DYNAMIC SECURITY POLICY MANAGEMENT

§102 §103 §112

DETAILED ACTION Claims 1-20 are pending and have been examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows: The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed application, Application Nos. 18196269, 17706320, 17104905, 15616456, fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. There is no support in the specification about enforcing policies in the context of replication, or determining, based at least in part on a policy associated with the network endpoints, that the plurality of storages services are logically attached for assignment to perform an operation. Accordingly, claims 1-20 are not entitled to the benefit of the prior applications. Specification The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the following is required: the specification lacks antecedent basis for, among other things, enforcing policies in the context of replication, or determining, based at least in part on a policy associated with the network endpoints, that the plurality of storages services are logically attached for assignment to perform an operation. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. There is no written description in the specification about: enforcing policies in the context of replication or determining, based at least in part on a policy associated with the network endpoints, that the plurality of storages services are logically attached for assignment to perform an operation (claim 1), determine one or more regions or networks, which include the network and for which access is to be granted based in part on the replication of the data between the plurality of storage services in the or more regions or networks (claim 3), wherein the policy is associated with one or more of a network option or a region option, to apply to portions of the plurality of storages services based in part on a network associated therewith or a location associated therewith (claims 9,15), determining an event has occurred within the plurality of storage services (claims 8, 14, 19). Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. There is not discussion in the specification about enforcing policies in the context of replication or determining, based at least in part on a policy associated with the network endpoints, that the plurality of storages services are logically attached for assignment to perform an operation (claim 1), determine one or more regions or networks, which include the network and for which access is to be granted based in part on the replication of the data between the plurality of storage services in the or more regions or networks (claim 3), wherein the policy is associated with one or more of a network option or a region option, to apply to portions of the plurality of storages services based in part on a network associated therewith or a location associated therewith (claims 9, 15), determining an event has occurred within the plurality of storage services (claims 8, 14, 19). This is not intended to be a complete list of such written description and enablement issues. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 2 recites the limitation "virtual instances enabled for the assignment", “containers enabled”, it is indefinite if a verb is missing, it appears that it should read "one of the virtual instances is enabled for the assignment", “one of the containers is enabled for”. Claims that recite “based in part” are indefinite as to what the intended metes and bounds of the claims is. Applicant has failed to establish the intended metes and bounds of these, and thus the claims are indefinite. The term in claims 1, 3, 8-11, 14-17, 19-20 is a relative term which renders the claim indefinite. The term is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. This is not intended to be a complete list of such indefiniteness issues. The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-4, 8-12, 14-17, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kulkarni (20160277498). Regarding claims 1, 10, and 16, Kulkarni teaches A computer-implemented method, comprising: / A system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to:/ A non-transitory computer-readable medium comprising instructions that when executed by at least one processor causes the at least one processor to (abstract, par.11-13): enabling a plurality of storage services to be associated with respective network endpoints within a network (par.17-19, 32-35, assign or connect storage volumes to network); determining, based at least in part on a policy associated with the network endpoints, that the plurality of storages services are logically attached for assignment to perform an operation (par.37-40, 44-47, determine volume trust, connect and assign to node, based in location policies for data, for particular workload requirements); and causing the policy to be enforced for access associated with at least replication of data between the plurality of storage services (par.34-36, data replication occurs according to policies and constraints of where data can be stored, location). Regarding claim 2, Kulkarni teaches wherein the plurality of storage services comprise virtual instances or containers, and wherein the policy indicates at least one of the virtual instances enabled for the assignment to a customer for the operation or indicates at least one of the containers enabled for performing the operation (par.18-23, 34-36). Regarding claims 3, 11, and 17, Kulkarni teaches provide an interface for one or more of selection or subscription of one or more policies to cause the policy to be received or an update to the policy to be received in at least one of the network endpoints (par.18-23); determine one or more regions or networks, which include the network and for which access is to be granted based in part on the replication of the data between the plurality of storage services in the or more regions or networks (par.12-14, 44-46); and enable the access for the data based in part on the policy (par.34-36). Regarding claims 4 and 12, Kulkarni teaches enabling an access list for the data in one or more of the plurality of storage devices; and causing the policy to be enforced for access requests for the data received from outside the access list (par.12-13, 34-36). Regarding claims 8, 14, and 19, Kulkarni teaches providing resource capacity from the plurality of storage services, to enable execution of code or to enable performance of one or more tasks that are part of the operation; determining an event has occurred within the plurality of storage services; determining, based in part on the policy, that the event is permitted for the plurality of storage services; and enabling execution of the code or performance of the one or more tasks using the plurality of storage services (par.32-36). Regarding claims 9 and 15, Kulkarni teaches wherein the policy is associated with one or more of a network option or a region option, to apply to portions of the plurality of storages services based in part on a network associated therewith or a location associated therewith (par.18-23, 29-36). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 5, 13, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kulkarni (20160277498), and further in view of Yehuda (7809667). Regarding claims 5, 13, and 18, Kulkarni does not expressly disclose, however, Yehuda teaches enabling an entity to specify a range of network addresses associated therewith, wherein the policy for the access is applied to access requests for the data received from outside the range of network addresses (col.7, 35-67). Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Kulkarni to use policies as taught by Yehuda. One of ordinary skill in the art would have been motivated to perform such a modification to further protect access to network resources (Yehuda, col.1-2). Claims 6-7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kulkarni (20160277498), and further in view of Aronovich (20180247064). Regarding claims 6 and 20, Kulkarni does not expressly disclose, however, Aronovich teaches wherein the plurality of storage services are shared among different entities, and wherein the policy specifies containers and instances that are associated with the plurality of storage services and that are logically attached for the assignment to one of the different entities / sharing the plurality of storage services among different entities; and enforcing the policy based in part on specification therein for containers and instances that are associated with the plurality of storage services and that are logically attached for the assignment to one of the different entities (par.97-100, 107-110). Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Kulkarni to use policies as taught by Aronovich. One of ordinary skill in the art would have been motivated to perform such a modification to securely provide services in a container environment (Aronovich, par.2-6, 95-110). Regarding claim 7, Kulkarni does not expressly disclose, however, Aronovich teaches wherein the policy specifies containers or instances that are associated with the plurality of storage services and that are part of the assignment to a group of different entities sharing an account for virtual compute services associated with the data (par.97-100, 107-110). Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Kulkarni to use policies as taught by Aronovich. One of ordinary skill in the art would have been motivated to perform such a modification to securely provide services in a container environment (Aronovich, par.2-6, 95-110). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to security policies in storage services environments. Any inquiry concerning this communication or earlier communications from the examiner should be directed to David García Cervetti whose telephone number is (571)272-5861. The examiner can normally be reached Monday-Friday 8AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI S ARMOUCHE can be reached at (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /David Garcia Cervetti/Primary Examiner, Art Unit 2409