DETAILED ACTION

1. 	This Office Action is in response to an application filed on Aug. 15, 2019. The original filing includes claims 1-20. Therefore, Claims 1-20 are presented for examination. Now claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Drawings
3. 	The drawing filed on Aug. 15, 2019 are accepted.

Oath/Declaration
4. 	For the record, the Examiner acknowledges that the Oath/Declaration submitted on Aug. 15, 2019 has been accepted. 
Information Disclosure Statement
5.	No information disclosure statements (IDS) were submitted before the mailing date of a first Office Action on the merits. Accordingly, no information disclosure statements are being considered by the examiner.

Priority
6.	Applicant Claims NO priority on the instant application.

Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


9.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

10.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

11.	Claims 1-2, 5-6, 8-10, 11-12, 15-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ansari et al. US 8,856,289 hereinafter “Ansari” Patented Oct. 07 2014.

Regarding claim 1, Ansari teaches: A method for automatically managing security policies at a plurality of resources (Examiner note: Since examiner pointed out to the background (Ansari_A(E1) of the Reference Ansari), the 103 rejection with single reference is rendered (Ansari_A(E2)). Ansari, first see abstract and col. 27 lines 25-45 where discloses enforcing policies by conditional access then see col. 30 lines 25-43, “gateway that enables a translation between protocols inherent to the Internet (e.g. voice over Internet protocol) and protocols inherent to the PSTN. Other entities that may be partnered with the service management center network 50 as shown in FIG. 5 include the content providers 98 that provide media-based content (including, but not limited to music, video, and gaming) to the service management center network 50, gateway interfaces 101” last see col. 41 lines 20-22, “The gateway device 10 in one embodiment also may keep a record or table of configuration information, for example, for those devices configured automatically” also see col. 3 lines 54-87 and col. 4 lines 1-6 regarding managing security policy),  the method comprising: 
receiving and deploying a security policy configured for each of the resources with one or more of a plurality of configuration parameters on a security component of the each of the resources by a policy management engine (Ansari first discloses parameters that are specific and configured as user preferences through User Interface and Platform to Managed Application (management engine) in col. 14 lines 1-20 and continues receiving and deploying security policy that is configured in col. 19 lines 44-54, “The service management functionality provided by the framework 120 enables deployment of new services as pluggable modules comprising computer readable instructions, data structures, program modules, objects, and other configuration data … The layered service architecture 100 additionally provides the gateway device 10 with intra-process communication and inter-process communication amongst the many services and modules in the service framework layer 120 that enables the provisioning, management and execution of many applications and services 130”);
monitoring the security component and determining modifications made to the security policy at a corresponding one of the resources by the policy management engine (Ansari, first see col. 7 lines 34-45 where discloses how the determination for any changes are being done then in col. 18 lines 13-16 discloses how the management center notices any modification and continues in col. 23 lines 56-87 how the monitoring by policy management determining service fault); 
on determining the modifications made to the security policy, automatically correcting the security policy by the policy management engine at the corresponding one of the resources (Ansari in col. 41 lines 17-26 discloses that “the method of configuration, e.g. automatic discovery and configuration may be based on the specific device's current firmware or software or like version. The gateway device 10 in one embodiment also may keep a record or table of configuration information, for example, for those devices configured automatically” that reads on applicant’s limitations); and 
generating and rendering a notification comprising the security policy, the modifications, and detailed information of the modifications and the automatic correction of the security policy by the policy management engine to at least one administrator device for analysis and management of the security policy (Ansari see col. 23 lines 7-34 “The features/functions in the layer .
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 

Regarding claim 2, Ansari discloses all the limitations of claim 1. Further Ansari teaches: wherein the detailed information of the modifications and the automatic correction of the security policy comprises an identification of the corresponding one of the resources, a description of the modifications made to the security policy at the corresponding one of the resources, a type of each of the modifications, a timestamp of the each of the modifications, locations of the modifications, a number of instances of the each of the modifications, volume and type of traffic flow incurred due to the modifications, historical modification information associated with the each of the resources, corrections required in the security policy, a timestamp of the automatic correction, a status of the automatic correction, historical correction information associated with the each of the resources, and event information that triggered the modifications, and wherein the historical modification information provides an indication of a corresponding one of the resources where the security policy is continuously modified (Ansari see col. 23 lines 7-34 then see col. 24 lines 1-10 “a configuration manager for tracking and maintaining where the security policy is continuously modified”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 

