Notice of Pre-AIA or AIA Status
The present application is being examined under the pre-AIA first to invent provisions.
DETAILED ACTION
This Office Action is in response to the Amendment filed 11/13/2025. In the instant Amendment, claims 1-3 and 5-10 were amended; claim 4 was cancelled; claims 1 and 6 are independent claims. Claims 1-10 are pending in this application. THIS ACTION IS MADE FINAL.
Response to Arguments
The claim objections to claims 1-3, 5-8 and 10 are withdrawn.
The 35 U.S.C. 112 rejection to claims 1-5 are withdrawn.
The claim interpretation to claims 6 and 9-10 have been withdrawn.
Applicant’s arguments with respect to claims 1, 8 and 15 in regard to the limitation “identifying the one or more security intents denied by one or more of the target policies,” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s arguments filed 11/13/2025 have been fully considered but they are not persuasive.
Applicant argues that (on pages 7-12): amended independent claims 1 and 6 are no longer directed to a mental process because the claims now recite (i) creation of an intermediate representation that enables translation of input security policies into a plurality of target policies of different formats , (ii) translation of a single security intent into multiple target policies executable on multiple policy engines, and (iii) determining a difference between denied security intents and target policies. Applicant further argues that the recited machine-readable format, Kubernetes-related content, and processor limitations integrate the alleged abstract idea into a practical application and amount to significantly more.
The Examiner respectfully disagrees with the applicant. Amended claims 1 and 6 still recite an abstract idea, namely, the collection, organization, translation and comparison of security-policy information, including creating an intermediate representation, translating that representation into target policies of different formats, and determining a difference between denied security intents and target policies. These limitations remain directed to mental processes/abstract information analysis under the broadest reasonable interpretation. The recitation of a machine-readable format, Kubernetes-related context, multiple policy engines, a processor, and memory merely places the abstract idea in a particular technological environment and invokes generic computer components as tools. The claims do not recite a specific technological environment and invokes generic computer components as tools. The claims do not recite a particular technological improvement to computer functionality, a particular machine integral to the claim, or any non-generic policy-translation mechanism. Therefore, the judicial exception is not integrated into a practical application, and the additional elements, individually and in ordered combination, do not amount to significantly more than the abstract idea.
Further at Step 2A, Prong One, amended claim 1 still recites an abstract idea. Even as amended, the claim is directed to receiving security-policy information, creating an intermediate representation of that information, translating that representation into other policy expressions, and comparing denied intents with target policies to determine a difference. Those limitations remain directed to collecting, analyzing, organizing, and comparing information (i.e. a mental process/abstract evaluation of policy information, merely performed in a computer environment). The amendment changes the wording and narrows the content of the information being manipulated, but the claim focus remains the manipulation of policy/intention data and the evaluation of correspondence between policy-related representations. Applicant’s assertion that the claimed operations cannot practically be performed in the human mind because of scale, complexity, machine-readable inputs, or a Kubernetes deployment context is also unpersuasive. The question is not whether a human could efficiently perform the claimed operations at production scale, but whether the claim, under its broadest reasonable interpretation, is directed to types of acts such as observation, evaluation, judgement and conversion of information. Here, the added limitations still amount to information transformation and comparison: policy information is translated from one representation to another, and denied intents are compared against target policies to identify a difference. The recitation of “machine-readable format,” “Kubernetes resource,” “policy engines” or “target environment” does not change the character of the claim from information processing to a technological improvement in computer functionality. At step 2A, Prong Two, the judicial exception is not integrated into a practical application. The amended claims do not recite a specific improvement to computer technology, to policy-engine operation, to Kubernetes control-plane mechanics, or to any particular translation engine architecture. Instead, the claims broadly require creating an intermediate representation, translating policies into different formats, and determining differences, all at a functional/result-oriented level. The claimed processor and memory in claim 6 are likewise generic components performing generic data-processing functions. A claim is not integrated into a practical application merely because it limits the abstract idea into a particular technological field or invokes a generic computer as a tool. Applicant’s reliance on the plurality of target-policy formats and multiple policy engines is similarly unpersuasive. Those limitations merely specify the intended outputs and environment of use for the policy translation. The claim recites the desired result-different format target policies executable on multiple policy engines without reciting a concrete technical mechanism that improves the operation of the computer or the policy engines themselves. Applicant’s arguments concerning “determining a difference between denied security intents and the target policies,” is also not persuasive. That step is still a comparison/evaluation of information. It does not, as claimed require any technological remediation, any control of a machine in a non-generic way, or any specific transformation of a physical article. The deletion of the “operational alert” language does not alter that analysis; the remaining “determining a difference “ limitation still constitutes information analysis. At Step 2B, the additional elements do not amount to significantly more than the abstract idea. The processor, memory, machine-readable input, target environment, policy engines, and policy-format outputs are recited at a high level of generality and perform their conventional roles of receiving, storing, executing, translating, and comparing information. Considered individually and as an ordered combination, the claim elements amount to no more than implementing the abstract idea on a generic computer technology. Merely adding generic computer components or insignificant extra-solution activity does not make the claim patent eligible. Accordingly, the 35 U.S.C. 101 rejection is maintained.
