DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a non-Final Office Action in response to applicant’s arguments/filing filed on June 17, 2019
Claims 1-20 are pending
 
Examiner’s Note: The term, “Processor” is defined in paragraph 0059 of the specification as containing memory and therefore, determined to be hardware.

Examiner’s Note: Paragraph 0060 of the specification discloses that the terms “computer storage media”, “computer-storage memory”, “memory”, “memory devices” and similar terms do not include carrier waves or propagating signals.

Drawings
Acknowledgment is made of applicant’s drawings submitted on 6/17/2019.

Oath/Declaration
Acknowledgment is made of applicant’s oath submitted on 9/18/2019

Application Data Sheet
Acknowledgment is made of applicant’s application data sheet submitted on 6/17/2019.






Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


1.) Claims 1-4, 7-13, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied reference, US 20100325588, Reddy in view of US 20160359697, Scheib


a processor(see US 20100325588, Reddy,fig. 1E, item 101[CPU]); and 
a computer-readable medium storing instructions that are operative when executed by the processor(see US 20100325588, Reddy,fig. 1E, item 128, storage with software) to: 
based at least on a first trigger event(see US 20100325588, Reddy, para. 0231, a learning engine may be activated when changes are made[i.e. trigger event] to content differ from a norm), 
during a first analysis phase, analyze a first set of candidate rules corresponding to at least a portion of the first set of restricted dependencies for traffic that includes a preset constraint on permitted traffic (see US 20100325588, Reddy, para. 0120, where the application firewall analyzes network communications in accordance to rules and policies and prevents transmission of information that depends on confidential[i.e. restricted] information); 
receive an indication of verifying, blocking, or tailoring one or more candidate rules within the first set of candidate rules, to generate a first set of verified rules(see US 20100325588, Reddy, para. 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules); and 
operate the cloud service firewall with the first set of verified rules for the first application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module to a firewall) 	Reddy did not /TAGHI T ARANI/                                                                                                                                                                                                         	However, Scheib teaches determine a first set of restricted dependencies for a cloud service firewall to analyze for a first application, the first set of restricted dependencies for traffic associated with the cloud service firewall (see US 20160359697, Scheib, para. 0028-0029, where application dependency mapping[ADM] is determined by automating the process of observing network traffic in real time and maps endpoints to applications and evaluated using machine learning to determine ADM[e.g. including  restricted dependencies] that can be used to derive a set of policies/rules, wherein the automated solutions may be derived from data captured by firewalls).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Reddy with the teaching of Scheib because a user would have been motivated to use the application dependency mapping[ADM], taught by Scheib, in order to automate the process of deriving dependency based policies for either permitting or denying traffic flow(see Scheib, para. 0026)
 
In regards to claim 2, the combination of Reddy and Scheib teach the system of claim 1 wherein the instructions are further operative to: based at least on a second trigger event, determine a second set of restricted dependencies for the cloud service (see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a credit card number included in a network packet); 
during a second analysis phase, analyze a second set of candidate rules corresponding to at least a portion of the second set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receive an indication of verifying, blocking, or tailoring one or more candidate rules within the second set of candidate rules, to generate a second set of verified rules, the second set of verified rules different from the first set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information and a 2nd rule may be configured to address leaked password information); and 
operate the cloud service firewall with the second set of verified rules for the first application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module).  


a user input and an update to the first application(see US 20100325588, Reddy, para. 0104, where a packet engine is triggered by network packets that are received[e.g. from a user message]).  

In regards to claim 4, the combination of Reddy and Scheib teach the system of claim 1 wherein the instructions are further operative to: based at least on a third trigger event, determine a third set of restricted dependencies for the cloud service firewall to learn for a second application(see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a social security number[i.e. 3rd restricted dependency] included in a network packet); 
during a third analysis phase, analyze a third set of candidate rules corresponding to at least a portion of the third set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receive an indication of verifying, blocking, or tailoring one or more candidate rules within the third set of candidate rules, to generate a third set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information, a 2nd rule may be configured to address, and a 3rd rule may address leaked social security number information); and 
operate the cloud service firewall with the third set of verified rules for the second application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module).  

In regards to claim 7, the combination of Reddy and Scheib teach the system of claim 1 wherein the first set of restricted dependencies comprises at least one dependency selected from the list consisting of: 
an application dependency and a network dependency(see US 20100325588, Reddy, para. 0005, where the learned rules are generated from URL communications[i.e. network dependency]).  