Regarding claim 5, Ansari discloses all the limitations of claim 1. Further Ansari teaches: wherein the plurality of resources comprises grouped sets of resources (Ansari, see col. 50 lines 38-51, “combined with the roster and XMPP addressing mechanisms may be utilized for either end user interactions or automated interactions between gateways. Automated use of the peering capabilities include directing utility data for usage and network management information to designated collectors within peering groups and then having the designated collector forward the combined information to the service management center” that reads on applicant’s limitations). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 
Regarding claim 6, Ansari discloses all the limitations of claim 1. Further Ansari teaches: wherein the configuration parameters comprise a type of each rule of the security policy, a source internet protocol address, a destination internet protocol address, a destination port, and a traffic protocol (Ansari, first see entire col. 1- col. 2, “require a server with robust processing and storage capability to be located at the network operations center, not in the home. For voice over internet protocol (VoIP) type telephone service, for example, the VoIP service provider operates a session initiation protocol (SIP) server or the like, and each user has only client functionality. The network transport layers are transparent to the IP packets containing the voice and related signaling”; then see col. 35 lines 1-87 that discloses configuration parameters that to verify endpoints (destination internet protocol) and IP port information and finally see col. 36 lines 21-34, “Such information may include, but is not limited to, gateway identifier such as the MAC address, name for a fully qualified domain name (FQDN) which is a complete DNS name, subscriber information such as name, address, email, and phone number”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 

Regarding claim 8, Ansari teaches all the limitations of claim 1. Ansari further teaches: creating and storing a policy digest comprising the security policy and the configuration parameters in a storage device at the each of the resources by the policy management engine (Ansari, first see col. 23 lines 35-49, “The logical platform management layer 110 allows for inter-layer allocation of local resources. This function guarantees access between the application   
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 

Regarding claim 9, Ansari discloses all the limitations of claim 1. Further Ansari teaches: wherein the modifications comprise additions, deletions, and changes made to the security policy (Ansari, see col. 18 lines 7-23, “when operable with the service management center 50, makes possible the management of services for the digital home and facilitates the easy addition of new services or modification of existing services.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 
Regarding claim 10, Ansari discloses all the limitations of claim 1. Further Ansari teaches: wherein the security policy is a host-based firewall policy implemented at the each of the resources (Ansari, see FIG. 10 and FIG. 11 along with col. 16 lines 1-15 and 58-67, “individual or wired or wireless network of personal computing (PC) and laptop/mobile devices 3 Oa, ... , 30c that serve as file sources, control points and hosts for various other client endpoints, one or more television display devices 32 including associated set top boxes (SIB) 35a or digital media adapters (DMA) 35b, one or more VoIP phone devices ( e.g. SIP phones) 40, or other devices (not shown) that convert IP interfaces to PSTN FXO and FXS interfaces … With respect to PCs interfacing with the gateway device 10, PCs may serve as, among other things, file sources, control points and hosts for various software clients”; also see col. 21 lines 1-6 and 47-67, “the gateway device provides an in-premises footprint enabling the service connectivity and local management to client(s). The implementation of functions and the related control such as a router (with quality of service (QoS)), firewall, VoIP gateway, voice services and voice mail may be embodied and performed within the CPU 152… Dynamic Host Configuration Protocol (DHCP) client and server software modules. The DHCP client particularly requests via a UDP/IP (User Datagram Protocol/Internet Protocol (e.g. Ipv4, Ipv6, etc.) configured connection information such as the IP address that the gateway device 10 has been dynamically assigned by a DHCP service (not shown), and/or any the subnet mask information, the gateway device should be using”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Ansari_A(E2)’s method for achieving the same claimed limitation in order to manage security policy that is implemented through the system, thus, the implementation would have been obvious because one of ordinary skill in the art would be motivated to modify the invention of Ansari_A(E1) for achieving the same claimed limitation in order to manage security policy (See Ansari_A(E2), col. 27 lines 25-45). 

Regarding claim 11, this claim defines a system claim that corresponds to method claim 1. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 1.  

