Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action

The instant application having Application No. 14/217,244 has claims 1, 5, 7, 10, 14 and 16 pending in the application filed on 03/17/2014; there are 2 independent claims and 4 dependent claims, all of which are ready for examination by the examiner.  

Response to Arguments

This Office Action is in response to applicant’s communication filed on April 19, 2021 in response to PTO Office Action dated October 20, 2020.  The Applicant’s remarks and amendments to the claims and/or specification were considered with the results that follow.

Claim Rejections

Applicant's following arguments filed on 04/19/2021 have been fully considered but are not persuasive.

Claim Rejections - 35 USC § 112

35 U.S.C. 112(a)
Claims 1 and 10

Applicant argues on page 2 in regards to the independent claims 1 and 10, “In Claims 1 and 10, we claim “There are some tools that were designed to identify data flows from specific data not easily available in the real enterprise IT environments, some of such systems require specific APIs or other intrusive instrumentation to be installed on network devices in order to be functional. For example, J. Flizver and T. Chieh, Tracking payment card data flow using virtual machine state introspection, ACS AC'11, wholly incorporated by reference as if fully set forth herein".   Furthermore, in the Detailed Description section of the Specification, Appellant states that his invention collects network information from hardware components ("modem switches support mechanisms to monitor and collect information about the network connections", ¶ 0018 In 3-4) and software components (‘collection of network connection-related information from configuration files of software installations’. In 17-18).  . Appellant names all information sources his invention relies on, such as ‘network topologies, network connections and network component dependencies, as well as inventory of computer systems, their software components, configurations and attributes, classification and attributes of data objects and flows’, ¶ 0019 In 1-3. Notably, ‘inspecting data flows’ is not on the list. Obviously, since none of the information sources listed in the Specification require ‘inspecting data flows’, the Specification clearly supports ‘without inspecting data flows’ limitation."

Examiner respectfully disagrees with arguments on page 2 in regards to the independent claims 1 and 10.  The document combination quoted by the applicant “J. Flizver and T. Chieh, Tracking payment card data flow using virtual machine state introspection, ACS AC'11, wholly incorporated by reference” is addressed for the virtual machines using open-source Xen hypervisor and has different scope of invention and doesn’t cover the scope of this instant invention involving Hardware network servers and components.  In fact, applicant’s specification (Paragraph [0005]) clearly indicates    “J. Hizver  and T. Chieh, Tracking payment card data flow using virtual machine state introspection, ACSAC'11, wholly incorporated by reference as if fully set forth herein, require hypervisor API usage, which is not applicable for physical and many virtual servers”.  Thus this argument is incorrect.  Further, to the applicant argument " ‘inspecting data flows’ is not on the list. Obviously, since none of the information sources listed in the specification require ‘inspecting data flows’, the specification clearly supports ‘without inspecting data flows’ limitation”, the examiner disagrees with the argument.  The list provided by specifications (Paragraph [0019]) is a general list as indicated by the specification.  One cannot assume that all the items are covered by the list and the specification does not explicitly indicate that the items specified in the list support the negative limitation “  … without inspecting data in said data flows …”.  As per MPEP 2163 (I) “The ‘essential goal’ of the description of the invention requirement is to clearly convey the information that an applicant has invented the subject matter which is claimed”.  Thus the applicant’s argument is not valid and the 35 U.S.C. 112(a) rejection is maintained in this office action.  

35 U.S.C. 112(b)
Claims 1 and 10

Since applicant did not present any arguments or amended the claim language to overcome the 35 U.S.C. 112(b) rejection in the previous office action, the 35 U.S.C. 112(b) rejection is maintained in this office action


Claim Rejections - 35 USC § 103


Independent Claims 1 and 10

Claims 1 and 10


Applicant argues on pages 2 and 3 in regards to the independent claims 1 and 10, “In Claims 1 and 10, the key distinction here is that while the present invention expressly disclaims any inspections of data flow whatsoever, Anthias's reference expressly claims them: ‘Using this method, a network element such as a router can determine, based solely on a data packet's packet headers’, Anthias, paragraph 57. This distinction is not only obvious, it has utterly important practical implications, because while the present invention can be used even with encrypted networks, Anthias's can not”. 

