Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to communication filed on: 17 December 2020 with acknowledgement of an original application filed on 1 May 2016.  

2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 17 December 2020 has been entered.
3.	Claims 1-20 are currently pending.  Claims 1 and 11 are independent claims.  Claims 1 and 11 have been amended
Response to Arguments

4.	Applicant's arguments filed 17 December 2020 have been fully considered however they are not persuasive.
I)	In response to Applicant’s argument beginning on page 7, “Applicant respectfully submits that the cited references do not disclose or suggest the methods of claim 1 and 11…The cited references do not disclose or suggest (1) priority number for different multi-rule sections…and (2) when the section has multiple rules, priority numbers for different rules in a section”.
	The Examiner disagrees with arguments.  After review of the Pernicha reference the reference clearly suggests that the policy rules added contain one or more rules and that each rule has an assigned priority number (i.e. priority settings), please review paragraph 42, shown below. 

    PNG
    media_image1.png
    617
    415
    media_image1.png
    Greyscale

Therefore the Applicant’s arguments are not persuasive.

Claim Rejections – 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this 


6.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ahn U.S. Patent No. 2011/0055916 (hereinafter ‘916) in view of Pernicha U.S. Patent No. 2016/0191466 (hereinafter ‘466)
As to dependent claim 1, “A method for managing firewall configuration of a software defined data center that provide computing and networking resources to a plurality of tenants, the method comprising: storing a firewall configuration comprising a plurality of sections, each section comprising a set of firewall rules, the set of firewall rules of each of a set of sections comprises two or more firewall rules each section assigned a different priority number” is taught in ‘916 in the Abstract, paragraphs 3, 6-7, and 36-37;
 “wherein the plurality of sections are ordered according to the assigned priority numbers of the individual sections”  is taught in ‘916 in the Abstract, paragraphs 3, 6-7, and 36-37;  
the following is not explicitly taught in ‘916:  
“each rule assigned with a priority number and the rules ordered in their respective sections according to the assigned priorities of the rules” however ‘466 teaches “Firewall/flow control device 108 can then automatically optimize the updated set of policy rules grouping one or more policy rules of the updated set of policy rules, reordering one or more policy rules of the updated set of policy rules and/or deleting one or more policy rules of the updated set of policy rules, wherein such optimization of the updated set of policy rules can be performed based on various predetermined or configurable parameters, including, but not limited to, 
“and a plurality of rules are ordered within one section according to the assigned priority numbers of rules” however ‘466 teaches “In order to address certain deficiencies of existing firewall/flow control devices, in an aspect, a network security management device (e.g., firewall/flow control device 108) can be configured to implement systems and methods of the present disclosure and can be configured to optimize security policy rules in real-time based on traffic conditions or when one or more traffic rules within policy rule database 110 are added/edited/deleted/modified.  According to one embodiment, network security device 108 can receive a request to add a new traffic flow policy rule to the rules stored in policy rule database 110, based on which firewall/flow control device 108 can be configured to automatically determine dependencies of the new traffic flow policy rule on one or more of the existing policy rules within policy rule database 110 and form an updated set of policy rules based on the determined dependencies.” in paragraph 42, note “updated set of rules” that are grouped with “one or more policy rules” according to various configurable parameters such as priority settings teaches the rules are ordered with one section (i.e. policy rule);
“receiving a plurality of requests, each request for inserting a new section to the firewall configuration at a specified ordered position relative to other sections”  however ‘466 teaches a request is received by a network security device to add a new traffic rule to an existing policy rules in the Abstract, in addition ‘466 teaches that the new rules can come from a variety of sources (i.e. different tenants)  in paragraph 30;

	It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of adaptive packet filtering taught in ‘916 to include a means to receive requests from tenants for one or more new sections of firewall configuration.  One of ordinary skill in the art would have been motivated to perform such a modification because in large enterprises a firewall rule database is large therefore there is a need for optimizing criteria for rule processing see ‘466 (paragraphs 5-9). 
	As to dependent claim 2, “The method of claim 1, wherein assigning a priority number to the new section comprises determining whether there is an available priority number that can correctly reflect the specified ordered position of the new section” is taught in ‘466 paragraphs 31-36 and 47.
	As to dependent claim 3, “The method of claim 2 further comprising, when there is no available priority number that can correctly reflect the specified ordered position of a particular new section, performing a relabeling from a third set of priority numbers to a fourth, different set of priority numbers in order to make available a priority number that can correctly reflect the specified ordered position of the particular new section” is shown in ‘466 paragraphs 31-36.

	As to dependent claim 5, “The method of claim 1, wherein assigning a priority number to the new section according to the specified ordered position comprises identifying an available priority number in the middle of a gap in priority numbers between a priority number already assigned to a section immediately before the newly inserted section in ordered position and a priority number assigned to a section immediately after the newly inserted section in ordered position” is taught in ‘466 paragraphs 31-32.
	As to dependent claim 6, “The method of claim 1 further comprising detecting a pattern in a sequence of section insertions, wherein assigning an available priority number to the newly inserted section comprises selecting an available priority number based on the detected pattern” is shown in ‘466 paragraphs 26, 30, and 49.
	As to dependent claim 7, “The method of claim 1, where said re-labeling comprises identifying a range of possible priority numbers that is sufficiently sparse, wherein both the first set of priority numbers and the second set of priority numbers fall within the identified range” is disclosed in ‘466 paragraphs 31-32.
	As to dependent claim 8, “The method of claim 7, wherein a first subsequent insertion of a section that require a priority number within the identified range is delayed until said re-labeling is complete, wherein a second subsequent insertion of a section that require a priority number outside of the identified range is assigned a priority number before the completion of said re-labeling” is taught in ‘466 paragraphs 51, 58, and 67.

