DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Objections

Claims 7, 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-6, 8-13, 15-20 is/are rejected under 35 U.S.C. 102(a)(1) as being disclosed by Lee et al (hereinafter Lee), US Patent Pub 2018/0139096 (Publication date May 2018).

As per claim{s} 1, 8, 15, Lee discloses substantial features of the invention, such as a system (Lee: e.g., System_500) [Fig.  5] [0007, 0071-0072], comprising: 
a hardware processor (Lee: e.g., Processor_502) [Fig.  5] [0071-0072]; and 
a non-transitory machine-readable storage medium encoded with instructions  (Lee: e.g., Storage Media_504) [Fig.  5] [0071-0072] executable by the hardware processor to perform a method comprising: 
receiving configurations for a plurality of network devices (Lee: e.g., Receiving Network Policies {policy ‘configurations’ from respective ‘Policy Writers’} Each Specifying at Least One Characteristic of Communications Allowed between Endpoint Groups_202) [Fig.  2] [0038] (e.g., receiving one or more Input Graphs_302 from one or more respective Policy Writers) [Fig. 3] (e.g., different ‘network policies’ {configurations} can be provided to the system by respective different ‘Policy writers’ {i.e., Network administrators, Service Providers, Network Operators, Application Developers, Tenants of a cloud infrastructure, etc.} in the context of Software Defined Networking [SDN] to control the ‘configuration’ and allocation of networking resources in the network. In such a network, the ‘hardware resources’ (e.g. routers, switches, server, etc.) or virtual network and compute resources (e.g. virtual layer 2/layer 3 (L2/L3) networks, virtual machines) can be programmed {configured} to allocate networking and computing resources according to the network policies of various policy writers) [0013-0014]; 
extracting one or more policies from the configurations (Lee: e.g., receiving one or more ‘network policies’ represented as ‘graphs’) [Figs. 1a-1c] [0021], comprising identifying names of the policies (Lee: e.g., policy / policy graph ‘P1’ and  ‘P2’, where each policy graph represents a set of one or more ‘networking policies’ that are applied / implemented dynamically to each endpoint {network resource} of an Endpoint Group {EPG}]) [Fig. 4a] [0011-0012, 0030, 0063-0065] ; 
extracting a label hierarchy from the configurations according to the names of the policies, the label hierarchy describing an organization of nodes in a network comprising the network devices (Lee: e.g., ‘label space of labels’) [0062] (e.g., each endpoint of an EPG has an assigned logical role / property identified by its ‘label’ {i.e., any endpoint with a given ‘label’ is a member of a given EPG, for example}) [0018] (e.g., Endpoint ‘properties’ {i.e., labels} can be assigned and or changed dynamically) [0020] (e.g., expressly teaches in one aspect that a server that was assigned the label NML ("normal" status) can subsequently be re-labeled QN ("quarantined" status) when a network monitor detects the server issuing a DNS query for a known malicious Internet domain) [0029-0030, 0062]; 
generating a connectivity of a network comprising the network devices based on the one or more policies and the label hierarchy (Lee: e.g., a policy graph (or more simply "graph") can include ‘vertices’ that represent respective EPGs, as well as an ‘edge’ between the vertices represent allowed communications between the EPGs (or more specifically, communications between endpoints of the EPGs) [0018] (e.g., visual network connectivity of endpoints represented as one or more ‘policy graphs’ of Figs 1a-d, for example) [0034-0036] {i.e., policy graphs P1 & P2) [Fig. 4a]; 
generating a policy graph representation of the connectivity of the network (Lee: e.g., expressly depicts / illustrates the incorporation of Input policy graphs 302 (representing respective network policies) from respective policy writers by a Policy / Graph Composer_304 into a ‘Output Composite policy graph’ 306) [0046] [Fig. 3] (e.g., output Composite Policy Graph of Fig. 4b based on the combining the policy network graphs of P1 and P2, for example) [0068] [Fig. 4b]; and 
displaying the policy graph representation of the connectivity to a user (Lee: e.g., expressly discloses wherein Runtime Controller_606 generates and ‘renders’ a high-level composite policy graph, provided by the Graph Composer 304, into low-level device configurations {i.e., configurations of switches in a network to enforce the respective network policies) [0073 & 0075] [Fig. 4b].
Claim(s) 8, 15 recite(s) substantially the same limitations and/or features as claim 1, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.

