DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/24/2020 has been entered.

Status of Claims
This office action is a response to an amendment filed on 06/24/2020.  Claims 1-21 are currently pending, of which claims 1, 11 and 21 are amended.

Response to Arguments
Applicant’s remarks, see pages 8-10, with respect to the rejections under 35 USC 103 have been fully considered and are persuasive.  The amended claims overcome the prior rejections, therefore the rejections have been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made, necessitated by the amendments.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 9-13 and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen (US 2017/0104757) in view of Hammann et al. (US 2015/0016270), hereinafter Hammann, and further in view of Bachar et al. (US 2017/0149775), hereinafter Bachar.
Regarding claim 1, Bugenhagen discloses a non-transitory machine-readable medium having executable instructions to cause one or more processing units in a gateway to perform a method to restrict data communicated between a plurality of computing management devices and a plurality of computing devices (Bugenhagen, [0038], [0012]-[0013]: a global DNS registry database server (gateway) accepts policies/updates from organizational servers and pushes them to ISP networks in order to control communications between controllers (management devices) and machines (computing devices)), the method comprising: 
Bugenhagen, [0012]-[0013], [0027]: global DNS registry database server (gateway) receives policies (network connectivity information) comprising a list of machines (computing devices) and the owners that can access each machine; [0028]: each owner/entity is associated with a list of controllers (computing management devices)), wherein the plurality of computing management devices is communicatively coupled to a plurality of network elements, wherein the plurality of computing devices is communicatively coupled to the plurality of computing management devices via the plurality of network elements (Bugenhagen, [0024], [0032]: controllers (computing management devices) communicate with machines (computing devices) via control signaling gateways/firewalls (network elements)), wherein the network connectivity information indicates which computing management devices are configured to manage which computing devices (Bugenhagen, [0026]-[0028]: Policies (network connectivity information) comprise a list of machines (computing devices) and the owners that can access each machine.  Each owner is associated with a list of controllers (computing management devices) for accessing the machines (computing devices)); 
determining a plurality of sub-networks using at least the network connectivity information (Bugenhagen, [0027]: policies/updates (network connectivity information) includes information for different machine domains (sub-networks); [0022]: global machine registry (gateway) determines the permitted updates to communicate to each access provider), wherein for each of the plurality of sub-networks, at least one of the plurality of computing management devices and a subset of the plurality of computing Bugenhagen, [0027]-[0028]: policies indicate which owner/controllers (computing management devices) are able to access (manage) machines (i.e. subset of computing devices) within a machine domain (sub-network)); 
configuring at least one of the plurality of network elements to allow data communicated (Bugenhagen, [0013], [0032]: control signaling gateway (network element) utilizes policies from the global DNS registry database server to allow communications between registered controllers and their associated machines).
Bugenhagen does not explicitly disclose coupled to a plurality of network elements via the gateway; coupled to the plurality of computing management devices via the plurality of network elements and the gateway; for each sub-network in the plurality of sub-networks and for each pair of computing devices in said each sub-network, determining a policy for data being communicated between said each pair of computing devices; and, between said each pair of computing devices using at least the policy.
However, Hammann discloses 
wherein the plurality of computing management devices is communicatively coupled to a plurality of network elements via the gateway, wherein the plurality of computing devices is communicatively coupled to the plurality of computing management devices via the plurality of network elements and the gateway (Hammann, Figs. 1 & 2, [0016], [0049]: system monitoring server and system control server (management devices) coupled to monitored system (computing devices) via a gateway system and stations (network elements)).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen and Hammann before him or her before the effective filing date of the claimed invention, to modify a method in which a global database server (gateway) forwards policies for managing communications between controllers (management devices) and machines (computing devices) in machine domains (sub-networks) as taught by Bugenhagen, to include enabling the gateway to function as an intermediary device between the management servers and the monitored/managed devices as taught by Hammann in order for the gateway to receive instructions for managing the devices from the management servers, and to send data collected from the managed devices to the management servers.  The motivation for doing so would have been to provide an improved network system for efficiently monitoring and managing the devices (Hammann, [0002]).
Furthermore, the combination of Bugenhagen and Hammann does not explicitly disclose for each sub-network in the plurality of sub-networks and for each pair of computing devices in said each sub-network, determining a policy for data being communicated between said each pair of computing devices; and, between said each pair of computing devices using at least the policy.
However, Bachar discloses 
for each sub-network in the plurality of sub-networks and for each pair of computing devices in said each-subnetwork (Bachar, Fig. 1B: subnets with pairs of devices), 
Bachar, [0033]: device 125 provides different security rules (policies) for different subnets), and 
configuring to allow data communicated between said each pair of computing devices using at least the first policy (Bachar, [0033]: rules (policies) selectively allows intra-subnet communications between devices).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann and Bachar before him or her before the effective filing date of the claimed invention, to modify a method in which a gateway forwards policies for managing communications between management devices and the managed devices in sub-networks as taught by Bugenhagen and Hammann, to include utilizing policies for controlling intra-subnet communications as taught by Bachar.  The motivation for doing so would have been to improve security by blocking potential malicious activity (Bachar, [0016]).
Regarding claim 11, the limitations have been addressed in the rejection of claim 1.
Regarding claim 21, the limitations have been addressed in the rejection of claim 1, and furthermore, Bugenhagen discloses a gateway that restricts data communicated between a plurality of computing devices (Bugenhagen, [0038], [0012]-[0013]: a global DNS registry database server (gateway) accepts policies/updates from organizational servers and pushes them to ISP networks in order to control communications between controllers (management devices) and machines (computing devices)), the gateway comprising: a processor (Bugenhagen, [0025]); a memory Bugenhagen, [0025]); and a process executed from the memory by the processor causes the processor to (Bugenhagen, [0025]).
Regarding claim 2, Bugenhagen discloses further comprising: 
configuring at least one of the plurality of network elements coupled to said each pair of computing devices to deny data communicated (Bugenhagen, [0024], [0032]: control signaling firewall (network element) coupled to machines (i.e. pairs of computing devices) utilizes policies to block communications).
Bugenhagen and Hammann do not explicitly disclose between a first one of the plurality of computing devices from a first subset of the plurality of computing devices in a first one of the plurality of sub-networks and a second one of the plurality of computing devices from a second subset of the plurality of computing devices in a second one of the plurality of sub-networks.
However, Bachar discloses 
configuring to deny data communicated between a first one of the plurality of computing devices from a first subset of the plurality of computing devices in a first one of the plurality of sub-networks and a second one of the plurality of computing devices from a second subset of the plurality of computing devices in a second one of the plurality of sub-networks (Bachar, [0055]: prohibiting inter-subnet communications).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann and Bachar before him or her before the effective filing date of the claimed invention, to modify a method in which a gateway forwards policies for managing communications between management devices and the managed devices in sub-networks as taught by Bugenhagen and Hammann, to include utilizing Bachar, [0016]).
Regarding claim 3, Bugenhagen discloses wherein the policy is an Access Control List (Bugenhagen, [0012], [0032]: policies allow only registered controllers associated with a machine to communicate with the machine).
Regarding claim 9, Bugenhagen discloses further comprising: 
determining which of the plurality of computing management devices are allowed to communicate with which of the plurality of computing devices (Bugenhagen, [0024]: determining whether a controller (management device) is allowed to communicate with a machine (computing device)); and 
for each pair of one of the plurality of computing management machines and one of the plurality of computing devices, determining a first policy for data being communicated between said one of the plurality of computing management device and said one of the plurality of computing device. (Bugenhagen, [0024]).
Regarding claim 10, Bugenhagen discloses wherein the determining comprises: 
configuring one of the plurality of network elements coupled to said one of the computing devices to allow data communication between said one of the plurality of computing device and said one of the plurality of computing management devices (Bugenhagen, [0013], [0024]: control signaling gateway (network element) is configured to utilize policies to allow only registered controllers (management devices) communicate with machines (computing devices)
Regarding claims 2-3 and 9-10, the limitations have been addressed in the rejections of claims 12-13 and 19-20, respectively.

