Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 16/171,198 filed on 10/25/2018. Claims 1-20 are pending in this communication.

Examiner’s Note
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been 02/05/2021 has been entered.

Response to Arguments
Applicant's arguments filed 02/05/2021 have been fully considered.
Applicant’s Argument:
The claims are not concerned with the dynamic properties of network traffic. Accordingly, claims 1 and 11 are amended to recite " ... applying textual context to the common or standard terms ... " As presently understood, Porras fails to disclose "textual context" as recited and employed in the claims. Correspondingly, Porras fails to disclose use of the combination of textual context + common or standard terms to identify a data protection policy that corresponds to the intention of the user.
Examiner’s response:
These arguments have been respectfully considered and the following rejection addresses them with new reference of KUMAR; Arun et al. (US 2020/0273449 A1). PORRAS does applies keyphrases terms in the context of security policy {[0098], “In block 616, the system 100 extracts network security-related key words or phrases ( e.g., keyphrases 330) from the NL input received in block 610 or NL speech converted to NL text in block 614, as the case may be. To do this, the system 100 accesses and applies network security domain specific rules, templates, or data relationships implemented as an ontology, for example, to identify and extract key phrases of the input that are meaningful in the context of computer network security”}. Further, KUMAR discloses “common or standard terms” {[0101], “The system can search translations of the text keyword or translation of synonyms of the text keyword (with the help of standard translation or synonym dictionary) in the speech data. The system also enables search of arbitrary (out of vocabulary) text queries”} and PORRAS applies common or standard terms as keyphrases within the context of security policy.

Proposed Allowable Subject Matter
The examiner finds allowable subject matter in specification paragraph [0014] “(user) intentions are ascertained and are taken into account, along with external parameters such as the industry they are in, and the regulatory requirements of that industry, a more accurate estimation of the required policy can be deduced and then automatically be applied to the protected entity”. The cited limitation content from [0014] can be written in independent form into both independent claims 1 & 11. Current dependent claims are broad in the context of [0014]. The examiner may be available to review the amended claims before filing if the applicant see helpful.
Thus the prior art, when considered individually and in combination, do not teach or suggest the subject matter as recited by 1 & 11, and thereby claims 1 & 11 are considered allowable. The dependent claims which further limit claims 1 & 11 also are allowable by virtue of their dependency. 

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over PORRAS; Phillip A. et al., Pub. No.: US 2016/0219048 A1 in view of KUMAR; Arun et al., Pub. No.: US 2020/0273449 A1.