Examiner respectfully disagrees with arguments on pages 2 and 3 in regards to the independent claims 1 and 10.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879) and Burchfield et al (US PGPUB 20140068057) teaches all the features/limitations of the claims 1 and 10.  The applicant is arguing assuming certain things and taking the prior art Anthias out of context.  Anthas (Paragraph [0071], Paragraph [0072] and Paragraph [0075]) clearly teaches “the network element may determine that all of the message classification's header sets indicate the same source IP addresses and destination IP addresses, different shared characteristics may be determined for different message classifications and depending upon the message classifications' shared characteristics the network element sends the data packet on toward the data packet's destination without ever having inspected the data packet's payload portion”.  The applicant’s specification (Paragraph [0031]) indicates “There are a variety of ways to map network connections and other component dependencies to data flows and certain types of data flows it is possible to use the rules that map connections to data flows including collecting information about the target server name or IP address and port number that correspond to data flows”.  Thus the applicant’s argument is not valid.  Moreover, the applicant is arguing on interpretations of the invention which are not claimed like the usage of networks and data flows in specific network environments including encrypted data transmissions.  

Applicant argues on page 3 in regards to the independent claims 1 and 10, “ ‘identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow’ is not the same as Anthias's ‘the data packets are filtered out from the application layer message inspection process’, because Anthias teaches filtering out packets from a set of packets to be inspected, which does not result in the formation of a filtered data flows graph, whereas the present invention teaches filtering out of the representations of the data flows themselves, that is used in the following steps of the present invention. Therefore, the packets filtering out step of Anthias cannot be used for the present invention”. 

Examiner respectfully disagrees with arguments on page 3 in regards to the independent claims 1 and 10.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879) and Burchfield et al (US PGPUB 20140068057) teaches all the features/limitations of the claims 1 and 10.  The applicant is arguing based on wrong interpretation of the prior art Anthias, with   assuming certain things and interpreting the prior art Anthias out of context. Anthas (Paragraph [0067], Paragraph [0094], Paragraph [0208] and Paragraph [0210]) clearly teaches “it is determined whether that header set possesses all of the characteristics contained in any of the shared header characteristic sets, those data packets are "filtered out" from the application layer message inspection and classification process, message header-based, traffic may be processed based on application layer messages, messages are addressed to their ultimate destinations and the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data”.  Anthias clearly teaches “that it is determined that it possesses all of the characteristics contained in any of the shared header characteristic sets and thus filtering based on shared characteristics”.  Also, Anthias teaches “the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data”.  Thus it will be obvious to one of ordinary skill in the art that “filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections“.  Thus the applicant’s arguments are incorrect. 

Applicant argues on pages 3 and 4 in regards to the independent claims 1 and 10, “Anthias does not teach that this assignment should be done for specific data flows identified by filtering network connection information as teaches the present invention: ‘identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow’. Examiner claims that Anthias teaching of filtering out security events is the ‘Identifying data flow’ step. However, in that case Anthias should also be teaching about assigning software attributes of data flows to these identified data flows. Without this prior step combined with the data flow marking step said attributes would be assigned to many more”. 

Examiner respectfully disagrees with arguments on pages 3 and 4 in regards to the independent claims 1 and 10.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879) and Burchfield et al (US PGPUB 20140068057) teaches all the features/limitations of the claims 1 and 10.  The rejection is based on combination of arts.  Smith (Paragraph [0099]) teaches “identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow”.  Anthias (Paragraph [0067], Paragraph [0094], Paragraph [0208] and Paragraph [0210]) clearly teaches “filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections”.  Anthias (Paragraph [0208]) teaches “traffic may be further filtered based on network-based application recognition and traffic may be processed based on application layer messages”.  Thus the argument “Anthias should also be teaching about assigning software attributes of data flows” is incorrect.   In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

Applicant argues on page 4 in regards to the independent claims 1 and 10, “ ‘marking said network components by assigning said attributes of said data flows to said network components’ (present invention) is not the same as ‘for a particular message classification the network may determine that all of the message classification's header sets indicate the same source IP addresses and destination IP addresses and different shared characteristics may be determined for different message classifications’ (Anthias) “. 

