DETAILED ACTION

Claims 1-20 are examined and pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 	
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 4-12, 14-20 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by Pernicha (U.S. 2016/191466 A1, hereinafter “Pernicha”).

 	As to claims 1, 11 and 18, Pernicha discloses a computer-implemented method comprising:
 	 receiving flow data (para. [0097]; discloses receiving statistical data or weights assigned to one or more policy rules )
(para. [0044]; discloses this data assigned to one more policy can be based on the mostly frequently used or most recently used policy rule and is updated based on administrator-defined criteria) ; 
determining, whether the first policy is utilized more than a second policy; and
 in response to determining that the first policy is utilized more than the second policy, reordering a first position of the first policy and a second position of the second policy in a policy table (para. [0044]; discloses “dynamic reordering of the evaluation sequence of policy rules can be based on the most frequently used or the most recently used policy rule(s), for example. Such reordering will facilitate faster decision making by firewall/flow control device 108 as the rules observed to be used most frequently, for example, will be found faster as a result of being placed earlier in the search sequence of policy rule database 110….Statistical analysis of the application/usage of existing policy rules may be used to select an appropriate default ordering approach.”).  

 	As to claim 2, Pernicha discloses the method of claim 1, further comprising: in response to determining that the first policy is not utilized more than the second policy, determining if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of time, deleting the first policy from the policy table (para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

	As to claim 4, Pernicha discloses the method of claim 1, further comprising: determining whether the first policy was enforced for the flow data (para. [0031]; discloses “updated set of policy rules can be performed based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

 	As to claim 5, Pernicha discloses the method of claim 4, wherein determining whether the first policy was enforced based on the flow data received at a destination and/or sent by a source (para. [0031]; discloses “the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules, wherein such optimization of the updated set of policy rules can be performed based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

claim 6, Pernicha discloses the method of claim 1, wherein the flow data comprises data that is received from a network device, a hypervisor, a container, or a virtual machine.(para. [0070]; discloses “entry 301a of policy rule 301 relates to all traffic/packet/connection requests sent from host 10.184.17.0/26 to peer host/network 10.135.32.0/26, which, can be sent on any of the ports”. This citation clearly shows that network data is coming from network devices on the network)  

 	As to claim 7, Pernicha discloses the method of claim 1, further comprising: presenting the utilization data of the first policy including at least one of a number of flows, a number of packets, or a quantity of data received by a network in relation to a period of time (para. [0060]; discloses “When statistical data (e.g., frequency of execution during one or more particular time frames) is tracked and maintained relating to execution of policy rules”).  

 	As to claim 8, Pernicha discloses the method of claim 1, further comprising: receiving additional flow data; determining whether the first policy is applicable to the additional flow data (para. [0079]; discloses “ the administrator can also check dependency in order to view automatically identified dependencies that any rule has on the other set of rules that form part of the rules repository.”).  

 	As to claim 9, Pernicha discloses the method of claim 8, wherein the first policy is configured to deny connectivity from a source and/or a destination, the method further comprising: determining that connectivity was allowed from the source and/or to the (para. [0077] c. Rule 311 is in conflict with part of the flow required for new rule 399. Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”).  

 	As to claim 10, Pernicha discloses the method of claim 8, wherein the first policy is configured to deny connectivity from a source and/or a destination, the method further comprising: determining that connectivity was denied from the source and/or to the destination; and updating the utilization data for the first policy (para. [0074]; discloses “Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”). 

 	As to claim 12, Pernicha discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: in response to determining that the first policy is not utilized more than the second policy, determine if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of (para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).    

 	As to claim 14, Pernicha discloses the system of claim 11, wherein the flow data comprises data that is received from a network device, a hypervisor, a container, or a virtual machine (para. [0070]; discloses “entry 301a of policy rule 301 relates to all traffic/packet/connection requests sent from host 10.184.17.0/26 to peer host/network 10.135.32.0/26, which, can be sent on any of the ports”. This citation clearly shows that network data is coming from network devices on the network).  

 	As to claim 15, Pernicha discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: present the utilization data of the first policy including at least one of a number of 31Docket Number: 085115-677329 (999584-US.02) flows, a number of packets, or a quantity of data received by a network in relation to a period of time (para. [0060]; discloses “When statistical data (e.g., frequency of execution during one or more particular time frames) is tracked and maintained relating to execution of policy rules”).    

 	As to claim 16, Pernicha discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: receive additional flow data; determine whether the first policy is applicable to the additional flow data (para. [0079]; discloses “ the administrator can also check dependency in order to view automatically identified dependencies that any rule has on the other set of rules that form part of the rules repository.”).    

 	As to claim 17, Pernicha discloses the system of claim 16, wherein the first policy is configured to deny connectivity from a source and/or a destination, the system further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determine that connectivity was allowed from the source and/or to the destination; and provide an alert indicating that the first policy was not applied (para. [0077] c. Rule 311 is in conflict with part of the flow required for new rule 399. Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”).  .  

claim 18, Pernicha discloses the system of claim 16, wherein the first policy is configured to deny connectivity from a source and/or a destination, the system further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determining that connectivity was denied from the source and/or to the destination; and updating the utilization data for the first policy (para. [0074]; discloses “Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”). .  

 	As to claim 20, Pernicha discloses the at least one non-transitory computer-readable medium of claim 19, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: in response to determining that the first policy is not utilized more than the second policy, determine if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of time, delete the first policy from the policy table  (para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).    

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Pernicha in view of Porras et al. (U.S. 2014/0331280 A1, hereinafter “Porras”).

 	As to claims 3 and 13, Pernicha discloses the method of claim 2, however Pernicha does not disclose the method wherein the first policy is a whitelist policy.  
 	In an analogous art, Porras disclose the method wherein the first policy is a whitelist policy (para. [0077]; discloses network privilege manager receives a large-scale network address whitelist including a number of acceptable IP addresses).  
 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pernicha by including a whitelist that .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 	Sinha et al. (U.S. 2008/0301755 A1) discloses a method and system for applying access-control policies. In particular implementations, a method includes determining one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; accessing an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and creating one or more entries in one or more policy data structures for the one or more determined policies.

 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOE CHACKO whose telephone number is (571)270-3318. The examiner can normally be reached Monday-Friday 7am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JOE CHACKO/Primary Examiner, Art Unit 2456