Applicant argues (on pages 12-15): that the cited prior art fails to explicitly disclose or suggest deriving one or more input security policies embodying one or more security intents; creating an intermediate representation representative of the one or more security intents embodied in the one or more input security policies, and wherein the intermediate representation is created to enable translation of the one or more input security policies into a plurality of target policies of different formats; identifying one or more of the target policies operating in a target environment; converting the intermediate representation and the one or more security intents embodied therein into the plurality of target policies of the different formats, and wherein a single security intent is translated into multiple target policies of the different formats executable on multiple policy engines; and determining a difference between denied security intents and the one or more of the target policies, in an event the one or more security intents are denied during the translation of the intermediate representation into the plurality of target policies.
The Examiner respectfully disagrees with the applicant. Mercian discloses on the semantic gap between policy intents and policy configurations and the PII system extracts the policy intents from policy configurations. Mercian uses policy intents and derives intents from security policies. Mercian discloses an intermediate representation that resembles natural language. Structured enough to facilitate precise translations and translates the operator input to the intermediate representation before translating the operator input to the intermediate representation before translating to rules. Mercian discloses in intermediate representation and its purpose is enabling translation to target configurations (See Mercian, Pages 1-9).
Li discloses one or more policy translators interact with the policy repository to acquire, distribute, or push security policies to the appropriate security-enabled devices over the network. The PDP 112 pushes security policies to one or more PEPs 113 and can interface with a PEP 113 using a transport protocol interface. Li discloses a single written policy may translate to a variety of separate sub-policies when converted to a formal representation within the policy repository. The security policies are singular stored and represented within the policy repository, but can still be rendered into a variety of data formats needed by a variety of security-enabled devices. The policy translators are implemented as XSLT applications to render the security policies represented as XML to a specific data format required by individual security-enabled devices, (See Li, [0028], [0020], [0015], [0017]; [0034], [0040]).
Applicant's arguments (page 12-16): Additionally, as to the dependent claims 2-3, 5 and 7-10 the Applicant argues that the claims are dependent directly or indirectly from a respective one of claims of independent claims 1 and 6 and are therefore distinguished from the cited art at least by virtue OR allowable at least based on of their additionally recited patentable subject matter.
The Examiner disagrees with the Applicant. The Examiner respectfully
submits that dependent claims 2-3, 5 and 7-10 are rejected at least based on the
rationale and resource presented to the argument for their respective based
claims, and the reference applied to the dependent claims 2-3, 5 and 7-10.
Therefore, in view of the above reasons, the Examiner maintains the
rejection with the cited prior art references.
Claim Objections
Claim 9 is objected to because of the following informalities:
Claim 9 is objected to because of the following informalities: for better clarity, it is suggested that all numbers in the parentheses and corresponding parentheses should be removed. Appropriate corrections are required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-10 are rejected under 35 U.S.C. 101 as being directed to non-
statutory subject matter as being directed to an abstract idea without being integrated
into a practical application or significantly more.
Regarding claims 1 and 6, the claims are directed to an abstract idea
reciting the limitations “deriving one or more input security policies [],” “creating an intermediate representation [],” “translating the intermediate representation into a plurality of target policies of different formats [],” “identifying the one or more security intents [],” and “determining a difference between denied security intents and target policies [].” The aforementioned steps are a mental process as broadly interpreted said steps could be performed in the human mind or by hand with a pen and paper.