In regards to claim 8, the combination of Reddy and Scheib teach the system of claim 1 wherein the instructions are further operative to: 
determine whether, from among the first set of restricted dependencies, a dependency was not exercised(see US 20100325588, Reddy, para. 0229, where a message filter checks the rules against received message to determine if any of the rules apply[i.e. if any rule was exercised]); and 
based at least on determining that a dependency was not exercised, generate an alert identifying that a dependency was not exercised (see US 20100325588, Reddy, para. 0064, where a monitoring agent collects data on any type and form of event, where the agent may subsequently may provide a report[i.e. alert]).  

In regards to claim 9, the combination of Reddy and Scheib teach the system of claim 1 wherein the instructions are further operative to: during the first analysis phase, generate logs from analyzing the first set of candidate rules(see US 20100325588, Reddy, para. 0064 and 0184, where a monitoring agent may report monitored data, wherein the report may include results from policy evaluation); and 
prior to receiving an indication of verifying, blocking, or tailoring one or more candidate rules, present the logs for evaluation(see US 20100325588, Reddy, para. 0106, where a monitoring program checks any status or history logs) .  

In regards to claim 10, Reddy teaches a method of permitting firewall traffic as exceptions in default traffic denial environments, the method comprising: 
based at least on a first trigger event(see US 20100325588, Reddy, para. 0231, a learning engine may be activated when changes are made[i.e. trigger event] to content differ from a norm), 
during a first analysis phase, analyzing a first set of candidate rules corresponding to at least a portion of the first set of restricted dependencies that includes a preset constraint on permitted traffic(see US 20100325588, Reddy, para. 0120, where the application firewall analyzes network communications in accordance to rules and policies and prevents transmission of information that depends on confidential[i.e. restricted] information); 
(see US 20100325588, Reddy, para. 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules); and 
operating the cloud service firewall with the first set of verified rules for the first application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module to a firewall)
 	Reddy does not teach determining a first set of restricted dependencies for a cloud service firewall to analyze for a first application 	However, Scheib teaches determining a first set of restricted dependencies for a cloud service firewall to analyze for a first application (see US 20160359697, Scheib, para. 0028-0029, where application dependency mapping[ADM] is determined by automating the process of observing network traffic in real time and maps endpoints to applications and evaluated using machine learning to determine ADM[e.g. including  restricted dependencies] that can be used to derive a set of policies/rules, wherein the automated solutions may be derived from data captured by firewalls).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Reddy with the teaching of Scheib because a user would have been motivated to use the application dependency mapping[ADM], taught by Scheib, in order to automate the process of deriving (see Scheib, para. 0026)

In regards to claim 11, the combination of Reddy and Scheib teach the method of claim 10 further comprising: 
based at least on a second trigger event, determining a second set of restricted dependencies for the cloud service firewall to analyze for the first application(see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a credit card number included in a network packet); 
during a second analysis phase, analyzing a second set of candidate rules corresponding to at least a portion of the second set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the second set of candidate rules, to generate a second set of verified rules, the second set of verified rules different from the first set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information and a 2nd rule may be configured to address leaked password information); and 
operating the cloud service firewall with the second set of verified rules for the first application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module).  

 	In regards to claim 12, the combination of Reddy and Scheib teach the method of claim 11 wherein the first trigger event and the second trigger event each comprises an event selected from the list consisting of: 
a user input and an update to the first application(see US 20100325588, Reddy, para. 0104, where a packet engine is triggered by network packets that are received[e.g. from a user message]).  

In regards to claim 13, the combination of Reddy and Scheib teach the method of claim 10 further comprising: 
based at least on a third trigger event, determining a third set of restricted dependencies for the cloud service firewall to analyze for a second application(see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a social security number[i.e. 3rd restricted dependency] included in a network packet); 
during a third analysis phase, analyzing a third set of candidate rules corresponding to at least a portion of the third set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the third set of candidate rules, to generate a third set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information, a 2nd rule may be configured to address, and a 3rd rule may address leaked social security number information); and 
operating the cloud service firewall with the third set of verified rules for the second application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module).  

In regards to claim 16, the combination of Reddy and Scheib teach the method of claim 10 wherein the first set of restricted dependencies comprises at least one dependency selected from the list consisting of: 
an application dependency and a network dependency(see US 20100325588, Reddy, para. 0005, where the learned rules are generated from URL communications[i.e. network dependency]).  

