DETAILED ACTION

The present application is being examined under the pre-AIA  first to invent provisions. 

General Remarks
-Claims 1, 8 and 15 are independent
-Claims 1-20 are pending
-Previous IDS filed 08/12/2020 has been considered

Response to Arguments
Applicant’s arguments, filed 06/29/2021, with respect to the rejection(s) of claim(s) 1, 8 and 15 under the combination of prior arts have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Bottorf (US pg. no. 20210044445).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 4-9, 11-16, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wang (US pg. no. 20170250951), further in view of Pillay (US pg. no. 20180343236), further in view of Bottorf (US pg. no. 20210044445).
Regarding claim 1.  Wang discloses a computer-implemented method comprising:
		receiving service instructions from a client (fig. 1, client device 110) regarding a network function at a network element ([0012] firewall, the function of the firewall corresponds to function), the service instructions including a table of network policies and rules ([0022] discloses process 300 begins with receiving input defining a firewall policy (service instruction)for a subnet of network devices currently deployed within a communications network (operation 302; [0023] discloses a user (client) may provide input for a firewall policy that describe how network traffic may be managed (rules and network policies); [0012] discloses A firewall policy represents as set of rules and/or instructions that identify how a firewall should behave.  In some instances, a firewall may implement a policy with a set of rules, and in other instances, a firewall may implement a set of policies that are highly complex involving thousands of rules; [0018] discloses the dynamic firewall controller 102 (network element) may process any input defining firewall policies passed from the Portal (client) to the dynamic firewall controller 102 and automatically; [0016] discloses firewall configurations and policies, accessible and definable through the Portal may be driven by a resource database 103 and/or a customer database 105 (table).  Stated differently, the resource database 103 may store firewall polices as database records having fields that reference specific firewall configurations).
receiving data from a first edge node of a network fabric ([0027] discloses newly configured firewall is used to manage network traffic to and from the network components (edge nodes) of the subnet (operation 306));
		processing the data received from the first edge node according to the service instructions regarding the network function ([0027] Referring again to FIG. 3, the newly configured firewall is initialized and/or activated in accordance with the new configurations and subsequently used to manage network traffic to and from the network components of the subnet (operation 306). More specifically, the dynamic firewall controller automatically begins to manage network traffic to and from the subnets 204, 206 and 208 to ensure network traffic is in compliance with the updated firewall policy (processing according to service instruction); 
		But, Wang does not explicitly disclose:
		providing the processed data to a second edge node of the network fabric based on the service instructions;
		However, in the same field of endeavor, Pillay discloses providing the processed data to a second edge node of the network fabric based on the service instructions ([0128-0129]; fig. 10, 1003-1009 discloses using firewall policy and rule to process and steer data).
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Pillay. The modification would allow access control system that permits only traffic associated with the rules and policy stored to enable effective control of access to resources to ensure a more secured system.