Accordingly, the claims recite an abstract idea. Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize “determining a difference [].” It's noted that the claims recite the limitation “determining a difference.” Said steps are not sufficient to consider that the abstract idea is being interpreted into a practical application as said steps are recited at a high level of generality in gathering/processing/storing information, which are a form of insignificant extra-solution activity. It is also noted that the claims recite the steps of “determining a difference,” As discussed in the specification in paragraphs [0027], the output module is also configured to identify one or more security intents, that are denied by one or more target policies, and optionally create an alert for the security team to identify the difference, if one or more security intents are denied by one or more target policies while converting or translating the intermediate representation into one or more target policies, which is insufficiently considered as “being interpreted the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. It’s also noted that the claims recited additional elements (i.e. no-transitory computer readable medium, hardware processor (claim 1); However, said additional elements are recited at a high level of generality (i.e processor, memory, target environment, multiple policy engines, and multiple target policy formats) performing generic “deriving [],” creating [],” converting [], identifying [], determining []),” such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic functions (i.e. determining a difference [].”) See US Application by US 20040193912 by Li et al (see Li, [0040], [0034]). As discussed above, the additional elements recited as a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application nor significantly more.
Regarding claims 2-5 and 7-10, claims 2-5 and 7-10 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims are directed to an abstract idea without being integrated into a practical application nor being significantly more.
It’s noted that claims 2 and 7 recite the limitation “wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines.” Similar to the analysis above, the limitation “wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines” Is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC V. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea to another abstract idea does not render the claim non-abstract.”).
It’s noted that claims 3 and 8 recite the limitation “wherein the intermediate representation is created based on inputs received from a user in a machine-readable format” Similar to the analysis above, the limitation “wherein the intermediate representation is created based on inputs received from a user in a machine-readable format” Is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “wherein the intermediate representation is created based on inputs received from a user in a machine-readable format” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC V. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea to another abstract idea does not render the claim non-abstract.”).
It’s noted that claims 5 and 10 recite the limitations “deploying [], executing [],” returning []” Similar to the analysis above, the limitations “deploying [], executing [],” returning []” are recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitation “deploying [], executing [],” returning []” are also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC V. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea to another abstract idea does not render the claim non-abstract.”).
It’s noted that claim 9 recites the limitation “wherein the processor implements at least one of a Kubernetes operator, an admission controller, and a K8s operator policy converter to convert the one or more input security policies into the plurality of target policies.” Similar to the analysis above, the limitation “wherein the processor implements at least one of a Kubernetes operator, an admission controller, and a K8s operator policy converter to convert the one or more input security policies into the plurality of target policies.” Is recited at a high level of generality, which is a form of insignificant extra-solution activity; and the limitations “wherein the processor implements at least one of a Kubernetes operator, an admission controller, and a K8s operator policy converter to convert the one or more input security policies into the plurality of target policies.” is also a mental process which is an abstract idea. Merely adding another abstract idea to the claim does not make the claim less abstract. See RecogniCorp, LLC V. Nintendo Co., 855 F.3d 1322, 1327 (Fed. Cir. 2017) (“Adding one abstract idea to another abstract idea does not render the claim non-abstract.”).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Mercian et al (“Mercian,” “Mind the Semantic Gap: Policy Intent Inference from Network Metadata,” IEEE, 2021) in view of Li et al (“Li,” US 20040193912) and further in view of Lang et al (“Lang,” US 20090077621).
Regarding claim 1, Mercian discloses a computer implemented method for implementing an on-demand defence-in-depth security policy translation and enforcement, the computer-implemented method comprising the steps of: (Mercian, [Pages 314-315] describes an instructions stored on a no-transitory computer readable medium [Page 318, Left Column Under 1 Prototype & Test Bed describes memory] and executed with a hardware processor Page 318, Left Column Under 1; Prototype & Test Bed describes a hardware processor] for implementing an on-demand defense-in-depth security policy translation [Page 315, Right Column, First Paragraph] and an execution [enforcement] [Page 312, Right Column, Second Paragraph], the method comprising the steps of)
deriving one or more input security policies embodying one or more security intents; (Mercian, Page 315, Right Column Under System Overview describes inferring [a. deriving] a one or more input security policies [Page 313, Right Column, Under Section b) Policy] related to a one or more policy engines [FIG 1] from a one or more security intents [Page 313, Left Column, Under Section II. Background and Motivation, Right Column, First Paragraph] with an input module (202) [FIG’s 2 & 8], Mercian explicitly discloses the semantic gap between policy intents and policy configurations and the PII system extracts the policy intents from policy configurations)
creating an intermediate representation representative of the one or more security intents embodied in the one or more input security policies, and wherein the intermediate representation is created to enable translation of the one or more input security policies into a plurality of target policies of different formats; (Mercian, [Page 314, Left Column, Under Challenges in Policy Management] describes b. creating an intermediate representation related to one or more security intents [Page 313, Left Column, Under Section II. Background and Motivation, Right Column, First Paragraph] of the one or more input security policies with the intermediate representation [Page 314, Left Column, Under Challenges in Policy Management], Mercian explicitly discloses an intermediate representation that resembles natural language…structured enough to facilitate precise translations and translates the operator input to the intermediate representation before translating the SDN rules)
Mercian fails to explicitly disclose c. identifying one or more of the target policies operating in a target environment; d. converting the intermediate representation and the one or more security intents embodied therein into the plurality of target policies of the different formats, and wherein a single security intent is translated into multiple target policies of the different formats executable on multiple policy engines; and determining a difference between denied security intents and the one or more of the target policies, in an event the one or more security intents are denied during the translation of the intermediate representation into the plurality of target policies.