Claims 4, 6, 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen in view of Hammann and Bachar, and further in view of Bahadur et al. (US 9,450,817), hereinafter Bahadur.
Regarding claim 4, Bugenhagen, Hammann and Bachar do not explicitly disclose wherein a computing management device is selected from the group consisting of an orchestration system and an overlay controller.
However, Bahadur discloses wherein a computing management device is selected from the group consisting of an orchestration system and an overlay controller (Bahadur, col 17, ln 13-37: discloses an SDN controller (computing management device) for orchestrating a network (i.e. an orchestration system)).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann, Bachar and Bahadur before him or her before the effective filing date of the claimed invention, to modify a method for management devices to manage monitored devices in sub-networks as taught by Bugenhagen, Hammann and Bachar, to include utilizing SDN controllers for management as taught by Bahadur.  The motivation for doing so would have been to improve efficiency (Bahadur, col. 2, ln 6-18).
Regarding claim 6, Bugenhagen, Hammann and Bachar do not explicitly disclose wherein an overlay controller manages the network elements that are used to 
However, Bahadur discloses wherein an overlay controller manages the network elements that are used to support servers and virtual machines that comprise the computing devices managed by the orchestration system (Bahadur, Fig. 5; col 17, ln 13-58: SDN controller (orchestration system) includes an overlay controller which programs forwarding information into network switches (network elements) connected to hosts (servers, virtual machines)).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann, Bachar and Bahadur before him or her before the effective filing date of the claimed invention, to modify a method for management devices to manage monitored devices in sub-networks as taught by Bugenhagen, Hammann and Bachar, to include utilizing SDN controllers with overlay controllers for management as taught by Bahadur.  The motivation for doing so would have been to improve efficiency (Bahadur, col. 2, ln 6-18).
Regarding claims 14 and 16, the limitations have been addressed in the rejections of claims 4 and 6, respectively.

