Remarks
Claims 1-21 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The claims include subject matter that does not have patentable weight, such as conditional/optional subject matter that is not required by the claims.  For example, in claim 15, a recommendation only need be presented “when a security group for the application type does not exist”, but the security group may always exist meaning that this claim step does not need to occur and, thus, cannot have patentable weight.  Other independent claims include similar issues.  Some dependent claims have the same issue as well.  

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims fail to include any physical elements.  Claim 1 is directed to an apparatus comprising a deep packet inspector, a security controller, and a user interface, however, none of these elements need be physical.  In order to be statutory as a machine/apparatus, the machine/apparatus must differentiate itself based on physical components, of which claim 1 includes none.  None of claims 2-7 fix this issue and they are rejected for the same reasons.  
Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) analyzing network communications, determining a type and a group, and presenting a recommendation, which comprises an abstract idea, similar to Classen, CyberSource, FairWarning, and Int. Ventures v. Cap One Financial, as examples. This judicial exception is not integrated into a practical application because any additional elements (e.g., a deep packet inspector, a security controller, and a user interface in claim 1) are at best generic computer elements that do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer (or in a virtual environment, as explained above). The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements simply implement the abstract idea and perform well-understood, routine, conventional computer functions as recognized by the court decisions listed in MPEP 2106.05(d).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar (U.S. Patent Application Publication 2017/0126677) in view of Prafullchandra (U.S. Patent Application Publication 2017/0230419).  
Regarding Claim 1,
Kumar discloses an apparatus comprising:
A deep packet inspector to analyze a network communication from a virtual machine in a network environment to determine an identifier of an application (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; analyzing request from VMs and determining IDs therefor, for example);
A security controller to determine an application type executing on the virtual machine (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; application type may be primary user, secondary user, authorization, encryption, malware detection, anti-virus, security, publisher, name, role, or the like, as examples) and 
Determine if a security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; determining if application/VM is in a group, for example); and

But does not explicitly disclose that the network environment is a software defined network environment and a recommendation to create the security group.  
Prafullchandra, however, discloses an apparatus comprising:
A deep packet inspector to analyze a network communication in a software defined network environment to determine an identifier of an application (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures; intercepting and analyzing requests including ID, IP address, name, or the like, as examples);
A security controller to determine an application type executing on the virtual machine (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures; application/resource type, attributes, role, and the like, as examples) and 
Determine if a security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; determining if classification, category, or the like, is present for this, for example); and
A user interface to present a recommendation to create a security group for the application type when a security group for the application type does not exist (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures; suggesting category that administrator can then verify and define a specific mapping using the suggested category, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the harmonized governance techniques of Prafullchandra into the context-based authorization system of Kumar in order to free administrators from having to understand and be conversant in different syntaxes for every environment, to allow for the system to make suggestions to be taken (or not taken) by an administrator, to provide for multiple different access control techniques, to incorporate additional attributes into security considerations, and/or to increase security in the system.  
Regarding Claim 8,
Claim 8 is a medium claim that corresponds to apparatus claim 1 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a method claim that corresponds to apparatus claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the security controller is further to add the virtual machine to the security group when the security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; adding VM to group, for example); and
Prafullchandra discloses that the security controller is further to add the virtual machine to the security group when the security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 9,
Claim 9 is a medium claim that corresponds to apparatus claim 2 and is rejected for the same reasons.  
Regarding Claim 16,
Claim 16 is a method claim that corresponds to apparatus claim 2 and is rejected for the same reasons.  
Regarding Claim 3,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector is to determine an application identifier associated with the application (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector is to determine an application identifier associated with the application (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 10,
Claim 10 is a medium claim that corresponds to apparatus claim 3 and is rejected for the same reasons.  
Regarding Claim 17,
Claim 17 is a method claim that corresponds to apparatus claim 3 and is rejected for the same reasons.  
Regarding Claim 4,
Kumar as modified by Prafullchandra discloses the apparatus of claim 3, in addition, Kumar discloses that the deep packet inspector is to retrieve the application identifier from the network communication while the network communication is processing by a firewall (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector is to retrieve the application identifier from the network communication while the network communication is processing by a firewall (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 11,
Claim 11 is a medium claim that corresponds to apparatus claim 4 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a method claim that corresponds to apparatus claim 4 and is rejected for the same reasons.  
Regarding Claim 5,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector is to analyze a further network communication from the virtual machine when the network communication is from a new session (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector is to analyze a further network communication from the virtual machine when the network communication is from a new session (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 12,
Claim 12 is a medium claim that corresponds to apparatus claim 5 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a method claim that corresponds to apparatus claim 5 and is rejected for the same reasons.  
Regarding Claim 6,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector is implemented within a network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector is implemented within a software defined network (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 13,
Kumar as modified by Prafullchandra discloses the medium of claim 8, in addition, Kumar discloses that the network communication is transferred within a network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the network communication is transferred within a software defined network (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 20,
Claim 20 is a method claim that corresponds to medium claim 13 and is rejected for the same reasons.  

Claims 7, 14, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Prafullchandra and DeCusatis (U.S. Patent Application Publication 2015/0169345).
Regarding Claim 7,
Kumar discloses a software forwarding element to implement an element for transferring traffic including the network communication within the network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses a software forwarding element to implement an element for transferring traffic including the network communication within the software defined network (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures);
But does not explicitly reference a virtual switch.  
DeCusatis, however, discloses a software forwarding element to implement a virtual switch for transferring traffic including the network communication within the software defined network (Exemplary Citations: for example, Abstract, Paragraphs 5, 12, 15, 17, 19, 21-24, 31-33, and associated figures; SDN virtual switch forwarding network communications, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the virtual switch of DeCusatis into the context-based authorization system of Kumar as modified by Prafullchandra in order to allow the system to use switch between VMs on a single host or multiple hosts, to ensure that the SDN’s controllers can find destination VMs, and/or to ensure that all communications can be properly routed.  
Regarding Claim 14,
Claim 14 is a medium claim that corresponds to apparatus claim 7 and is rejected for the same reasons.  
Regarding Claim 21,
Claim 21 is a method claim that corresponds to apparatus claim 7 and is rejected for the same reasons.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215.  The examiner can normally be reached on Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Jeffrey D. Popham/Primary Examiner, Art Unit 2432