However, in an analogous art, Li discloses c. identifying one or more of the target policies operating in a target environment; (Li discloses [0028] one or more policy decision translators interact with the policy repository to acquire, distribute or push security policies to the appropriate security-enabled devices over the network; [0020] The PDP 112 push security policies to one or more PEPs 113 and can interface with a PEP 113 using a transport protocol interface)
d. converting the intermediate representation and the one or more security intents embodied therein into the plurality of target policies of the different formats, and wherein a single security intent is translated into multiple target policies of the different formats executable on multiple policy engines, (Li discloses [0015] a single written policy may translate to a variety of separate sub-policies when converted to a formal representation within the policy repository; [0017], the security policies are singular stored and represented within the policy repository, but can still be rendered into a variety of data formats needed by a variety of security enabled devices; [0017] the policy translators are implemented as XLST applications and to render the security policies represented as XML to a specific data format required by individual security-enabled devices)
and determining a difference between denied security intents and the one or more of the target policies, in an event the one or more security intents are denied during the translation of the intermediate representation into the plurality of target policies, (Li discloses [0040] a policy engine creates any needed policy updates to the policy repository based on the security transactional data; [0034] the evaluation can lead to no action by the policy decision translator, a dynamic security policy change and/or an alert)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Li with the system/method of Mercian to include identifying one or more of the target policies operating in a target environment; converting the intermediate representation and the one or more security intents embodied therein into the plurality of target policies of the different formats, and wherein a single security intent is translated into multiple target policies of the different formats executable on multiple policy engines; and determining a difference between denied security intents and the one or more of the target policies, in an event the one or more security intents are denied during the translation of the intermediate representation into the plurality of target policies. One would have been obvious motivated to provide automated management for security policies (Li, [0001]).
Mercian and Li fail to explicitly disclose e. and identifying the one or more security intents denied by one or more of the target policies operating in the target environment, and determining a difference between denied security intents and the one or more of the target policies, in an event the one or more security intents are denied during the translation of the intermediate representation into the plurality of target policies.
However, in an analogous art, Lang discloses and e. identifying the one or more security intents denied by one or more of the target policies operating in the target environment, (Lang discloses [0015] the middleware bus determines to deny service 110 permission to access service 120 and sends a policy violation notification to the policy node; the policy node also receives and [0009] displays policy violations and other relevant events)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Lang with the system/method of Mercian and Li to include and e. identifying the one or more security intents denied by one or more of the target policies operating in the target environment. One would have been obvious motivated to provide a method and system of managing security policies within an information technology (IT) system (Lang, [0003]).
Regarding claim 6, claim 6 is directed to a system (200). Claim 6 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Claims 2 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Mercian et al (“Mercian,” “Mind the Semantic Gap: Policy Intent Inference from Network Metadata,” IEEE, 2021), Li et al (“Li,” US 20040193912) in view of Lang et al (“Lang,” US 20090077621) and further in view of Valente et al (“Valente,” US 20100257576).
Regarding claim 2, Mercian, Li and Lang disclose the method according to claim 1.
Mercian, Li and Lang fail to explicitly disclose wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines.
However, in an analogous art, Valente discloses wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines, (Valente [0003] describes wherein the one or more security intents are abstractions [0003], [0314] resulting in the one or more target policies [0314], [0318] TABLE G, enforceable by the one or more policy engines [0199])
Therefore it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Valente with the system/method of Mercian, Li and Lang to include wherein the one or more security intents are abstractions that are converted into the one or more target policies, enforceable by the one or more policy engines. One would have been motivated to represent network security policy at a high level of abstraction so as to provide a simplified and natural way of creating and maintaining a network security policy (Valente, [0003]).
