DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is a final office action in response to remarks filed on 8 October 2021.  Claims 1, 10, and 19 are amended.  No claims are canceled.  Claims 21-22 are added.  Claims 1-22 are pending.

Response to Arguments
Applicant’s arguments, see pages 7-11, filed 8 October 2021, with respect to the rejection(s) of claim(s) 1-20 under 35 USC 103 over Liu in view of Oran have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Liu and Harneja.
Applicant’s arguments (see pages 7-11) are focused on Liu’s teachings with respect to the claim amendments (in particular the elements involving intent-based and stateful processing) and the new claims. Examiner has relied upon the new reference, Harneja for the amendments and the intent-based and stateful processing elements of the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-22 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (U.S. Patent Publication 2019/0280969) in view of Harneja et al. (U.S. Patent 10,659,298).

Regarding claim 1, Liu disclosed a method comprising:
receiving, by a network device, a plurality of intent-based (see Harneja combination below) network policies in a network, wherein each intent-based policy comprises at least a rule associated with a network intent defined using logical terms (see Harneja combination below) and an action to be performed by a network function on a network packet in response to the rule being matched (see Liu 0037: receiving multiple forwarding tables | 0058: collecting forwarding rules and , and further wherein the network comprises an intent-based stateful network and the network function comprises a stateful processing of the network packet (see Harneja combination below);
identifying, by the network device, a set of header address spaces (see Liu 0058: using header space analysis) comprising a plurality of addresses that match to a same set of rules and actions (see Liu 0007: verifying equivalence over entire IP address space | 0038: grouping fields that have the same address);
creating, by the network device, an atomic address object representing the identified set of header address spaces (see Liu 0007: common address groups used when determining equivalence | 0038: grouping fields that have the same address. Examiner interprets the common groups as the claimed atomic address object); and
verifying, by the network device, the plurality of intent-based (see Harneja combination below) network policies using the atomic address object (see Liu 0058: comparing multiple routing tables to determine equivalence).

While it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that there can be multiple intent-based network policies in a network, Liu did not explicitly disclose “a plurality of intent-based network policies” and that verification using the atomic address object is performed for “the plurality of intent-based policies”.  Liu also did not explicitly disclose that the rule is “associated with a network intent defined using logical terms” and “further wherein the network comprises an intent-based stateful network and the network function comprises a stateful processing of the network packet”.
However in a related art, Harneja disclosed network policy analysis involving constructing a logical model including declarative representations of object configurations, e.g. end point groups, and security policies (see Harneja 4:37-51).  The logical model incorporates state information (see Harneja 17:58-60), i.e. stateful network, and models are used when processing traffic (see Harneja 18:44-58), i.e. stateful processing of the network packet. Models also describe the user intent in terms of EPGs (see Harneja 5:20-30), i.e. intent-based, associate elements in the model with tags (see Harneja 17:65-67), i.e. defined using logical terms (dependent claim 21 lists tags as a type of logical term), and include multiple network policies (see Harneja 9:30-45). i.e. “plurality”.  Rules are defined and used to determine violations such that when violations are detected, alerts are generated and corrective actions are taken to modify the network configuration (see Harneja 4:52-64). The assurance appliance checks to make sure that the logical model specifications representing the network intent are correctly implemented in the models (see Harneja 20:11-20).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Liu and Harneja to further describe how intent-based network policies are implemented.  Including Harneja’s teachings would improve efficiency and speed of user navigation as well as improving accuracy of network configuration error detection (see Harneja 4:21-32).

Regarding claim 10, the claim contains the limitations, substantially as claimed, as described in claim 1 above and is rejected under Liu-Oran according to the rationale provided above. Liu-Harneja further disclosed a network device comprising at least: 
a memory (see Liu claim 12);
a processor (see Liu claim 12) executing instructions in the memory to perform the method of claim 1 above. 

Regarding claim 19, the claim contains the limitations, substantially as claimed, as described in claim 1 above and is rejected under Liu-Harneja according to the rationale provided above. Liu-Harneja further disclosed a non-transitory machine-readable storage medium (see Liu claim 12) encoded with instructions executable by a processor of a computing device, the non-transitory machine-readable storage medium comprising instructions to perform the method of claim 1 above.

Regarding claim 2, Liu-Harneja disclosed the method of claim 1, further comprising:
determining a plurality of non-overlapping address space intervals based on a plurality of rules corresponding to the plurality of intent-based network policies (see Liu 0038: determining whether or not addresses share the same routing rule. If so, they are merged, however if not, they are not merged - i.e. non-overlapping address space intervals);
identifying a subset of non-overlapping address space intervals that match to the same set of rules and actions (see Liu 0038: determining whether or not addresses 
identifying the set of header address spaces by combining the subset of non-overlapping address space intervals that match to the same set of rules and actions (see Liu 0038: determining whether or not addresses share the same routing rule. If so, they are merged, however if not, they are not merged - i.e. i.e. combining non-overlapping addresses that match the same rule and action).

