DETAILED ACTION
Amendments submitted on March 28, 2022 for Application No. 16/806794 are presented for examination by the examiner.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments filed March 28, 2022 have been considered but they are not persuasive. In the remarks applicant argues:
I)	On page 7, Applicant argues that the previous Claim Objections and 35 USC 112 Rejections should be withdrawn.
Applicant’s amendment has overcome some of these previous issues and they have been withdrawn. However, many issues still remain and additional issues were discovered based on the new amendments as shown below.

II)	On page 7, Applicant argues that the cited prior art does not teach the current claim amendments based on an interview.
During the interview, the Examiner believed that the current claim amendments were not taught by the Sandeep reference. However, after further consideration the current claim amendments appear to be taught by the Caldwell reference as shown below.

Claim Objections
Claims 2-3, 9-10, and 16 are objected to because of the following informalities:
Claims 2-3, 9-10, and 16 recite “the at least one ingress parameter or at least one egress parameter”, which should be “the at least one ingress parameter or egress parameter” as defined in independent claims 1, 8, and 15. The independent claims only require one or the other of an ingress or egress parameter while claims 2-3, 9-10, and 16 require both. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6-7, 13-14, and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claims 6, 13, and 19 recite “the level of a parameter matching target policy”; however, this limitation does not have antecedent basis in the claims.
Claim 6 recites “determined by it being a superset…”. It is unclear what “it” is referring to.
Claims 13 and 19 recite “the parameter”; however, it is unclear which parameter this is referring to as multiple ingress and egress parameters have been defined.
Claims 7, 14, and 20 recite “the at least one matching target” and “the at least one targets”; however, these limitations do not have antecedent basis in the claims.
The examiner has cited particular examples of 35 U.S.C. 112 rejections above. It is respectfully requested that, in preparing responses, the applicant check the claims for further 35 U.S.C. 112 rejections in the event that it was inadvertently missed by the examiner to advance prosecution.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4, 6-11, 13-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over NPL “Brew: A Security Policy Analysis Framework for Distributed SDN-Based Cloud Environments” hereinafter referred to as Sandeep in view of Caldwell (US 2017/0201537).

As per claims 1, 8, and 15, Sandeep discloses A non-transitory computer readable medium comprising computer-readable instructions stored thereon, which when executed by one or more processors, cause the one or more processors to perform operations comprising: 
establish a plurality of targets for a network, each of the plurality of targets including: 
at least one of an ingress parameter or an egress parameter, and a policy for network packets (Sandeep, Table 1 and Section 3.3, teaches a set of flow rules/polices including source, destination, and an action. Sandeep, Section 3.2 and 3.4, also teaches using ingress and egress parameters.); 
receive at least one network packet on the network (Sandeep, Table 1 and Section 3.4, teaches receiving an ingress packet, matching the packet parameters to a flow rule in the table, and performing the associated instruction such as forward, drop, etc…); 
identify at least two matching targets from the plurality of targets, the at least two matching targets comprising parameters that match the at least one network packet (Sandeep, Table 1 and Section 3.4, teaches receiving an ingress packet, matching the packet parameters to a flow rule in the table, and performing the associated instruction such as forward, drop, etc… Sandeep, Section 3.5, also discusses the idea of having multiple matches and teaches that normally when there are multiple matches that the rule with the highest priority is executed.); 
apply a policy from … at least [one] matching target to the at least one network packet … (Sandeep, Table 1 and Section 3.4, teaches receiving an ingress packet, matching the packet parameters to a flow rule in the table, and performing the associated instruction such as forward, drop, etc… Sandeep, Section 3.5, also discusses the idea of having multiple matches and teaches that normally when there are multiple matches that the rule with the highest priority is executed. Sandeep, Section 3.3, also teaches that a rule can modify the source or destination address to send the packet to a specific device.); and 
forward the at least one network packet in accordance with the applied [policy] (Sandeep, Table 1 and Section 3.4, teaches receiving an ingress packet, matching the packet parameters to a flow rule in the table, and performing the associated instruction such as forward, drop, etc… Sandeep, Section 3.3, also teaches that a rule can modify the source or destination address to send the packet to a specific device.)  
Sandeep, Section 3.5, teaches that normally when there are multiple matches that the rule with the highest priority is executed. Sandeep also teaches that when there are policy conflicts that policies can be combined, modified or deleted to resolve those conflicts. However, Sandeep does not specifically teach applying a policy from each of the at least two matching targets.
Caldwell discloses identify at least two matching targets from the plurality of targets, the at least two matching targets comprising parameters that match the at least one network packet; apply a policy from each of the at least two matching targets to the at least one network packet in a defined sequence; and forward the at least one network packet in accordance with the applied policies (Caldwell, Figure 3 and paragraphs 88-90, teaches checking the packet against various policies in a particular order such as whitelist, blacklist, global rules, access control list, security zone policy, and a default firewall policy. If the packet fails to pass any one of these polices it will be blocked. If the packet passes all of the policies it will be forwarded to the destination. Additionally, the packet may match a rule that requires further inspection and processing which would require additional policy comparisons such as forwarding, processing, or inspection rules.)
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Caldwell with the teachings of Sandeep. Sandeep teaches applying a single policy when there are conflicts or creating a new set of flow rules by combining, modifying, or deleting rules to resolve conflicts. Caldwell teaches executing the rules/policies in a sequential order. Therefore, it would have been obvious to have executed the flow rules in a sequential order as this would have been a simple substitution of one know form of conflict resolution for another to yield the predictable results of executing the flow rules.

