DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Barry Choobin (Reg. No. 60,128) on 19 August 2021.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

CLAIM 1:
A computer-implemented method for providing a complete traceability of changes incurred in a security policy corresponding to a resource, the computer-implemented method comprising: 
monitoring events occurring at [[a]] the corresponding resource by a policy tracing engine; 
determining events of interest from the monitored events by the policy tracing engine, wherein the events of interest comprise events that trigger recomputation of the security policy configured for the corresponding resource and deployed at the corresponding resource;
determining, by the policy tracing engine, the changes incurred in the security policy caused by the events of interest, wherein the changes comprise (i) intent-based changes initiated by an administrator and (ii) event-based changes dynamically induced at the corresponding resource;
on determining the changes incurred in the security policy, assigning a unique policy identifier to the security policy by the policy tracing engine, wherein the unique policy identifier is configured as a mapping of a combination of (i) a unique intent identifier assigned to each of the intent-based changes and (ii) a unique event identifier assigned to each of the event-based changes, and wherein the unique policy identifier creates a tracing link between the changes and the security policy; 
recomputing the security policy based on the changes and storing the security policy and the assigned unique policy identifier in a policy database by the policy tracing engine; 
transmitting the security policy and the assigned unique policy identifier to the corresponding resource by the policy tracing engine for deployment at the corresponding resource; 
receiving, by the policy tracing engine, network access information comprising the unique policy identifier from the corresponding resource deployed with the transmitted security policy; and 
generating, by the policy tracing engine, a traceability report that provides a complete traceability of each of a plurality of policy actions, including at least network traffic to be allowed or denied on the corresponding resource, performed in a networked environment to a source of each of the changes incurred in the security policy as identified by the unique 40policy identifier by analyzing and correlating the network access information in communication with the policy database so as to enable the created tracing link to identify a cause of a particular policy action by retrieving the unique policy identifier of the particular policy action and performing a table lookup in the policy database to obtain a trace of an exact source of the configured security policy of the intent-based change, and an exact event that recomputed the configured security policy to the modified security policy, thereby providing a complete traceability of the changes incurred in the security policy from "configured" to "modified" corresponding to the corresponding resource.  


CLAIM 7:
A system for providing a complete traceability of changes incurred in a security policy corresponding to a resource, the system comprising: 
at least one processor device; and 
a non-transitory, computer-readable storage medium operably and communicatively coupled to the at least one processor device and configured to store computer program instructions defined by a policy tracing engine, the computer program instructions which, when executed by the at least one processor device, cause the at least one processor device to: 
monitor events occurring at [[a]] the corresponding resource; 
determine events of interest from the monitored events, wherein the events of interest comprise events that trigger recomputation of the security policy configured for the corresponding resource and deployed at the corresponding resource; 
determine the changes incurred in the security policy caused by the events of interest, wherein the changes comprise (i) intent-based changes initiated by an administrator and (ii) event-based changes dynamically induced at the corresponding resource; 
on determining the changes incurred in the security policy, assign a unique policy identifier to the security policy, wherein the unique policy identifier is configured as a mapping of a combination of (i) a unique intent identifier assigned to each of the intent-based changes and (ii) a unique event identifier assigned to each of the event-based changes, and wherein the unique policy identifier creates a tracing link between the changes and the security policy; 
42recompute the security policy based on the changes and store the security policy and the assigned unique policy identifier in a policy database; 
transmit the security policy and the assigned unique policy identifier to the corresponding resource for deployment at the corresponding resource; 
receive network access information comprising the unique policy identifier from the corresponding resource deployed with the transmitted security policy, and 
generate a traceability report that provides a complete traceability of each of a plurality of policy actions, including at least network traffic to be allowed or denied on the corresponding resource, performed in a networked environment to a source of each of the changes incurred in the security policy as identified by the unique policy identifier by analyzing and correlating the network access informati on in communication with the policy database so as to enable the created tracing link to identify a cause of a particular policy action by retrieving the unique policy identifier of the particular policy action and performing a table lookup in the policy database to obtain a trace of an exact source of the configured security policy of the intent-based change, and an exact event that recomputed the configured security policy to the modified security policy, thereby providing a complete traceability of the changes incurred in the security policy from "configured" to "modified" corresponding to the corresponding resource.  