 	In regards to claim 17, the combination of Reddy and Scheib teach the method of claim 10 further comprising: 
(see US 20100325588, Reddy, para. 0229, where a message filter checks the rules against received message to determine if any of the rules apply[i.e. if any rule was exercised]); and 
based at least on determining that a dependency was not exercised, generating an alert identifying that a dependency was not exercised(see US 20100325588, Reddy, para. 0064, where a monitoring agent collects data on any type and form of event, where the agent may subsequently may provide a report[i.e. alert]).  

 	In regards to claim 18, the combination of Reddy and Scheib teach the method of claim 10 further comprising: 
during the first analysis phase, generating logs from analyzing the first set of candidate rules(see US 20100325588, Reddy, para. 0064 and 0184, where a monitoring agent may report monitored data, wherein the report may include results from policy evaluation); and prior to receiving an indication of verifying, blocking, or tailoring one or more candidate rules, presenting the logs for evaluation(see US 20100325588, Reddy, para. 0106, where a monitoring program checks any status or history logs).  


2.) Claims 5, 6, 14, 15, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied reference, US 20100325588, Reddy in view of US 20160359697, Scheib and further in view of US 20090138960, Felty


receive a set of constraints for the first set of restricted dependencies 	However, Felty teaches wherein the instructions are further operative to: 
receive a set of constraints for the first set of restricted dependencies (see US 20090138960, Felty, para. 0109, where a rule may consist of contraints).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Reddy and Scheib with the teaching of Felty because a user would have been motivated to protect operation of the firewall, taught by the combination of Reddy and Scheib, by repairing the firewall access control rules in order to remove conflicts between rules(see Felty, para. 0004)

In regards to claim 6, the combination of Reddy, Scheib and Felty teach the system of claim 5 wherein receiving a set of constraints for the first set of restricted dependencies comprises receiving at least one input selected from the list consisting of: a selection from a set of preset constraints and a custom constraint (see US 20090138960, Felty, para. 0112, where a constraint may be selected[i.e. preset]).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Reddy and Scheib with the teaching of Felty because a user would have been motivated to protect operation of the firewall, taught by the combination of Reddy and Scheib, by (see Felty, para. 0004)
 
 	In regards to claim 14, the combination of Reddy and Sheib teach the method of claim 10. The combination of Reddy and Sheib do not teach further comprising: 
receiving a set of constraints for the first set of restricted dependencies 	However, Felty teaches further comprising: 
receiving a set of constraints for the first set of restricted dependencies (see US 20090138960, Felty, para. 0109, where a rule may consist of contraints). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Reddy and Scheib with the teaching of Felty because a user would have been motivated to protect operation of the firewall, taught by the combination of Reddy and Scheib, by repairing the firewall access control rules in order to remove conflicts between rules(see Felty, para. 0004)  

In regards to claim 15, the combination of Reddy, Scheib and Felty teach the method of claim 14 wherein receiving a set of constraints for the first set of restricted dependencies comprises receiving at least one input selected from the list consisting of: 
a selection from a set of preset constraints and a custom constraint(see US 20090138960, Felty, para. 0112, where a constraint may be selected[i.e. preset]).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Reddy (see Felty, para. 0004)

