2050 is passed as an input, a block of information to encrypt (or a pointer indicating where it may be found). ENCRYPT method 2050 then may determine an encryption key to use from a key block (block 2052). The encryption key selection makes a determination if a key for a specific block of content to be written already exists in a key block stored in PERC 808.” [1709], [1095] “Briefly, the FIG. 17 “logical object” structure 800 in the preferred embodiment includes a public header 802, private header 804, a “private body” 806 containing one or more methods 1000, permissions record(s) (PERC) 808 (which may include one or more key blocks 810), and one or more data blocks or areas 812. These elements may be “packaged” within a “container” 302. This generalized, logical object structure 800 is used in the preferred embodiment for different types of VDE objects 300 categorized by the type and location of their content.”) document of the first type (Pars. [1906], [1907] “In this example, a dispatching VDE electronic appliance 3010 constructs a smart object 3000 like the one shown in FIG. 73. The rule set in 806 a is specified as a control set that contains the following elements:” [1922] “Container 300 y is specified as a content object with two types of content. Content type A is routing information and is read/write in nature. Content type A is associated with a rules). Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 2; Pars. [0009] “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening.” [0015] “Suppose user 202 is allowed to access content server 280 and download encrypted document 255 from enterprise content repository 290 using a client application running on a computing device associated with user 202… Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245.”) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document and checking with AD server 170, if the user should have access to the selected document each time the user accesses the content (Geisert, Fig. 2; Pars. [0009], [0015] “This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). Neither Geisert nor dose Ginter explicitly disclose: generating and encrypting a publishing license for the document using a server public key, the publishing license for the document containing the content key and a content identifier for the document; encrypted publishing license for the document. Clifford discloses: generating and encrypting a publishing license for the document using a server public key, (Abstract, Figs. 2, 5; Col. 1, Lines 47-59; Col. 2, Lines 21-53 “The computer system may further include a publishing license enforcement module configured to create a publishing license for the superior layer of the RMS, and control rights and attributes associated with the ciphertext data object within the superior layer.” Col. 4, Lines 11-28; “The PL, which may be encrypted by an RMS public key, may be attached to an encrypted copy of the data.” Col. 6, Lines 5-24) the publishing license for the document of the first type containing the content key and a content identifier for the document of the first type; (Col. 4, Lines 11-28 “Information included in the PL may include principal identities which have been granted rights, rules describing the types of data access to be allowed, data signature, and the data encryption/decryption key.”) encrypted publishing license for the document (Col. 2, Lines 21-53; Col. 4, Lines 11-39) Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection of the content or allowing of the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 1; Pars. [0009], [0015]) of Geisert, Ginter in view of Clifford in order for the RMS server to determines, based on user data and the publishing license from document and checking with AD server 170 to determine if the user should have access to the selected document (Geisert, Fig. 1; Par. [0009]) and to enforce the policies that protect the contents within a specific document and protect content from being decrypted by unauthorized entities by implementing server based policies (Clifford ‘849, Col. 3, Lines 34-50). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). With respect to Claims 8 and 16, Geisert in view of Ginter discloses all the limitations as described above. Additionally, Lamba discloses: re-evaluating, by the content server, the RMS rule and policy for the downloaded content the re-evaluating including determining applicability (Fig. 2 ; Par. [0015], “Policy enforcement agent 245 may be configured to monitor application events and call RMS server 285 when user 202 selects encrypted document 255 for opening. RMS server 285 may evaluate enterprise content usage policies 288 and provide instructions to policy enforcement agent 245. Policy enforcement agent 245, in turn, ensures that enterprise content usage policies 288 are appropriately applied to the document at issue. For example, encrypted document 255 may have a policy that allows for full access when encrypted document 255 was first downloaded by user 202. However, it has since been replaced with a read-only policy. This