DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim status in the amendment received on 6/21/2021:
Claims 1, 13, 15 and 17 have been amended.
Claims 1-8, 10-15 and 17-19 are pending.
Response to Amendments
Applicant’s amendments have been considered and in response to the amendments:
The previous claim objections have been withdrawn.


Response to Arguments
Applicant’s arguments have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.




Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement.  See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994)
The disclosure of the prior-filed application, Application No. 16023284, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for claims 1-8, 10-15 and 17-19 of this application.  
The features claimed, for example translating the segmentation rule and simulating the segmentation policy, as recited at least in the independent claims 1, 13 and 17, are not supported by the prior application. 
Accordingly, claims 1-8, 10-15 and 17-19 are not entitled to the benefit of the prior application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1, 4-8, 10, 13, 15, 17 and 19  is/are rejected under 35 U.S.C. 103 as being unpatentable over  Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Singh et al. (Pub. No.: US 20070157286 A1).
As to claim 1, Goldschlag teaches a method comprising: accessing a segmentation policy (paragraph [0097], “…The policy management points either allocate one or more aspects of the federated policy to one or more policy enforcement points…”); 
determining a segmentation rule based on the segmentation policy (paragraph [0098], i.e. determining a policy element), wherein the segmentation rule is based on a characteristic of an entity determined without the use of an agent (paragraph [0098], “…characteristics, or capabilities of the policy enforcement point(s)…”, no agent is being used); 
determining an enforcement point associated with the segmentation rule, wherein the enforcement point is communicatively coupled to the network (paragraph [0101]);
translating the segmentation rule into a configuration associated with the enforcement point (paragraph [0101]); 
communicating the configuration to the enforcement point (paragraph [0101]).
Goldschlag does not explicitly teach simulating the policy and monitoring network traffic for policy violation.
However, in the same field of endeavor (computer network management) Singh teaches 
simulating a segmentation policy against network traffic of a network to identify a violation of the segmentation policy based on the network traffic (paragraphs [0025], [0028] and abstract); monitoring network traffic for a violation of the segmentation policy resulting from the configuration at the enforcement point (paragraph [0025], i.e. monitoring the test traffic to determine enforcement or lack of enforcement of the policies and paragraph [0004]).
Based on Goldschlag in view of Singh, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate simulating the policy and monitoring network traffic for policy violation (taught by Singh) with configuring and deploying network policies (taught by Goldschlag) in order to ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]).
As to claim 4, Goldschlag teaches detecting the enforcement point being communicatively coupled to the network (paragraph [0101]).
As to claim 5, Goldschlag teaches wherein the configuration associated with the enforcement point comprises at least one of an access control list (ACL), a firewall command, or rule or a cloud packet filtering ACL (paragraph [0148], teaches at least a rule).
As to claim 6, Goldschlag teaches wherein the communicating the configuration to the enforcement point comprises using at least one of an application programming interface (API), command line interface (CLI), or a simple network management protocol (SNMP) interface (paragraph [0101], “…communicating it to the policy enforcement point(s)..”, teaches at least API).
wherein the enforcement point is at least one of a firewall, a router, a switch, a portion of cloud infrastructure, hypervisor, software-defined networking (SDN) controller, or virtual firewall (paragraph [0168], “…such as a network firewall…”).
As to claim 8, Goldschlag teaches accessing configuration information from the enforcement point (paragraphs [0098], “identification, attributes, characteristics, or capabilities of the policy enforcement point(s)”); translating the configuration information of the enforcement point into a portion of a segmentation policy (paragraph [0101]); and storing the portion of the segmentation policy (paragraph [0101], i.e. at the enforcement point).
As to claim 10, Goldschlag teaches wherein the characteristic of the entity is based on determining at least one of a classification of the entity or an identification of the entity (paragraphs [0098]).
As to claim 13, Goldschlag taches a system comprising: a memory; and a processing device, operatively coupled to the memory (paragraph [0013]), to: access a segmentation policy (paragraph [0097]); determine a segmentation rule based on the segmentation policy (paragraph [0098], i.e. policy element); determine an enforcement point associated with the segmentation rule, wherein the enforcement point is communicatively coupled to a network (paragraph [0101]); translate the segmentation rule into a configuration associated with the enforcement point (paragraph [0101]); communicate the configuration to the enforcement point (paragraph [0101]); access configuration information of the enforcement point (paragraph [0101], i.e. accessing policy requirements); translate the configuration information of the enforcement point into a portion of the segmentation policy (paragraph [0101], i.e. ; store the portion of the segmentation policy(paragraph [0101], i.e. stored at the enforcement point).