Regarding claim 11, the claim contains the limitations, substantially as claimed, as described in claim 2 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 20, the claim contains the limitations, substantially as claimed, as described in claim 2 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 3, Liu-Harneja disclosed the method of claim 1, wherein the atomic address object comprise at least two non-continuous subset of address space intervals (see Liu 0038: merging addresses that share the same forwarding rule | Liu 0048: determining equivalence using both top-down and bottom-up methods, i.e. these two methods are non-continuous with each other).

Regarding claim 12, the claim contains the limitations, substantially as claimed, as described in claim 3 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 4, Liu-Harneja disclosed the method of claim 1, wherein ail addresses corresponding to the atomic address object are associated with the same actions across all network functions (see Liu 0058: equivalence classes and header space analysis verify the network configuration upon every policy change and yield the same behavior given any IP address, i.e. used across all network functions).

Regarding claim 13, the claim contains the limitations, substantially as claimed, as described in claim 4 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 5, Liu-Harneja disclosed the method of claim 1, wherein packets sent from a first atomic address object to a second atomic address object forms a unique traffic class, and wherein packets within the same traffic class is treated equally across network functions in the network (see Liu 0058: collecting forwarding rules and determining equivalence classes such that the same behavior is performed given any IP address).

Regarding claim 14, the claim contains the limitations, substantially as claimed, as described in claim 5 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 6, Liu-Harneja disclosed the method of claim 5, further comprising:
verifying a particular intent-based network policy between two endpoint groups (EPGs) by checking corresponding intents for each traffic class between the two EPGs (see Harneja 6:63-7:6: network assurance is the determination that the network is doing what it is intended to do | 6:30-45: security policy adherence analysis includes verifying that traffic between two endpoints is permitted | 11:55-67: traffic is classified according to logical groups and endpoints).  The motivation to combine Liu and Harneja is the same as that presented in claim 1 above.

Regarding claim 15, the claim contains the limitations, substantially as claimed, as described in claim 6 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 7, Liu-Harneja disclosed the method of claim 1, wherein the network function comprises at least one of a stateful firewall, a network address translator, a load balancer, and a reverse proxy (see Harneja 10:16-32: distributed firewall | 22:17-36: load balancing). The motivation to combine Liu and Harneja is the same as that presented in claim 1 above.
Regarding claim 16, the claim contains the limitations, substantially as claimed, as described in claim 7 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 8, Liu-Harneja disclosed the method of claim 1, wherein verifying the plurality of intent-based network policies using the atomic address object comprises modeling header matching in a lookup table of network functions as integer membership check (see Liu 0038: matching forwarding tables | Liu Fig. 6 integer checks).

Regarding claim 17, the claim contains the limitations, substantially as claimed, as described in claim 8 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 9, Liu-Harneja disclosed the method of claim 1, wherein verifying the plurality of intent-based network policies using the atomic address object solves reachability in temporal modeling (see Oran 0076: flow classification according to time elements (see Harneja 3:33-42: performing network assurance within and across epochs, i.e. time periods | 6:11-28: performing network assurance by comparing logical models and their intents | 17:5-13: logical network models associated with states, objects, policies, etc.). The motivation to combine Liu and Harneja is the same as that presented in claim 1 above.

Regarding claim 18, the claim contains the limitations, substantially as claimed, as described in claim 9 above and is rejected under Liu-Harneja according to the rationale provided above.

Regarding claim 21, Liu-Harneja disclosed the method of claim 1, wherein a network intent defined using logical terms comprises at least one of: technology-agnostic terms, logical labels, or tags (see Harneja 6:15-18: tags | 9:39-43: enforcing traffic policies based on tags | 10:4-15: tagging packets according to EPG to enable classification and policy enforcement). The motivation to combine Liu and Harneja is the same as that presented in claim 1 above.

Regarding claim 22, Liu-Harneja disclosed the method of claim 1, wherein the stateful processing of the network packet comprises processing of the network packets to decide a network packet behavior based on previous packet processing history, related packet processing at other network functions, or an endpoint observed in the past (see Harneja 3:42-54: comparing network events between current and previous epochs, i.e. time periods | 4:7-15: comparing network events across time periods and endpoint groups affected | 6:29-45: identifying network events based on traffic processing between a pair of endpoint groups). The motivation to combine Liu and Harneja is the same as that presented in claim 1 above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Angela Widhalm de Rodriguez whose telephone number is (571)272-1035. The examiner can normally be reached M-F: 6am-2:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on (571) 272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.M.W/Examiner, Art Unit 2452                                                                                                                                                                                                        18 February 2022



/Patrice L Winder/Primary Examiner, Art Unit 2452