DETAILED ACTION

This final office action is in response to applicant’s claim amendments/arguments filed February 28, 2022. Claims 1-27 were canceled. Claims 28-55 are pending. 
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim either is anticipated by, or would have been obvious over, the reference claim. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms, which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 28-55 are rejected on the ground of non-statutory obviousness-type double patenting rejection as being unpatentable over claims 1-2, 4-6 of US Patent 10,721,275 B2. 
Although the conflicting claims are not identical, they are not patentably distinct from each other because the referenced US Patent and the instant application are claiming common subject matter, as follows (Since all the claims recited similar limitations, examiner only shows independent claim 28 of instant application and claims 1 of referenced US patent as example in the claim comparison table):
Instant Application (S/N# 16908681)
US Patent # 10,721,275 B2 

28. (New) At least one non-transitory machine-readable medium comprising instructions that, when executed, cause at least one processor to at least: 










determine whether an attribute in a list of attributes is mapped to a property of an infrastructure service provider; 
assign the attribute to respective ones of a plurality of infrastructure resources of an infrastructure service provider in response to a determination that the infrastructure resource satisfies a resource property, the attribute including a key and value pair; select an infrastructure resource of the plurality of infrastructure resources for inclusion as a member in a logical group using the attribute; and 
generate a configuration for a network security mechanism of the selected infrastructure resource based on a plurality of security policies and the infrastructure resources that are members of the logical group.
1. In a computer network comprised of plurality of interconnected computing nodes, each node running at least one work load unit of an application workload and at least one network security mechanism for controlling data flows to the interconnected computing nodes of the computer network, a computer implemented method for enforcing a plurality of security policies for the computer network using the network security mechanism, the method executing on or more computers in communication with the network and comprising: 

for each of at least one infrastructure resources of an infrastructure service provider, 
assigning one or more attributes to the infrastructure resource using information from the infrastructure service provider, 

each attribute comprising a key and value for the key using information, and 
selecting the infrastructure resource as a member of in one or more logical groups using the one or more attributes; and 

computing a configuration for the at least one network security mechanism using the plurality of security policies and the infrastructure resources that are members of each of the logical groups to which each of the plurality of security policies applies; 

wherein assigning one or more attributes to the infrastructure resource using information from the infrastructure service provider comprises obtaining a predefined list of attributes to which an owner of the infrastructure resource has access and, for each attribute on the list, checking whether the attribute is mapped to a property or tag received from an infrastructure service provider, and whether, using the information from the infrastructure service provider, the infrastructure resource satisfies the resource property or tag.



Allowable Subject Matter
Claims 28-55 would be allowable if rewritten or amended to overcome the rejection(s) under non-statutory double patenting rejection, set forth in this Office action.
The following is a statement of reasons for the indication of allowable subject matter: 
Prior art US 5,968,176 (Nesett et al.) taught a system for providing security in a network that includes nodes operating in multiple protocol layers and having security functions. Multiple network devices, such as routers, remote access equipment, switches, repeaters and network cards, and end system processes having security functions are configured to contribute to implementation of distributed firewall functions in the network. By distributing firewall functionality of the network in a variety of network devices and end systems, a pervasive firewall is implemented. The pervasive, multilayer firewall includes a policy definition component that accepts policy data that defines how the firewall should behave. The policy definition component can be a centralized component, or a component that is distributed over the network. The multilayer firewall also includes a collection of network devices that are used to enforce the defined policy. The security functions operating in this collection of network devices across multiple protocol layers are coordinated by the policy definition component so that particular devices enforce that part of the policy pertinent to their part of the network. See Summary section. 
Prior art US 10,439,897 B1 (Kormala) taught a method involves receiving an identification of a first storage resource management object deployed in a network infrastructure in a storage resource management application. First user defined tag name is received. The tag with the first user-defined tag name is created to have user-defined tag values in response to the receiving the first user-defined tag name. The tag is assigned to the first storage resource management object. Multiple predefined attributes, characteristics and properties are specified. First user-defined tag name and user-defined tag value are selected.
Newly found prior art US 2016/0142963 A1 (Salkintzis et al.) taught a mobile device performs method for routing traffic of applications installed on the mobile device. The method includes receiving, from a source external to the mobile device, a set of attributes for a first application installed on the mobile device. The method further includes receiving, from a network element, a set of application traffic routing rules. Additionally, the method includes selecting, under the control of at least one application traffic routing rule of the received set of application traffic routing rules, a network access from multiple network accesses of the mobile device for routing traffic of the first application. The selecting is based on the set of attributes for the first application.
Since, no prior art was found to teach: “determine whether an attribute in a list of attributes is mapped to a property of an infrastructure service provider; assign the attribute to respective ones of a plurality of infrastructure resources of an infrastructure service provider in response to a determination that the infrastructure resource satisfies a resource property, the attribute including a key and value pair” (independent claims 28 and 42) as it pertains to the other portions of the claim as a whole, in a manner that would motivate a person of ordinary skill in the art before the time of effective filing date of the invention to combine it as an obvious inclusion, the examiner found the invention as claimed to be allowable.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 8,264,978 B1 (Srinivas et al.) Various systems and methods are provided to manage and operate a wireless communication system. A processing system receives an application data flow from a wireless device located in a sector of a base station. The application data flow comprises a plurality of data packets. At least one of the data packets is inspected for an attribute. Also, an application data flow characteristic is measured for the application data flow. The processing system evaluates the attribute and the application data flow characteristic against a network policy associated with the wireless device. When the attribute and the application data flow characteristic meet the network policy, the processing system provides a wireless communication adjustment notification to the base station. Abstract.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Shawnchoy Rahman/Primary Examiner, Art Unit 2438