Regarding claim 12, this claim defines a system claim that corresponds to method claim 2. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 2. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 15, this claim defines a system claim that corresponds to method claim 5. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 5. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 16, this claim defines a system claim that corresponds to method claim 6. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 6. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 18, this claim defines a system claim that corresponds to method claim 8. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 8. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 19, this claim defines a system claim that corresponds to method claim 1. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 1. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 20, this claim defines a system claim that corresponds to method claim 2. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 2. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

12.	Claims 3-4 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Ansari et al. US 8,856,289 hereinafter “Ansari” Patented Oct. 07 2014 in view of Renzi et al. U.S. 2007/0180490 hereinafter “Renzi” Published Aug. 2, 2007.


Regarding claim 3, Ansari discloses all the limitations of claim 1. Further Ansari teaches modification made to security policy  and policy management engine in previous claims. Ansari does not explicitly discloses determining an extend and pattern of changes incurred using one or more items of the detailed information
However Renzi teaches determining an extend and pattern of changes incurred using one or more items of the detailed information (Renzi discloses rule-based correlation that is implemented within analysis stage that recognize the pattern through pattern-recognition data structure that reads on applicant’s limitations, see ¶ [0713], “The attack knowledge is used to relate Events within a common context, and are programmed into elements of Policy Implementer either residing near the .
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ansari with the teaching of Renzi because the use of Renzi’s idea (Renzi, see ¶ [0002]) could provide Ansari (Ansari, see abstract) the ability to include security specific correlation that is rule-based correlation that can determine minute changes incurred in the items such as names … to incoming event data, “Correlation rules may be applied to incoming events data in real-time (as they arrive) or to the historical events stored in the database” (Renzi, ¶¶ [0713- 0716]).

Regarding claim 4, Ansari discloses all the limitations of claim 1. Further Ansari  teaches: wherein the determination of the modifications made to the security policy at the corresponding one of the resources by the policy management engine comprises recomputing the security policy at the security component of the corresponding one of the resources in previous claims but does not explicitly disclose: and comparing the recomputed security policy with the deployed security policy by the policy management engine
However Renzi teaches: comparing the recomputed security policy with the deployed security policy by the policy management engine (Renzi, first see ¶ [0722], “event manager 2800 has a proxy at the child event manager. The proxy knows what events the parent event manager currently recognizes. The proxy (on the child event manager) subscribes to the events that the parent wants to see. Events are immediately persisted in step 2810 prior to enqueuing in step 2820. Events are dequeued and compared against a routing table 2830 that matches event types to subscribers” and then see ¶ [0921], “For data that is on the child database that should be communicated to the parent, a similar process is )”; also see ¶ [0590]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ansari with the teaching of Renzi because the use of Renzi’s idea (Renzi, see ¶ [0002]) could provide Ansari (Ansari, see abstract) the ability to include security specific correlation that is rule-based correlation that can determine minute changes incurred in the items such as names … to incoming event data, “Correlation rules may be applied to incoming events data in real-time (as they arrive) or to the historical events stored in the database” (Renzi, ¶¶ [0713- 0716]).

Regarding claim 13, this claim defines a computer medium claim that corresponds to method claim 3. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 3. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Regarding claim 14, this claim defines a computer medium claim that corresponds to method claim 4. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 4. Furthermore, Ansari in col. 50 lines 52-67 and col 51 lines 1-11 disclose CPU (processor) and memory can be implemented to execute the method through any programmable medium. 

Allowable subject matter
13.	Claims 7 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable (in view of other limitations of the independent claims) if rewritten in independent form including all of the limitations of the base claim and any intervening claims, and further overcoming other rejections or objections that might have been rendered above. The detail reason for allowance will be furnished upon allowance of the application.

Examiner note:
14.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
15.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Seshadri et al. US 20070294312 discloses integrating security policy and event management, wherein security event based on at least one policy in a plurality of security policies.
Pearcy et al. US 9548994 a high-level intent and low-level settings that should be configured to achieve the intent, wherein intent can be verified to determine if it conforms to a target, a policy, or both.
Hamdi et al. 2007 IEEE International Conference on Emerging Security Information, Systems and Technologies “A Software Architecture for Automatic Security
Policy Enforcement in Distributed Systems” discloses Policy-based network management has been the subject of extensive research over the last decade [18], [19].
Policies are typically applied to automate network administration tasks, such as configuration, security, recovery, or quality of service (QoS).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884.  The examiner can normally be reached on M-F 8-5.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's acting supervisor, KRISTINE KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.

Primary Examiner, Art Unit 2437