DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the RCE filed on 09 February 2021.
2.  Claims 1-20 are pending in the application.
3.  Claims 1-20 have been rejected.
Continued Examination Under 37 CFR 1.114
4.  A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09 February 2021 has been entered. 
Response to Arguments
5.  Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:


6.	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a design data discovery component configured to…”, “a model builder component configured to…”, “a policy translation component configured to…” and “a device interface component configured to…” in claims 1-9.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

7.  Claims 1-3, 5, 10-13 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk) in view of Bliss et al US 2013/0007693 A1 (hereinafter Bliss).
As to claim 1, Panasyuk discloses a system for configuring security in an industrial environment, comprising: 
a memory that stores executable components [0045]; 
one or more processors, operatively coupled to the memory, that execute the executable components, the executable components comprising [0045]: 
a design data discovery component configured to read design data (i.e. connectivity model that defines a virtual network) [0014]; 
a model builder component configured to identify devices of the system (i.e. connectivity model that defines a virtual network) [0014], physical network connections between the devices, and communication paths between pairs of the devices based on analysis of the design data, and to generate model data representing the devices, the physical network connections, and the communication paths (i.e. model shows devices, connectivity and paths of communication) [0015];

a device interface component configured to send the one or more security policies to the one or more of the devices, wherein   the one or more security policies are formatted for execution on the respective one or more of the devices to implement a network policy defined by the security rules (i.e. transmitted between server and client) [0062].
Panasyuk does not teach reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system.
Bliss teaches reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system [abstract, 0049, 0079].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk so that design data would have been read from one or more industrial control projected development platforms.  The design data would have been generated in connection with design of an industrial control system.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk by the teaching of Bliss because it can maintain discrete sets of application configuration settings in association with an application project [0001].
As to claim 2, Panasyuk teaches the system of claim 1, wherein the design data comprises at least one of an industrial controller program file, controller I/O configuration data, a human-machine interface application, configuration data for an industrial device, hardware diagram data, or network architecture design data (i.e. configuration data) [0033]. 
As to claim 3, Panasyuk teaches the system of claim 1, wherein the model builder component is configured to identify the communication paths based at least on a subset of the design data comprising I/O module configuration data of an industrial controller, a read instruction of an industrial controller program, a write instruction of the industrial controller program, a global tag defined for the industrial controller, or communication setting data of one or more of the devices (i.e. configuration settings) [0018]. 
As to claim 5, Panasyuk teaches execution of the one or more security policies on the respective one or more of the devices configures respective communication settings or security settings of the respective one or more of the devices to implement the network security policy defined by the security rules (i.e. policies that facilitate communications) [0038].
As to claim 10, Panasyuk discloses a method for configuring network security in an industrial environment, comprising: 
reading, by a system comprising a processor, design data  (i.e. connectivity model that defines a virtual network) [0014]; 
identifying, by the system based on an analysis of the design data, devices of the system (i.e. identify computers) [0014]; 
identifying, by the system based on the analysis of the design data, physical network connections between the devices (i.e. model shows devices, connectivity and paths of communication) [0015]; 
identifying, by the system based on the analysis of the design data, communication paths between pairs of the devices based on analysis of the design data (i.e. model shows devices, connectivity and paths of communication) [0015]; 
generating, by the system, model data representing the devices, the physical network connections, and the communication paths (i.e. model shows devices, connectivity and paths of communication) [0015];
generating, by the system, security rules based on the model data, wherein the security rules define permitted network communications between pairs of the devices (i.e. translate connectivity semantics into firewall rules) [0018];
generating, by the system based on the security rules, one or more security policies that, in response to execution by respective one or more of the devices, cause the respective one or more of the devices to enforce the security rules, wherein generating the one or more security policies comprises formatting the one or more security polices for execution on the respective one or more of the devices (i.e. transmitted between server and client) [0062], wherein the one or more security policies include modifying network addresses or network address ranges of respective devices to enforce the security rules (i.e. control IP address assignment to machines) [0017];
sending, by the system, the one or more security policies to the one or more of the devices (i.e. transmitted between server and client) [0062].
Panasyuk does not teach reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system.