CLAIM 13:
A non-transitory, computer-readable storage medium having embodied thereon, computer program instructions executable by at least one processor device for providing a complete traceability of changes incurred in a security policy corresponding to a resource, the computer program instructions which, when executed by the at least one processor device, cause the at least one processor device to: 
monitor events occurring at [[a]] the corresponding resource; 
determine events of interest from the monitored exents, wherein the events of interest comprise events that trigger recomputation of the security policy configured for the corresponding resource and deployed at the corresponding resource;  
44determine the changes incurred in the security policy caused by the events of interest, wherein the changes comprise (i) intent-based changes initiated by an administrator and (ii) event-based changes dynamically induced at the corresponding resource; 
on determining the changes incurred in the security policy, assign a unique policy identifier to the security policy, wherein the unique policy identifier is configured as a mapping of a combination of (i) a unique intent identifier assigned to each of the intent-based changes and (ii) a unique exent identifier assigned to each of the event-based changes, and wherein the unique policy identifier creates a tracing link between the changes and the security policy; 
recompute the security policy based on the changes and store the security policy and the assigned unique policy identifier in a policy database; 
transmit the security policy and the assigned unique policy identifier to the corresponding resource for deployment at the corresponding resource; 
receive network access information comprising the unique policy identifier from the corresponding resource deployed with the transmitted security policy; and 
generate a traceability report that provides a complete traceability of each of a plurality of policy actions, including at least network traffic to be allowed or denied on the corresponding resource, performed in a networked en ironment to a source of each of the changes incurred in the security policy as identified by the unique policy identifier by analyzing and correlating the network access information in communication with the policy database so as to enable the created tracing link to identify a cause of a particular policy action by retrieving the unique policy identifier of the particular policy action and performing a table lookup in the policy database to obtain a trace of an exact source of the configured security policy of the intent-based change, and an exact event that recomputed the configured security policy to the modified security policy, thereby providing a complete traceability of the changes incurred in the security policy from "configured" to "modified" corresponding to the corresponding resource.




Allow Subject Matter

Claims 1 – 18 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 7 & 13 (& associated dependent claims).
The present invention is directed to a method for providing a complete traceability of changes incurred in a security policy. In view of the closest prior arts such as U.S. PG-PUB: 2019/0098054 (by Ramachandran) and U.S. PG-PUB: US_2007/0116285 (by Naka), no singular art disclosing nor motivation to combine has been found to anticipate or render obvious the claimed invention in such particular details of doing so in the context of recited limitations such as determining, by the policy tracing engine, the changes incurred in the security policy caused by the events of interest, wherein the changes comprise (i) intent-based changes initiated by an administrator and (ii) event-based changes dynamically induced at the corresponding resource; on determining the changes incurred in the security policy, assigning a unique policy identifier to the security policy by the policy tracing engine, wherein the unique policy identifier is configured as a mapping of a combination of (i) a unique intent identifier assigned to each of the intent-based changes and (ii) a unique event identifier assigned to each of the event-based changes, and wherein the unique policy identifier creates a tracing link between the changes and the security policy; recomputing the security policy based on the changes and storing the security policy and the assigned unique policy identifier in a policy database by the policy tracing engine; transmitting the security policy and the assigned unique policy identifier to the corresponding resource by the policy tracing engine for deployment at the corresponding resource; receiving, by the policy tracing engine, network access information comprising the unique policy identifier from the corresponding resource deployed with the transmitted security policy; and generating, by the policy tracing engine, a traceability report that provides a complete traceability of each of a plurality of policy actions, including at least network traffic to be allowed or denied on the corresponding resource, performed in a networked environment to a source of each of the changes incurred in the security policy as identified by the unique 40policy identifier by analyzing and correlating the network access information in communication with the policy database so as to enable the created tracing link to identify a cause of a particular policy action by retrieving the unique policy identifier of the particular policy action and performing a table lookup in the policy database to obtain a trace of an exact source of the configured security policy of the intent-based change, and an exact event that recomputed the configured security policy to the modified security policy, thereby providing a complete traceability of the changes incurred in the security policy from "configured" to "modified" corresponding to the corresponding resource.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2313 - 2022)