Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This non-final office action is responsive to the U.S. patent application no. 16/999,447 filed on August 21, 2020. 
Claims 1-20 are pending.
Claims 1-20 are rejected.
Priority
Applicant's claim for priority under 35 U.S.C. 120 to U.S. non-provisional application No. 15/469,737 filed on March 27, 2017 has been acknowledged.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on August 21, 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements have been considered by the examiner.
The information disclosure statement filed on October 13, 2020 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed.  It has been placed in the application file, but the information referred to therein has not been considered.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-
Claims 1, 8 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 7 of related U.S. Patent No. 10,523,512. Although the claims at issue are not identical, they are not patently distinct from each other as shown below.
16/999,447 (instant application)
US Patent No. 10,523,512 
1. A network entity comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the at least one processor to: 

receive a network policy; 




















implement, by a first agent with a privileged status running on the network entity, the network policy; 




access, by the first agent and based on the privileged status, policy enforcement data associated with the implementation of the network policy; 

enable access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data; 

generate, by the second agent, a report based on the policy enforcement data; and 

transmit the report.
Claim 1. A system comprising: a processor; and a non-transitory computer-readable medium storing instructions that, when executed by the system, cause the system to perform operations including: 

receiving, by an agent controller, a platform independent network policy from a network policy system; 

transmitting, via an interprocess communication channel, the platform independent network policy to an agent enforcer on the system, the agent enforcer associated with a privileged status on the system; 

determining, by the agent enforcer, implementation characteristics of the system; 

generating, by the agent enforcer, one or more platform specific policies from the platform independent network policy based on the implementation characteristics of the system;

implementing, by the agent enforcer, the one or more platform specific policies on the system.

Claim 7. The system of claim 1, wherein the operations further include: 

accessing, by the agent enforcer, policy enforcement data associated with the implementing of the one or more platform specific policies on the system; 

transmitting, via the interprocess communication channel, the policy enforcement data to the agent controller on the system, 

generating, by the agent controller, a report including the policy enforcement data; and 

transmitting, by the agent controller, the report to the network policy system.




Claims 1, 8 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 10 and 17 of related U.S. Patent No. 10,764,141. Although the claims at issue are not identical, they are not patently distinct from each other as shown below.
16/999,447 (instant application)
US Patent No. 10,764,141
1. A network entity comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the at least one processor to: 



receive a network policy; 










access, by the first agent and based on the privileged status, policy enforcement data associated with the implementation of the network policy; 



enable access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data; 


generate, by the second agent, a report based on the policy enforcement data; and 

transmit the report.
Claim 1. A network entity comprising: 
a processor; and a non-transitory computer-readable medium storing instructions that, when executed by the system, cause the system to perform operations including: 

registering with a network policy system; 

receiving a network policy configuration message including network entity independent network policies; 

converting the network entity independent network policies into network entity specific network policies;



accessing, by the agent enforcer, policy enforcement data associated with the implementation of the network policies on the system, wherein access to the policy enforcement data is based on the privileged status of the agent enforcer; 

transmitting, via an inter-process communication, the policy enforcement data to an agent controller on the system, wherein the agent controller is associated with an unprivileged status; 

generating, by the agent controller, a report including the policy enforcement data; and 

transmitting, by the agent controller, the report to a network policy system.



Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 6, 13 and 19 are rejected under 35 U.S.C. 112(a) as failing to comply with the enablement requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-12, 14-18 and 20 are rejected under 35 U.S.C. 103 as obvious over Kanada et al. (U.S. 2002/0194317), in view of Vaidya et al. (U.S. 9,762,619).
Regarding claim 1, Kanada disclosed a network entity comprising: 
at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the at least one processor to: 
receive a network policy (Kanada, Fig. 8, step 801 and [0071], “Policy receiving section 801 can receive policy rules from policy server 103 ”); 
implement, by a first agent (with a privileged status) running on the network entity, the network policy (Kanada, Fig. 8 and [0072] disclosed that “Traffic controller 821, using low-level policy DB 813 and queue configuration table 814, can control the network traffic in network interfaces 822 and 823”; said traffic controller anticipates the first agent in the claim).
Kanada did not explicitly disclose but Vaidya disclosed
Vaidya also disclosed in col. 23, lines 4-17 disclosed that each enforcement subsystem 1605-1610 includes a controller and an agent, where the controller is a part of the network virtualization platform and the agent resides in the host to receive and enforce rules and provide feedbacks; said agent in Vaidya is equivalent to the first agent in the claim); 
enable access, by the first agent to a second agent without a privileged status running on the network entity, the policy enforcement data (Vaidya, Fig. 16 disclosed that the host can pass feedback and status to a controller in the network virtual platform; the controller in Vaidya is equivalent to the second agent in the claim); 
generate, by the second agent, a report based on the policy enforcement data; and transmit the report (Vaidya further disclosed in col. 25, lines 25-45 that “each layer also has a feedback mechanism 1630, 1693 and 1696 that can be queried from the higher level” meaning that the controller can send the feedback to a higher level, such as the user).
One of ordinary skill in the art would have been motivated to combine Kanada and Vaidya because both references disclosed multi-layer network policy definition and enforcement framework that is capable of convert policy definition (i.e. high-level policy) into specific rules (i.e. low-level policy), where Kanada’s policy compiler 803 corresponds to the controller in Vaidya’s network virtualization platform (Vaidya, col. 23, lines 4-17) and Kanada’s traffic controller 821 corresponds to Vaidya’s agent in a host.
	Therefore, it would have been obvious for one of ordinary skill in the art to integrate vaidya’s teaching of the layered feedback mechanism into Kanada’s system so that Kanada’s 
	Regarding the claim element “a first agent with a privileged status”, Vaidya disclosed in paragraph [0125] “policy level privileges” such as “root roles”, “policy administrator”, “policy operator” and “policy auditor”, each of which has difference access privilege to the policy information. Vaidya did not explicitly disclose how these privilege levels are assigned to the agent enforcer and the agent controller. However Vaidya’s disclosure of different privilege levels in paragraph [0125] would have made it obvious to one of ordinary skill in the art that a user of Vaidya’s system may assign these privileges to different entities in the system based on the needs.
Claim 8 lists substantially the same elements as claim 1, but in computer media form rather than system form.  Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claim 8.   
Claim 15 lists substantially the same elements as claim 1, but in method form rather than system form.  Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claim 15.   
Regarding claims 2 and 9, Kanada and Vaidya disclosed the subject matter of claims 1 and 8, respectively. 
Vaidya further disclosed
one or more sensors configured to collect the policy enforcement data (Vaidya, col. 25, lines 46-67, “PolicyStateProvider” anticipates the one or more sensors in the claim).  
The rationale for combining Kanada and Vaidya is the same as that provided in the rejection rationale for claim 1.
Regarding claims 3, 10 and 16, Kanada and Vaidya disclosed the subject matter of claims 1, 8 and 15, respectively. 
Vaidya further disclosed
 instructions which when executed by the at least one processor, cause the at least one processor to: 
access, by the first agent based on the privileged status, entity or performance data of the network entity (Vaidya further disclosed in col. 25, lines 25-45 that “each layer also has a feedback mechanism 1630, 1693 and 1696 that can be queried from the higher level”); 
enable access, to the second agent, to the entity or performance data (Vaidya, col. 25, lines 46-67, “Policy users should be able to look at a policy and be able to find out the state of the realization of the policy at any given point”); and 
generate, by the second agent, the report to include the entity or performance data (Vaidya, Fig. 16, “feedback”).  
The rationale for combining Kanada and Vaidya is the same as that provided in the rejection rationale for claim 1.
Regarding claims 4, 11 and 17, Kanada and Vaidya disclosed the subject matter of claims 1, 8 and 15, respectively. 
Vaidya further disclosed
instructions which when executed by the at least one processor, cause the at least one processor to: periodically collect the policy enforcement data; and enable access, to the second agent, to the periodically collected policy enforcement data for generating the report (this would be obvious in view of Vaidya’s disclosure in col. 25, lines 46-67).  

Regarding claims 5, 12 and 18, Kanada and Vaidya disclosed the subject matter of claims 1, 8 and 15, respectively. 
Kanada further disclosed
 instructions which when executed by the at least one processor, cause the at least one processor to: 
determine implementation characteristics of the network entity (Kanada, Fig. 16, [0099, 0100]); 
generate one or more specific polices from the network policy based on the implementation characteristics (Kanada, Fig. 16, step 1602, “execute the core policy table generation procedure”); and implement the one or more specific policies (Kanada, [0072], “Traffic controller 821, using low-level policy DB 813 and queue configuration table 814, can control the network traffic in network interfaces 822 and 823.”).  
Regarding claims 7, 14 and 20, Kanada and Vaidya disclosed the subject matter of claims 1, 8 and 15, respectively. 
Kanada further disclosed
wherein the network policy is based on user intent (Kanada, Fig. 5 and [0059] disclose that a user may use a policy editing menu to input policies).  
Claims 6, 13 and 19 are rejected under 35 U.S.C. 103 as obvious over Kanada et al. (U.S. 2002/0194317) and Vaidya et al. (U.S. 9,762,619), further in view of Kaufman et al. ().US 2015/0296368
Regarding claims 6, 13 and 19, Kanada and Vaidya disclosed the subject matter of claims 1, 8 and 15, respectively. 
Kanada did not explicitly disclose but Kaufman disclosed
instructions which when executed by the at least one processor, cause the at least one processor to: identity that a specific policy from the one or more specific policies has been altered (Kaufman, [0070], “the state analysis component 406 can use the collected data to detect whether a malicious source is targeting policy source(s) and maliciously modifying policy source targets that cause insecurity.”); and in response to the identification that the specific policy is altered, revert to a previous policy (Kaufman, [0049] disclosed that “When a device management server is unenrolled from the mobile device 102, the policy values on the mobile device 102 that were set by the such device management server are reverted, falling back to policy values set by different device management server(s), policy values set by different policy source(s)”).  
One of ordinary skill in the art would have been motivated to combine Kanada and Kaufman because both references disclosed methods and systems for managing network policies on network devices/entities.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIRLEY X ZHANG whose telephone number is (571)270-5012.  The examiner can normally be reached on 8:30am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIRLEY X ZHANG/Primary Examiner, Art Unit 2442                                                                                                                         
3/4/2022