Regarding Claim 1, PORRAS discloses a method, comprising:
receiving user input concerning protection for data generated and/or stored {TABLE 1: “interpreted based on a predefined library or dynamically defined and stored lexicon.” … [0035], “the network-executable actions 132 produced by the network security management system 110 can, for example, add, modify, or delete flow rules stored in the local flow tables 162, e.g., to improve the security of the network 150”} by an entity {Fig. 1 elements 160, 170 & [0033], “the illustrative network 150 includes a plurality of network switching devices 160 (e.g., switch 1, switch 2, switch "N," where "N'' is a positive integer) and a plurality of nodes 170. The network switching devices 160 each may be embodied as, for example, a switch, a router, a load balancer, a learning switch”. Examiner’s note: a network element or device (Fig. 1 network elements within network 150, such as switch 160, flow table (162), node (170) are all examples of “entity”}, wherein the user input is in the form of written input and/or audio input {Fig. 1 & [0026], “one or more of the user interface device(s) 104 includes audio input and output devices capable of capturing and recording human conversational spoken natural language input” … Fig. 6 & [0097], “method 600 for handling natural language dialog input relating to computer network security. ...  or if the input received in block 610 does not contain speech (e.g., includes only natural language dialog in text form, as may be input during an online chat session), the system 100 proceeds to block 616”};
when the user input comprises audio input, translating the audio input into text {[0097], “If the input received in block 610 includes speech, the system 100 converts the natural language speech to natural language text, in block 614”};
determining an intention of the user with respect to a particular nature of data protection to be used to protect the data generated and/or stored by the entity {[0100], “Initiation or implementation of the directive created in block 620 may involve, in block 624, executing one or more queries, analyzing the current network context 144, analyzing network event indicators 146, analyzing impact assessment data 148, or implementing one or more network executable actions 132. For instance, in block 626 the system 100 may perform a network impact analysis of a requested network-executable action 132 and provide the results of the network impact analysis to the user by returning to blocks 622 and 630, prior to implementing the network-executable action 132”.  … [0120], “A machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computing device or a "virtual machine" running on one or more computing devices). Examiner’s note: user’s voice query for an impact analysis before an action is intentions or goal of the user} by:
…
applying textual context {[0098], “In block 616, the system 100 extracts network security-related key words or phrases ( e.g., keyphrases 330) from the NL input received in block 610 or NL speech converted to NL text in block 614, as the case may be. To do this, the system 100 accesses and applies network security domain specific rules, templates, or data relationships implemented as an ontology, for example, to identify and extract key phrases of the input that are meaningful in the context of computer network security”} to … [ data];
identifying, using the textual context and the … [ data], a data protection policy that best corresponds to the intention of the user concerning protection for the data {[0055], “The network context evaluation module 212 may select applicable network policies 228 based on criteria that match, e.g., the current network activity data 140, the IP reputation data 224, and/or the network role data 226.” … Fig. 1 & [0049], “network security subsystem 130 is embodied as one or more components or modules that translate the network security initiatives 124 to network-executable actions 132 or security policy updates 134”}; and
applying the data protection policy to the entity {Fig. 1 element 132 –‘network executable actions’}; and
executing the data protection policy so that the data generated and/or stored by the entity is protected as provided by the data protection policy {[0055], “the network context evaluation module 212 may apply a matching threshold and/or duration to the applicable security policies 228”}.
PORRAS, however, does not explicitly disclose
translating the text to common or standard terms; and

translating the text to common or standard terms {[0101], “The system can search translations of the text keyword or translation of synonyms of the text keyword (with the help of standard translation or synonym dictionary) in the speech data. The system also enables search of arbitrary (out of vocabulary) text queries”}; 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify PORRAS’s technique of ‘processing user input data voice or text, determining the data input intentions and applying data protection policy to prevent data intrusion during voice recognizable digital applications’ for ‘a technique of translating user input data into standard or most used terms’, as taught by KUMAR, in order to protect a user’s voice or text data from malicious intentions. The motivation of intrusion prevention systems to control the access to an IT voice or text based chat network and protect it from abuse and attack. These systems are designed to monitor intrusion data and take the necessary action to prevent an attack from developing.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 2, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein application of the data protection policy to the entity is performed automatically {PORRAS: [0047], “the system 110 may be configured to automatically intercept certain network security initiatives 124 and perform a network impact analysis on each intercepted network security initiative 124 before the initiative 124 is implemented by the network 150”. … Fig. 1 elements 144, 146, 130, 132 & [0062], “The NL dialog subsystem 190 and/or components of the network security subsystem 130, described below, translates these high-level user requests into digital directives that specify the user-requested network reconfigurations in a form that is actionable by one or more components of the network 150”. Examiner’s note: the system 110 is implemented automatically where context (144), event (146), policy updates (134) are applied to decide which data protection will be applied}.

Regarding Claim 3, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein when the user input comprises written input, the method further comprises translating the written input into text {PORRAS: [0097], “if the input received in block 610 does not contain speech (e.g., includes only natural language dialog in text form, as may be input during an online chat session), the system 100 proceeds to block 616” … [0098],” In block 616, the system 100 extracts network security-related key words or phrases (e.g., keyphrases 330) from the NL input received in block 610 or NL speech converted to NL text in block 614, as the case may be”}.