		Wherein the service instructions include instructions for implementing topology agnostic security functions outside of a data path of the data received from the first edge node; 
		However, in the same field of endeavor, Bottorff discloses Wherein the service instructions include instructions for implementing topology agnostic security functions outside of a data path of the data received from the first edge node ([0035] discloses in an example, the policy manager 102 implements Group-Based Policy ("GBP"), which simplifies access control by assigning topology independent policy (topology agnostic security function) identifiers to identify one or more groups of endpoints, i.e., one or more endpoint groups, having a common network forwarding policy. The policy identifiers are referred to as endpoint group policy identifiers ("EPG IDs"). In an example, the EPG IDs are independent of the particular topology of the network in which the EPG IDs are used. For instance, being topology independent, the EPG IDs do not indicate location within the network 100. In a particular example, each endpoint group is identified by a unique 16-bit EPG ID value).
		Therefore, it would have been obvious at the time of the invention was effectively filed to combine the teaching of the combination with Bottorf. The modification would allow implementing access control on communications that are independent of network topology or location. The modification would allow ensuring security on networks that are unknown to the network user.		
		Regarding claim 2.    The combination discloses the computer-implemented method of claim 1.
wherein the service instructions includes instructions for redirecting network traffic ([0023] discloses a user may provide input for a firewall policy (service instruction) that relates to one or more ports, communication protocols, or services, among other alternatives that describe how network traffic may be managed…the firewall policy may block a port, adjust a communication protocol, apply one or more security settings (security functions)).
Regarding claim 4.    The combination discloses computer-implemented method of claim 1, wherein the network element is at least one of a fabric border node of the network fabric or a firewall ([0027] Referring again to FIG. 3, the newly configured firewall is initialized and/or activated in accordance with the new configurations).
		Regarding claim 5.    The combination discloses computer-implemented method of claim 1.
		Wang discloses, further comprising providing instructions to routers of the network fabric based on the service instructions regarding the network function ([0018] discloses the NCS 112 includes logic for configuring various aspects of the routers and switches of a subnet (or otherwise) that may require configuration in accordance with the firewall policy (service instruction).  For example, if the firewall policy involves a subnet, the firewall policy may include configurations for router that defines an Address, network ID, subnet ID, subnet mask, and the like, any of which may be needed to manage network traffic to and from the subnet).
Regarding claim 6.    The combination discloses computer-implemented method of claim 1.
providing the data from the first edge node of the network fabric to a firewall designated in the service instructions (fig. 2 discloses each subnet has a firewall as a gateway (edge node). The communication between subnets comprise accessing policy and rule of the firewall to direct traffic to the right firewall of the subnet).
		Regarding claim 7.    The combination discloses computer-implemented method of claim 6, wherein the firewall applies security functions included in the service instructions ([0023] discloses the firewall policy may open a specific series of ports to enable various computing components of a subnet to communicate with a network service using the ports.  As yet another example, the firewall policy may apply one or more security settings (security functions); [0021] discloses the customer may implement a firewall policy that re-routes the detected traffic to a predetermined network, such as a honey net (security service), for analysis or other actions.  To manage such firewall configurations, the customer may interact with the client devices 104-110 (illustrated in FIG. 1) to access the Portal and provide firewall policy configurations to the dynamic firewall controller 102.  For example, the customer may interact with the client devices 104-110 to implement configurations that automatically block traffic from the malicious 
domain).
		Regarding claim 8, the combination discloses a system comprising: one or more processor (fig. 1, 103 firewall controller); and 
		At least one computer-readable storage medium having stored therein instructions (fig. 1, 103 firewall controller the storage corresponds to storage storing computer 
		All other limitations of claim 8 are similar with the limitations of claim 1 above. Claim 8 is rejected on the analysis of claim 1 above.
		Regarding claim 9, the combination discloses the system of claim 8.
		All other limitations of claim 9 are similar with the limitations of claim 2 above. Claim 9 is rejected on the analysis of claim 2 above.
		Regarding claim 11, the combination discloses the system of claim 8.
		All other limitations of claim 11 are similar with the limitations of claim 4 above. Claim 9 is rejected on the analysis of claim 4 above.
		Regarding claim 12, the combination discloses the system of claim 8.
		All other limitations of claim 12 are similar with the limitations of claim 5 above. Claim 12 is rejected on the analysis of claim 5 above.
		Regarding claim 13, the combination discloses the system of claim 13.
		All other limitations of claim 13 are similar with the limitations of claim 6 above. Claim 13 is rejected on the analysis of claim 6 above.
		Regarding claim 14, the combination discloses the system of claim 8.
		All other limitations of claim 14 are similar with the limitations of claim 7 above. Claim 14is rejected on the analysis of claim 7 above.
Regarding claim 15, the combination discloses a non-transitory computer-readable storage medium comprising:
instructions stored on the non-transitory computer-readable storage medium, the instructions, when executed by one or more processors (fig. 1, 102 dynamic firewall controller), cause the one or more processors to:
All other limitations of claim 15 are similar with the limitations of claim 1 above. Claim 15 is rejected on the analysis of claim 1 above.
		Regarding claim 16, the combination discloses non-transitory computer readable storage medium of claim 15.
		All other limitations of claim 16 are rejected on the analysis of claim 2 above.
		Regarding claim 18, the combination discloses non-transitory computer readable storage medium of claim 15.
		All other limitations of claim 18 are rejected on the analysis of claim 4 above.
		Regarding claim 19, the combination discloses non-transitory computer readable storage medium of claim 15.
		All other limitations of claim 19 are rejected on the analysis of claim 5 above.
		Regarding claim 20, the combination discloses non-transitory computer readable storage medium of claim 15.
Wang discloses wherein the instructions, when executed by one or more processors, cause the one or more processors to provide the data from the first edge node of the network fabric to a firewall designated in the service instructions (fig. 2 discloses each subnet has a firewall as a gateway (edge node). The communication between subnets comprise accessing policy and rule of the firewall to direct traffic to the right firewall of the subnet), wherein the firewall applies security functions included in the service instructions ([0023] discloses the firewall policy may open a specific series of ports 
domain).
Claim 3, 10 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over The combination of Wang (US pg. no. 20170250951), Pillay (US pg. no. 20180343236) and Bottorf (US pg. no. 20210044445), further in view of Phillips (US pg. no. 20190173845).
		Regarding claim 3, the combination discloses the computer-implemented method of claim 1.
		But, the combination does not explicitly disclose:
		wherein the table of network policies and rules further includes at least one of ingress information, or egress information;
		However, in the same field of endeavor, Phillips discloses wherein the table of network policies and rules further includes at least one of ingress information, or egress information ([0061] The policy generation component 302 can also receive user input information (e.g., via the user portal 223) defining one or more variables of the firewall 
		Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Phillips. The modification would allow including directional parameters of the traffic in rules and policy information of access control to effectively steer traffic to authorized network elements for ensuring a secured communication.
		Regarding claim 10, the combination discloses the system of claim 8.
		All other limitations of claim 10 are similar with the limitations of claim 3 above. Claim 10 is rejected on the analysis of claim 3 above.
		Regarding claim 17, the combination discloses non-transitory computer readable storage medium of claim 15.
		All other limitations of claim 17 are rejected on the analysis of claim 3 above.










Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MESSERET F GEBRE whose telephone number is (571)272-8272.  The examiner can normally be reached on M-F 9:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-2701684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published 






/MESSERET F GEBRE/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445                                                                                                                                                                                                        07/06/2021