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen in view of Hammann, Bachar and Bahadur, and further in view of Doughty et al. (US 2014/0337865), hereinafter Doughty.
Regarding claim 5, Bugenhagen, Hammann, Bachar and Bahadur do not explicitly disclose wherein an orchestration system allows for the automated 
However, Doughty discloses wherein an orchestration system allows for the automated arrangement, coordination, and management of computer systems, middleware, and services (Doughty, [0023]).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann, Bachar, Bahadur and Doughty before him or her before the effective filing date of the claimed invention, to modify a method for utilizing SDN controllers/orchestration systems as management devices to manage monitored devices in sub-networks as taught by Bugenhagen, Hammann Bachar and Bahadur, to include enabling the orchestration systems to provide automated arrangement, coordination, and management of computer systems, middleware, and services as taught by Doughty.  The motivation for doing so would have been to implement application-aligned infrastructure that can be scaled up or down based on the needs of applications (Doughty, [0023]).
Regarding claim 15, the limitations have been addressed in the rejection of claim 5.

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen in view of Hammann and Bachar, and further in view of Yong et al. (US 2014/0233569), hereinafter Yong.
Regarding claim 4, Bugenhagen, Hammann and Bachar do not explicitly disclose wherein the policy setting is based on at least a data characteristic selected 
However, Yong discloses wherein the policy setting is based on at least a data characteristic selected from the group consisting of an associated port, virtual network identifier, and an address (Yong, [0021]: forwarding policies use access control lists that filter based on addresses and ports).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann, Bachar and Yong before him or her before the effective filing date of the claimed invention, to modify a method in which a gateway forwards policies for managing communications between management devices and the managed devices as taught by Bugenhagen, Hammann and Bachar, to include utilizing policies with access control lists that filter based on addresses and port information as taught by Yong.  The motivation for doing so would have been to improve network security (Yong, [0021]).
Regarding claim 17, the limitations have been addressed in the rejections of claim 7.

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bugenhagen in view of Hammann, Bachar and Yong, and further in view of Berman (US 2016/0337272).
Regarding claim 8, Bugenhagen, Hammann, Bachar and Yong do not explicitly disclose wherein the address is a media access control address.
Berman, [0064]: ACLs comprise MAC addresses).
It would have been obvious to one of ordinary skill in the art, having the teachings of Bugenhagen, Hammann, Bachar, Yong and Berman before him or her before the effective filing date of the claimed invention, to modify a method in which a gateway forwards policies with access control lists for managing communications between management devices and the managed devices as taught by Bugenhagen, Hammann, Bachar and Yong, to include utilizing access control lists that filter based on MAC addresses as taught by Berman.  The motivation for doing so would have been to allow network managers to define classification actions and rules for specific MAC addresses (Berman, [0064]).
Regarding claim 18, the limitations have been addressed in the rejection of claim 8.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LESA M KENNEDY whose telephone number is (571)431-0704.  The examiner can normally be reached on Monday-Wednesday 9:30 am - 5:30 pm ET).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571) 272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

The examiner also requests, in response to this Office Action, support be shown for language added to any original claims on amendment and any new claims.  That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s).  This will assist the examiner in prosecuting the application.

/LESA M KENNEDY/Examiner, Art Unit 2458