As per claim{s} 2, 9, 16, Lee discloses the system further comprising generating a composed graph representation of the one or more policies (Lee: e.g., expressly depicts / illustrates the incorporation of Input policy graphs 302 (representing respective network policies) from respective policy writers by a Policy / Graph Composer_304 into a ‘Output Composite policy graph’ 306) [0046] [Fig. 3] (e.g., output Composite Policy Graph of Fig. 4b based on the combining the policy network graphs of P1 and P2, for example) [0068] [Fig. 4b]; and displaying the composed graph representation of the one or more policies to the user (Lee: e.g., expressly Runtime Controller_606 generates and ‘renders’ a high-level composite policy graph, provided by the Graph Composer 304, into low-level device configurations {i.e., configurations of switches in a network to enforce the respective network policies) [0073 & 0075] [Fig. 4b].
Claim(s) 9, 16 recite(s) substantially the same limitations and/or features as claim 2, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.

As per claim{s} 3, 10, 17, Lee discloses the system further comprising 
receiving input from the user to modify the policies (e.g., Endpoint ‘properties’ {i.e., labels} can be assigned and or changed dynamically) [0020] (e.g., expressly teaches in one aspect that a server that was assigned the label NML ("normal" status) can subsequently be re-labeled QN ("quarantined" status) when a network monitor detects the server issuing a DNS query for a known malicious Internet domain) [0020, 0029-0030, 0062]; and modifying the composed graph representation, and the policy graph representation, according to the input from the user (Lee: e.g., a policy graph (such as any of those depicted in FIGS. 1A-1D) can represent a set of one or multiple network policies that are applied dynamically to each endpoint according to the endpoint's status ‘changes’ over time) [0020, 0029-0030] [Figs. 1a-d].
Claim(s) 10, 17 recite(s) substantially the same limitations and/or features as claim 3, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.

As per claim{s} 4, 11, 18, Lee discloses the system further comprising 
modifying the configurations for the network devices based on at least one of the user input and the modified composed graph representation (Lee: e.g., a policy graph (such as any of those depicted in FIGS. 1A-1D) can represent a set of one or multiple network policies ‘that are applied dynamically to each endpoint’ according to the endpoint's status ‘changes’ over time) [0020, 0029-0030] [Figs. 1a-d] (e.g., expressly discloses in one aspect wherein Runtime Controller_606 ‘renders’ a high-level composite policy graph {provided by the Graph Composer 304} into low-level device configurations {i.e., ‘configurations of switches’ in a network to enforce the respective ‘network policies’) [0073 & 0075] [Fig. 4b].
Claim(s) 11, 18 recite(s) substantially the same limitations and/or features as claim 4, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.


As per claim{s} 5, 12, 19, Lee discloses the system further comprising 
installing the modified configurations in the network devices (Lee: e.g., a policy graph (such as any of those depicted in FIGS. 1A-1D) can represent a set of one or multiple network policies that are applied dynamically to each endpoint according to the endpoint's status ‘changes’ over time) [0020, 0029-0030] [Figs. 1a-d] (e.g., expressly discloses in one aspect wherein Runtime Controller_606 ‘renders’ a high-level composite policy graph {provided by the Graph Composer 304} into low-level device configurations {i.e., ‘configurations of switches’ in a network to enforce the respective ‘network policies’) [0073 & 0075] [Fig. 4b].
Claim(s) 11, 18 recite(s) substantially the same limitations and/or features as claim 4, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.

As per claim{s} 6, 13, 20, Lee discloses the system further comprising 
extracting an intent from one of the policies (Lee: e.g., expressly teaches in one aspect that the ‘intent of the policy writer’ of the policy graph P1 that traffic of endpoints of non-marketing employees to CRM servers are to be blocked can be captured and considered by the graph composer 304) [0067]; , 312, 314
generating one or more input graphs according to the intent (Lee: e.g., input ‘policy graph P1’) [Fig. 4a] [0063-0064 & 0067]; and 
displaying the one or more input graphs to the user (Lee: e.g., Input Policy Graphs_302 {comprising one or more input Composition constraints / Edge types_308, 310, 312, 314}) [0046-0047] [Fig. 3] (e.g., Input policy graphs ‘P1’ & ‘P2’) [0063-0065] [Fig. 4a].
Claim(s) 13, 20 recite(s) substantially the same limitations and/or features as claim 6, is/are distinguishable only by its/their statutory category (machine-readable medium, method), and accordingly rejected on the same basis.




Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GLENFORD J MADAMBA whose telephone number is (571)272-7989.  The examiner can normally be reached on Monday through Friday 9am-5pm.  
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the 




The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Lee et al	Patent Pub  No.:  US 2017/0222873 A1	

Network Policy Graphs

Discloses a system and techniques that can be used to generate composite network policy graphs based on multiple network policy graphs input by network users that may have different goals for the network. The resulting composite network policy graph can be used to program a network so that it meets the requirements necessary to achieve the goals of at least some of the network users [Abstract] [0001 & 0010-0014] [Figs. 1-4]. 





/GLENFORD J MADAMBA/           Primary Examiner, Art Unit 2451