Examiner respectfully disagrees with arguments on page 4 in regards to the independent claims 1 and 10.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879) and Burchfield et al (US PGPUB 20140068057) teaches all the features/limitations of the claims 1 and 10.  Anthias (Paragraph [0071], Paragraph [0072] and Paragraph [0073]) teaches “for a particular message classification, the network element may determine that all of the message classification's header sets indicate the same source IP addresses and destination IP addresses, different shared characteristics may be determined for different message classifications and the network element may perform one or more specified actions that are associated with a particular message classification”.  Thus Anthias teaches “marking said network components by assigning said attributes of said data flows to said network components” and the argument is not correct.

Applicant argues on page 4 in regards to the independent claims 1 and 10, “  ‘defining and organizing of data environment, security environments, and security zones...’ (present invention) is not the same as the teaching of Nancy Burchfield because Nancy relies on the existing list of firewalls in the target environment as input e.g., 230 in Fig. 2 (Burchfield) whereas the definition of the environments as taught in the present invention is the grouping of components around which firewalls should be placed“. 

Examiner respectfully disagrees with arguments on page 4 in regards to the independent claims 1 and 10.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879) and Burchfield et al (US PGPUB 20140068057) teaches all the features/limitations of the claims 1 and 10.  Burchfield (Paragraph [0020] and Paragraph [0048]) teaches “it includes using a classifier component on input of the transformed data flows and a zone inventory for the target environment where the zone contents and firewall interfaces (for the target environment) information includes information about a list of firewall interfaces in the target environment and the security zone structure of the target environment, that is, which subnets belong to which security zone and the target environment implementations may take the form of rules used for configuring firewall interfaces in the target environment”.  The argument is not relevant to the claimed limitation of security zones.  The argument that “grouping of components around which firewalls should be placed” is also invalid as the claim limitation does not indicate the grouping feature.  As per MPEP 2111.01 (II), “Though understanding the claim language may be aided by explanations contained in the written description, it is important not to import into a claim limitations that are not part of the claim”.  For the reasons specified supra for the claim1, all the limitations/features of the claims 1 and 10 are taught by the combination of Smith et al, Anthias et al and Burchfield et al and thus claims 1 and 10 are not allowable.

Dependent Claims 5, 7, 14 and 16

Claims 5 and 14



Applicant argues on page 4 in regards to the dependent claims 5 and 14, “ ’where finding possible paths between said software components, software objects, and data objects via the network topology graph is performed by using the depth-first search algorithm’ (present invention) is not the same as ‘In step 708, once the graph building is complete, a Depth First Search algorithm is run on that graph to determine all the connected components of the graph’ (Galou)".

Examiner respectfully disagrees with arguments on page 4 in regards to the dependent claims 5 and 14.  The combination of Smith et al (US PGPUB 20130159863), Anthias et al (US PGPUB 20060146879), Burchfield et al (US PGPUB 20140068057) and Galou et al (US PGPUB 20060045027) teaches all the features/limitations of the claims 5 and 14.  Anthias (Paragraph [0222]) teaches “where finding possible paths between said software components, software objects, and data objects via the network topology graph”.  Galou (Paragraph [0007]) teaches “finding possible paths is performed by using the depth-first graph search algorithm“.  Thus it is the combination of Anthas and Galou which teaches “where finding possible paths between said software components, software objects, and data objects via the network topology graph is performed by using the depth-first search algorithm”.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Secondary Considerations


 
The Applicant’s remarks for secondary considerations as filed on 04/19/2021 were considered with the results that follow.

Applicant states on page 5, “There is evidence of a long-felt but unresolved need to identify data environments automatically. For example, the widely adopted PCI DSS standard requires the identification of Cardholder Data Environments starting from December 2004. Majority of U.S. corporations and small companies are dealing with credit cards have to pass PCI DSS assessments on a regular basis. However, PCI DSS assessment projects are performed mostly manually today. Numerous tools that exist on the market discover IT assets and use classification rules to classify IT assets similar to Korsunsky. Unfortunately, this approach has limited usefulness because the classification of assets based on attributes assumes that there are attributes assigned to assets or flows that can be used by the rules but they are not available for most assets in real life. Other existing tools and approaches have other limitations that prevent their real-life widespread use to organize and identify Cardholder Data Environments automatically".

