DETAILED ACTION
Claims 119-138 are pending. Claims 119, 128-131, and 136 have been amended. Claims 119-138 are rejected.
The instant application claims foreign priority to GB2306653.3 filed on 05/05/2023.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/30/2026 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 06/01/2026. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Allowable Subject Matter
Claims 119-138 are allowable over the prior art of record.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 119-138 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 136-138 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed to software per se. The claims are directed to a system that does not explicitly include hardware that can perform the limitations of the claims. Therefore, the claims are directed to software per se and rejected under 35 U.S.C. 101.
Step 1 (All Claims)
According to the first part of the analysis, in the instant case, claims 119-130 are directed to a computer program product comprising computer executable code stored on a non-transitory computer readable medium, claims 131-135 are directed to a method, claims 136-138 are directed to a system but do not explicitly include hardware such as a processor and memory. Thus, each of the claims falls within one of the four statutory categories (i.e. process, machine, manufacture, or composition of matter).
Step 2A, Prong 1 (Claims 119, 131, and 136)
Regarding claim 119, the following limitations are abstract ideas:
transforming, the first set of control statements into a first set of conditional expressions based on predefined criteria; is a step that can be practically performed in the human mind and is a mental process which encompasses observation, evaluation and/or judgement;
generating a layered data structured based on the first set of conditional expressions, the layered data structure; is a step that can be practically performed in the human mind and is a mental process which encompasses observation, evaluation and/or judgement;
evaluating the layered data structured locally at the first managed endpoint to determine an enterprise policy for the first managed endpoint, wherein evaluating the layered data structure includes: is a step that can be practically performed in the human mind and is a mental process which encompasses observation, evaluation and/or judgement;
determining locally at the first managed endpoint, for a first node within a first layer of the layered data structure, whether a stop criterion is met, wherein the stop criterion is associated with whether a first managed endpoint satisfies the one or more conditional expressions associated with a node of the one or more nodes; is a step that can be practically performed in the human mind and is a mental process which encompasses observation, evaluation and/or judgement;
in response to determining that the stop criterion is met, assigning a first identifier associated with the first node to the first managed endpoint, is a step that can be performed as a mental process, with the aid of pen and paper.
in response to determining that the stop criterion is not met, is a step that can be practically performed in the human mind and is a mental process which encompasses observation, evaluation and/or judgement;
assigning a second identifier associated with the subsequent node to the first managed endpoint; is a step that can be performed as a mental process, with the aid of pen and paper.
The above analysis applies to each independent claim as they contain similar limitations.
Step 2A, Prong 2 (Claims 119, 131, and 136)
Regarding claim 119, the following limitations are additional elements:
A computer program product comprising computer executable code stored on a non-transitory computer readable medium that, when executing on one or more computing devices, causes the one or more computing devices to perform the steps of: is a high-level recitation of a generic computer component and represents mere instructions to apply on a computer as in MPEP 2106.05(f), which does not provide integration into a practical application;
receiving, at a server, a first set of control statements from one or more sources, wherein the first set of control statements are associated with policy management rules for an enterprise environment; is directed to the insignificant extra-solution activity of mere data gathering and selecting a particular data source or type of data to be manipulated as identified in MPEP 2106.05(g).
at a server is a high-level recitation of a generic computer component and represents mere instructions to apply on a computer as in MPEP 2106.05(f), which does not provide integration into a practical application;
retrieving, from the server to a first managed endpoint, the layered data structure comprising a plurality of layers, each layer of the plurality of layers having one or more nodes, wherein each node of the one or more nodes is associated with: an identifier, one or more conditional expressions of the first set of conditional expressions, and one or more executable policy instructions; is directed to the insignificant extra-solution activity of mere data gathering and selecting a particular data source or type of data to be manipulated as identified in MPEP 2106.05(g).
traversing to a subsequent node in the layered data structure and assessing a subsequent set of conditional expressions associated with the subsequent node in the layered data structure until the stop criterion is met, is directed to the insignificant extra-solution activity of mere data gathering and selecting a particular data source or type of data to be manipulated as identified in MPEP 2106.05(g).
deploying a deployed set of the one or more of the executable policy instructions to the first managed endpoint, wherein the deployed set of the one or more of the executable policy instructions is based on an assigned identifier for the layered data structure selected from the first identifier associated with the first node of the layered data structured and the second identifier associated with the subsequent node of the layered data structure; is directed to the insignificant extra-solution activity of mere data gathering and selecting a particular data source or type of data to be manipulated as identified in MPEP 2106.05(g).
initiating operation of the first managed endpoint according to the enterprise policy by with the deployed set of the one or more executable policy instructions selected based on the assigned identifier. is directed to the insignificant extra-solution activity of mere data gathering and selecting a particular data source or type of data to be manipulated as identified in MPEP 2106.05(g).
