Remarks
Claims 1-22 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed 7/19/2021 have been fully considered but they are not persuasive.
Applicant alleges that “The Office Action indicates that claims 1, 2, 5, 8, 9, 12, 15, 16, and 19 allegedly do not have patentable weight because the claims contain optional subject matter that is not required.”  Applicant is incorrect.  It is only the optional subject matter that does not have patentable weight.  Furthermore, these claims were not specified as such.  Rather, the claim interpretation section simply stated that subject matter that is optional does not have patentable weight.  
Applicant continues by alleging “However, none of the security controlling circuitry, user interface, and deep packet inspector circuitry are identified as optional elements of the claim.  Reconsideration is requested.”  Again, Applicant is arguing some claim interpretation that Applicant has made up and was not taken in the office action.  The office action stated “The claims include subject matter that does not have patentable weight, such as conditional/optional subject matter that is not required by the claims.  For example, in claim 15, a recommendation only need be presented ‘when a 
The office action did not state that “the security controlling circuitry, user interface, and deep packet inspector circuitry are identified as optional elements of the claim”.  Rather, the office action set forth an example of optional subject matter within the claims that has no patentable weight.  Applicant has apparently provided no argument against the claim interpretation taken in the office action.  Indeed, no such argument can exist, since dependent claims, such as claim 16 include subject matter that occurs when “the security group for the application type exists”.  Since this is mutually exclusive with determining that “the security group for the application type does not exist”, it is clear that the optional subject matter in the independent claims is not required and, therefore, has no patentable weight.  None of the optional subject matter that is not required by the claims has patentable weight.  
Moreover, as Applicant has refrained from providing any argument against the actual claim interpretation provided in the office action, it is clear that Applicant has tacitly admitted that the claim interpretation provided in the office action is proper.  
Applicant alleges that “the Office Action fails to establish a prima facie rejection.  The Office Action does not provide an analysis of what abstract idea the claims are allegedly directed-to.  Furthermore, the Office Action does not provide detail beyond listing the court decisions Classen, Cybersource, FairWarning, and Int. Ventures v. Cap One Financial with regards to how the claims allegedly do not amount to more than a 
Furthermore, despite Applicant’s belief that “does not provide an analysis of what abstract idea the claims are allegedly directed-to”, the rejection explicitly states that the abstract idea is analyzing network communications, determining a type and a group, and presenting a recommendation, which comprises an abstract idea, similar to Classen, CyberSource, FairWarning, and Int. Ventures v. Cap One Financial, as examples.  In fact, the rejection explicitly cites 4 court decisions, all of which include abstract ideas similar to the instant claims.  Thus, the rejection is perfectly clear.  
With respect to Applicant’s allegation that “the Office Action does not provide detail beyond listing the court decisions Classen, Cybersource, FairWarning, and Int. Ventures v. Cap One Financial with regards to how the claims allegedly do not amount to more than a judicial exception”, the rejection stated much more.  The rejection reads as follows:
Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) analyzing network communications, determining a type and a group, and presenting a recommendation, which comprises an abstract idea, similar to Classen, CyberSource, FairWarning, and Int. Ventures v. Cap One Financial, as examples. This judicial exception is not integrated into a practical application 
One of ordinary skill in the art would readily determine that this includes more than “listing the court decisions Classen, Cybersource, FairWarning, and Int. Ventures v. Cap One Financial”.  Since Applicant has not provided any argument against the actually provided reasoning, no further response is possible.  
Applicant alleges that “Independent claim 1 sets forth a user interface to, in response to a determination that a security group does not exist, present a recommendation to create a new security group for the application type.  The Office Action acknowledges that Kumar does not teach or suggest this aspect of the claim.”  Applicant is incorrect.  The previous office action actually stated that Kumar discloses “A user interface to present information regarding a security group for the application type when a security group for the application type does not exist”.  Applicant has provided no argument against these facts.  All that was missing was that this information is a recommendation to create the security group.  
Applicant then goes on to provide a piecemeal analysis of only Prafullchandra.  In response to applicant's arguments against the references individually, one cannot In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant then appears to quote paragraph 61 of Prafullchandra and alleges “suggesting an existing category does not teach or suggest, in response to a determination that a security group for the application type does not exist, presenting a recommendation to create a new security group for the application type.”  To the contrary, Prafullchandra certainly discloses a recommendation to create a new security group, such as in suggesting that the administrator make a specific mapping (e.g., as in paragraph 60).  The administrator then makes “The new mapping” and saves it.  Then, “The new mapping will also be associated with operations applicable to the new attribute...  Going forward, when similar attributes are discovered ... those new attributes can be mapped to the new abstracted representation”.  Clearly, this mapping and representation are new, since they use the word “new” in the reference.  Therefore, Applicant’s allegations regarding some cherry-picked sentences from the reference are moot, since other portions of the reference clearly disclose a new group and a recommendation to create a new group when the group does not yet exist.  
The Examiner also notes that the entirety of Applicant’s prior art arguments are based solely on subject matter that has no patentable weight.  Therefore, Applicant’s prior art argument are moot in addition to being incorrect.  
Applicant continues by providing a summary argument that adds nothing to the above.  Such arguments have been fully responded to above and need no further response.  

Claim Interpretation
The claims include subject matter that does not have patentable weight, such as conditional/optional subject matter that is not required by the claims.  For example, in claim 15, a recommendation only need be presented “when a security group for the application type does not exist”, but the security group may always exist meaning that this claim step does not need to occur and, thus, cannot have patentable weight.  Other independent claims include similar issues.  Some dependent claims have the same issue as well.  