As per claims 2 and 9, Sandeep in view of Caldwell discloses wherein the at least one ingress parameter or at least one egress parameter is one of a virtual private network, a user policy group, a device policy group, or a wild card, wherein a wild card matches any network packet (Sandeep, Table 1 and Section 3.4, teaches wild card parameters. Sandeep, Section 3.1, also teaches the use of a VPN and how the flow rules need to take that into consideration.) 

As per claims 3 and 10, Sandeep in view of Caldwell discloses wherein the at least one ingress parameter or at least one egress parameter is a range of parameters (Sandeep, Table 1, shows a range of source and destination IP addresses such as 10.5.50.0/24 which is a range of 10.5.50.0 - 10.5.50.24.)
 
As per claims 4, 11, and 17, Sandeep in view of Caldwell discloses receive specification of the at least one target from a user (Sandeep, Sections 3.7.1 and 3.7.2, teaches that the rules are designed by administrators which are users.) 

As per claims 6, 13, and 19, Sandeep in view of Caldwell discloses wherein the defined sequence moves from a highest-level ingress parameter matching target policy to a lowest-level ingress parameter matching target policy to a lowest-level egress parameter matching target policy to a highest-level egress parameter matching target policy, the level of a parameter matching target policy determined by it being a superset or subset relative to other matching target policies (Caldwell, paragraph 89, teaches executing the policies in a specific sequence, but also states “the rules and policies may be applied in other sequences”. Therefore, it would have been obvious to execute the rules/policies in the claimed sequence. Sandeep, Sections 3.5 and 4.1.3, also teaches that the rules can be subsets or supersets of other rules.)

As per claims 7, 14, and 20, Sandeep in view of Caldwell discloses search sequentially for the at least one matching target from the at least one targets (Sandeep, Section 3.5, teaches that normally when there are multiple matches that the rule with the highest priority is executed. Caldwell, paragraph 89, teaches executing the policies in a sequential order. Sandeep, Section 3.4, also teaches searching the flow table for matching entries and the associated instruction is executed. This instruction may direct the packet to another flow table to check for additional matches.)

As per claim 16, Sandeep in view of Caldwell discloses wherein the at least one ingress parameter or the at least one egress parameter is one of a virtual private network, a user policy group, a device policy group, or a wild card, wherein a wild card matches any network packet (Sandeep, Table 1 and Section 3.4, teaches wild card parameters. Sandeep, Section 3.1, also teaches the use of a VPN and how the flow rules need to take that into consideration.), or
wherein the at least one ingress parameter or the at least one egress parameter is a range of parameters (Sandeep, Table 1, shows a range of source and destination IP addresses such as 10.5.50.0/24 which is a range of 10.5.50.0 - 10.5.50.24.)

Related Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure includes:
Huang (US 2018/0115470) – appears to be a patent application similar to the Sandeep reference.
Kunz (US 2020/0351211) – teaches executing a sequence of flow tables in order.
Sata (US 2013/0188489) – teaches comparing an incoming packet to a flow table to determine how to process the packet.
Nguyen (US 2014/0052836) – teaches matching multiple rules to a flow and executing the rules in order based on priority.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498