`	As to dependent claim 10, “The method of claim 7, wherein the range for re-labeling is identified by using a binary search tree, wherein each leaf-node of the binary search tree corresponds to a possible priority number, wherein each non-leaf node corresponds to a range of possible priority numbers and is associated with an indication of sparseness of the corresponding range” is disclosed in ‘916 paragraph 5.
	
As to independent claim 11, “A method for managing firewall configuration of a software defined data center that provide computing and networking resources to a plurality of tenants, the method comprising: storing a firewall configuration comprising a plurality of sections with different priority numbers, wherein a particular section comprises a plurality of firewall rules” is taught in ‘916 in the Abstract, paragraphs 3, 6-7, and 36-37; the following is not explicitly taught in ‘916:  
“the set of firewall rules of each set of sections comprises two or more firewall rules, each rule assigned with a priority number and the rules ordered in their respective sections according to the assigned priorities of the rules, wherein the plurality of sections are ordered according to the assigned priority numbers of the individual sections” however ‘466 teaches “In order to address certain deficiencies of existing firewall/flow control devices, in an aspect, a network security management device (e.g., firewall/flow control device 108) can be configured 
 “receiving a plurality of concurrent requests from different tenants, wherein a particular request is for inserting a new rule to a particular section of the firewall configuration at a specified ordered position relative to other rules in the particular sections” however ‘466 teaches a request is received by a network security device to add a new traffic rule to an existing policy 
	“for each tenant request, assigning a priority number that reflects the specified ordered position of the new rule independently from assignments based on requests made from other tenants; and based on the assignment of at least one priority number, re-labeling a set of rules in at least a first section of firewall rules from a first set of priority numbers to a second, different set of priority numbers in order to make priority numbers available for assignment to rules subsequently inserted into the section” however ‘466 teaches dependencies can be determined by means of evaluation for new rules and the subset of policy rules to optimize security policy rules and reorder, combine, as well as delete policy rules from the previously stored ordered list of rules in paragraphs 31-36.
	It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of adaptive packet filtering taught in ‘916 to include a means to receive requests from tenants for one or more new sections of firewall configuration.  One of ordinary skill in the art would have been motivated to perform such a modification because in large enterprises a firewall rule database is large therefore there is a need for optimizing criteria for rule processing see ‘466 (paragraphs 5-9). 

	As to dependent claim 12, “The method of claim 11, wherein assigning a priority number to the new rule comprises determining whether there is an available priority number that can correctly reflect the specified ordered position of the new rule” is taught in ‘466 paragraphs 31-36 and 47.

	As to dependent claim 14, “The method of claim 13, wherein the second set of priority numbers leaves more available priority numbers around the priority number assigned to the newly inserted rule than around any other assigned priority numbers in the first set of priority numbers” is disclosed in ‘916 paragraphs 39-47.
	As to dependent claim 15, “The method of claim 11, wherein assigning a priority number to the newly inserted rule according to the specified ordered position comprises identifying an available priority number in the middle of a gap in priority numbers between a priority number already assigned to a rule immediately before the newly inserted section in ordered position and a priority number already assigned to a rule immediately after the newly inserted rule in ordered position” is taught in ‘466 paragraphs 31-32.
	As to dependent claim 16, “The method of claim 11 further comprising detecting a pattern in a sequence of rule insertions, wherein assigning an available priority number to the newly inserted rule comprises selecting an available priority number based on the detected pattern” is shown in ‘466 paragraphs 26, 30, and 49.
	As to dependent claim 17, “The method of claim 11, where said re-labeling comprises identifying a range of possible priority numbers that is sufficiently sparse, wherein both the first 
	As to dependent claim 18, “The method of claim 17, wherein a first subsequent insertion of a rule that require a priority number within the identified range is delayed until said re-labeling is complete, wherein a second subsequent insertion of a rule that require a priority number outside of the identified range is assigned a priority number before the completion of said re-labeling” is taught in ‘466 paragraphs 51, 58, and 67.
	As to dependent claim 19, “The method of claim 17, wherein the range for re-labeling is identified by using a binary search tree, wherein each leaf-node of the binary search tree corresponds to a possible priority number for a rule in the particular section, wherein each non-leaf node corresponds to a range of possible priority numbers and is associated with an indication of sparseness of the corresponding range” is shown in ‘466 paragraph 58.
`	As to dependent claim 20, “The method of claim 11, wherein re-labeling is performed because the assignment of the at least one priority number causes a range of possible priority numbers to be insufficiently sparse” is disclosed in ‘466 paragraphs 31-36 and 45.


Conclusion

7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ellen Tran whose telephone number is (571) 272-3842.  The examiner can normally be reached from 7:30 am to 4:00 pm.

		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        16 January 2021