DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/30/2021 has been entered.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative Scott Watkins  on September 10, 2021

Claims
Please replace claims as following: 
Claim 1 (Currently Amended) A method comprising: 
creating in a first format a compliance requirement for a network, the compliance requirement comprising a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, wherein the first and second EPG selectors represent sets of EPGs, wherein the traffic selector comprises traffic parameters identifying traffic corresponding to the traffic selector and the communication operator defines a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; 

executing, in at least one endpoint of the network, communications per the logical model;
creating, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective EPG from each of the first EPG selector and the second EPG selector; 
creating in the third format a second respective data structure representing the logical model of the network; 
first determining whether the first respective data structure is contained in the second respective data structure to yield a containment check; 
second determining whether policies configured on the network comply with the compliance requirement based on the containment check; and 2 79179262.1Application No. 16/217,559Docket No. 599499 (1018071-US.01) RCE
presenting to a user on a user interface, based on the results of the second determining, whether security and/or policy requirements of the network are being satisfied or violated; 
wherein the compliance requirement in the first format and the logical model in the second format lack common format that allows for a direct consistency check, and the first respective data structure as created from the compliance requirement and the second respective data structure as created from the logical model have a common format that allows for a direct consistency check.


Claim 10 (Currently Amended) A system comprising: 
one or more processors; and 
at least one non-transitory computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: 
create in a first format a compliance requirement for a network, the compliance requirement comprising a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, wherein the first and second EPG selectors represent sets of EPGs, wherein the traffic selector comprises traffic parameters identifying traffic corresponding to the traffic selector and the communication operator defines a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; 
create in a second format, different from the first format, a logical model of the network, the logical model containing instructions on how endpoints connected to the network communicate within the network; 
execute, in at least one endpoint of the network, communications per the logical model; 
create, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective 5 79179262.1Application No. 16/217,559Docket No. 599499 (1018071-US.01) RCEEPG from each of the first EPG selector and the second EPG selector, the logical model containing instructions on how endpoints connected to the network communicate within the network; 
create in the third format a second respective data structure representing the logical model of the network;
second respective data structure to yield a containment check; 
second determine whether policies configured on the network comply with the compliance requirement based on the containment check; and 
present to a user on a user interface, based on the results of the second determine, whether security and/or policy requirements of the network are being satisfied or violated;
wherein the compliance requirement in the first format and the logical model in the second format lack common format that allows for a direct consistency check, and the first respective data structure as created from the compliance requirement and the second respective data structure as created from the logical model have a common format that allows for a direct consistency check.

Claim 19 (Currently Amended) A non-transitory computer-readable storage medium storing therein instructions which, when executed by one or more processors, cause the one or more processors to: 
create in a first format a compliance requirement for a network, the compliance requirement comprising a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, wherein the first and second EPG selectors represent sets of EPGs, wherein the traffic selector comprises traffic parameters identifying traffic corresponding to the traffic selector and the communication operator defines a communication condition for traffic associated with the first and second EPG selectors and the traffic selector;

execute, in at least one endpoint of the network, communications per the logical model; 
create, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective EPG from each of the first EPG selector and the second EPG selector, the logical model containing instructions on how endpoints connected to the network communicate within the network; 
create in the third format a second respective data structure representing the logical model of the network;
first determine whether the first respective data structure is contained in the second respective data structure to yield a containment check; and 
second determine whether policies configured on the network comply with the compliance requirement based on the containment check; and 
present to a user on a user interface, based on the results of the second determining, whether security and/or policy requirements of the network are being satisfied or violated; 
wherein the compliance requirement and the logical model lack formats that allows for a direct consistency check, and the first respective data structure as created from the compliance requirement and the second respective data structure as created from the logical model have formats that allows for a direct consistency check.