Examiner respectfully disagrees with secondary arguments stated on page 5.  The secondary considerations filed on 04/19/2021 are insufficient to overcome the rejection of claims.  The arguments of counsel cannot take the place of evidence in the record. In re Schulze, 346 F.2d 600, 602, 145 USPQ 716, 718 (CCPA 1965). Examples of attorney statements which are not evidence and which must be supported by an appropriate affidavit or declaration include statements regarding unexpected results, commercial success, solution of a long-felt need, inoperability of the prior art, invention before the date of the reference (Refer MPEP 716.01(c) ).  Establishing long-felt need requires objective evidence that an art recognized problem existed in the art for a long period of time without solution. The relevance of long-felt need and the failure of others to the issue of obviousness depends on several factors. First, the need must have been a persistent one that was recognized by those of ordinary skill in the art. In re Gershon, 372 F.2d 535, 539, 152 USPQ 602, 605 (CCPA 1967).   Second, the long-felt need must not have been satisfied by another before the invention by applicant. Newell Companies v. Kenney Mfg. Co., 864 F.2d 757, 768, 9 USPQ2d 1417, 1426 (Fed. Cir. 1988).  Third, the invention must in fact satisfy the long-felt need. In re Cavanagh, 436 F.2d 491, 168 USPQ 466 (CCPA 1971). (Refer MPEP 716.04).

Applicant states on pages 5 and 6, “The inventor of the present invention is recognized in the field for scientific research and computer science inventions. For more than four years Dr. Nikolai Joukov was doing research at IBM Research T.J.Watson Research center.  Appellant taught at Columbia University, New York University, Suffolk University. Dr. Joukov was chairing IEEE Committee on Operating Systems. (IEEE is the largest organization of electrical and computer engineers in the world).  Appellant has more than 44 publications and published talks and his publications were cited 2,084 times".

Examiner respectfully disagrees with secondary arguments stated on pages 5 and 6.  The secondary considerations filed cannot be given any patent weightage as there is no evidence of the relevance of the stated statements to the claimed invention.  As per MPEP 716.03(a).I, “Objective evidence of nonobviousness including commercial success must be commensurate in scope with the claims”.



Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(a):
 (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1 and 10 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 
As described above, the disclosure does not provide adequate structure to perform the claimed function or written description of the function “ A computer-implemented method (Claim 1) or system (claim 10) for identifying, visualizing, and analyzing data flows in a networked computer environment via network components without inspecting data in said data flows … “.  The negative limitation including “without inspecting data” finds no support in the original disclosure and consist new matter.  The specification (Paragraph [0018] and Paragraph [0019]) indicates “Data collection tools or devices can be used with or without modifications and augmentations to collect more information for the purposes of data flows analysis. information about the network topologies, network  connections and network component dependencies, as well as inventory of computer systems, their software components, configurations and attributes, classification and attributes of data objects and flows may either be collected using tools, devices, manually, via interviewing personnel, collected from existing configuration management databases, and any combination thereof. Files, directories, databases, tables, columns, queues, application modules, URLs, jobs, disks, disk partitions, are some examples of data objects… ”.  When data from application databases systems about tables, columns and other application related objects is collected and analyzed, it does not support the claimed limitation that “without inspecting data in said data flows … ”.   

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1 and 10 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
As per claims 1 and 10, the claim recites “A computer implemented 
method (claim 1) or system (claim 10) …. Identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow ….”.  A computer implemented method or a system cannot assume what network connection and dependency corresponds to a data flow.  Claim language may not be "ambiguous, vague, incoherent, opaque, or otherwise unclear in describing and defining the claimed invention." Packard, 751 F.3d at 1311.  The applicant is required to make clear and precise the terms that are used to define the invention whereby the metes and bounds of the claimed invention can be ascertained (Refer MPEP 2173.05(a)). Thus, this limitation renders the claims 1 and 10 indefinite because it is unclear how can an assumption be applied to a computer based method or system.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 7, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al (US PGPUB 20130159863) in view of Anthias et al (US PGPUB 20060146879) and in further view of Burchfield et al (US PGPUB 20140068057).