Bliss teaches reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system [abstract, 0049, 0079].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk so that design data would have been read from one or more industrial control projected development platforms.  The design data would have been generated in connection with design of an industrial control system.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk by the teaching of Bliss because it can maintain discrete sets of application configuration settings in association with an application project [0001].
As to claim 11, Panasyuk teaches the method of claim 10, wherein the reading the design data comprises reading at least one of an industrial controller program file, controller I/O configuration data, a human-machine interface application, configuration data for an industrial device, hardware diagram data, or network architecture design data (i.e. configuration data) [0033]. 
As to claim 12, Panasyuk teaches the method of claim 10, wherein the identifying the communication paths comprises identifying the communication paths based on I/O module configuration data of an industrial controller, a read instruction of an industrial controller program, a write instruction of the industrial controller program, a global tag defined for the industrial controller, or communication setting data of one or more of the devices (i.e. configuration settings) [0018]. 
As to claim 13, Panasyuk teaches execution of the one or more security policies on the respective one or more of the devices configures respective communication settings or security settings of the respective one or more of the devices to implement the network security policy defined by the security rules (i.e. configuration settings) [0018]. 
As to claim 18, Panasyuk discloses a non-transitory computer-readable medium having stored thereon executable instructions that, in response to execution, cause a computer system comprising at least one processor to perform operations, the operations comprising: 
reading design data (i.e. connectivity model that defines a virtual network) [0014]; 
identifying, based on an analysis of the design data, devices of the system, physical network connections between the devices, and communication paths between pairs of the devices based on analysis of the design data (i.e. connectivity model that defines a virtual network) [0014]; 
generating model data representing the devices, the physical network connections, and the communication paths (i.e. model shows devices, connectivity and paths of communication) [0015];
generating security rules based on the model data, wherein the security rules define permitted network communications between pairs of the devices (i.e. translate connectivity semantics into firewall rules) [0018];
generating, based on the security rules, one or more security policies that, in response to execution by respective one or more of the devices, cause the respective one or more of the devices to enforce the security rules, wherein generating the one or more security policies comprises formatting the one or more security polices for execution on the respective one or more of the devices (i.e. transmitted between server and client) [0062], wherein the one or more security policies include modifying network addresses or network address ranges of respective devices to enforce the security rules (i.e. control IP address assignment to machines) [0017]; and
sending the one or more security policies to the one or more of the devices (i.e. transmitted between server and client) [0062].
Panasyuk does not teach reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system.
Bliss teaches reading design data from one or more industrial control projected development platforms, wherein the design data is generated in connection with design of an industrial control system [abstract, 0049, 0079].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk so that design data would have been read from one or more industrial control projected development platforms.  The design data would have been generated in connection with design of an industrial control system.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Panasyuk by the teaching of Bliss because it can maintain discrete sets of application configuration settings in association with an application project [0001].
As to claim 19, Panasyuk teaches the non-transitory computer-readable medium of claim 18, wherein the reading the design data comprises reading at least one of an industrial controller program file, controller I/O configuration data, a human-machine interface application, configuration data for an industrial device, hardware diagram data, or network architecture design data (i.e. configuration data) [0033].  
As to claim 20, Panasyuk teaches the non-transitory computer-readable medium of claim 18, wherein the identifying the communication paths comprises identifying the communication paths based on I/O module configuration data of an industrial controller, a read instruction of an industrial controller program that references an industrial device, a write instruction of the industrial controller program that references an industrial device, a global tag defined for the industrial controller that references an industrial device, or communication setting data of one or more of the devices (i.e. configuration settings) [0018]. 
8.  Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk) and Bliss et al US 2013/0007693 A1 (hereinafter Bliss) as applied to claim 1 above, and further in view of Pigott et al US 2015/0004902 A1 (hereinafter Pigott).
As to claim 4, the Panasyuk-Bliss combination does not teach the system of claim 1, wherein the model builder component is configured to identify, based on the design data, whether a communication path is a bi-directional communication path or a one-way communication path, and to record in the model data whether the communication path is the bi-directional communication path or the one-way communication path.