Regarding Claim 4, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein identifying the data protection policy comprises correlating the intention of the user, as captured in the user input, with one or more of a company policy, a repository of regulatory policies, or a repository of industry best practices {PORRAS: Fig. 2 & [0057], “A policy 228 may specify a response to be generated when matching traffic is encountered. The response may include any directive, command, handling decision, or other action to enforce the network security policy”. Examiner’s note: when a security policy is verified with events like ‘directives’ and or ‘handling decision’ that is ‘cross-referencing’. ‘Correlating’ and ‘cross referencing’ have same meaning}.

Regarding Claim 5, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein determination of the intention of the user with respect to data protection for the entity is performed automatically {PORRAS: [0047], “the system 110 may be configured to automatically intercept certain network security initiatives 124 and perform a network impact analysis on each intercepted network security initiative 124 before the initiative 124 is implemented by the network 150”. … Fig. 1 elements 144, 146, 130, 132 & [0062], “The NL dialog subsystem 190 and/or components of the network security subsystem 130, described below, translates these high-level user requests into digital directives that specify the user-requested network reconfigurations in a form that is actionable by one or more components of the network 150”. Examiner’s note: the system 110 is implemented automatically where }.

Regarding Claim 6, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein determination of the intention of the user with respect to data protection for the entity is performed by one or more of natural language processing, natural language understanding, or artificial intelligence {PORRAS: Fig. 3 & [0067], “In the case of spoken natural language inputs, the automated speech recognition (ASR) subsystem 320 processes the natural language speech input 307 using a language model 322, and generates a machine-readable version of the user's speech (and/or speech patterns) that can be further analyzed and processed by the network security keyphrase extraction module 326 and other modules of the NL dialog subsystem 190”}.

Regarding Claim 7, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
receiving input concerning a definition of the entity {PORRAS: Fig. 1 elements 160, 170 & [0033], “the illustrative network 150 includes a plurality of network switching devices 160 (e.g., switch 1, switch 2, switch "N," where "N'' is a positive integer) and a plurality of nodes 170. The network switching devices 160 each may be embodied as, for example, a switch, a router, a load balancer, a learning switch”. Examiner’s note: a network element or device (Fig. 1 network elements within network 150, such as switch 160, flow table (162), node (170) are all }.

Regarding Claim 8, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein the user input comprises (i) input concerning the purpose of the entity and/or (ii) input concerning the relative importance of the entity {PORRAS: [0059], “As a result of its evaluation of the current network context 144, the network context evaluation module 212 may identify one or more network events in accordance with the role data 226, conflicts data 136, and/or policies 228” … which indicates that the event is currently of lower priority. As the current network context 144 evolves over time, the network context evaluation module 212 may reassess the identified network event according to the new context 144 and may increase the priority of the network event and then output a corresponding network event indicator 146 at that time” … [0060], “Such data may include, for example, node and/or flow identifying information (e.g., IP addresses, MAC addresses) identifying nodes and/or flows affected or predicted to be affected by a threat or infection, threat or infection indicators (e.g., the type of threat or infection), threat or infection severity or priority indicators, and/or other data”. Examiner’s note: as shown in Fig. 1, user input (104) is processed, context (144) are evaluated and data is fed into network security subsystem (130) for network executable actions (132). Priorities indicate importance of an action for an event on an entity}.

Regarding Claim 9, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
wherein the data protection policy is automatically assigned to the entity {PORRAS: [0081], “The illustrative security initiative translator module 410 analyzes the network security initiatives 124 produced by the user interface subsystem 836 and generates one or more network-executable actions 132 configured to implement the network security initiatives 124 on the network 150 and/or security policy updates 134”. Examiner’s note: as mentioned before all activities inside Fig. 1 block 110 are automatically [0033] implemented after receiving user’s voice instructions}.

Regarding Claim 10, PORRAS & KUMAR discloses all the features of claim 1 and the combination further discloses
modifying or deleting a data protection policy, based on additional user input {PORRAS: [0035], “the network-executable actions 132 produced by the network security management system 110 can, for example, add, modify, or delete flow rules stored in the local flow tables 162, e.g., to improve the security of the network 150”. Examiner’s note: as mentioned before all activities inside Fig. 1 block 110 are automatically [0033] implemented after receiving user’s voice instructions which includes modification of an entity like flow table}.