information is communicated to policy enforcement agent 245 at the time when user 202 selects to open encrypted document 255. In accordance with the new read-only policy, policy enforcement agent 245 will operate to decrypt document 255 and allow document 255 to be opened on the computing device associated with user 202 as a read-only document.”). Geisert does not explicitly disclose: evaluating, by the content server, a rule for the content, and application of the first policy to the document of the first type. Ginter disclose: evaluating, by the content server, a rule for the content, (Figs. 5A, 35; Pars. [0391], [0407], [0412] “The virtual distribution environment 100 prevents use of protected information except as permitted by the “rules and controls” (control information). For example, the “rules and controls” shown in FIG. 2 may grant specific individuals or classes of content users 112 “permission” to use certain content.” [0442], [1348] “During the same or different communications exchange, the same or different clearinghouse may handle the end user's request for additional budget and/or permission pertaining to VDE object 300. For example, the end user's electronic appliance 600 may (e.g., in response to a user input request to access a particular VDE object 300) send an administrative object to the clearinghouse requesting budgets and/or other permissions allowing access (Block 1164). As mentioned above, such requests may be transmitted in the form of one or more administrative objects, such as, for example, a single administrative object having multiple “events” associated with multiple requested budgets and/or other permissions for the same or different VDE objects 300. The clearinghouse may upon receipt of such a request, check the end user's credit, financial records, business agreements and/or audit histories to determine whether the requested budgets and/or permissions should be given…” [2133]) application of the first policy to the document of the first type (Figs. 73-74; Pars. [1906], [1907] “In this example, a dispatching VDE electronic appliance 3010 constructs a smart object 3000 like the one shown in FIG. 73. The rule set in 806 a is specified as a control set that contains the following elements:” [1922] “Container 300 y is specified as a content object with two types of content. Content type A is routing information and is read/write in nature. Content type A is associated with a rules set that specifies:” [1923] “1. A use event that specifies no operation for the release of the content. This has the effect of not charging for the use of the content.”). Therefore, the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to simply substitute the calling of the RMS server by the RMS client-enabled application running on the computing device associated with user during a user selection for access of the content or allowing the user to access content server and download encrypted document from enterprise content repository using a client application running on a computing device associated with user (Fig. 2; Pars. [0009], [0015]) of Geisert, in view of Ginter in order for the RMS server to determine, based on user data and the publishing license from the document and checking with AD server 170, if the user should have access to the selected document each time the user accesses the content (Geisert, Fig. 2; Pars. [0009], [0015]) and to monitor user/device usage activity related to the content requested/consumed and updated users permission to access the content based on up to date rules and rights (Ginter, Pars. [1348], [2240]-[2241]). ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: PGPub Kapoor et al. (US 2014/0189783), Kapoor discloses accessing a current policy, (Figs. 1-2; Pars. 43, 50, 69-78, 85-86, 92-93). Patent to Clifford (US 8,812,874), Clifford ‘874 discloses a document management system (DMS) server (Storage System) comprising: a processor; a computer program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor, the stored instructions when translated by the processor cause the DMS to perform (Figs. 1, 5; Col. 3, Lines 44-Col. 5, Line 59; Col. 9, Line 8-Col. 10, Line 30): and a digital rights management system (DRMS) (RMS) server comprising: a processor; a non-transitory computer-readable medium: and stored instructions translatable by the processor, the stored instructions when translated by the processor cause the DRMS to perform (Figs. 1, 5; Col. 3, Lines 44-60; Col. 5, Lines 51-59; Col. 9, Line 8-Col. 10, Line 30): generating, by the DRMS server, an encrypted use license for the content (Fig. 4; Col. 8, Lines 32-62); and sending, by the DRMS server, the encrypted use license for the content to the user device (Figs. 1, 4; Col. 8, Line 42-Col. 9, Line 7). Any inquiry concerning this communication or earlier communications from the examiner should be directed to WODAJO GETACHEW whose telephone number is (469)295-9069. The examiner can normally be reached M-F 8:00-6:00 CST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /WODAJO GETACHEW/Examiner, Art Unit 3697