Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This non-final office action is responsive to the U.S. patent application no. 16/880,978 filed on May 21, 2020. 
Claims 1-17 are cancelled.
Claims 18-42 are pending.
Claims 18-42 are rejected.
Priority
Applicant's claim priority under 35 U.S.C. 120 to U.S. non-provisional application No. 16/827,571 filed on March 23, 2020, U.S. non-provisional application No. 16/584,810 filed on September 26, 2019 and U.S. non-provisional application No. 14/520,238 filed on October 21, 2014 has been acknowledged.  The parent applications no. 14/520,238 further claim priority under 35 U.S.C. 109(e) to the provisional application 61/893,789 filed on October 21, 2013.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on May 27, 2020, March 1, 2021 and December 6, 2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements have been considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 18-42 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,601,654. Although the claims at issue are not identical, they are not patentably distinct from each other, as shown in the table below.
16/880,978 (instant application)
10,601,654
18. A system for simultaneously and centrally analyzing a plurality of networks, the system comprising: 

one or more collectors configured to receive network traffic data from a plurality of network elements in the plurality of networks, 

wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is from a second company; 

a non-transitory computer readable manager memory; and 

a remote network manager comprising a network interface and configured to connect over the Internet to the one or more collectors via the network interface, 

the remote network manager further configured to simultaneously and centrally analyze (1) the network traffic data from the plurality of network elements in the plurality of networks and (2) network management data from a plurality of enterprise systems in the plurality of networks, wherein the network management data includes L1 through L7 network topology data, network configuration data, and simple network management protocol data; 

wherein the remote network manager is stored in the non-transitory computer readable manager memory that is executed by a manager processor; 


wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies, simultaneously and centrally analyzes the combined cross-network data from the multiple companies within the plurality of network systems, learns a network pattern from the first network of the first company within the plurality of networks, and predicts a network behavior of the second network of the second company within the plurality of networks; 

wherein the remote network manager identifies a network control objective for the network, identifies a programmable parameter of a programmable network element to achieve the network control objective, and programs the programmable network element that is a programmable switch, router, or wireless access point, 


wherein the network control objective is security or performance remediation, wherein the remote network manager identifies specific applications or devices causing security or performance issues, and 

wherein the programmable parameter identified by the remote network manager is blocking the specific applications or devices causing the security or performance issues, 

wherein the remote network manager computes an initial control policy to the programmable network elements using high-level policies, security requirements, and any anomalous traffic behavior; configuration capability and current configuration of underlying network elements; network 

control loop parameters including stability, oscillation, and timescale; and 

wherein the remote network manager sends control policy parameters to the programmable network elements, observes the network, measures effectiveness of the initial control policy with respect to the high-level policy, and computes an updated control policy to send to the programmable network elements.


one or more collectors configured to receive network traffic data from a plurality of network elements in the plurality of networks, 

wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is from a second company; and 




a remote network manager comprising a network interface and configured to connect to the one or more collectors over the Internet via the network interface, and 

further configured to simultaneously and centrally analyze (1) the network traffic data from the plurality of network elements in the plurality of networks and (2) network management data from a plurality of enterprise systems in the plurality of networks, wherein the network management data includes L1 through L7 network topology data, network configuration data, and simple network management protocol data; 

wherein the one or more collectors extract metadata from the network traffic data and send the metadata to the remote network manager; 


wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies, simultaneously and centrally analyzes the combined cross-network data from the multiple companies within the plurality of networks, 
learns a pattern from the first network of the first company within the plurality of networks, and applies the pattern to the second network of the second company within the plurality of networks, 
















wherein the system implements control policies that summarize and index higher layer information about users, applications, devices, and behaviors using machine learning, wherein the higher layer information is queriable using natural language processing, and wherein the control policies automatically adjust to changes in network topology.


Claims 18-42 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 18-37 of copending Application No. 16/880,948. Although the claims at issue are not identical, they are not patentably distinct from each other as shown in the table below.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
16/880,978 (instant application)
16/880,948
18. A system for simultaneously and centrally analyzing a plurality of networks, the system comprising: 



one or more collectors configured to receive network traffic data from a plurality of network elements in the plurality of networks, 


wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is from a second company; 









a non-transitory computer readable manager memory; and 


a remote network manager comprising a network interface and configured to connect over the Internet to the one or more collectors via the network interface, 

the remote network manager further configured to simultaneously and centrally analyze (1) the network traffic data from the plurality of network elements in the plurality of networks and (2) network management data from a plurality of enterprise systems in the plurality of networks, wherein the network management data includes L1 through L7 network topology data, network configuration data, and simple network management protocol data; 

wherein the remote network manager is stored in the non-transitory computer readable manager memory that is executed by a manager processor; 


wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies, simultaneously and centrally analyzes the combined cross-network data from the multiple companies within the plurality of network systems, learns a network pattern from the first 

wherein the remote network manager identifies a network control objective for the network, identifies a programmable parameter of a programmable network element to achieve the network control objective, and programs the programmable network element that is a programmable switch, router, or wireless access point, 

wherein the network control objective is security or performance remediation, wherein the remote network manager identifies specific applications or devices causing security or performance issues, and 

wherein the programmable parameter identified by the remote network manager is blocking the specific applications or devices causing the security or performance issues, 

wherein the remote network manager computes an initial control policy to the programmable network elements using high-level policies, security requirements, and any anomalous traffic behavior; configuration capability and current configuration of underlying network elements; network topology, statistics, and tolerable configuration change; and 

control loop parameters including stability, oscillation, and timescale; and 

wherein the remote network manager sends control policy parameters to the programmable network elements, observes the network, measures effectiveness of the initial control policy with respect to the high-level policy, and computes an updated control policy to send to the programmable network elements.