Regarding claim 7, claim 7 is directed to the system (200) according to claim 6. Claim 7 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Claims 3 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Mercian et al (“Mercian,” “Mind the Semantic Gap: Policy Intent Inference from Network Metadata,” IEEE, 2021), Li et al (“Li,” US 20040193912) in view of Lang et al (“Lang,” US 20090077621) and further in view of Hagerty et al (“Hagerty,” US 20160328217).
Regarding claim 3, Mercian, Li and Lang disclose the method according to claim 1.
Mercian, Li and Lang fail to explicitly disclose wherein the intermediate representation is created based on inputs received from a user in a machine-readable format.
However, in an analogous art, Hagerty discloses wherein the intermediate representation is created based on inputs received from a user in a machine-readable format. (Hagerty, [0063] describes wherein the intermediate representation module based on inputs [0036], [0076] from a user in a machine-readable format [0072])
Therefore it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hagerty with the system/method of Mercian, Li and Lang to include wherein the intermediate representation is created based on inputs received from a user in a machine-readable format. One would have been motivated to create automated enterprise management systems (Hagerty, [0002]).
Regarding claim 8, claim 8 is directed to the system (200) according to claim 6. Claim 8 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Claims 5 and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Mercian et al (“Mercian,” “Mind the Semantic Gap: Policy Intent Inference from Network Metadata,” IEEE, 2021), Li et al (“Li,” US 20040193912) in view of Lang et al (“Lang,” US 20090077621) and further in view of Miriyala et al (“Miriyala,” US 20230104368).
Regarding claim 5, Mercian, Li and Lang disclose the method according to claim 1.
Mercian, Li and Lang fail to explicitly disclose wherein the step of converting the intermediate representation into the plurality of target policies further includes:
deploying a security intent operator in the target environment.
executing one or more security intents through multiple policy engine adapters to identify one or more of the target policies relevant to a context of the one or more security intents specified by the user; and
returning identified target policies if the identified target policies are relevant to the one or more security intents.
However, in an analogous art, Miriyala discloses wherein the step of converting the intermediate representation into the plurality of target policies: (Miriyala discloses [0108] wherein the step of converting the intermediate representation [0288] into the plurality of target policies [0164], [0186])
a. deploying a security intent operator in the target environment; (Miriyala, [0238] describes a. deploying a security intent operator [0280] in the target environment [0011])
b. executing one or more security intents through multiple policy engine adapters to identify one or more of the target policies relevant to a context of the one or more security intents specified by the user; (Miriyala, [0009] describes b. executing the one or more security intents [0280] through a multiple policy engine adapters [0073], [0053] to identify one or more target policies [0164], [0186] relevant to a context of the one or more security intents [0201], [0280] specified by the user [0280])
and c. returning the one or more target policies to the security intent operator if the one or more target policies are available for the one or more security intents, (Miriyala discloses and c. returning the one or more target policies [0164], [0186] to the security intent operator [0280] if the one or more target policies [0164], [0186] are available for the one or more security intents [0280])
Therefore it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Miriyala with the system/method of Mercian and Li to include wherein the step of converting the intermediate representation into the plurality of target policies further includes: a. deploying a security intent operator in the target environment; b. executing one or more security intents through multiple policy engine adapters to identify one or more of the target policies relevant to a context of the one or more security intents specified by the user; and c. returning identified target policies if the identified target policies are relevant to the one or more security intents. One would have been motivated to provide access control policies for cloud native networking (Miriyala, [0002]).
Regarding claim 9, Mercian, Li and Lang disclose the system (200) according to claim 6.
Mercian, Li and Lang fail to explicitly disclose wherein the processor implements at least one of a Kubernetes operator, an admission controller, and a K8s operator policy converter to convert the one or more input security policies into the plurality of target polices.
However, in an analogous art, Miriyala discloses wherein the processor implements at least one of a Kubernetes operator, (Miriyala, [0033] describes comprising a Kubernetes operator [0010], [0032]-[0033])
an admission controller,
and a K8s operator policy converter to convert the one or more input security policies into the plurality of target polices.
Therefore it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Miriyala with the system/method of Mercian, Li and Lang to include wherein the processor implements at least one of a Kubernetes operator, an admission controller, and a K8s operator policy converter to convert the one or more input security policies into the plurality of target polices. One would have been motivated to provide access control policies for cloud native networking (Miriyala, [0002]).
Regarding claim 10, claim 10 is directed to the system (200) according to claim 6. Claim 10 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES J WILCOX/Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Prosecution Insights