Examiner's Statement of Reason for Allowance

Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to systems, methods, and computer-readable media for assurance of rules in a network. An example method can include creating a compliance requirement including a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, the first and second EPG selectors representing sets of EPGs and the communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector. The method can include creating, for each distinct pair of EPGs, a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector; creating a second respective data structure representing a logical model of the network; determining whether the first respective data structure is contained in the second respective data structure to yield a containment check; and determining whether policies on the network comply with the compliance requirement based on the containment check.
The closest prior art, as previously recited, are Nicol et al. (US 2008/0301765 A1), Singh et al. (US 2007/0157286 A1) in which, Nicol discloses analysis of distributed device rule-sets for compliance with global policies includes enabling an administrator to specify a network topology with intercommunicating elements and parameters required to secure the intercommunication with access control elements of the network topology; establishing connections to the access controls elements to capture a snapshot configuration of device rule-sets of the access control elements; enabling the administrator to specify a set of global access constraints with reference to the access control elements; enabling the administrator to select between exhaustive analysis 

However, none of Nicol et al. (US 2008/0301765 A1), Singh et al. (US 2007/0157286 A1) teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claim 1 and similarly Claim 10 and Claim 19.  For example, none of the cited prior art teaches or suggest the steps of Claim 1 and similarly Claim 10 and Claim 19: creating in a first format a compliance requirement for a network, the compliance requirement comprising a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, wherein the first and second EPG selectors represent sets of EPGs, wherein the traffic selector comprises traffic parameters identifying traffic corresponding to the traffic selector and the communication operator defines a communication condition for traffic associated with the first and second EPG selectors and the traffic selector; creating in a second format, different from the first format, a logical model of the network, the logical model containing instructions on how endpoints connected to the network communicate within the network; executing, in at least one endpoint of the network, communications per the logical model; creating, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective EPG from each of the first EPG selector and the second EPG selector; creating in the third format a second respective data structure representing the logical model of the network; first determining whether the first respective data structure is contained in the second data structure to yield a containment check; second determining whether policies configured on the network comply with the compliance requirement based on the containment check; and 2 79179262.1Application No. 16/217,559Docket No. 599499 (1018071-US.01) RCEpresenting to a user on a user interface, based on the results of the second determining, whether security and/or policy requirements of the network are being satisfied or violated;  wherein the compliance requirement in the first format and the logical model in the second format lack common format that allows for a direct consistency check, and the first respective data structure as created from the compliance requirement and the second respective data structure as created from the logical model have a common format that allows for a direct consistency check.

Therefore the claims are allowable over the cited prior art.
creating in a second format, different from the first format, a logical model of the network, the logical model containing instructions on how endpoints connected to the network communicate within the network;  executing, in at least one endpoint of the network, communications per the logical model; create, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective EPG from each of the first EPG selector and the second EPG selector, the logical model containing instructions on how endpoints connected to the network communicate within the network; create in the third format a second respective data structure representing the logical model of the network; first determine whether the first respective data structure is contained in the second respective data structure to yield a containment check; and second determine whether policies configured on the network comply with the compliance requirement based on the containment check.  and present to a user on a user interface, based on the results of the second determining, whether security and/or policy requirements of the network are being satisfied or violated.  Further under Step 2A-Prong two the claims nevertheless integrate any alleged abstract subject matter into a practical application, such that they are not actually directed to a judicial exception (i.e., an abstract idea). Claims 1, 10, and 19 recites the additional features creating in a second format, different from the first format, a logical model of the network, the logical model containing instructions on how endpoints connected to the network communicate within the network;  executing, in at least one endpoint of the network, communications per the logical model; create, for each distinct pair of EPGs from the sets of EPGs, in a third format a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector, wherein the distinct pair of EPGs comprises a respective EPG from each of the first EPG selector and the second EPG selector, the logical model containing instructions on how endpoints connected to the network communicate within the network; create in the third format a second respective data structure representing the logical model of the network; first determine whether the first respective data structure is contained in the second respective data structure to yield a containment check; and second determine whether policies configured on the network comply with the compliance requirement based on the containment check; and  present to a user on a user interface, based on the results of the second determining, whether security and/or policy requirements of the network are being satisfied or violated.  These features, together, specifically enable present of a user interface whether security and/or policy requirements of the network are being satisfied or violated based on wherein the compliance requirement and the logical model lack formats that allows for a direct consistency check, and the first respective data structure as created from the compliance requirement and the second respective data structure as created from the logical model have formats that allows for a direct consistency check. This is more than mere application of features on a generic computing device.  Therefore the claims recite a practical application.  
Thus for the reasons noted above the examiner notes the claims overcome the 35 U.S.C. 101 rejection directed to a judicial exception



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439