 	In regards to claim 19, Reddy teaches one or more computer storage devices having computer-executable instructions stored thereon for permitting firewall traffic as exceptions in default traffic denial environments, which, on execution by a computer, cause the computer to perform operations comprising:
based at least on a first trigger event(see US 20100325588, Reddy, para. 0231, a learning engine may be activated when changes are made[i.e. trigger event] to content differ from a norm), wherein the first trigger event comprises an event selected from the list consisting of a user input and an update to the first application(see US 20100325588, Reddy, para. 0104, where a packet engine is triggered by network packets that are received[e.g. from a user message]), and wherein the first set of restricted dependencies comprises at least one dependency selected from the list consisting of an application dependency and a network dependency(see US 20100325588, Reddy, para. 0005, where the learned rules are generated from URL communications[i.e. network dependency]); 
during a first analysis phase, analyzing a first set of candidate rules corresponding to at least a portion of the first set of restricted dependencies(see US 20100325588, Reddy, para. 0120, where the application firewall analyzes network communications in accordance to rules and policies and prevents transmission of information that depends on confidential[i.e. restricted] information); 
during the first analysis phase, generating logs from analyzing the first set of candidate rules(see US 20100325588, Reddy, para. 0064 and 0184, where a monitoring agent may report monitored data, wherein the report may include results from policy evaluation); and determining whether, from among the first set of restricted dependencies, a dependency was not exercised(see US 20100325588, Reddy, para. 0229, where a message filter checks the rules against received message to determine if any of the rules apply[i.e. if any rule was exercised]); 
based at least on determining that a dependency was not exercised, generating an alert identifying that a dependency was not exercised(see US 20100325588, Reddy, para. 0064, where a monitoring agent collects data on any type and form of event, where the agent may subsequently may provide a report[i.e. alert]);  
1116/443,487presenting the logs for evaluation(see US 20100325588, Reddy, para. 0064 and 0184, where a monitoring agent may report monitored data, wherein the report may include results from policy evaluation); 
receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the first set of candidate rules, to generate a first set of verified rules(see US 20100325588, Reddy, para. 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules); 
(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module to a firewall); 
based at least on a second trigger event, determining a second set of restricted dependencies for the cloud service firewall to analyze for the first application(see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a credit card number included in a network packet), wherein the second trigger event comprises an event selected from the list consisting of: 
a user input and an update to the first application(see US 20100325588, Reddy, para. 0104, where a packet engine is triggered by network packets that are received[e.g. from a user message]); 
during a second analysis phase, analyzing a second set of candidate rules corresponding to at least a portion of the second set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the second set of candidate rules, to generate a second set of verified rules, the second set of verified rules different from the first set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information and a 2nd rule may be configured to address leaked password information); 
operating the cloud service firewall with the second set of verified rules for the first application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module);
based at least on a third trigger event, determining a third set of restricted dependencies for the cloud service firewall to analyze for a second application(see US 20100325588, Reddy, para. 0120, where the application firewall may be triggered by detection of credential information that may include a social security number[i.e. 3rd restricted dependency] included in a network packet); 
during a third analysis phase, analyzing a third set of candidate rules corresponding to at least a portion of the third set of restricted dependencies(see US 20100325588, Reddy, para. 0120 and 0248, where rule and policies are employed in the detection of network packets that depend on protected credentials[i.e. restricted dependencies], wherein the learned rules are evaluated[i.e. analyzed]); 
receiving an indication of verifying, blocking, or tailoring one or more candidate rules within the third set of candidate rules, to generate a third set of verified rules(see US 20100325588, Reddy, para. 0120, 0225, 0248, where rules may be generated based on learned history of communications received by a processing module, wherein an administrator is implicitly informed of the rules in order to evaluate, validate and deploy the rules, wherein a 1st rule may address leaked credit card number information, a 2nd rule may be configured to address, and a 3rd rule may address leaked social security number information); and 1216/443,487
operating the cloud service firewall with the third set of verified rules for the second application(see US 20100325588, Reddy, para. 0248, where learned rules may be deployed by a processing module); 	Reddy does not teach determining the first set of restricted dependencies for a cloud service firewall to analyze for a first application 	However, Scheib teaches determining the first set of restricted dependencies for a cloud service firewall to analyze for a first application (see US 20160359697, Scheib, para. 0028-0029, where application dependency mapping[ADM] is determined by automating the process of observing network traffic in real time and maps endpoints to applications and evaluated using machine learning to determine ADM[e.g. including  restricted dependencies] that can be used to derive a set of policies/rules, wherein the automated solutions may be derived from data captured by firewalls);   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Reddy with the teaching of Scheib because a user would have been motivated to use the application dependency mapping[ADM], taught by Scheib, in order to automate the process of deriving dependency based policies for either permitting or denying traffic flow(see Scheib, para. 0026),
the combination of Reddy and Scheib do not teach receiving a set of constraints for a first set of restricted dependencies, wherein receiving a set of constraints for the  	However, Felty teaches receiving a set of constraints for a first set of restricted dependencies(see US 20090138960, Felty, para. 0109, where a rule may consist of contraints), wherein receiving a set of constraints for the first set of restricted dependencies comprises receiving at least one input selected from the list consisting of a selection from a set of preset constraints and a custom constraint(see US 20090138960, Felty, para. 0112, where a constraint may be selected[i.e. preset]).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Reddy and Scheib with the teaching of Felty because a user would have been motivated to protect operation of the firewall, taught by the combination of Reddy and Scheib, by repairing the firewall access control rules in order to remove conflicts between rules(see Felty, para. 0004)

 	In regards to claim 20, the combination of Reddy, Scheib and Felty teach the one or more computer storage devices of claim 19 wherein the operations further comprise: 
receiving instructions for the first set of candidate rules to learn and deny or to learn and allow(see US 20100325588, Reddy, para. 0241-0242, where a firewall inspects a URL and may deny the URL if it is on a deny list). 13  


CONCLUSION
GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/                                              Examiner, Art Unit 2438                                                                                                                                                          


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438