The above analysis applies to each independent claim as they contain similar limitations.
Step 2B (Claims 119, 131, and 136)
Regarding claim 119, the following limitations are additional elements:
A computer program product comprising computer executable code stored on a non-transitory computer readable medium that, when executing on one or more computing devices, causes the one or more computing devices to perform the steps of: ((i.e., generic computer components performing generic computer functions) such that they amount to no more than components comprising mere instructions to apply the exception. Accordingly, these additional elements do not integrate the abstract idea(s) into a practical application because they do not impose any meaningful limits on practicing the abstract idea(s))
receiving, at a server, a first set of control statements from one or more sources, wherein the first set of control statements are associated with policy management rules for an enterprise environment; is directed to the well-understood, routine, and conventional activity of receiving or transmitting data as identified in MPEP 2106.05(d)II “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network);”
at a server ((i.e., generic computer components performing generic computer functions) such that they amount to no more than components comprising mere instructions to apply the exception. Accordingly, these additional elements do not integrate the abstract idea(s) into a practical application because they do not impose any meaningful limits on practicing the abstract idea(s))
retrieving, from the server to a first managed endpoint, the layered data structure comprising a plurality of layers, each layer of the plurality of layers having one or more nodes, wherein each node of the one or more nodes is associated with: an identifier, one or more conditional expressions of the first set of conditional expressions, and one or more executable policy instructions; is directed to the well-understood, routine, and conventional activity of receiving or transmitting data as identified in MPEP 2106.05(d)II “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network);”
traversing to a subsequent node in the layered data structure and assessing a subsequent set of conditional expressions associated with the subsequent node in the layered data structure until the stop criterion is met, is directed to the well-understood, routine, and conventional activity of receiving or transmitting data as identified in MPEP 2106.05(d)II “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network);”
deploying a deployed set of the one or more of the executable policy instructions to the first managed endpoint, wherein the deployed set of the one or more of the executable policy instructions is based on an assigned identifier for the layered data structure selected from the first identifier associated with the first node of the layered data structured and the second identifier associated with the subsequent node of the layered data structure; is directed to the well-understood, routine, and conventional activity of receiving or transmitting data as identified in MPEP 2106.05(d)II “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network);”
initiating operation of the first managed endpoint according to the enterprise policy by with the deployed set of the one or more executable policy instructions selected based on the assigned identifier. is directed to the well-understood, routine, and conventional activity of receiving or transmitting data as identified in MPEP 2106.05(d)II “i. Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network);”
The above analysis applies to each independent claim as they contain similar limitations.
The dependent claims are directed to the same abstract ideas as their parent claims. The dependent claims add further limitations directed to clarifying certain aspects of the independent claim such as the nodes, endpoint, or data structure or adding limitations such as receiving, deploying, outputting. The clarifying aspects are directed to the same abstract idea or additional element that is being expanded upon. The additional limitations of receiving, deploying, and outputting are directed to elements that are either well-understood, routine, and conventional and/or insignificant extra-solution activity. Therefore, the dependent claims are still rejected under 35 U.S.C. 101.
Response to Arguments
Applicant's arguments filed 03/30/2026 have been fully considered and they are either persuasive or they are not persuasive. A detailed explanation is provided below.
On pages 9-10, Applicant argues against the rejection under 35 U.S.C. 101.
Applicant argues that the claims are directed to a technical improvement of a computing system, the Examiner disagrees. It is not clear how retrieving from a server and evaluating the layered data structure locally would lead to an improvement in the functioning of a computer. Retrieving information from a server has been shown to be directed to an additional element as identified in the above 101 rejection. Merely evaluating something locally would not lead to an improvement in the functioning of a computer or technical improvement of a computing system. The arguing improvements appear to be improvements over the prior art of record rather than to the functioning of a computer or to any other technical field or technological area. Therefore, the claims are still rejected under 35 U.S.C. 101.
Applicant’s arguments, see pages 10-12, filed 03/30/2026, with respect to the rejection under 35 U.S.C. 103 have been fully considered and are persuasive. The rejection under 35 U.S.C. 103 has been withdrawn.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Segal et al., Patent Application Publication No. 2022/0329597 (hereinafter Segal). Segal teaches cloud identity and access management security policies (Paragraph 106). Segal further teaches instructions to deploy the security policies comprising instructions (Claim 21). Therefore, the claimed invention and Segal are analogous art as both are directed to deploying policies.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN D EYERS whose telephone number is (408)918-7562. The examiner can normally be reached Monday-Thursday 9:00am-7:00pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amy Ng can be reached at (571)270-1698. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DUSTIN D EYERS/ Examiner, Art Unit 2164
/AMY NG/ Supervisory Patent Examiner, Art Unit 2164