As per claim 1:
Smith teaches:
“A computer-implemented method for identifying, visualizing, and analyzing data flows in a networked computer environment via network components without inspecting data in said data flows, the method comprising” (Paragraph [0004], Paragraph [0006] and Paragraph [0008] (the method using a computer for identifying an egress interface of the network device, for visualization of internal network flow within a network device and analyzing the acquired device configuration where the device configuration data is acquired from a number of devices within a network without reading the contents of the data in the data flows which are to be transmitted (without inspecting data in said data flows) , the method includes)) 
 “collecting information about network topology, network connections, network component dependencies, configurations and attributes” (Paragraph [0006], Paragraph [0008], Paragraph [0074] and Paragraph [0089] (acquiring information about network flow records assembled in a network topology, line segments extending between interface objects and subnet objects and representing network connections, acquiring device configuration data (component configurations) and common network communication flow characteristics (component attributes)))
“identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow” (Paragraph [0099] (network flow information can be sorted, filtered, grouped, and/or colored using various classification methods based on various information from different packet layers))
 “and displaying said environments with said identified data flows, filtered out network connections and components, and assigned attributes to said data flows and network components” (Paragraph [0008], Paragraph [0043] and Paragraph [0096] and displaying said environments with said identified data flows (the network visualization module is further defined to render in a visual display a topology view of the network including graphical representations of the devices, interfaces within the devices, and connections between the interfaces and subnets), filtered out network connections and components (the network visualization module provides for filtering of the displayed network flows based on various network flow parameters), and assigned attributes to said data flows (the input network traffic can be characterized by the following parameters: packet type, packet length, source port, destination port, data rate, data flow characteristics)).
Smith does not EXPLICITLY teach: and where said data flows flow from, to, or from and to software components, software objects, and data objects; filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections; mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph; marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows; marking said network components by assigning said attributes of said data flows to said network components; defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones; defining firewalls for said data environments, security environments, and security zones.
However, Anthias teaches
“and where said data flows flow from, to, or from and to software components, software objects, and data objects” (Paragraph [0141], (the application could be a packaged application, software running on application servers, a legacy application running on a mainframe, or custom or proprietary software developed in house to satisfy a business need and these applications can communicate with other applications where the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion)) 
“filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections” (Paragraph [0067], Paragraph [0094], Paragraph [0208] and Paragraph [0210] (it is determined whether that header set possesses all of the characteristics contained in any of the shared header characteristic sets, those data packets are "filtered out" from the application layer message inspection and classification process, message header-based, traffic may be processed based on application layer messages, messages are addressed to their ultimate destinations and the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data))
“mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph” (Paragraph [0118] and Paragraph [0119] (AONS blade, may store mapping information that maps application layer protocol (FTP, HTTP, Simple Mail Transfer Protocol (SMTP) to a combination of IP addresses and/or TCP ports (network components) and based on this mapping information and the application layer protocol used to transmit the message may determine which procedure should be called to extract the message))
“marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows” (Paragraph [0071] and Paragraph [0073] (the network element determines for each message classification (marking), a set of one or more characteristics (attributes) that all of that message classification's packet header sets have in common or share for a message or data flow and the network element may perform one or more specified actions that are associated with a particular message classification for an identified application layer message))
“marking said network components by assigning said attributes of said data flows to said network components”  (Paragraph [0071], Paragraph [0072]  and Paragraph [0073] (for a particular message classification, the network element may determine that all of the message classification's header sets indicate the same source IP addresses and destination IP addresses, different shared characteristics may be determined for different message classifications and the network element may perform one or more specified actions that are associated with a particular message classification)).
Also, Burchfield teaches:
“defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones” (Paragraph [0020] and Paragraph [0048] (it includes using a classifier component on input of the transformed data flows and a zone inventory for the target environment where the zone contents and firewall interfaces (for the target environment) information includes information about a list of firewall interfaces in the target environment and the security zone structure of the target environment, that is, which subnets belong to which security zone and the target environment implementations may take the form of rules used for configuring firewall interfaces in the target environment))
“defining firewalls for said data environments, security environments, and security zones” (Paragraph [0030] and Paragraph [0031] (the zone contents and firewall interfaces for the target environment provides the security zone structure of the target environment, firewall configurations are implemented on a per-interface basis; that is, each interface of a firewall in the target environment is configured with a set of access control rules that specify what type of communication to allow and what type of communication to deny)).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Smith, Anthias and Burchfield “and where said data flows flow from, to, or from and to software components, software objects, and data objects; filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections; mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph; marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows; marking said network components by assigning said attributes of said data flows to said network components; defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones; defining firewalls for said data environments, security environments, and security zones” as a network element such as a router can determine, based solely on a data packet's packet headers, the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion (Antyhias , Paragraph [0067]) and automatically determining that each of the transformed data flows is covered by a firewall configuration of one or more interfaces in the target environment (Burchfield, Paragraph [0007]). 
Therefore, it would have been obvious to combine Smith, Anthias 
	and Burchfield. 