Regarding claim 11, claim 11 is claim to a non-transitory storage medium using the method of claim 1. Therefore, claim 11 is rejected for the reasons set forth for claim 1. PORRAS further discloses
A non-transitory storage medium having stored therein computer executable instructions which, when executed by one or more hardware processors {[0097], “method 600 may be embodied as computerized programs, routines, logic, and/or instructions of the computing system 100, e.g., hardware, firmware, software or a combination” … [0106], “The illustrative computing device 810 includes at least one processor 812 (e.g. a microprocessor, microcontroller, digital signal processor, etc.), memory 814, and an input/output (I/O) subsystem 816 “}, …

Regarding claim 12, claim 12 is a dependent claim of claim 11, claim 12 is claim to non-transitory storage medium using the method of claim 2. Therefore, claim 12 is rejected for the reasons set forth for claim 2.

Regarding claim 13, claim 13 is a dependent claim of claim 11, claim 13 is claim to non-transitory storage medium using the method of claim 3. Therefore, claim 13 is rejected for the reasons set forth for claim 3.

Regarding claim 14, claim 14 is a dependent claim of claim 11, claim 14 is claim to non-transitory storage medium using the method of claim 4. Therefore, claim 14 is rejected for the reasons set forth for claim 4.

Regarding claim 15, claim 15 is a dependent claim of claim 11, claim 15 is claim to non-transitory storage medium using the method of claim 5. Therefore, claim 15 is rejected for the reasons set forth for claim 5.

Regarding claim 16, claim 16 is a dependent claim of claim 11, claim 16 is claim to non-transitory storage medium using the method of claim 6. Therefore, claim 16 is rejected for the reasons set forth for claim 6.

Regarding claim 17, claim 17 is a dependent claim of claim 11, claim 17 is claim to non-transitory storage medium using the method of claim 7. Therefore, claim 17 is rejected for the reasons set forth for claim 7.

Regarding claim 18, claim 18 is a dependent claim of claim 11, claim 18 is claim to non-transitory storage medium using the method of claim 8. Therefore, claim 18 is rejected for the reasons set forth for claim 8.

Regarding claim 19, claim 19 is a dependent claim of claim 11, claim 19 is claim to non-transitory storage medium using the method of claim 9. Therefore, claim 19 is rejected for the reasons set forth for claim 9.

Regarding claim 20, claim 20 is claim to a system using the non-transitory storage medium of claim 11. Therefore, claim 20 is rejected for the reasons set forth for claim 1. PORRAS further discloses
wherein the operations further comprise assigning the data protection policy to the entity, and assignment of the data protection policy {[0081], “The illustrative security initiative translator module 410 analyzes the network security initiatives 124 produced by the user interface subsystem 836 and generates one or more network-executable actions 132 configured to implement the network security initiatives 124 on the network 150 and/or security policy updates 134”. Examiner’s note: as mentioned before all activities inside Fig. 1 block 110 are automatically [0033] implemented after receiving user’s verbal instructions} and application of the protection policy, are performed automatically {[0047], “the system 110 may be configured to automatically intercept certain network security initiatives 124 and perform a network impact analysis on each intercepted network security initiative 124 before the initiative 124 is implemented by the network 150”. … Fig. 1 elements 144, 146, 130, 132 & [0062], “The NL dialog subsystem 190 and/or components of the network security subsystem 130, described below, translates these high-level user requests into digital directives that specify the user-requested network reconfigurations in a form that is actionable by one or more components of the network 150”. Examiner’s note: the system 110 is implemented automatically where context (144), event (146), policy updates (134) are applied to decide which data protection will be applied. The examiner interprets that prior to applying the security policy, the security policy is mapped to an entity to an action by network security subsystem 130 before applying the policy in step 132}.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Examiner, Art Unit 2491