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 22 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 22 recites the limitation "the application to security group database".  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) analyzing network communications, determining a type and a group, and presenting a recommendation, which comprises an abstract idea, similar to Classen, CyberSource, FairWarning, and Int. Ventures v. Cap One Financial, as examples. This judicial exception is not integrated into a practical application because any additional elements (e.g., a deep packet inspector, a security controller, and a user interface in claim 1) are at best generic computer elements that do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer (or in a virtual environment, as explained above). The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements simply implement the abstract idea and perform well-understood, routine, conventional computer functions as recognized by the court decisions listed in MPEP 2106.05(d).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 8-13, 15-20, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar (U.S. Patent Application Publication 2017/0126677) in view of Prafullchandra (U.S. Patent Application Publication 2017/0230419).  
 Regarding Claim 1,
Kumar discloses an apparatus comprising:
Deep packet inspector circuitry to analyze a network communication from a virtual machine in a network environment to determine an identifier of an application (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; analyzing request from VMs and determining IDs therefor, for example);
Security controller circuitry to determine an application type executing on the virtual machine (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; application type may be primary user, secondary 
Determine if a security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; determining if application/VM is in a group, for example); and
A user interface to, in response to a determination that the security group for the application type does not exist, present information regarding a new security group (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; user interface that portrays group in some fashion, for example);
But does not explicitly disclose that the network environment is a software defined network environment and a recommendation to create the new security group.  
Prafullchandra, however, discloses an apparatus comprising:
Deep packet inspector circuitry to analyze a network communication in a software defined network environment to determine an identifier of an application (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures; intercepting and analyzing requests including ID, IP address, name, or the like, as examples);

Determine if a security group exists for the application type (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; determining if classification, category, or the like, is present for this, for example); and
A user interface to, in response to a determination that the security group for the application type does not exist, present a recommendation to create a new security group (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures; suggesting category that administrator can then verify and define a specific mapping using the suggested category, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the harmonized governance techniques of Prafullchandra into the context-based authorization system of Kumar in order to free administrators from having to understand and be conversant in different syntaxes for every environment, to allow for the system to make suggestions to be taken (or not taken) by an administrator, to provide for multiple different access control techniques, to incorporate 
Regarding Claim 8,
Claim 8 is a medium claim that corresponds to apparatus claim 1 and is rejected for the same reasons.  
Regarding Claim 15,
Claim 15 is a method claim that corresponds to apparatus claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the security controller circuitry is further to, in response to a determination that the security group for the application type exists, add the virtual machine to the security group (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures; adding VM to group, for example); and
Prafullchandra discloses that the security controller circuitry is further to, in response to a determination that the security group for the application type exists, add the virtual machine to the security group (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 9,

Regarding Claim 16,
Claim 16 is a method claim that corresponds to apparatus claim 2 and is rejected for the same reasons.  
Regarding Claim 3,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector circuitry is to determine an application identifier associated with the application (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector circuitry is to determine an application identifier associated with the application (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 10,
Claim 10 is a medium claim that corresponds to apparatus claim 3 and is rejected for the same reasons.  
Regarding Claim 17,
Claim 17 is a method claim that corresponds to apparatus claim 3 and is rejected for the same reasons.  
Regarding Claim 4,

Prafullchandra discloses that the deep packet inspector circuitry is to retrieve the application identifier from the network communication while the network communication is processing by a firewall (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 11,
Claim 11 is a medium claim that corresponds to apparatus claim 4 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a method claim that corresponds to apparatus claim 4 and is rejected for the same reasons.  
Regarding Claim 5,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector circuitry is to, in response to a network communication from a new session, analyze a further network communication from the virtual 
Prafullchandra discloses that the deep packet inspector circuitry is to, in response to a network communication from a new session, analyze a further network communication from the virtual machine (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 12,
Claim 12 is a medium claim that corresponds to apparatus claim 5 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a method claim that corresponds to apparatus claim 5 and is rejected for the same reasons.  
Regarding Claim 6,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the deep packet inspector circuitry is implemented within a network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the deep packet inspector circuitry is implemented within a software defined network (Exemplary Citations: for 
Regarding Claim 13,
Kumar as modified by Prafullchandra discloses the medium of claim 8, in addition, Kumar discloses that the network communication is transferred within a network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses that the network communication is transferred within a software defined network (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures).  
Regarding Claim 20,
Claim 20 is a method claim that corresponds to medium claim 13 and is rejected for the same reasons.  
Regarding Claim 22,
Kumar as modified by Prafullchandra discloses the apparatus of claim 1, in addition, Kumar discloses that the security controller circuitry is further to, in response to a determination that a security group for creation has been received, store an association of the application and the security group in the application to security group database (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
.  

Claims 7, 14, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Prafullchandra and DeCusatis (U.S. Patent Application Publication 2015/0169345).
Regarding Claim 7,
Kumar discloses software forwarding element circuitry to implement an element for transferring traffic including the network communication within the network (Exemplary Citations: for example, Abstract, Paragraphs 22-26, 31, 37, 44, 45, 48, 59, 61, 66-71, 75-79, 81-85, and associated figures); and
Prafullchandra discloses software forwarding element circuitry to implement an element for transferring traffic including the network communication within the software defined network (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28, 29, 31, 33, 36-39, 42, 44, 47, 54, 55, 57-61, and associated figures);
But does not explicitly reference a virtual switch.  

Regarding Claim 14,
Claim 14 is a medium claim that corresponds to apparatus claim 7 and is rejected for the same reasons.  
Regarding Claim 21,
Claim 21 is a method claim that corresponds to apparatus claim 7 and is rejected for the same reasons.  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215.  The examiner can normally be reached on Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  




/Jeffrey D. Popham/Primary Examiner, Art Unit 2432