Pigott teaches identify, based on the design data, whether a communication path is a bi-directional communication path or a one-way communication path, and to record in the model data whether the communication path is the bi-directional communication path or the one-way communication path [0062, 0066]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that the model builder component would have been configured to identify, based on the design data, whether a communication path was a bi-directional communication path or a one-way communication path, and to record in the model data whether the communication path was the bi-directional communication path or the one-way communication path.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Pigott because it provides a system that does not require a large amount of space and consume a significant power [0005].
9.  Claims 6 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk) and Bliss et al US 2013/0007693 A1 (hereinafter Bliss) as applied to claims 5 and 13 above, and further in view of Gandhi US 2019/0199752 A1.
As to claim 6, the Panasyuk-Bliss combination does not teach the system of claim 5, wherein the communication settings or security settings comprise at least one of a network address, a security zone participation setting, a security mode setting, a setting specifying a valid inbound connection, a setting specifying a valid outbound connection, enablement of a key-based or certificate-based security protocol, a whitelist identifying devices with which communication is permitted, a network router setting, a network switch setting, or identity of an authoritative policy source. 
Gandhi teaches that a security setting comprises a security mode setting [abstract].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that the security settings would have comprised a security mode setting.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Gandhi because the settings help increase privacy, increase data use efficiency and prevent unauthorized access [0006].
As to claim 14, the Panasyuk-Bliss combination does not teach the method of claim 13, wherein the generating the one or more security policies comprises generating the a security policy to at least one of set a network address, assign a selected subset of the devices to a security zone, set a security mode of one of the devices, set a valid inbound connection for one of the devices, set a valid outbound connection for one of the devices, enable a key-based or certificate-based security protocol for one of the devices, define a whitelist identifying devices with which one of the devices is permitted to communication, configure a network router setting, configure a network switch setting, or specify an authoritative policy source. 
Gandhi teaches that a security setting comprises a security mode setting [abstract].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that the security settings would have comprised a security mode setting.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Gandhi because the settings help increase privacy, increase data use efficiency and prevent unauthorized access [0006].
10.  Claims 7 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk) and Bliss et al US 2013/0007693 A1 (hereinafter Bliss) as applied to claims 1 and 10 above, and further in view of Bush et al US 2017/0214717 A1 (hereinafter Bush).
As to claim 7, the Panasyuk-Bliss combination does not teach that the policy translation component is configured to generate a security policy, of the one or more security policies, directed to a device of the industrial control system based on a translation rule corresponding to a device model or a device vendor of the device.  The Panasyuk-Bliss combination does not teach that the translation rule specifies at least one of a security policy format that is executable by the device or a security setting that is available on the device. 
Bush teaches a policy translation component that is configured to generate a security policy, of the one or more security policies, directed to a device of the industrial control system based on a translation rule corresponding to a device model or a device vendor of the device [0107].  Bush teaches that the translation rule specifies at least one of a security policy format that is executable by the device or a security setting that is available on the device [0107]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that the policy translation component would have been configured to generate a security policy, of the one or more security policies, directed to a device of the industrial control system based on a translation rule corresponding to a device model or a device vendor of the device.  The translation rule would have specified at least one of a security policy format that was executable by the device or a security setting that was available on the device. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Bush because it provides a model tailored to specific devices [0107].
As to claim 15, the Panasyuk-Bliss combination does not teach that the generating the one or more security policies comprises generating a security policy directed to a device based on a translation rule corresponding to a device model or a device vendor of the device.  The Panasyuk-Bliss combination does not teach that the translation rule specifies at least one of a security policy format that is executable by the device or a security setting that is available on the device. 
Bush teaches a policy translation component that is configured to generate a security policy, of the one or more security policies, directed to a device of the industrial control system based on a translation rule corresponding to a device model or a device vendor of the device [0107].  Bush teaches that the translation rule specifies at least one of a security policy format that is executable by the device or a security setting that is available on the device [0107]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that the policy translation component would have been configured to generate a security policy, of the one or more security policies, directed to a device of the industrial control system based on a translation rule corresponding to a device model or a device vendor of the device.  The translation rule would have specified at least one of a security policy format that was executable by the device or a security setting that was available on the device. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Bush because it provides a model tailored to specific devices [0107].
11.  Claims 8 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk) and Bliss et al US 2013/0007693 A1 (hereinafter Bliss) as applied to claims 1 and 10 above, and further in view of Elliott US 2020/0073971 A1.