one or more collectors configured to collect filtered network traffic data from the plurality of network elements in the plurality of networks based on a time-varying schedule; 

each network in the plurality of networks including a plurality of network elements, wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is 
a programmable network element that is a programmable switch, router, or wireless access point; and 

a remote network manager comprising a network interface and configured to connect to the one or more collectors over the Internet via the network interface, and 

further configured to simultaneously and centrally analyze (1) the network traffic data from the plurality of network elements in the plurality of networks and (2) network management data from a plurality of enterprise systems in the plurality of networks, wherein the network management data includes L1 through L7 network topology data, network configuration data, and simple network management protocol data, wherein data from a network management system is network management data, wherein L1 through L7 network topology data is data from L1 through L7 network topology, and wherein configuration data from the network elements is network configuration data; 

wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies for simultaneous and central analysis of the combined cross-network data from the multiple companies; 



wherein the system programs the programmable network element to remediate security and performance issues, 

wherein the remediation of security and performance issues includes detecting and mitigating cyber-attacks, 




wherein the system implements control policies that summarize and index higher layer information about users, applications, devices, and behaviors using machine learning, wherein the higher layer information is queriable using natural language processing, and wherein the control policies automatically adjust to changes in network topology. 


Claims 18-42 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 18-37 of copending Application No. 16/827,571. Although the claims at issue are not identical, they are not patentably distinct from each other as shown in the table below.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
16/880,978 (instant application)
16/827,571 (co-pending application)
18. A system for simultaneously and centrally analyzing a plurality of networks, the system comprising: 




one or more collectors configured to receive network traffic data from a plurality of network elements in the plurality of networks, wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is from a second company; 








a non-transitory computer readable manager memory; and 

a remote network manager comprising a network interface and configured to connect over the Internet to the one or more collectors via the network interface, 

the remote network manager further configured to simultaneously and centrally 

wherein the remote network manager is stored in the non-transitory computer readable manager memory that is executed by a manager processor; 

wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies, simultaneously and centrally analyzes the combined cross-network data from the multiple companies within the plurality of network systems, learns a network pattern from the first network of the first company within the plurality of networks, and predicts a network behavior of the second network of the second company within the plurality of networks; 

wherein the remote network manager identifies a network control objective for the network, identifies a programmable parameter of a programmable network element to achieve the network control objective, and programs the programmable network element that is a programmable switch, router, or wireless access point, 

wherein the network control objective is security or performance remediation, wherein the remote network manager identifies specific applications or devices causing security or performance issues, and 




wherein the remote network manager computes an initial control policy to the programmable network elements using high-level policies, security requirements, and any anomalous traffic behavior; configuration capability and current configuration of underlying network elements; network topology, statistics, and tolerable configuration change; and 

control loop parameters including stability, oscillation, and timescale; and 

wherein the remote network manager sends control policy parameters to the programmable network elements, observes the network, measures effectiveness of the initial control policy with respect to the high-level policy, and computes an updated control policy to send to the programmable network elements.


a non-transitory computer readable collector memory; 

one or more collectors configured to receive network traffic data from a plurality of network elements in the plurality of networks, wherein a first network of the plurality of networks is from a first company and a second network of the plurality of networks is from a second company, wherein the one or more collectors are stored in the non-transitory computer readable collector memory that is executed by a collector processor; 
a programmable network element that is a programmable switch, router, or wireless access point; 

a non-transitory computer readable manager memory; 

a remote network manager configured to receive metadata from the one or more collectors, and 


further configured to simultaneously and centrally analyze (1) the network traffic data 

wherein the remote network manager is stored in the non-transitory computer readable manager memory that is executed by a manager processor; 

wherein the remote network manager combines the network traffic data from the plurality of networks and the network management data from the plurality of enterprise systems in the plurality of networks into combined cross-network data from multiple companies for simultaneous and central analysis of the combined cross-network data from the multiple companies; 







wherein the remote network manager identifies a network control objective for the network, identifies a programmable parameter of the programmable network element to achieve the network control objective, and programs the programmable network element, 



wherein the network control objective is security or performance remediation, wherein the remote network manager identifies specific users, applications, and devices causing security or performance issues, and 



wherein the system implements control policies that summarize and index higher layer information about users, applications, devices, and behaviors using machine learning, wherein the higher layer information is querriable using natural language processing, and wherein the control policies automatically adjust to changes in network topology. 



Pertinent Prior Art
Cited in the attached form PTO-892 “Notice of References Cited” are four references (Friedman et al., Donley et al., Bingham et al. and Harold et al.) that Examiner considers as most relevant to the claimed invention.  However, subject matter disclosed in these references, either taken alone, or combined, do not reasonably render the claimed invention obvious.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIRLEY X ZHANG whose telephone number is (571)270-5012.  The examiner can normally be reached on 8:30am - 5:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIRLEY X ZHANG/Primary Examiner, Art Unit 2442                                                                                                                                                                                                       01/04/2022