DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the amendment filed on 09/27/2021 and the examiner amendments authorized on 11/02/2021. The specification and abstract submitted on 09/27/2021 have been entered.
Claims 1-183, 192-222, 227-263 and 267-269 are currently pending in this application (see the attached interview summary for cancelling of claims 184-191 and 226).
No information disclosure statement (IDS) has been filed.

Response to Arguments
The previous 112(a) and 112(b) rejections to claims 1-183, 192-222, 227-263 and 267-269 have been withdrawn in response to the amendments/remarks.

Allowable Subject Matter
Claims 1-183, 192-222, 227-263 and 267-269 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additional be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner's amendment was given in phone interview with Linda Lecomte (reg. no. 47,084) on 11/02/2021.

The application has been amended as follows:

IN THE CLAIMS
Claim 1 (Amended): A method for improving security and management of information technology by creating an identifiable ecosystem, comprising:
a) configuring at least one database to accept a virtual isolation network registration therein of at least one virtual isolation network including at least one security instance operating at, at least one network security point, the at least one security instance operating with at least one segregated virtual network unit, wherein the at least one segregated virtual network unit utilizes at least one of a shared physical and virtual host kernel, having a fully contained dedicated Layer 2 - 7 network stack and ability to host applications, the at least one segregated virtual network unit hosting at least one application module;
b) configuring the at least one virtual isolation network to accept a first element registration of a first element;
c) registering the first element in the at least one database;
d) enabling the registered first element to connect to at least one virtual isolation network via the at least one network security point to the at least one security instance;

wherein at least one defined security function is applied by the at least one defined security policy using at least one respective flow marker, based on policy triggers for pre-specified communication attributes, which references the at least one defined security policy to identify if and in what sequence communication through the at least one segregated virtual network unit and at least one application module of the at least one security instance is to be activated,
wherein the first element communicates with an at least one additional element within the at least one virtual isolation network but is restricted from communicating beyond the at least one virtual isolation network, and
wherein the at least one security instance is configured to include modular interconnected respective segregated virtual network units.

Claim 2 (Amended): A method for improving security and management of information technology by creating an identifiable ecosystem, comprising:
a) configuring at least one database to accept a virtual isolation network registration of at least one virtual isolation network including at least one security instance operating at, at least one network security point, the at least one security instance operating with at least one segregated virtual network unit, 
b) configuring the at least one virtual isolation network to accept a first element registration therein of the first element;
c) registering the first element in the at least one database;
d) enabling the registered first element to connect to the at least one virtual isolation network via the at least one network security point to the at least one security instance;
e) applying at least one defined security policy for the communication between the registered first element via the at least one virtual isolation network to at least one of a communication source or destination,
wherein at least one defined security function is applied by the at least one defined security policy using at least one respective flow marker, based on policy triggers for pre-specified communication attributes, which references the at least one defined security policy to identify if and in what sequence communication through the at least one segregated virtual network unit and at least one application module of the at least one security instance is to be activated,
wherein all communications are subject to the at least one defined security function applied by the at least one security instance, with at least one segregated virtual network unit, the at least one defined security 
wherein the at least one security instance is configured to include modular interconnected respective segregated virtual network units, and
wherein the registered first element communicates beyond the at least one virtual isolation network.

Claim 62 (Amended): A method for improving security and management of information technology by creating an identifiable ecosystem, comprising:
a) configuring at least one database to accept a registration therein of at least one virtual isolation network including a plurality of security instances operating at a plurality of network security points, wherein each security instance operates with a plurality of segregated virtual network units, and the plurality of segregated virtual network units, and each segregated virtual network unit hosts a plurality of application modules;
b) configuring the at least one virtual isolation network to accept a respective registration from a respective element of a plurality of elements;
c) registering the respective element of the plurality of elements in the at least one database;

e) isolating the element by directing all communication via the virtual isolation network security instance and prohibiting any communication outside of the at least one virtual isolation network;
f) applying a plurality of policy rules to define the communications through the security instances before and during the communications flow from, or to, the plurality of elements,
wherein at least one of defined communications flow and security function is applied by the at least one defined policy rule using at least one respective flow marker, based on policy triggers for pre-specified communication attributes, which references the at least one defined policy rule to identify if and in what sequence communication through the application module operating in the at least one segregated virtual network unit within the at least one security instance is to be activated and specified the action to be taken by the application module.

Claims 184-191 (Cancelled).
Claim 226 (Cancelled).

Amended): The method of claim 1, wherein the disabled ecosystem is re-enabled, and the at least one defined policy corresponding to the ecosystem is re-enabled.