Goldschlag does not explicitly teach simulating the policy and monitoring network traffic for policy violation.
However, in the same field of endeavor (computer network management) Singh teaches 
simulate the segmentation policy against network traffic of a network to identify a violation of the segmentation policy based on the network traffic (paragraphs [0025] and [0028]); and monitor network traffic for a violation  of the segmentation policy resulting from the configuration at the enforcement point (paragraph [0025], i.e. monitoring the test traffic to determine enforcement or lack of enforcement of the policies and paragraph [0004]).
Based on Goldschlag in view of Singh, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate simulating the policy and monitoring network traffic for policy violation (taught by Singh) with configuring and deploying network policies (taught by Goldschlag) in order to ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]).
As to claim 15, the limitations of claim 15 are substantially similar to claim 5. Please refer to claim 5 above.
As to claim 17, the limitations of claim 17 are substantially similar to claim 13. Please refer to claim 13 above.
.
Claims 2-3, 12, 14 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Singh et al. (Pub. No.: US 20070157286 A1) and further in view of Gopta et al. (Pub. No.: US 20160359673 A1).
As to claim 2, Goldschlag teaches monitoring additional network traffic based on the segmentation policy (paragraph [0201]).
Goldschlag in view of Singh does not explicitly teach determining the policy based on attributes of a network traffic.
However, in the same field of endeavor (network policies) Gopta teaches storing network traffic, wherein the network traffic comprises a plurality of communications between a plurality of devices (fig. 7, 702);
determining respective source and respective destinations of the communications of the network traffic (fig. 7, 704);
determining the segmentation policy based the respective source and respective destinations of the communications (fig. 7, 706).
Based on Goldschlag in view of Singh and further in view of Gopta, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate determining the policy based on attributes of a network traffic (taught by Gopta) with simulating the policy and monitoring network traffic for policy violation (taught 
As to claim 3, Gopta further teaches determining a baseline of the network traffic over a period of time (paragraph [0032]). The limitations of claim 3 are rejected in view of the analysis of claim 2 above, and the claim is rejected on that basis.
As to claim 12, Goldschlag teaches wherein the plurality of entities comprises at least one of a device, an endpoint, a virtual machine, a service, a serverless service, a container, or a user (paragraphs [0098] and [0101]).
As to claim 14, the limitations of claim 14 are substantially similar to claim 2. Please refer to claim 2 above.
As to claim 18, the limitations of claim 18 are substantially similar to claim 14. Please refer to claim 14 above.
Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Goldschlag et al. (Pub. No.: US 20140130119 A1) in view of Singh et al. (Pub. No.: US 20070157286 A1)  and further in view of Hugard et al. (Pub. No.: US 20130275574 A1).

However in the same field of endeavor (device detection system) Hugard teaches determining one or more characteristics of the entity wherein the characteristic of the entity is based on a source and a destination of a communication of the entity (paragraph [0051]).
Based on Goldschlag in view of Singh and further in view of Hugard, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate determining one or more characteristics of the entity  based on at least a source and a destination of a communication of the entity (taught by Hugard) with simulating the policy and monitoring network traffic for policy violation (taught by Singh) with configuring and deploying network policies (taught by Goldschlag) in order to ensure that the deployed network policies are being implemented in each network device as intended and report any policy violations as motivated by Singh (paragraphs [0005]-[0007]), and in order to passively identify any new device in the network as motivated by Hugard (paragraph [0051]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  
Chang et al. (Pub. No.: US 20090288135 A1), teaches simulating and monitoring network traffic and network policies. Please see at least fig. 4A and the corresponding paragraphs.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULKADER M ALRIYASHI whose telephone number is (313)446-6551.  The examiner can normally be reached on Monday - Friday, 8AM - 5PM Alt, Friday, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JOON HWANG can be reached on (571)272-4036.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Abdulkader M Alriyashi/Primary Examiner, Art Unit 2447                                                                                                                                                                                                        7/9/2021