As to claim 8, the Panasyuk-Bliss combination does not teach the system of claim 1, further comprising a user interface component configured to render, on a graphical display interface, a nodal diagram representing the model data, wherein the nodal diagram comprises nodes representing the devices and lines between the nodes representing the physical network connections and the communication paths. 
Elliott teaches a graphical display interface [0074], a nodal diagram representing the model data, wherein the nodal diagram comprises nodes representing the devices and lines between the nodes representing the physical network connections and the communication paths (i.e. nodal graph) [0074]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that there would have been a user interface component configured to render, on a graphical display interface, a nodal diagram representing the model data, wherein the nodal diagram comprises nodes represented the devices and lines between the nodes representing the physical network connections and the communication paths.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Elliott because it provides an improved method for controlling operation of a computer program that utilizes a machine learning algorithm [0006].
As to claim 16, the Panasyuk-Bliss combination does not teach the method of claim 10, further comprising rendering, by the system on a client device, a nodal diagram representing the model data, wherein the nodal diagram comprises nodes representing the devices and lines between the nodes representing the physical network connections and the communication paths. 
Elliott teaches a graphical display interface [0074], a nodal diagram representing the model data, wherein the nodal diagram comprises nodes representing the devices and lines between the nodes representing the physical network connections and the communication paths (i.e. nodal graph) [0074]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination so that there would have been a user interface component configured to render, on a graphical display interface, a nodal diagram representing the model data, wherein the nodal diagram comprises nodes represented the devices and lines between the nodes representing the physical network connections and the communication paths.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss combination by the teaching of Elliott because it provides an improved method for controlling operation of a computer program that utilizes a machine learning algorithm [0006].
12.  Claims 9 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Panasyuk et al US 2011/0110268 A1 (hereinafter Panasyuk), Bliss et al US 2013/0007693 A1 (hereinafter Bliss) and Elliott US 2020/0073971 A1 as applied to claims 8 and 16 above, and further in view of Gardner U.S. Patent No. 10,674,399 B2.
As to claim 9, the Panasyuk-Bliss-Elliott combination does not teach that the user interface component is further configured to receive, via interaction with the graphical display interface, modifications to at least one of the communication paths.  The Panasyuk-Bliss-Elliott combination does not teach that the model builder component is configured to update the model data in accordance with the modification. 
Gardner teaches adjust routing path characteristics [column 15, lines 51-67].  Gardner teaches the model builder component is configured to update the model data in accordance with the modification [column 15, lines 34-50]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss-Elliott combination so that the user interface component would have been further configured to receive, via interaction with the graphical display interface, modifications to at least one of the communication paths.  The model builder component would have been configured to update the model data in accordance with the modification. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss-Elliott combination by the teaching of Gardner because it helps avoid inefficient routing and sizable losses of data [column 2, lines 13-19].
As to claim 17, the Panasyuk-Bliss-Elliott combination does not teach receiving, by the system via interaction with the graphical display interface, modifications to at least one of the communication paths.  The Panasyuk-Bliss-Elliott combination does not teach updating, by the system, the model data in accordance with the modification. 
Gardner teaches adjust routing path characteristics [column 15, lines 51-67].  Gardner teaches the model builder component is configured to update the model data in accordance with the modification [column 15, lines 34-50]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss-Elliott combination so that the user interface component would have been further configured to receive, via interaction with the graphical display interface, modifications to at least one of the communication paths.  The model builder component would have been configured to update the model data in accordance with the modification. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Panasyuk-Bliss-Elliott combination by the teaching of Gardner because it helps avoid inefficient routing and sizable losses of data [column 2, lines 13-19].
Relevant Prior Art
13.  The following references have been considered relevant by the examiner:
A.  Golan et al US 2020/0099721 A1 directed to protecting an organization from security threats including data breaches, unauthorized access, malware, and the like [0001].
B.  Leap et al US 2019/0342340 A1 directed to configuring a security policy for an enterprise within an enterprise security management tool [abstract].
C.  Lang et al US 2015/0269383 A1 directed to managing security policies with an information technology system [0003].
Conclusion
14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793.  The examiner can normally be reached on M-F 7:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492