Claim 234 (Amended): The method of claim 1, wherein the disabled virtual isolation network is re-enabled, and the at least one defined policy corresponding to the at least one virtual isolation network is re-enabled.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: after further consideration, it is noted that the prior art does not teach all the features of the claimed invention.
Regarding independent claims 1, 2 and 62,

Guichard (US 2009/0222907 A1) teaches a method for protecting data on a personal computers and on computer systems in networks. The method includes steps of: installing at least one software agent on at least one user workstation, capturing, by the agent, information representative of effective uses of resources on the user workstation, transmitting remotely, by the agent, information representative of the effective uses of resources on the user workstation, selecting, remotely from the user workstation, authorized resources and/or prohibited resources on at least one user workstation and transmitting to the workstation information representative of the authorized resources and/or the prohibited resources and on the workstation, inhibiting, by the agent, the use of prohibited or non-authorized resources. Sequence of symbols is placed in the header of a data packet transmitted to a second user workstation and accessing the sequence of symbols necessary for the authorization step. The resources available on workstations are isolated, these resources remaining accessible to the members of the trusted group thus created and not available to the user workstations that are not in this trusted group. The software agent on each user workstation that has been the subject of the additional selection determines, on a layer higher than the second OSI layer, if a user workstation that attempts to access a resource is authorized to do so. - see abstract; figs. 1, 3, 7; paras. [0038] - [0042], [0046], [0050], [0073], [0398] of Guichard.

Pourzandi et al. (US 2015/0139238 A1) discloses systems and methods for ensuring multi-tenant isolation in a data center. A switch, or virtualized switch, can be used to de-multiplex incoming traffic between a number of data centers tenants and to direct traffic to the appropriate virtual slice for an identified tenant. The switch can store tenant identifying information received from a master controller and packet forwarding rules received from at least one tenant controller. The packet handling rules are associated with a specific tenant and can be used to forward traffic to its destination. This framework can provide orchestration of different L2 layer rules to each tenant software defined networking (SDN) controller. Insolation can be enforced as the L2 forwarding tables can only be accessed by the connected tenant SDN controllers. A layer of abstraction at L2 can be provided for the different tenants. The framework also provides means to scale up and down transparently, as the forwarding rules allow to connect or disconnect different virtual data center networks (vDCNs) created for the same tenant or different tenants. L2 layer forwarding rules can be enforced as VMs move from one host to another - see figs. 1, 3; abstract; paras. [0012] - [0014], [0038] and [0059] of Pourzandi.

Tripathi et al. (US 2015/0256462 A1) discloses systems, methods, and computer programs for managing network traffic. A network switch includes a switch fabric and a resource coherency and analytics engine (RCAE) coupled to the switch fabric. The RCAE includes one or more virtualizable resource groups (VRGs) for managing network traffic flow across a plurality of network switches on the network. Further, the RCAE is operable to add network entities to each VRG, add flows to each VRG, and add other VRGs to each VRG. A virtualizable resource control list (VRCL), associated with each VRG, identifies which network entities in the VRG can communicate with each other, which network entities in the VRG can communicate with network entities in other VRGs, and a guaranteed bandwidth for the VRG associated with the VRCL. Furthermore, the RCAE is operable to exchange messages with other RCAEs in other network switches to implement traffic policies defined by each VRCL - see figs. 1, 5; abstract; paras. [0003] - [0006] of Tripathi.

However, the prior art of record does not teach or render obvious the limitations in independent claims 1 and 2 specific to the other limitations with combination of:
configuring at least one database to accept a virtual isolation network registration therein of at least one virtual isolation network including at least 
configuring the at least one virtual isolation network to accept a first element registration of a first element;
registering the first element in the at least one database;
enabling the registered first element to connect to at least one virtual isolation network via the at least one network security point to the at least one security instance;
applying at least one defined security policy for the communication by the first element via the at least one virtual isolation network to at least one of a communication source or destination,
wherein at least one defined security function is applied by the at least one defined security policy using at least one respective flow marker, 
at least one of:
wherein the first element communicates with an at least one additional element within the at least one virtual isolation network but is restricted from communicating beyond the at least one virtual isolation network, and wherein the at least one security instance is configured to include modular interconnected respective segregated virtual network units;
wherein all communications are subject to the at least one defined security function applied by the at least one security instance, with at least one segregated virtual network unit, the at least one defined security function including at least one of: access control, application protocol control, application program control, signature threat management, behavioral threat management, identity-based control, content control, encryption, decryption, privacy control, and isolation control, wherein the at least one security instance is configured to include modular interconnected respective segregated virtual network units, and wherein the registered first element communicates beyond the at least one virtual isolation network.

in independent claim 62 specific to the other limitations with combination of:
configuring at least one database to accept a registration therein of at least one virtual isolation network including a plurality of security instances 
configuring the at least one virtual isolation network to accept a respective registration from a respective element of a plurality of elements; and registering the respective element of the plurality of elements in the at least one database;
enabling the plurality of elements to connect to the at least one virtual isolation network via the plurality of security instances at a plurality of network security points;
isolating the element by directing all communication via the virtual isolation network security instance and prohibiting any communication outside of the at least one virtual isolation network; and applying a plurality of policy rules to define the communications through the security instances before and during the communications flow from, or to, the plurality of elements,
wherein at least one of defined communications flow and security function is applied by the at least one defined policy rule using at least one respective flow marker, based on policy triggers for pre-specified communication attributes, which references the at least one defined policy rule to identify if and in what sequence communication through the application module operating in the at least one segregated virtual 

Dependent claims 3-61 and 63-183, 192-222, 227-263 and 267-269 are allowed as they depend from allowable independent claims 1, 2 or 62.

Therefore, Examiner considers the above limitations in combination with the remaining limitations of their respective independent claims, as applied to ***field of endeavor*** as the non-obvious novelties of the invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495