As per claim 7:
Smith, Anthias and Burchfield teach the computer-implemented method as specified in the parent claim 1 above. 
Anthias further teaches:
“wherein the finding possible paths between said software components, software objects, and data objects via the network topology graph further comprises” (Paragraph [0144] and Paragraph [0222] (a single application message may map to more than one Application Oriented Network Services (AONS) message and AONS may conduct route and node discovery (finding possible paths) including)).
Burchfield further teaches:
“analysis of routing and firewall rules of the network components resulting in exclusion of mapping of said network connections to network topology graph according to said firewall rules” (Paragraph [0028] and Paragraph [0031] (performing analysis of firewall configuration files associated with the source environment and each interface of a firewall in the target environment is configured with a set of access control rules that specify what type of communication to allow and what type of communication to deny or exclude)).

As per claim 10:
Smith teaches:
“A computer-implemented system for identifying, visualizing, and analyzing data flows in a networked computer environment via network components without inspecting data in said data flows, the system comprising” (Paragraph [0004] and Paragraph [0008] (the system using a computer for identifying an egress interface of the network device, for visualization of internal network flow within a network device and analyzing the acquired device configuration where the device configuration data is acquired from a number of devices within a network without reading the contents of the data in the data flows which are to be transmitted (without inspecting data in said data flows) , the method includes)) 
 “collecting information about network topology, network connections, network component dependencies, configurations and attributes” (Paragraph [0006], Paragraph [0008], Paragraph [0074] and Paragraph [0089] (acquiring information about network flow records assembled in a network topology, line segments extending between interface objects and subnet objects and representing network connections, acquiring device configuration data (component configurations) and common network communication flow characteristics (component attributes)))
“identifying data flows by assuming that each network connection and dependency that was not filtered out corresponds to a data flow” (Paragraph [0099] (network flow information can be sorted, filtered, grouped, and/or colored using various classification methods based on various information from different packet layers))
 “and displaying said environments with said identified data flows, filtered out network connections and components, and assigned attributes to said data flows and network components” (Paragraph [0008], Paragraph [0043] and Paragraph [0096] wherein Smith’s teachings of and displaying said environments with said identified data flows (the network visualization module is further defined to render in a visual display a topology view of the network including graphical representations of the devices, interfaces within the devices, and connections between the interfaces and subnets), filtered out network connections and components (the network visualization module provides for filtering of the displayed network flows based on various network flow parameters), and assigned attributes to said data flows (the input network traffic can be characterized by the following parameters: packet type, packet length, source port, destination port, data rate, data flow characteristics)).
Smith does not EXPLICITLY teach: and where said data flows flow from, to, or from and to software components, software objects, and data objects; filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections; mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph; marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows; marking said network components by assigning said attributes of said data flows to said network components; defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones; defining firewalls for said data environments, security environments, and security zones.
However, Anthias teaches
“and where said data flows flow from, to, or from and to software components, software objects, and data objects” (Paragraph [0141], (the application could be a packaged application, software running on application servers, a legacy application running on a mainframe, or custom or proprietary software developed in house to satisfy a business need and these applications can communicate with other applications where the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion)) 
“filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections” (Paragraph [0067], Paragraph [0094], Paragraph [0208] and Paragraph [0210] (it is determined whether that header set possesses all of the characteristics contained in any of the shared header characteristic sets, those data packets are "filtered out" from the application layer message inspection and classification process, message header-based, traffic may be processed based on application layer messages, messages are addressed to their ultimate destinations and the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data))
“mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph” (Paragraph [0118] and Paragraph [0119] (AONS blade, may store mapping information that maps application layer protocol (FTP, HTTP, Simple Mail Transfer Protocol (SMTP) to a combination of IP addresses and/or TCP ports (network components) and based on this mapping information and the application layer protocol used to transmit the message may determine which procedure should be called to extract the message))
“marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows” (Paragraph [0071] and Paragraph [0073] (the network element determines for each message classification (marking), a set of one or more characteristics (attributes) that all of that message classification's packet header sets have in common or share for a message or data flow and the network element may perform one or more specified actions that are associated with a particular message classification for an identified application layer message))
“marking said network components by assigning said attributes of said data flows to said network components”  (Paragraph [0071], Paragraph [0072]  and Paragraph [0073] (for a particular message classification, the network element may determine that all of the message classification's header sets indicate the same source IP addresses and destination IP addresses, different shared characteristics may be determined for different message classifications and the network element may perform one or more specified actions that are associated with a particular message classification)).
Also, Burchfield teaches:
“defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones” (Paragraph [0020] and Paragraph [0048] (it includes using a classifier component on input of the transformed data flows and a zone inventory for the target environment where the zone contents and firewall interfaces (for the target environment) information includes information about a list of firewall interfaces in the target environment and the security zone structure of the target environment, that is, which subnets belong to which security zone and the target environment implementations may take the form of rules used for configuring firewall interfaces in the target environment))
“defining firewalls for said data environments, security environments, and security zones” (Paragraph [0030] and Paragraph [0031] (the zone contents and firewall interfaces for the target environment provides the security zone structure of the target environment, firewall configurations are implemented on a per-interface basis; that is, each interface of a firewall in the target environment is configured with a set of access control rules that specify what type of communication to allow and what type of communication to deny)).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Smith, Anthias and Burchfield “and where said data flows flow from, to, or from and to software components, software objects, and data objects; filtering out network components and network connections from said collected information based on types of software components and accessed objects connected by said network connections; mapping said data flows between software components, software objects, and data objects to network components and network links by finding possible paths between said software components, software objects, and data objects via network topology graph; marking said data flows by assigning attributes of said software components, said software objects, and said data objects to said data flows; marking said network components by assigning said attributes of said data flows to said network components; defining and organizing of data environments, security environments, and security zones by including said marked network components into said data environments, security environments, and security zones; defining firewalls for said data environments, security environments, and security zones” as a network element such as a router can determine, based solely on a data packet's packet headers, the network element can send the data packet toward the data packet's destination without inspecting and interpreting the data packet's payload portion (Antyhias , Paragraph [0067]) and automatically determining that each of the transformed data flows is covered by a firewall configuration of one or more interfaces in the target environment (Burchfield, Paragraph [0007]). 
Therefore, it would have been obvious to combine Smith, Anthias 
	and Burchfield. 

As per claim 16, the claim is rejected based upon the same rationale given for the parent claim 10 and the claim 7 above.

Claims  5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al (US PGPUB 20130159863) in view of Anthias et al (US PGPUB 20060146879) and in further view of Burchfield et al (US PGPUB 20140068057) and Galou et al (US PGPUB 20060045027).

As per claim 5:
Smith, Anthias and Burchfield teach the computer-implemented method as specified in the parent claim 1 above. 
Anthias further teaches:
“where finding possible paths between said software components, software objects, and data objects via the network topology graph.” (Paragraph [0222] (AON protocol (AONP) is used in node-to-node communication with the next hop where AONP headers may include HTTP or TCP headers, AONS may conduct route and node discovery via static configuration (next hop) and/or via dynamic discovery)).
Smith, Anthias and Burchfield do not EXPLICITLY teach: finding possible paths is performed by using the depth-first graph search algorithm.
However, Galou teaches
“finding possible paths is performed by using the depth-first graph search algorithm” (Paragraph [0007], (determining whether there is a deterministic path that leads to a next vertex of the network graph, performing a depth first search on the network graph to determine connected components of the network graph)).
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Smith, Anthias, Burchfield  and Galou “finding possible paths is performed by using the depth-first graph search algorithm” as once the graph building is complete, a Depth First Search algorithm is run on that graph to determine all the connected components of the graph (Galou, Paragraph [0086]). 
Therefore, it would have been obvious to combine Smith, Anthias,
 Burchfield  and Galou. 

As per claim 14, the claim is rejected based upon the same rationale given for the parent claim 10 and the claim 5 above.


Conclusion

THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAMAL K DEWAN whose telephone number is (571) 272-2196.  The examiner can normally be reached Mon-Fri 8:00 AM – 5:00 PM (EST).  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONY MAHMOUDI can be reached on 571-272-4078.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Kamal K Dewan/
Examiner, Art Unit 2163

/TONY MAHMOUDI/Supervisory Patent Examiner, Art Unit 2163